41 lines
1.7 KiB
YAML
41 lines
1.7 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: "{{ .Release.Name }}-post-patch-user"
|
|
annotations:
|
|
"helm.sh/hook": post-install,post-upgrade
|
|
"helm.sh/hook-weight": "-4"
|
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: Never
|
|
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
|
|
{{- if .Values.global.imagePullSecrets }}
|
|
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: post-patch-user
|
|
image: {{ template "kubectl.image" . }}
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- |
|
|
#!/bin/bash
|
|
# Get all users with the specified label
|
|
kubectl get users -l iam.kubesphere.io/identify-provider \
|
|
-o custom-columns=\
|
|
NAME:.metadata.name,\
|
|
IDP:".metadata.labels['iam\.kubesphere\.io/identify-provider']",\
|
|
UID:".metadata.labels['iam\.kubesphere\.io/origin-uid']" \
|
|
--no-headers | while read -r username idp uid; do
|
|
# Check if variables are not empty and not <none>
|
|
if [ ! -z "$username" ] && [ ! -z "$idp" ] && [ ! -z "$uid" ] && \
|
|
[ "$idp" != "<none>" ] && [ "$uid" != "<none>" ]; then
|
|
# Set annotation
|
|
annotation_key="iam.kubesphere.io/identity-provider.${idp}"
|
|
kubectl annotate --overwrite user "${username}" "${annotation_key}=${uid}"
|
|
echo "Updated user ${username} with annotation ${annotation_key}=${uid}"
|
|
fi
|
|
done
|