Move parameter to global ldapSync

appuio · Sep 25, 2024 · 85455bc · 85455bc
1 parent f98ebfe
commit 85455bc
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 13 deletions.
diff --git a/component/ldap.libsonnet b/component/ldap.libsonnet
@@ -93,7 +93,7 @@ local syncConfig(namespace, idp, sa) =
                 local container(command) = kube.Container(command) {
                   image: std.join(':', std.prune([ params.images.sync.image, params.images.sync.tag ])),
                   securityContext: security_context,
-                  command: std.get(custom_command, command, [
+                  command: std.get(params.ldapSync.command, command, [
                     'oc',
                     'adm',
                     'groups',

diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -137,6 +137,18 @@ default::
 [source,yaml]
 ----
 schedule: '%d * * * *'
+command: {}
+----
+
+=== `ldapSync.schedule`
+
+[horizontal]
+type:: string
+default::
++
+[source,yaml]
+----
+schedule: '%d * * * *'
 ----
 
 This parameter allows configuring the LDAP sync CronJob schedule.
@@ -146,6 +158,21 @@ The component will apply the logic documented in the Project Syn Jsonnet best pr
 
 NOTE: The component may break if you specify a schedule which doesn't contain exactly one `%d` format specifier.
 
+=== `ldapSync.command`
+
+[horizontal]
+type:: dict
+default::
++
+[source,yaml]
+----
+command: {}
+----
+
+This parameter allows overwriting the commands used for `sync` and `prune`.
+
+NOTE: The command defined here will apply to all LDAP idedtity providers.
+
 == `secrets`
 
 [horizontal]

diff --git a/tests/defaults.yml b/tests/defaults.yml
@@ -47,11 +47,6 @@ parameters:
             -----BEGIN CERTIFICATE-----
             -----END CERTIFICATE-----
           sync:
-            command:
-              prune:
-                - oc
-                - adm
-                - do-nothing
             rfc2307:
               groupsQuery:
                 baseDN: ou=Groups,dc=company,dc=tld
@@ -119,3 +114,12 @@ parameters:
           clientSecret:
             name: oidc-client
           issuer: https://sso.company.tld/auth/realms/master
+
+    ldapSync:
+      command:
+        prune:
+          - oc
+          - adm
+          - do
+          - something
+          - else
diff --git a/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml b/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml
@@ -155,7 +155,9 @@ spec:
               command:
                 - oc
                 - adm
-                - do-nothing
+                - do
+                - something
+                - else
               env: []
               image: image-registry.openshift-image-registry.svc:5000/openshift/cli
               imagePullPolicy: IfNotPresent
@@ -313,12 +315,9 @@ spec:
               command:
                 - oc
                 - adm
-                - groups
-                - prune
-                - --sync-config=/etc/sync-config/config.yaml
-                - --confirm
-                - --blacklist=/etc/sync-config/blacklist.txt
-                - --whitelist=/etc/sync-config/whitelist.txt
+                - do
+                - something
+                - else
               env: []
               image: image-registry.openshift-image-registry.svc:5000/openshift/cli
               imagePullPolicy: IfNotPresent