Support defining custom commands for ldap sync CronJob

appuio · Sep 25, 2024 · f98ebfe · f98ebfe
1 parent bc3e3f2
commit f98ebfe
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/class/defaults.yml b/class/defaults.yml
@@ -21,6 +21,7 @@ parameters:
 
     ldapSync:
       schedule: '%d * * * *'
+      customCommand: {}
 
     secrets: {}
       # my-secret-example:

diff --git a/component/ldap.libsonnet b/component/ldap.libsonnet
@@ -69,6 +69,7 @@ local syncConfig(namespace, idp, sa) =
 
     local n = std.foldl(function(x, y) x + y, std.encodeUTF8(std.md5(inv.parameters.cluster.name)), 0);
     local config_volume = 'sync-config';
+    local custom_command = std.get(idp.ldap.sync, 'command', {});
     local ca_volume = 'ldap-ca';
     local security_context = {
       allowPrivilegeEscalation: false,
@@ -92,7 +93,7 @@ local syncConfig(namespace, idp, sa) =
                 local container(command) = kube.Container(command) {
                   image: std.join(':', std.prune([ params.images.sync.image, params.images.sync.tag ])),
                   securityContext: security_context,
-                  command: [
+                  command: std.get(custom_command, command, [
                     'oc',
                     'adm',
                     'groups',
@@ -101,7 +102,7 @@ local syncConfig(namespace, idp, sa) =
                     '--confirm',
                     '--blacklist=' + config_mount + files.blacklist,
                     '--whitelist=' + config_mount + files.whitelist,
-                  ],
+                  ]),
                   volumeMounts_+: {
                     [config_volume]: { mountPath: config_mount },
                     [ca_volume]: { mountPath: ca_mount },

diff --git a/tests/defaults.yml b/tests/defaults.yml
@@ -47,6 +47,11 @@ parameters:
             -----BEGIN CERTIFICATE-----
             -----END CERTIFICATE-----
           sync:
+            command:
+              prune:
+                - oc
+                - adm
+                - do-nothing
             rfc2307:
               groupsQuery:
                 baseDN: ou=Groups,dc=company,dc=tld

diff --git a/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml b/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml
@@ -155,12 +155,7 @@ spec:
               command:
                 - oc
                 - adm
-                - groups
-                - prune
-                - --sync-config=/etc/sync-config/config.yaml
-                - --confirm
-                - --blacklist=/etc/sync-config/blacklist.txt
-                - --whitelist=/etc/sync-config/whitelist.txt
+                - do-nothing
               env: []
               image: image-registry.openshift-image-registry.svc:5000/openshift/cli
               imagePullPolicy: IfNotPresent