Fix #6 checking for groups

2018-12-17 18:27:38 -02:00 · 2018-12-17 18:27:38 -02:00 · c60463dd0b
parent e273f12a92
commit c60463dd0b
6 changed files with 33 additions and 31 deletions
--- a/10
+++ b/10
@ -2,13 +2,15 @@ FROM golang:alpine
 COPY . /go/src/github.com/tiagoapimenta/nginx-ldap-auth
 ENV CGO_ENABLED=0
 RUN cd /go/src/github.com/tiagoapimenta/nginx-ldap-auth && \
 	apk add --no-cache git && \
 	go get -u gopkg.in/yaml.v2 && \
 	go get -u gopkg.in/ldap.v2 && \
-	go build -ldflags='-s -w' -v -o /go/bin/nginx-ldap-auth ./main
+	go build -a -x -ldflags='-s -w -extldflags -static' -v -o /go/bin/nginx-ldap-auth ./main
-FROM alpine
+FROM scratch
 MAINTAINER Tiago A. Pimenta <tiagoapimenta@gmail.com>
@ -20,6 +22,6 @@ VOLUME /etc/nginx-ldap-auth
 EXPOSE 5555
-USER nobody
+USER 65534:65534
-CMD [ "nginx-ldap-auth", "--config", "/etc/nginx-ldap-auth/config.yaml" ]
+CMD [ "/usr/local/bin/nginx-ldap-auth", "--config", "/etc/nginx-ldap-auth/config.yaml" ]
--- a/2
+++ b/2
@ -3,7 +3,7 @@
 set -e
 base='docker.io/tpimenta/nginx-ldap-auth'
-version='v1.0.3'
+version='v1.0.4'
 image="$base:$version"
 atexit() {
--- a/k8s-rbac.yaml
+++ b/k8s-rbac.yaml
@ -8,22 +8,22 @@ kind: Role
 metadata:
  name: nginx-ldap-auth
 rules:
-  - apiGroups:
+- apiGroups:
-      - ""
+  - ""
-    resources:
+  resources:
-      - configmaps
+  - configmaps
-    resourceNames:
+  resourceNames:
-      - "nginx-ldap-auth"
+  - "nginx-ldap-auth"
-    verbs:
+  verbs:
-      - get
+  - get
-  - apiGroups:
+- apiGroups:
-      - ""
+  - ""
-    resources:
+  resources:
-      - secrets
+  - secrets
-    resourceNames:
+  resourceNames:
-      - "nginx-ldap-auth"
+  - "nginx-ldap-auth"
-    verbs:
+  verbs:
-      - get
+  - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
@ -66,12 +66,12 @@ spec:
    spec:
      serviceAccountName: nginx-ldap-auth 
      containers:
-      - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.3
+      - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.4
        name: nginx-ldap-auth
        command:
-          - "nginx-ldap-auth"
+        - "/usr/local/bin/nginx-ldap-auth"
-          - "--config"
+        - "--config"
-          - "/etc/nginx-ldap-auth/config.yaml"
+        - "/etc/nginx-ldap-auth/config.yaml"
        ports:
        - name: http
          containerPort: 5555
--- a/k8s.yaml
+++ b/k8s.yaml
@ -26,12 +26,12 @@ spec:
        app: nginx-ldap-auth
    spec:
      containers:
-      - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.3
+      - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.4
        name: nginx-ldap-auth
        command:
-          - "nginx-ldap-auth"
+        - "/usr/local/bin/nginx-ldap-auth"
-          - "--config"
+        - "--config"
-          - "/etc/nginx-ldap-auth/config.yaml"
+        - "/etc/nginx-ldap-auth/config.yaml"
        ports:
        - name: http
          containerPort: 5555
--- a/rule/service.go
+++ b/rule/service.go
@ -54,7 +54,7 @@ func (p *Service) validate(username, password string) (bool, error) {
 		return false, err
 	}
-	if ok || p.required == nil || len(p.required) == 0 {
+	if !ok || p.required == nil || len(p.required) == 0 {
 		return err == nil, nil
 	}
--- a/2
+++ b/2
@ -41,4 +41,4 @@ docker run \
 	-v '/tmp/config.yaml:/etc/nginx-ldap-auth/config.yaml:ro' \
 	--name ldap-test-client \
 	-d \
-	docker.io/tpimenta/nginx-ldap-auth:v1.0.3
+	docker.io/tpimenta/nginx-ldap-auth:v1.0.4