fix(kanidm): fix automatic_refresh TOML generation in init container (#182)

## Summary

- The `\n` escape in a shell variable wasn't interpreted as a newline when passed as a `printf %s` argument
- This caused `automatic_refresh = true` to be appended to the `partner_cert` string value on the same line, breaking TOML parsing on kanidm-2
- Fixed by using separate `printf` calls per peer type, with `\n` in the format string (not a variable) where it is correctly interpreted

## Test plan

- [ ] kanidm-2 init container generates valid TOML with `automatic_refresh = true` on its own line under the kanidm-0 peer section
- [ ] kanidm-1 and kanidm-2 start successfully and auto-refresh domain UUID from kanidm-0

Reviewed-on: #182
This commit was merged in pull request #182.
This commit is contained in:
2026-05-31 00:25:21 +10:00
parent 60f1f3130b
commit 3dc8801070
+7 -4
View File
@@ -53,10 +53,13 @@ spec:
cert_file="/repl-certs/${peer}"
[ -s "${cert_file}" ] || continue
fqdn="${peer}.kanidm-headless.kanidm.svc.cluster.local"
refresh=""
[ "${peer}" = "kanidm-0" ] && refresh="\nautomatic_refresh = true"
printf '\n[replication."repl://%s:8444"]\ntype = "mutual-pull"\npartner_cert = "%s"%s\n' \
"${fqdn}" "$(cat ${cert_file})" "${refresh}" >> /config/server.toml
if [ "${peer}" = "kanidm-0" ]; then
printf '\n[replication."repl://%s:8444"]\ntype = "mutual-pull"\npartner_cert = "%s"\nautomatic_refresh = true\n' \
"${fqdn}" "$(cat ${cert_file})" >> /config/server.toml
else
printf '\n[replication."repl://%s:8444"]\ntype = "mutual-pull"\npartner_cert = "%s"\n' \
"${fqdn}" "$(cat ${cert_file})" >> /config/server.toml
fi
done
env:
- name: POD_NAME