coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NET-WP-0019: fix arg parsing in orchestrator for --cleanup-only early, fix delegate path in console cleanup command.

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-03 02:21:22 +02:00
parent 33cab7be4e
commit 23af9b0a84
2 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
sso-mfa/k8s/lldap/dry-run-nonroot-user.sh
View File

@@ -38,17 +38,23 @@ DO_LOCK_OFFBOARD=true
KEEP_USER=false
CLEANUP_ONLY=""
shift $(( $# > 3 ? 3 : $# ))
while [[ $# -gt 0 ]]; do
case "$1" in
--actor) ACTOR="$2"; shift 2 ;;
--scope) SCOPE="$2"; shift 2 ;;
--no-lockoffboard) DO_LOCK_OFFBOARD=false; shift ;;
--keep-user) KEEP_USER=true; shift ;;
--cleanup-only) CLEANUP_ONLY="$2"; shift 2 ;;
*) echo "Unknown arg $1"; exit 1 ;;
esac
done
# Handle --cleanup-only early (can be first arg)
if [[ "${1:-}" == "--cleanup-only" ]]; then
CLEANUP_ONLY="${2:-t06-*}"
shift 2 || true
else
shift $(( $# > 3 ? 3 : $# ))
while [[ $# -gt 0 ]]; do
case "$1" in
--actor) ACTOR="$2"; shift 2 ;;
--scope) SCOPE="$2"; shift 2 ;;
--no-lockoffboard) DO_LOCK_OFFBOARD=false; shift ;;
--keep-user) KEEP_USER=true; shift ;;
--cleanup-only) CLEANUP_ONLY="$2"; shift 2 ;;
*) echo "Unknown arg $1"; exit 1 ;;
esac
done
fi
if [[ -n "$CLEANUP_ONLY" ]]; then
echo "=== Cleanup-only mode for pattern $CLEANUP_ONLY ==="
@@ -127,7 +133,7 @@ chmod 600 "$SECRETS_TMP/lldap/secrets.env"
# From usage: ./create-user.sh ... [lldap-url] [secrets-dir]
# So we can pass the temp as secrets-dir.
"$KUBECTL"=/home/worsch/.local/bin/kubectl ./create-user.sh \
KUBECTL=/home/worsch/.local/bin/kubectl ./create-user.sh \
"$USERNAME" "$EMAIL" "$DISPLAY" --test \
"$LLDAP_URL" "$SECRETS_TMP" 2>&1 | cat

3
tools/security-bootstrap-console/security_bootstrap_console.py
View File

@@ -4825,7 +4825,8 @@ def main(argv: list[str] | None = None) -> int:
pat = getattr(args, "pattern", "t06-*") if hasattr(args, "pattern") else "t06-*"
print("Delegating cleanup for pattern", pat, "to orchestrator...")
import subprocess, os
script = "sso-mfa/k8s/lldap/dry-run-nonroot-user.sh"
script = os.path.join(os.path.dirname(__file__), "..", "..", "sso-mfa", "k8s", "lldap", "dry-run-nonroot-user.sh")
script = os.path.abspath(script)
subprocess.call(["bash", script, "--cleanup-only", pat])
return 0
if args.command == "handover-checklist":