From c60463dd0b1b7b5a88fc7e34725da9fb70cf39aa Mon Sep 17 00:00:00 2001 From: Tiago Augusto Pimenta Date: Mon, 17 Dec 2018 18:27:38 -0200 Subject: [PATCH] Fix #6 checking for groups --- Dockerfile | 10 ++++++---- build | 2 +- k8s-rbac.yaml | 40 ++++++++++++++++++++-------------------- k8s.yaml | 8 ++++---- rule/service.go | 2 +- test-server | 2 +- 6 files changed, 33 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index c98ffca..cf04ec6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,13 +2,15 @@ FROM golang:alpine COPY . /go/src/github.com/tiagoapimenta/nginx-ldap-auth +ENV CGO_ENABLED=0 + RUN cd /go/src/github.com/tiagoapimenta/nginx-ldap-auth && \ apk add --no-cache git && \ go get -u gopkg.in/yaml.v2 && \ go get -u gopkg.in/ldap.v2 && \ - go build -ldflags='-s -w' -v -o /go/bin/nginx-ldap-auth ./main + go build -a -x -ldflags='-s -w -extldflags -static' -v -o /go/bin/nginx-ldap-auth ./main -FROM alpine +FROM scratch MAINTAINER Tiago A. Pimenta @@ -20,6 +22,6 @@ VOLUME /etc/nginx-ldap-auth EXPOSE 5555 -USER nobody +USER 65534:65534 -CMD [ "nginx-ldap-auth", "--config", "/etc/nginx-ldap-auth/config.yaml" ] +CMD [ "/usr/local/bin/nginx-ldap-auth", "--config", "/etc/nginx-ldap-auth/config.yaml" ] diff --git a/build b/build index 515acc9..7bdb1af 100755 --- a/build +++ b/build @@ -3,7 +3,7 @@ set -e base='docker.io/tpimenta/nginx-ldap-auth' -version='v1.0.3' +version='v1.0.4' image="$base:$version" atexit() { diff --git a/k8s-rbac.yaml b/k8s-rbac.yaml index 0262ff1..3298148 100644 --- a/k8s-rbac.yaml +++ b/k8s-rbac.yaml @@ -8,22 +8,22 @@ kind: Role metadata: name: nginx-ldap-auth rules: - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - "nginx-ldap-auth" - verbs: - - get - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - "nginx-ldap-auth" - verbs: - - get +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - "nginx-ldap-auth" + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - "nginx-ldap-auth" + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding @@ -66,12 +66,12 @@ spec: spec: serviceAccountName: nginx-ldap-auth containers: - - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.3 + - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.4 name: nginx-ldap-auth command: - - "nginx-ldap-auth" - - "--config" - - "/etc/nginx-ldap-auth/config.yaml" + - "/usr/local/bin/nginx-ldap-auth" + - "--config" + - "/etc/nginx-ldap-auth/config.yaml" ports: - name: http containerPort: 5555 diff --git a/k8s.yaml b/k8s.yaml index 04e495e..91a8bfb 100644 --- a/k8s.yaml +++ b/k8s.yaml @@ -26,12 +26,12 @@ spec: app: nginx-ldap-auth spec: containers: - - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.3 + - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.4 name: nginx-ldap-auth command: - - "nginx-ldap-auth" - - "--config" - - "/etc/nginx-ldap-auth/config.yaml" + - "/usr/local/bin/nginx-ldap-auth" + - "--config" + - "/etc/nginx-ldap-auth/config.yaml" ports: - name: http containerPort: 5555 diff --git a/rule/service.go b/rule/service.go index 26e6f7d..6b887e5 100644 --- a/rule/service.go +++ b/rule/service.go @@ -54,7 +54,7 @@ func (p *Service) validate(username, password string) (bool, error) { return false, err } - if ok || p.required == nil || len(p.required) == 0 { + if !ok || p.required == nil || len(p.required) == 0 { return err == nil, nil } diff --git a/test-server b/test-server index c6b0ca4..00a4d97 100755 --- a/test-server +++ b/test-server @@ -41,4 +41,4 @@ docker run \ -v '/tmp/config.yaml:/etc/nginx-ldap-auth/config.yaml:ro' \ --name ldap-test-client \ -d \ - docker.io/tpimenta/nginx-ldap-auth:v1.0.3 + docker.io/tpimenta/nginx-ldap-auth:v1.0.4