From f3e3fa22ec7c9c126a5473d4cb54618266d8c6bd Mon Sep 17 00:00:00 2001
From: Khue Doan <mail@khuedoan.com>
Date: Thu, 18 Jan 2024 20:18:47 +0700
Subject: [PATCH] refactor: update Kanidm password reset script to reset any
 account

https://github.com/khuedoan/homelab/issues/130
---
 .../{kanidm-reset-admin-password => kanidm-reset-password}  | 6 +++++-
 scripts/onboard-user                                        | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)
 rename scripts/{kanidm-reset-admin-password => kanidm-reset-password} (83%)

diff --git a/scripts/kanidm-reset-admin-password b/scripts/kanidm-reset-password
similarity index 83%
rename from scripts/kanidm-reset-admin-password
rename to scripts/kanidm-reset-password
index 7c4df1f1..9597becc 100755
--- a/scripts/kanidm-reset-admin-password
+++ b/scripts/kanidm-reset-password
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+set -eu
+
+account="${1}"
+
 echo "WARNING: Kanidm admin can do anything in the cluster, only use it for just enough initial setup or in emergencies." >&2
 export KUBECONFIG=./metal/kubeconfig.yaml
-kubectl exec -it -n kanidm statefulset/kanidm -- kanidmd recover-account admin
+kubectl exec -it -n kanidm statefulset/kanidm -- kanidmd recover-account "${account}"
diff --git a/scripts/onboard-user b/scripts/onboard-user
index c76e02d9..8cfe2d47 100755
--- a/scripts/onboard-user
+++ b/scripts/onboard-user
@@ -4,6 +4,7 @@ username="${1}"
 fullname="${2}"
 mail="${3}"
 
+export KUBECONFIG=./metal/kubeconfig.yaml
 host="$(kubectl get ingress --namespace kanidm kanidm --output jsonpath='{.spec.rules[0].host}')"
 
 kanidm person create "${username}" "${fullname}" --url "https://${host}" --name idm_admin