-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
2.4
-
None
-
False
-
-
False
What is the nature and description of the request?
Current implementation of the Automation Hub only allows for LDAP-related variables to be implemented in the `spec.pulp_settings` section of the custom resource definition. This means that the LDAP BIND password is stored in plaintext which is not really secure.
Why does the customer need this? (List the business requirements here)
Customer would like to store all credentials within a secret and then reference that secert within the custom resource definition. Similar to how `bundle_cacert_secret` is handled.
How would you like to achieve this? (List the functional requirements here)
- Allow the operator to accept a secret that contains LDAP-related variables and then apply it to the `settings.py` file.
---
apiVersion: v1
kind: Secret
metadata:
# make sure name ends in `-ldap-secret`
name: ""
namespace: ""
stringData:
auth_ldap_server_uri: ""
auth_ldap_bind_dn: ""
auth_ldap_bind_password: ""
auth_ldap_group_search: LDAPSearch("",ldap.SCOPE_SUBTREE,"(objectClass=group)")
auth_ldap_user_search: LDAPSearch("", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
auth_ldap_group_type: MemberDNGroupType(name_attr='cn')
List any affected known dependencies: Doc, UI etc..
- https://docs.pulpproject.org/pulp_operator/configuring/ldap/
- https://github.com/pulp/pulp-operator/blob/2ad014bdf35879de20e030c0d3bae21b616cc6f2/controllers/repo_manager/ldap.go#L36
Github Links
Couldn't find any.