chore(kanidm): upgrade to v1.3.3

2024-12-22 15:34:33 +07:00 · 2024-09-02 12:45:30 +07:00 · 2024-09-02 12:45:30 +07:00 · 209a950ed0
commit 209a950ed0
parent eceebec57c
2 changed files with 6 additions and 6 deletions
--- a/platform/kanidm/values.yaml
+++ b/platform/kanidm/values.yaml
@ -6,7 +6,7 @@ app-template:
        main:
          image:
            repository: docker.io/kanidm/server
-            tag: 1.1.0-rc.16
+            tag: 1.3.3
      statefulset:
        volumeClaimTemplates:
          - name: data
@ -21,7 +21,7 @@ app-template:
        server.toml: |
          bindaddress = "[::]:443"
          ldapbindaddress = "[::]:636"
-          # trust_x_forward_for = false
+          trust_x_forward_for = true
          db_path = "/data/kanidm.db"
          tls_chain = "/data/ca.crt"
          tls_key = "/data/tls.key"
--- a/scripts/hacks
+++ b/scripts/hacks
@ -172,7 +172,7 @@ def setup_kanidm_group(name: str) -> None:
 def setup_kanidm_oauth_app(name: str, redirect_uri: str) -> None:
    try:
        subprocess.run(
-            ["kanidm", "system", "oauth2", "create", "--url", f"https://{kanidm_host}", "--name", "admin", name, name, redirect_uri],
+            ["kanidm", "system", "oauth2", "create", "--url", f"https://{kanidm_host}", "--name", "idm_admin", name, name, redirect_uri],
            capture_output=True,
            check=True,
        )
@ -181,20 +181,20 @@ def setup_kanidm_oauth_app(name: str, redirect_uri: str) -> None:

    # TODO https://github.com/dexidp/dex/pull/3188
    subprocess.run(
-        ["kanidm", "system", "oauth2", "warning-insecure-client-disable-pkce", "--url", f"https://{kanidm_host}", "--name", "admin", name],
+        ["kanidm", "system", "oauth2", "warning-insecure-client-disable-pkce", "--url", f"https://{kanidm_host}", "--name", "idm_admin", name],
        capture_output=True,
        check=True,
    )

    subprocess.run(
        # TODO better group management
-        ["kanidm", "system", "oauth2", "create-scope-map", "--url", f"https://{kanidm_host}", "--name", "admin", name, "editor", "openid", "profile", "email", "groups"],
+        ["kanidm", "system", "oauth2", "create-scope-map", "--url", f"https://{kanidm_host}", "--name", "idm_admin", name, "editor", "openid", "profile", "email", "groups"],
        capture_output=True,
        check=True,
    )

    client_secret = json.loads(subprocess.run(
-        ["kanidm", "system", "oauth2", "show-basic-secret", "--url", f"https://{kanidm_host}", "--name", "admin", "--output", "json", name],
+        ["kanidm", "system", "oauth2", "show-basic-secret", "--url", f"https://{kanidm_host}", "--name", "idm_admin", "--output", "json", name],
        capture_output=True,
        check=True,
    ).stdout.decode("utf-8"))['secret']