generated from coulomb/repo-seed
NET-WP-0019: register T06-adjacent polish workplan + implement core (orchestrator script, safer secret fallback in create-user, console dry-run + cleanup commands, make targets, cross-link from 0017 T06). See workplan file for task status.
This commit is contained in:
@@ -45,13 +45,27 @@ if [[ -z "$USERNAME" || -z "$EMAIL" ]]; then
|
||||
fi
|
||||
|
||||
LLDAP_ENV="$SECRETS_DIR/lldap/secrets.env"
|
||||
if [[ ! -f "$LLDAP_ENV" ]]; then
|
||||
echo "ERROR: $LLDAP_ENV not found." >&2
|
||||
exit 1
|
||||
LLDAP_ADMIN_PASS="${LLDAP_ADMIN_PASS:-}"
|
||||
|
||||
if [[ -z "$LLDAP_ADMIN_PASS" ]]; then
|
||||
if [[ -f "$LLDAP_ENV" ]]; then
|
||||
read_env() { bash -c "source '$1' 2>/dev/null; echo \${$2}"; }
|
||||
LLDAP_ADMIN_PASS=$(read_env "$LLDAP_ENV" LLDAP_LDAP_USER_PASS)
|
||||
else
|
||||
# Safer fallback for dry-runs / automation (NET-WP-0019-T02): pull directly from k8s secret
|
||||
# without requiring (or writing) a local secrets.env file on disk.
|
||||
if command -v kubectl >/dev/null 2>&1 || [[ -n "${KUBECTL:-}" ]]; then
|
||||
KUBECTL_BIN="${KUBECTL:-kubectl}"
|
||||
LLDAP_ADMIN_PASS="$($KUBECTL_BIN get secret -n sso lldap-secrets -o jsonpath='{.data.LLDAP_LDAP_USER_PASS}' 2>/dev/null | base64 -d 2>/dev/null || true)"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
read_env() { bash -c "source '$1' 2>/dev/null; echo \${$2}"; }
|
||||
LLDAP_ADMIN_PASS=$(read_env "$LLDAP_ENV" LLDAP_LDAP_USER_PASS)
|
||||
if [[ -z "$LLDAP_ADMIN_PASS" ]]; then
|
||||
echo "ERROR: Could not obtain LLDAP admin password (no $LLDAP_ENV and no k8s fallback succeeded)." >&2
|
||||
echo " For dry-runs prefer setting LLDAP_ADMIN_PASS=... or ensuring kubectl can reach the sso/lldap-secrets secret." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# ── Authenticate ──────────────────────────────────────────────────────────────
|
||||
echo "Authenticating to LLDAP at $LLDAP_URL ..."
|
||||
|
||||
Reference in New Issue
Block a user