DodoApp: New app gets all internal users as read-write collaborators
Disable SoftServe keyless and anon access
Change-Id: I898a34a5dbd4c8ce049f834dd61a96a3abb1e603
diff --git a/charts/soft-serve/templates/stateful-set.yaml b/charts/soft-serve/templates/stateful-set.yaml
index 0ed35ea..e5b32eb 100644
--- a/charts/soft-serve/templates/stateful-set.yaml
+++ b/charts/soft-serve/templates/stateful-set.yaml
@@ -45,6 +45,10 @@
value: ":80"
- name: SOFT_SERVE_HTTP_PUBLIC_URL
value: "http://{{ .Values.ingress.domain }}"
+ - name: SOFT_SERVE_ALLOW_KEYLESS
+ value: "{{ .Values.allowKeyless }}"
+ - name: SOFT_SERVE_ANON_ACCESS
+ value: "{{ .Values.anonAccess }}"
ports:
- name: ssh
containerPort: {{ .Values.port }}
diff --git a/charts/soft-serve/values.yaml b/charts/soft-serve/values.yaml
index 3f714a4..cd042fc 100644
--- a/charts/soft-serve/values.yaml
+++ b/charts/soft-serve/values.yaml
@@ -18,3 +18,5 @@
ingressClassName: example-ingress-private
certificateIssuer: ""
sourcePort: 0
+allowKeyless: false
+anonAccess: "no-access"
diff --git a/core/installer/welcome/dodo_app.go b/core/installer/welcome/dodo_app.go
index 7a84d71..32fb0de 100644
--- a/core/installer/welcome/dodo_app.go
+++ b/core/installer/welcome/dodo_app.go
@@ -788,6 +788,21 @@
if err := s.client.AddReadWriteCollaborator(appName, user); err != nil {
return err
}
+ if !s.external {
+ go func() {
+ users, err := s.client.GetAllUsers()
+ if err != nil {
+ fmt.Println(err)
+ return
+ }
+ for _, user := range users {
+ // TODO(gio): fluxcd should have only read access
+ if err := s.client.AddReadWriteCollaborator(appName, user); err != nil {
+ fmt.Println(err)
+ }
+ }
+ }()
+ }
return nil
}