apiVersion: v1 kind: ConfigMap metadata: name: {{ include "passbook.fullname" . }}-config data: config.yml: | # Env for Docker images databases: default: engine: django.db.backends.postgresql name: {{ .Values.postgresql.postgresqlDatabase }} user: postgres password: {{ .Values.postgresql.postgresqlPassword }} host: {{ .Release.Name }}-postgresql port: '' log: level: console: WARNING file: WARNING file: /dev/null syslog: host: 127.0.0.1 port: 514 email: host: {{ .Values.config.email.host }} port: 25 user: '' password: '' use_tls: false use_ssl: false from: passbook web: listen: 0.0.0.0 port: 8000 threads: 30 debug: false secure_proxy_header: HTTP_X_FORWARDED_PROTO: https rabbitmq: "user:{{ .Values.rabbitmq.rabbitmq.password }}@{{ .Release.Name }}-rabbitmq" redis: ":{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master/0" # Error reporting, sends stacktrace to sentry.services.beryju.org error_report_enabled: {{ .Values.config.error_reporting }} {{- if .Values.config.secret_key }} secret_key: {{ .Values.config.secret_key }} {{- else }} secret_key: {{ randAlphaNum 50 }} {{- end }} primary_domain: {{ .Values.primary_domain }} domains: {{- range .Values.ingress.hosts }} - {{ . | quote }} {{- end }} - kubernetes-healthcheck-host passbook: sign_up: # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true enabled: true password_reset: # Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true enabled: true # Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions` verification: - email # Text used in title, on login page and multiple other places branding: passbook login: # Override URL used for logo logo_url: null # Override URL used for Background on Login page bg_url: null # Optionally add a subtext, placed below logo on the login page subtext: null footer: links: # Optionally add links to the footer on the login page # - name: test # href: https://test # Specify which fields can be used to authenticate. Can be any combination of `username` and `email` uid_fields: - username - email session: remember_age: 2592000 # 60 * 60 * 24 * 30, one month # Provider-specific settings ldap: # # Completely enable or disable LDAP provider # enabled: false # # AD Domain, used to generate `userPrincipalName` # domain: corp.contoso.com # # Base DN in which passbook should look for users # base_dn: dn=corp,dn=contoso,dn=com # # LDAP field which is used to set the django username # username_field: sAMAccountName # # LDAP server to connect to, can be set to `` # server: # name: corp.contoso.com # use_tls: false # # Bind credentials, used for account creation # bind: # username: Administraotr@corp.contoso.com # password: VerySecurePassword! # Which field from `uid_fields` maps to which LDAP Attribute login_field_map: username: sAMAccountName email: mail # or userPrincipalName user_attribute_map: active_directory: username: "%(sAMAccountName)s" email: "%(mail)s" name: "%(displayName)" # # Create new users in LDAP upon sign-up # create_users: true # # Reset LDAP password when user reset their password # reset_password: true oauth_client: # List of python packages with sources types to load. types: - passbook.oauth_client.source_types.discord - passbook.oauth_client.source_types.facebook - passbook.oauth_client.source_types.github - passbook.oauth_client.source_types.google - passbook.oauth_client.source_types.reddit - passbook.oauth_client.source_types.supervisr - passbook.oauth_client.source_types.twitter - passbook.oauth_client.source_types.azure_ad saml_idp: signing: true autosubmit: false issuer: passbook assertion_valid_for: 86400 # List of python packages with provider types to load. types: - passbook.saml_idp.processors.generic - passbook.saml_idp.processors.salesforce