3.2.3. UDM data loader#
As a developer or DevOps engineer, you need directory objects in the directory service for your packaged integration. If this scenario describes your customization case, then the UDM data loader is for you.
During its initial deployment, Nubus for Kubernetes creates a bunch of directory objects in the directory service. Data in the YAML format describes the wanted state of directory objects. The UDM data loader creates or modifies UDM objects accordingly, which applies business logic in UDM, creates and saves the directory objects.
You can use the same mechanism to add directory objects for your packaged integration. This section describes how you define the data, bundle, and apply it.
Example
For the UDM data loader, see the following implementation example:
See also
- Populate data on initial startup of Nubus
in Univention Nubus for Kubernetes - Architecture Manual [1] for information on the architecture for populating data on initial startup of Nubus.
Fig. 3.2 shows the procedure for creating and using the UDM data loader plugin. The top row illustrates the involved roles Software Developer and Operator. The Software Developer creates and documents the packaged integration. The tasks for the Software Developer are the following:
Describe the wanted directory objects in YAML, suitable for the UDM data loader.
Document the template variables defined in the YAML data.
The Operator adjusts the custom_values.yaml deployment value file.
As part of it, they also assign values to the template variables
that relate to the deployed Nubus for Kubernetes environment.
The bottom three rows illustrate what happens at the application level. By installing the packaged integration through the helm upgrade command, the operator triggers an update of the Nubus for Kubernetes installation, which also triggers a re-run of the UDM data loader. The UDM data loader reads the UDM data from the YAML files, and acts on it by calling the UDM HTTP REST API to create or modify the appropriate directory objects.
Fig. 3.2 Procedure for UDM data loader and involved roles#
3.2.3.1. Provide data to the loader#
To provide data for the UDM data loader plugin to Nubus for Kubernetes, use the following steps:
Create the YAML files. See Data loader format and its following sections.
Save the YAML files in the directory
udm-data-loaderin your packaged integration project.Follow the instructions for building the Docker image in Bundle packaged integrations.
Copy the plugin file to your packaged integration project. For the UDM data loader, the
plugin-typeisudm-data-loader. See Add plugins.$ export PLUGIN_TYPE="udm-data-loader"
3.2.3.2. Data loader format#
The UDM data loader reads the wanted state of directory objects from YAML files and prepares that state by creating or modifying UDM objects. Your packaged integration can contain several YAML files. The data loader reads them in lexical order. For example, you can define groups in one YAML file and then define users in subsequent files to add them to the already defined groups. Listing 3.1 shows an example for the order.
.
├── 01-user-groups.yaml
└── 05-users-to-groups.yaml
Each YAML file consists of several YAML directives separated by ---.
Listing 3.2
shows an example of a YAML directive for the UDM data loader.
It creates a mail domain object
at a defined position using the ldapBaseDn in the directory service
with the name of the configured externalMailDomain.
---
action: "create"
module: "mail/domain"
position: "cn=domain,cn=mail,{{ ldapBaseDn }}"
properties:
name: "{{ externalMailDomain }}"
---
ldapBaseDn and externalMailDomain in the example in
Listing 3.2
are template variables,
that are placeholders which Helm substitutes with the actual values
provided by the operator at deployment time.
For information about how to define and use template variables,
see Template variables in the data loader.
Each YAML directive contains the following mapping:
actionType:
string. See Actions in the data loader.moduleType:
string. See UDM modules in the data loader.positionType:
string. Defines the position in the directory service tree. For the LDAP base DN you can use the template variableldapBaseDn.propertiesType: mapping of
strings.
The properties mapping defines the properties of the UDM object and depends on the UDM module used.
3.2.3.3. Actions in the data loader#
The data loader supports the following actions in the YAML directives:
createThe action creates the UDM object with the properties provided.
For an example, see Listing 3.2.
ensure_list_containsThe action ensures that a list in the given UDM object contains the given list entry.
For an example, see Listing 3.3.
--- action: ensure_list_contains module: groups/group position: cn=Domain Admins,cn=groups,{{ ldapBaseDn }} policies: policies/umc: - "cn=default-umc-all,cn=UMC,cn=policies,{{ ldapBaseDn }}" ---
modifyThe action modifies the given properties of the particular UDM object.
For an example, see Listing 3.4.
--- action: "modify" module: "portals/entry" position: "cn=login-saml,cn=entry,cn=portals,cn=univention,{{ ldapBaseDn }}" properties: activated: true ---
create_or_modifyThe action creates the object, if it doesn’t exist. In case it exists, UDM modifies the object accordingly.
delete_if_existsThe action deletes the object if it exists, otherwise it does nothing.
3.2.3.4. Template variables in the data loader#
Template variables provide the capability to adjust the data for loading into Nubus for Kubernetes depending on their installation environment.
The example in
Listing 3.2
uses the template variables ldapBaseDn and externalMailDomain.
You can define template variables in your YAML directives
in the position and properties mappings
using the double curly braces notation
{{ variable }}.
It’s the Jinja2 notation.
You can also use other syntax from Jinja2, for example loops.
- Variable declaration
To declare template variables, you as a software developer who creates the packaged integration, pick unique variable names and add it to your YAML directives. For example in Listing 3.2.
- Recommendation:
Use a prefix as a namespace to distinguish your variables from template variables in other packaged integrations.
- Variable value assignment
To assign values to the variables, you as an operator who updates the Nubus deployment with the packaged integration, assign values to the template variables in your deployment values file, such as
custom_values.yaml. Listing 3.5 shows an example for assigning values to template variables.nubusStackDataUms: templateContext: externalMailDomain: "<value-for-externalMailDomain>" variable2: "<value-for-variable-2"
When an operator activates a packaged integration that uses the UDM data loader, Helm provides a so-called template context to the data loader binary. The template context replaces the variable names with the variable values that the operator assigns in their
custom_values.yamldeployment values file.
Tip
Nubus for Kubernetes provides the template variable ldapBaseDn in the template context by default.
You don’t have to tell the operator to assign a value to it.
The Helm Chart takes care of that template context.
Important
You as a software developer must document the template variables
that you define,
and communicate them to the operator.
The operator can then assign values to the template variables
in their custom_values.yaml deployment values file.
3.2.3.5. UDM modules in the data loader#
The data loader supports the following UDM modules
in the module mapping of the YAML directive:
container/cngroups/groupmail/domainpolicies/umcportals/categoryportals/entryportals/portalsettings/extended_attributesettings/umc_operationsetsettings/usertemplateusers/ldapusers/user