From 0b720aa08234bd72903810d4655e268ec972d6e0 Mon Sep 17 00:00:00 2001 From: ibizaman Date: Sun, 10 Aug 2025 22:57:36 +0200 Subject: [PATCH] bootstrap: fine grained cleanup --- example_configs/bootstrap/bootstrap.md | 3 +++ scripts/bootstrap.sh | 9 ++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/example_configs/bootstrap/bootstrap.md b/example_configs/bootstrap/bootstrap.md index 65807dd..503b623 100644 --- a/example_configs/bootstrap/bootstrap.md +++ b/example_configs/bootstrap/bootstrap.md @@ -36,6 +36,9 @@ The script can: - `GROUP_SCHEMAS_DIR` (default value: `/bootstrap/group-schemas`) - directory where the group schema JSON configs could be found - `LLDAP_SET_PASSWORD_PATH` - path to the `lldap_set_password` utility (default value: `/app/lldap_set_password`) - `DO_CLEANUP` (default value: `false`) - delete groups and users not specified in config files, also remove users from groups that they do not belong to +- `DO_CLEANUP_USERS` (default value: `false`) - same as `DO_CLEANUP` but only for users. +- `DO_CLEANUP_GROUP_MEMBERSHIP` (default value: `false`) - same as `DO_CLEANUP` but only for group membership. +- `DO_CLEANUP_GROUPS` (default value: `false`) - same as `DO_CLEANUP` but only for groups. ## Config files diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 3bd6d13..260ca16 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -12,6 +12,9 @@ USER_CONFIGS_DIR="${USER_CONFIGS_DIR:-/bootstrap/user-configs}" GROUP_CONFIGS_DIR="${GROUP_CONFIGS_DIR:-/bootstrap/group-configs}" LLDAP_SET_PASSWORD_PATH="${LLDAP_SET_PASSWORD_PATH:-/app/lldap_set_password}" DO_CLEANUP="${DO_CLEANUP:-false}" +DO_CLEANUP_USERS="${DO_CLEANUP_USERS:-$DO_CLEANUP}" +DO_CLEANUP_GROUP_MEMBERSHIP="${DO_CLEANUP_GROUP_MEMBERSHIP:-$DO_CLEANUP}" +DO_CLEANUP_GROUPS="${DO_CLEANUP_GROUPS:-$DO_CLEANUP}" # Fallback to support legacy defaults if [[ ! -d $USER_CONFIGS_DIR ]] && [[ -d "/user-configs" ]]; then @@ -681,7 +684,7 @@ main() { else local group_name='' while read -r group_name; do - if [[ "$DO_CLEANUP" == 'true' ]]; then + if [[ "$DO_CLEANUP_GROUPS" == 'true' ]]; then delete_group "$group_name" else printf '[WARNING] Group "%s" is not declared in config files\n' "$group_name" @@ -736,7 +739,7 @@ main() { local user_group_name='' while read -r user_group_name; do - if [[ "$DO_CLEANUP" == 'true' ]]; then + if [[ "$DO_CLEANUP_GROUP_MEMBERSHIP" == 'true' ]]; then remove_user_from_group "$id" "$user_group_name" else printf '[WARNING] User "%s" is not declared as member of the "%s" group in the config files\n' "$id" "$user_group_name" @@ -753,7 +756,7 @@ main() { else local id='' while read -r id; do - if [[ "$DO_CLEANUP" == 'true' ]]; then + if [[ "$DO_CLEANUP_USERS" == 'true' ]]; then delete_user "$id" else printf '[WARNING] User "%s" is not declared in config files\n' "$id"