truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-02-09 13:26:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Two factor auth - migrate storage section (adds acl) (#1986)

Browse Source 
* update values

* add migration

* update templates

* update ui

* bump version
This commit is contained in:
Stavros Kois
2024-01-03 09:51:25 +02:00
committed by GitHub
parent b43281f927
commit daf2bdc5fb
9 changed files with 252 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/ix-dev/community/twofactor-auth/Chart.yaml
View File

@@ -4,7 +4,7 @@ description: 2FAuth is a web based self-hosted alternative to One Time Passcode
annotations:
title: 2FAuth
type: application
version: 1.1.9
version: 1.2.0
apiVersion: v2
appVersion: 5.0.2
kubeVersion: '>=1.16.0-0'

3
library/ix-dev/community/twofactor-auth/ci/basic-values.yaml
View File

@@ -3,5 +3,4 @@ twofauthNetwork:
twofauthStorage:
config:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/config
type: pvc

9
library/ix-dev/community/twofactor-auth/ci/extra-values.yaml
View File

@@ -17,12 +17,9 @@ twofauthNetwork:
twofauthStorage:
config:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/config
type: pvc
additionalStorages:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
- type: pvc
mountPath: /data1
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data2
- type: pvc
mountPath: /data2

3
library/ix-dev/community/twofactor-auth/ci/hostNet-values.yaml
View File

@@ -4,5 +4,4 @@ twofauthNetwork:
twofauthStorage:
config:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/config
type: pvc

73
library/ix-dev/community/twofactor-auth/migrations/migrate Executable file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/python3
import json
import os
import sys
def storage_migrate(storage):
delete_keys = []
if storage['type'] == 'hostPath':
# Check if the key exists, if not we have already migrated
if not storage.get('hostPath'):
return storage
storage['hostPathConfig'] = {'hostPath': storage['hostPath']}
delete_keys.append('hostPath')
elif storage['type'] == 'ixVolume':
# Check if the key exists, if not we have already migrated
if not storage.get('datasetName'):
return storage
storage['ixVolumeConfig'] = {'datasetName': storage['datasetName']}
delete_keys.append('datasetName')
elif storage['type'] == 'smb-pv-pvc':
# Check if the key exists, if not we have already migrated
if not storage.get('server'):
return storage
storage['smbConfig'] = {
'server': storage['server'],
'share': storage['share'],
'domain': storage['domain'],
'username': storage['username'],
'password': storage['password'],
'size': storage['size'],
}
delete_keys.extend(['server', 'share', 'domain', 'username', 'password', 'size'])
for key in delete_keys:
storage.pop(key, None)
return storage
def migrate(values):
storage_key = 'twofauthStorage'
storages = ['config']
for storage in storages:
check_val = values.get(storage_key, {}).get(storage, {})
if not isinstance(check_val, dict) or not check_val:
raise Exception(f'Storage section {storage} is malformed')
values[storage_key][storage] = storage_migrate(check_val)
additionalStorages = values.get(storage_key, {}).get('additionalStorages', [])
for idx, storage in enumerate(additionalStorages):
if not isinstance(storage, dict) or not storage:
raise Exception(f'Item {idx} in additionalStorages is malformed')
values[storage_key]['additionalStorages'][idx] = storage_migrate(storage)
return values
if __name__ == '__main__':
if len(sys.argv) != 2:
exit(1)
if os.path.exists(sys.argv[1]):
with open(sys.argv[1], 'r') as f:
print(json.dumps(migrate(json.loads(f.read()))))

216
library/ix-dev/community/twofactor-auth/questions.yaml
View File

@@ -188,23 +188,64 @@ questions:
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: string
type: dict
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: "config"
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "config"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: hostpath
type: dict
show_if: [["type", "=", "hostPath"]]
required: true
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: additionalStorages
label: Additional Storage
description: Additional storage for 2FAuth.
@@ -235,74 +276,119 @@ questions:
description: ixVolume (Dataset created automatically by the system)
- value: "smb-pv-pvc"
description: SMB Share (Mounts a persistent volume claim to a SMB share)
- variable: readOnly
label: Read Only
description: Mount the volume as read only.
schema:
type: boolean
default: false
- variable: mountPath
label: Mount Path
description: The path inside the container to mount the storage.
schema:
type: path
required: true
- variable: hostPath
label: Host Path
description: The host path to use for storage.
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: hostpath
type: dict
show_if: [["type", "=", "hostPath"]]
required: true
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: string
type: dict
show_if: [["type", "=", "ixVolume"]]
required: true
immutable: true
default: "storage_entry"
$ref:
- "normalize/ixVolume"
- variable: server
label: Server
description: The server for the SMB share.
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
default: "storage_entry"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: smbConfig
label: SMB Share Configuration
description: The configuration for the SMB Share.
schema:
type: string
type: dict
show_if: [["type", "=", "smb-pv-pvc"]]
required: true
- variable: share
label: Share
description: The share name for the SMB share.
schema:
type: string
show_if: [["type", "=", "smb-pv-pvc"]]
required: true
- variable: domain
label: Domain (Optional)
description: The domain for the SMB share.
schema:
type: string
show_if: [["type", "=", "smb-pv-pvc"]]
- variable: username
label: Username
description: The username for the SMB share.
schema:
type: string
show_if: [["type", "=", "smb-pv-pvc"]]
required: true
- variable: password
label: Password
description: The password for the SMB share.
schema:
type: string
show_if: [["type", "=", "smb-pv-pvc"]]
required: true
private: true
- variable: size
label: Size (in Gi)
description: The size of the volume quota.
schema:
type: int
show_if: [["type", "=", "smb-pv-pvc"]]
required: true
min: 1
default: 1
attrs:
- variable: server
label: Server
description: The server for the SMB share.
schema:
type: string
required: true
- variable: share
label: Share
description: The share name for the SMB share.
schema:
type: string
required: true
- variable: domain
label: Domain (Optional)
description: The domain for the SMB share.
schema:
type: string
- variable: username
label: Username
description: The username for the SMB share.
schema:
type: string
required: true
- variable: password
label: Password
description: The password for the SMB share.
schema:
type: string
required: true
private: true
- variable: size
label: Size (in Gi)
description: The size of the volume quota.
schema:
type: int
required: true
min: 1
default: 1
- variable: resources
group: Resources Configuration

2
library/ix-dev/community/twofactor-auth/templates/_2fauth.tpl
View File

@@ -48,5 +48,5 @@ workload:
"UID" 1000
"GID" 1000
"mode" "check"
"type" "init") | nindent 8 }}
"type" "install") | nindent 8 }}
{{- end -}}

39
library/ix-dev/community/twofactor-auth/templates/_persistence.tpl
View File

@@ -2,15 +2,17 @@
persistence:
config:
enabled: true
type: {{ .Values.twofauthStorage.config.type }}
datasetName: {{ .Values.twofauthStorage.config.datasetName | default "" }}
hostPath: {{ .Values.twofauthStorage.config.hostPath | default "" }}
{{- include "twofauth.storage.ci.migration" (dict "storage" .Values.twofauthStorage.config) }}
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.twofauthStorage.config) | nindent 4 }}
targetSelector:
twofauth:
twofauth:
mountPath: /2fauth
{{- if and (eq .Values.twofauthStorage.config.type "ixVolume")
(not (.Values.twofauthStorage.config.ixVolumeConfig | default dict).aclEnable) }}
01-permissions:
mountPath: /mnt/directories/2fauth
{{- end }}
tmp:
enabled: true
type: emptyDir
@@ -20,29 +22,26 @@ persistence:
mountPath: /tmp
{{- range $idx, $storage := .Values.twofauthStorage.additionalStorages }}
{{ printf "twofauth-%v" (int $idx) }}:
{{- $size := "" -}}
{{- if $storage.size -}}
{{- $size = (printf "%vGi" $storage.size) -}}
{{- end }}
enabled: true
type: {{ $storage.type }}
datasetName: {{ $storage.datasetName | default "" }}
hostPath: {{ $storage.hostPath | default "" }}
server: {{ $storage.server | default "" }}
share: {{ $storage.share | default "" }}
domain: {{ $storage.domain | default "" }}
username: {{ $storage.username | default "" }}
password: {{ $storage.password | default "" }}
size: {{ $size }}
{{- if eq $storage.type "smb-pv-pvc" }}
mountOptions:
- key: noperm
{{- end }}
{{- include "twofauth.storage.ci.migration" (dict "storage" $storage) }}
{{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
targetSelector:
twofauth:
twofauth:
mountPath: {{ $storage.mountPath }}
{{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
01-permissions:
mountPath: /mnt/directories{{ $storage.mountPath }}
{{- end }}
{{- end }}
{{- end -}}
{{/* TODO: Remove on the next version bump, eg 1.2.0+ */}}
{{- define "twofauth.storage.ci.migration" -}}
{{- $storage := .storage -}}
{{- if $storage.hostPath -}}
{{- $_ := set $storage "hostPathConfig" dict -}}
{{- $_ := set $storage.hostPathConfig "hostPath" $storage.hostPath -}}
{{- end -}}
{{- end -}}

3
library/ix-dev/community/twofactor-auth/values.yaml
View File

@@ -26,5 +26,6 @@ twofauthNetwork:
twofauthStorage:
config:
type: ixVolume
datasetName: config
ixVolumeConfig:
datasetName: config
additionalStorages: []