chore: use ubuntu image to reduce image size (#142 )

* chore: use ubuntu image to reduce image size * fix(lint): hadolint issues
Make sure vaultwarden has an 'object' in the compose files
2024-01-17 10:08:37 -08:00 · 2024-01-17 09:45:38 -08:00 · 2023-06-14 07:57:28 -07:00 · 2023-06-14 07:56:50 -07:00 · 2023-06-14 07:56:06 -07:00 · 2023-06-14 07:55:39 -07:00
12 changed files with 399 additions and 331 deletions
--- a/.github/workflows/cargo.yml
+++ b/.github/workflows/cargo.yml
@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3

      - name: Build
        run: cargo build --verbose
@ -24,12 +24,12 @@ jobs:
      - name: Run tests
        run: cargo test --verbose

-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4

      - name: Run pre-commit hooks
-        uses: pre-commit/action@v2.0.3
+        uses: pre-commit/action@v3.0.0
        env:
          SKIP: hadolint

      - name: Run hadolint
-        uses: hadolint/hadolint-action@v1.6.0
+        uses: hadolint/hadolint-action@v3.1.0
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -25,10 +25,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
          images: vividboarder/vaultwarden_ldap
          flavor: |
@ -42,12 +42,12 @@ jobs:

      - name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: ${{ matrix.dockerfile }}
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,11 +1,11 @@
 [package]
 name = "vaultwarden_ldap"
-version = "0.6.2"
+version = "1.0.0"
 authors = ["ViViDboarder <vividboarder@gmail.com>"]
 edition = "2018"

 [dependencies]
-ldap3 = "0.9"
+ldap3 = "0.11"
 serde = { version = "1.0", features = ["derive"] }
 toml = "0.5"
 reqwest = { version = "0.11", features = ["json", "blocking"] }
@ -13,3 +13,5 @@ serde_json = "1.0"
 thiserror = "1.0"
 anyhow = "1.0"
 envy = "0.4.1"
+pledge = "0.4.2"
+unveil = "0.3.2"
--- a/5
+++ b/5
@ -1,4 +1,4 @@
-ARG BUILD_TAG=1.56.1
+ARG BUILD_TAG=1.57.0
 ARG RUN_TAG=$BUILD_TAG

 FROM rust:$BUILD_TAG as builder
@ -18,8 +18,9 @@ RUN rm ./target/release/deps/vaultwarden_ldap*
 COPY src ./src
 RUN cargo build --release

-FROM rust:$RUN_TAG
+FROM ubuntu:focal
 WORKDIR /app
+RUN apt-get update -y && apt-get install -y libssl-dev=1.1.1f-1ubuntu2.20 --no-install-recommends && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /usr/src/vaultwarden_ldap/target/release/vaultwarden_ldap /usr/local/bin/

 CMD ["/usr/local/bin/vaultwarden_ldap"]
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@ -1,4 +1,4 @@
-FROM ekidd/rust-musl-builder:1.51.0 AS builder
+FROM ekidd/rust-musl-builder:1.57.0 AS builder

 WORKDIR /home/rust/src

@ -14,7 +14,8 @@ RUN USER=rust touch ./src/main.rs
 RUN cargo build --release

 FROM alpine:3
-RUN apk --no-cache add ca-certificates=20211220-r0
+# hadolint ignore=DL3018
+RUN apk --no-cache add ca-certificates
 COPY --from=builder \
    /home/rust/src/target/x86_64-unknown-linux-musl/release/vaultwarden_ldap \
    /usr/local/bin/
--- a/18
+++ b/18
@ -38,14 +38,28 @@ test:
 itest:
 	docker-compose -f docker-compose.yml \
 		-f itest/docker-compose.itest.yml \
-		up --build
+		build
+	docker-compose -f docker-compose.yml \
+		-f itest/docker-compose.itest.yml \
+		up -d vaultwarden ldap
+	docker-compose -f docker-compose.yml \
+		-f itest/docker-compose.itest.yml \
+		run ldap_sync
+	docker-compose stop

 # Run bootstrapped integration test using env for config
 .PHONY: itest-env
 itest-env:
 	docker-compose -f docker-compose.yml \
 		-f itest/docker-compose.itest-env.yml \
-		up --build
+		build
+	docker-compose -f docker-compose.yml \
+		-f itest/docker-compose.itest-env.yml \
+		up -d vaultwarden ldap
+	docker-compose -f docker-compose.yml \
+		-f itest/docker-compose.itest-env.yml \
+		run ldap_sync
+	docker-compose stop

 .PHONY: clean-itest
 clean-itest:
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 # vaultwarden_ldap
-An LDAP connector for [vaultwarden](https://github.com/dani-garcia/vaultwarden)
+LDAP user invites for [vaultwarden](https://github.com/dani-garcia/vaultwarden)

-After configuring, run `vaultwarden_ldap` and it will invite any users it finds in LDAP to your `vaultwarden` instance.
+After configuring, run `vaultwarden_ldap` and it will invite any users it finds in LDAP to your `vaultwarden` instance. This is NOT a sync tool like the [Bitwarden Directory Connector](https://bitwarden.com/help/directory-sync/).

 ## Deploying

@ -44,7 +44,18 @@ For those less familiar with `cargo`, you can use the `make` targets that have b

 ## Testing

-All testing is manual right now. First step is to set up Bitwarden and the LDAP server.
+There are no unit tests, but there are integration tests that require manual verification.
+
+### Integration tests
+
+Running `make itest` will spin up an ldap server with a test user, a Vaultwarden server, and then run the sync. If successful the log should show an invitation sent to the test user. If you run `make itest` again, it should show no invites sent because the user already has been invited. If you'd like to reset the testing, `make clean-itest` will clear out the Vaultwarden database and start fresh.
+
+It's also possible to test passing configs via enviornment variables by running `make itest-env`. The validation steps are the same.
+
+
+### Steps for manual testing
+
+The first step is to set up Bitwarden and the LDAP server.

 ```bash
 docker-compose up -d vaultwarden ldap ldap_admin
@ -74,8 +85,3 @@ docker-compose up ldap_sync
 Alternately, you can bootstrap some of this by running:

    docker-compose -f docker-compose.yml -f itest/docker-compose.itest.yml up --build
-
-## Future
-
-* Any kind of proper logging
-* Tests
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -24,6 +24,7 @@ services:
      ADMIN_TOKEN: admin
      SIGNUPS_ALLOWED: 'false'
      INVITATIONS_ALLOWED: 'true'
+      I_REALLY_WANT_VOLATILE_STORAGE: 'true'

  ldap:
    image: osixia/openldap
--- a/itest/docker-compose.itest-env.yml
+++ b/itest/docker-compose.itest-env.yml
@ -11,9 +11,9 @@ services:
      APP_LDAP_BIND_PASSWORD: "admin"
      APP_LDAP_SEARCH_BASE_DN: "dc=example,dc=org"
      APP_LDAP_SEARCH_FILTER: "(&(objectClass=*)(uid=*))"
-      APP_LDAP_SYNC_INTERVAL_SECONDS: 10
+      APP_LDAP_SYNC_LOOP: "false"

-  vaultwarden:
+  vaultwarden: {}

  ldap:
    command: ["--copy-service"]
--- a/itest/docker-compose.itest.yml
+++ b/itest/docker-compose.itest.yml
@ -2,8 +2,10 @@
 version: '3'
 services:
  ldap_sync:
+    volumes:
+      - ./itest/config.toml:/config.toml:ro

-  vaultwarden:
+  vaultwarden: {}

  ldap:
    command: ["--copy-service"]
--- a/src/main.rs
+++ b/src/main.rs
@ -1,5 +1,7 @@
 extern crate anyhow;
 extern crate ldap3;
+extern crate pledge;
+extern crate unveil;

 use std::collections::HashSet;
 use std::thread::sleep;
@ -9,6 +11,8 @@ use anyhow::Context as _;
 use anyhow::Error as AnyError;
 use anyhow::Result;
 use ldap3::{DerefAliases, LdapConn, LdapConnSettings, Scope, SearchEntry, SearchOptions};
+use pledge::pledge;
+use unveil::unveil;

 mod config;
 mod vw_admin;
@ -21,6 +25,16 @@ fn main() {
        config.get_vaultwarden_root_cert_file(),
    );

+    unveil(config::get_config_path(), "r")
+        .or_else(unveil::Error::ignore_platform)
+        .expect("Could not unveil config file");
+    unveil("", "")
+        .or_else(unveil::Error::ignore_platform)
+        .expect("Could not disable further unveils");
+    pledge("dns flock inet rpath stdio tty", "")
+        .or_else(pledge::Error::ignore_platform)
+        .expect("Could not pledge permissions");
+
    invite_users(&config, &mut client, config.get_ldap_sync_loop())
 }
Author	SHA1	Message	Date
DanCodes	0feac2d904	chore: use ubuntu image to reduce image size (#142 ) * chore: use ubuntu image to reduce image size * fix(lint): hadolint issues	2024-01-17 10:08:37 -08:00
ViViDboarder	5f63df3dee	Make sure vaultwarden has an 'object' in the compose files	2024-01-17 09:45:38 -08:00
Ian	e80dce8042	Merge pull request #129 from ViViDboarder/dependabot/cargo/serde_json-1.0.95 Bump serde_json from 1.0.91 to 1.0.95	2023-06-14 07:57:28 -07:00
Ian	0a0d9ed69f	Merge pull request #130 from ViViDboarder/dependabot/cargo/anyhow-1.0.70 Bump anyhow from 1.0.68 to 1.0.70	2023-06-14 07:56:50 -07:00
Ian	44179f886a	Merge pull request #123 from ViViDboarder/dependabot/cargo/ldap3-0.11.1 Bump ldap3 from 0.9.4 to 0.11.1	2023-06-14 07:56:06 -07:00
Ian	4b5c9f36c4	Merge pull request #131 from ViViDboarder/dependabot/cargo/thiserror-1.0.40 Bump thiserror from 1.0.38 to 1.0.40	2023-06-14 07:55:39 -07:00
Ian	8e8586bc90	Merge pull request #121 from ViViDboarder/dependabot/github_actions/docker/metadata-action-4 Bump docker/metadata-action from 3 to 4	2023-06-14 07:54:57 -07:00
Ian	a96c8d91b8	Merge pull request #120 from ViViDboarder/dependabot/github_actions/docker/build-push-action-4 Bump docker/build-push-action from 3 to 4	2023-06-14 07:54:45 -07:00
Ian	3dda190c3a	Merge pull request #118 from ViViDboarder/dependabot/github_actions/hadolint/hadolint-action-3.1.0 Bump hadolint/hadolint-action from 1.6.0 to 3.1.0	2023-06-14 07:54:05 -07:00
Ian	f366b20fef	Merge pull request #119 from ViViDboarder/dependabot/github_actions/pre-commit/action-3.0.0 Bump pre-commit/action from 2.0.3 to 3.0.0	2023-06-14 07:53:38 -07:00
dependabot[bot]	78fd8c4248	Bump thiserror from 1.0.38 to 1.0.40 Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.38 to 1.0.40. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.38...1.0.40) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-01 04:58:55 +00:00
dependabot[bot]	10aeba1ce8	Bump anyhow from 1.0.68 to 1.0.70 Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.68 to 1.0.70. - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.68...1.0.70) --- updated-dependencies: - dependency-name: anyhow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-01 04:58:48 +00:00
dependabot[bot]	6882de79af	Bump serde_json from 1.0.91 to 1.0.95 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.91 to 1.0.95. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.91...v1.0.95) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-01 04:58:41 +00:00
Ian	5209fb6c8d	Update README.md Fixes #127	2023-03-30 09:33:47 -07:00
dependabot[bot]	02f6383444	Bump ldap3 from 0.9.4 to 0.11.1 Bumps [ldap3](https://github.com/inejge/ldap3) from 0.9.4 to 0.11.1. - [Release notes](https://github.com/inejge/ldap3/releases) - [Changelog](https://github.com/inejge/ldap3/blob/master/CHANGELOG.md) - [Commits](https://github.com/inejge/ldap3/compare/v0.9.4...v0.11.1) --- updated-dependencies: - dependency-name: ldap3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-01 04:01:33 +00:00
dependabot[bot]	8f897713fd	Bump docker/metadata-action from 3 to 4 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4. - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/docker/metadata-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-01 04:01:10 +00:00
dependabot[bot]	fcc02354ca	Bump docker/build-push-action from 3 to 4 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-01 04:01:05 +00:00
dependabot[bot]	50cc9cf2cb	Bump pre-commit/action from 2.0.3 to 3.0.0 Bumps [pre-commit/action](https://github.com/pre-commit/action) from 2.0.3 to 3.0.0. - [Release notes](https://github.com/pre-commit/action/releases) - [Commits](https://github.com/pre-commit/action/compare/v2.0.3...v3.0.0) --- updated-dependencies: - dependency-name: pre-commit/action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-01 04:01:01 +00:00
dependabot[bot]	e0005fbd38	Bump hadolint/hadolint-action from 1.6.0 to 3.1.0 Bumps [hadolint/hadolint-action](https://github.com/hadolint/hadolint-action) from 1.6.0 to 3.1.0. - [Release notes](https://github.com/hadolint/hadolint-action/releases) - [Changelog](https://github.com/hadolint/hadolint-action/blob/master/.releaserc) - [Commits](https://github.com/hadolint/hadolint-action/compare/v1.6.0...v3.1.0) --- updated-dependencies: - dependency-name: hadolint/hadolint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-26 00:47:01 +00:00
ViViDboarder	30974696be	Update testing instructions and bump 1.0	2023-01-25 16:42:55 -08:00
Ian	f7b7f28e77	Merge pull request #117 from ViViDboarder/bump-rust-versions Upgrade dependencies to replace vulnerable versions	2023-01-25 16:40:54 -08:00
ViViDboarder	1111b2a3df	Upgrade dependencies to replace vulnerable versions This also requried a Rust upgrade. Verified with `make itest`	2023-01-25 16:13:02 -08:00
Ian	9c6c339dc8	Merge pull request #116 from ViViDboarder/action-dependa-bump Action dependa bump	2023-01-25 16:03:11 -08:00
ViViDboarder	74c5ec4e72	Remove pinned ca-certs version	2023-01-25 15:58:21 -08:00
ViViDboarder	3faf747817	Merge remote-tracking branch 'origin/dependabot/github_actions/actions/setup-python-4' into action-dependa-bump	2023-01-25 15:53:29 -08:00
ViViDboarder	98a276b644	Merge remote-tracking branch 'origin/dependabot/github_actions/docker/build-push-action-3' into action-dependa-bump	2023-01-25 15:53:01 -08:00
ViViDboarder	b735760315	Merge remote-tracking branch 'origin/dependabot/github_actions/docker/login-action-2' into action-dependa-bump	2023-01-25 15:52:44 -08:00
ViViDboarder	e4b9c19215	Merge remote-tracking branch 'origin/dependabot/github_actions/actions/checkout-3' into action-dependa-bump	2023-01-25 15:52:15 -08:00
Ian	66f35bff6d	Merge pull request #68 from ViViDboarder/dependabot/cargo/ldap3-0.9.4 Bump ldap3 from 0.9.3 to 0.9.4	2023-01-25 15:47:30 -08:00
dependabot[bot]	11ab2b92c2	Bump actions/setup-python from 2 to 4 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-07-01 04:06:22 +00:00
dependabot[bot]	11a0c3902b	Bump ldap3 from 0.9.3 to 0.9.4 Bumps [ldap3](https://github.com/inejge/ldap3) from 0.9.3 to 0.9.4. - [Release notes](https://github.com/inejge/ldap3/releases) - [Changelog](https://github.com/inejge/ldap3/blob/v0.9.4/CHANGELOG.md) - [Commits](https://github.com/inejge/ldap3/compare/v0.9.3...v0.9.4) --- updated-dependencies: - dependency-name: ldap3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-09 04:53:37 +00:00
Ian	ce6cb783d0	Merge pull request #82 from epsilon-0/master add security features on OpenBSD	2022-06-08 21:51:43 -07:00
dependabot[bot]	b2dd2d42bc	Bump docker/build-push-action from 2 to 3 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 3. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-01 06:12:22 +00:00
dependabot[bot]	274adaff9d	Bump docker/login-action from 1 to 2 Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v1...v2) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-01 06:12:17 +00:00
Aisha Tammy	97a64c7247	add security features on OpenBSD Signed-off-by: Aisha Tammy <floss@bsd.ac>	2022-05-24 16:30:41 -04:00
dependabot[bot]	eb204793d3	Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-04-01 04:03:39 +00:00