From 23f85b047e27ed13391eaa52310b75927b9915d2 Mon Sep 17 00:00:00 2001 From: ChandonPierre Date: Thu, 14 Nov 2024 22:25:47 -0500 Subject: [PATCH] fix(blueprint): change to new source schema --- .../templates/ldap-federation-blueprint.yaml | 47 ++-- .../templates/ldap-provider-blueprint.yaml | 8 +- .../sources-google-ldap-mappings.yaml | 266 ++++-------------- .../templates/sources-okta-ldap-mappings.yaml | 106 +++---- 4 files changed, 116 insertions(+), 311 deletions(-) diff --git a/charts/authentik/templates/ldap-federation-blueprint.yaml b/charts/authentik/templates/ldap-federation-blueprint.yaml index 5da8be4..65030f2 100644 --- a/charts/authentik/templates/ldap-federation-blueprint.yaml +++ b/charts/authentik/templates/ldap-federation-blueprint.yaml @@ -30,6 +30,7 @@ data: slug: {{ default "ldap-source" .name }} enabled: true policy_engine_mode: any + updateInternalPassword: {{ default "false" .name }} user_matching_mode: {{ default "identifier" .userMatchingMode }} user_path_template: {{ default "goauthentik.io/sources/%(slug)s" .userPathTemplate }} {{- if .peerCertificate }} @@ -50,53 +51,53 @@ data: user_object_filter: {{ default "(objectClass=posixAccount)" .userObjectFilter }} group_object_filter: {{ default "(objectClass=posixGroup)" .groupObjectFilter }} group_membership_field: {{ default "member" .groupMemberAttribute }} - object_uniqueness_field: {{ default "cn" .uniquenessAttribute }} + object_uniqueness_field: {{ default "entryUuid" .uniquenessAttribute }} sync_users: {{ default "true" .syncUsers }} sync_users_password: {{ default "false" .passwordWriteback }} sync_groups: {{ default "true" .syncGroups }} {{- if .parentGroup }} sync_parent_group: !Find [authentik_core.group, [name, {{ .parentGroup }}]]{{ end }} {{- if and .propertyMappingsUser .propertyMappingsGroup }} - property_mappings: + user_property_mappings: {{- range .propertyMappingsUser }} - - !Find [authentik_sources_ldap.ldappropertymapping, [name, "{{ . }}"]] + - !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, "{{ . }}"]] {{- end}} - property_mappings_group: + group_property_mappings: {{- range .propertyMappingsGroup }} - - !Find [authentik_sources_ldap.ldappropertymapping, [name, "{{ . }}"]] + - !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, "{{ . }}"]] {{- end}} {{- else if eq "googleLDAP" .type }} - property_mappings: !Enumerate [ - ["Google Secure LDAP Mapping: cn", "Google Secure LDAP Mapping: departmentNumber", "Google Secure LDAP Mapping: displayName", "Google Secure LDAP Mapping: employeeNumber", "Google Secure LDAP Mapping: employeeType", "Google Secure LDAP Mapping: entryUuid", "Google Secure LDAP Mapping: givenName", "Google Secure LDAP Mapping: googleUid", "Google Secure LDAP Mapping: homeDirectory", "Google Secure LDAP Mapping: jpegPhoto", "Google Secure LDAP Mapping: loginShell", "Google Secure LDAP Mapping: mail", "Google Secure LDAP Mapping: memberOf", "Google Secure LDAP Mapping: objectSid", "Google Secure LDAP Mapping: physicalDeliveryOfficeName", "Google Secure LDAP Mapping: posixUid", "Google Secure LDAP Mapping: sn", "Google Secure LDAP Mapping: sshPublicKey", "Google Secure LDAP Mapping: title", "Google Secure LDAP Mapping: uid", "Google Secure LDAP Mapping: uidNumber"], + user_property_mappings: !Enumerate [ + ["Google Secure LDAP Mapping: User Mapping Properties"], SEQ, - !Find [authentik_sources_ldap.ldappropertymapping, [name, !Value 0]] + !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, !Value 0]] ] - property_mappings_group: !Enumerate [ - ["Google Secure LDAP Mapping: cn", "Google Secure LDAP Mapping: description", "Google Secure LDAP Mapping: displayName", "Google Secure LDAP Mapping: entryUuid", "Google Secure LDAP Mapping: gidNumber", "Google Secure LDAP Mapping: googleAdminCreated", "Google Secure LDAP Mapping: member", "Google Secure LDAP Mapping: memberUid", "Google Secure LDAP Mapping: objectSid"], + group_property_mappings: !Enumerate [ + ["Google Secure LDAP Mapping: Group Mapping Properties"], SEQ, - !Find [authentik_sources_ldap.ldappropertymapping, [name, !Value 0]] + !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, !Value 0]] ] {{- else if eq "oktaLDAP" .type }} - property_mappings: !Enumerate [ - ["Okta LDAP Mapping: uid", "Okta LDAP Mapping: givenName", "Okta LDAP Mapping: sn", "Okta LDAP Mapping: mail", "Okta LDAP Mapping: cn", "Google Secure LDAP Mapping: sshPublicKey"], + user_property_mappings: !Enumerate [ + ["Okta LDAP: User Mapping Properties"], SEQ, - !Find [authentik_sources_ldap.ldappropertymapping, [name, !Value 0]] + !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, !Value 0]] ] - property_mappings_group: !Enumerate [ - ["Okta LDAP Mapping: description", "Okta LDAP Mapping: uniqueMember", "Okta LDAP Mapping: memberOf", "Okta LDAP Mapping: cn"], + group_property_mappings: !Enumerate [ + ["Okta LDAP: Group Mapping Properties"], SEQ, - !Find [authentik_sources_ldap.ldappropertymapping, [name, !Value 0]] + !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, !Value 0]] ] {{- else }} - property_mappings: !Enumerate [ - ["Google Secure LDAP Mapping: cn", "Google Secure LDAP Mapping: departmentNumber", "Google Secure LDAP Mapping: displayName", "Google Secure LDAP Mapping: employeeNumber", "Google Secure LDAP Mapping: employeeType", "Google Secure LDAP Mapping: entryUuid", "Google Secure LDAP Mapping: givenName", "Google Secure LDAP Mapping: googleUid", "Google Secure LDAP Mapping: homeDirectory", "Google Secure LDAP Mapping: jpegPhoto", "Google Secure LDAP Mapping: loginShell", "Google Secure LDAP Mapping: mail", "Google Secure LDAP Mapping: memberOf", "Google Secure LDAP Mapping: objectSid", "Google Secure LDAP Mapping: physicalDeliveryOfficeName", "Google Secure LDAP Mapping: posixUid", "Google Secure LDAP Mapping: sn", "Google Secure LDAP Mapping: sshPublicKey", "Google Secure LDAP Mapping: title", "Google Secure LDAP Mapping: uid", "Google Secure LDAP Mapping: uidNumber","authentik default Active Directory Mapping: sAMAccountName","authentik default Active Directory Mapping: userPrincipalName], + user_property_mappings: !Enumerate [ + ["authentik default LDAP Mapping: DN to User Path","authentik default LDAP Mapping: Name","authentik default LDAP Mapping: mail",], SEQ, - !Find [authentik_sources_ldap.ldappropertymapping, [name, !Value 0]] + !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, !Value 0]] ] - property_mappings_group: !Enumerate [ - ["Google Secure LDAP Mapping: cn", "Google Secure LDAP Mapping: description", "Google Secure LDAP Mapping: displayName", "Google Secure LDAP Mapping: entryUuid", "Google Secure LDAP Mapping: gidNumber", "Google Secure LDAP Mapping: googleAdminCreated", "Google Secure LDAP Mapping: member", "Google Secure LDAP Mapping: memberUid", "Google Secure LDAP Mapping: objectSid"], + group_property_mappings: !Enumerate [ + ["authentik default LDAP Mapping: Name"], SEQ, - !Find [authentik_sources_ldap.ldappropertymapping, [name, !Value 0]] + !Find [authentik_sources_ldap.ldapsourcepropertymapping, [name, !Value 0]] ] {{- end }} server_uri: {{ default "ldap://openldap" .serverUri }} diff --git a/charts/authentik/templates/ldap-provider-blueprint.yaml b/charts/authentik/templates/ldap-provider-blueprint.yaml index 7baeaaf..66e0bfd 100644 --- a/charts/authentik/templates/ldap-provider-blueprint.yaml +++ b/charts/authentik/templates/ldap-provider-blueprint.yaml @@ -37,6 +37,8 @@ data: username: ldapsvc name: "LDAP Service Account" password: !Env [AUTHENTIK_LDAP_SVC_KEY, changeme] + permissions: + - authentik_providers_ldap.search_full_directory conditions: [] id: ldap_search_user identifiers: @@ -44,11 +46,13 @@ data: model: authentik_core.user state: {{ default "present" (((.Values).customBlueprints).ldapProvider).state }} - attrs: - authorization_flow: !Find [authentik_flows.flow, [slug, "default-authentication-flow"]] + authentication_flow: {{ default "!Find [authentik_flows.flow, [slug, "default-authentication-flow"]]" (((.Values).customBlueprints).ldapProvider).authenticationFlow }} + authorization_flow: {{ default "!Find [authentik_flows.flow, [slug, "default-authorization-flow"]]" (((.Values).customBlueprints).ldapProvider).authorizationFlow }} + invalidation_flow: {{ default "!Find [authentik_flows.flow, [slug, "default-invalidation-flow"]]" (((.Values).customBlueprints).ldapProvider).invalidationFlow }} base_dn: DC={{ (default "coreweave.cloud" (((.Values).customBlueprints).ldapProvider).domain) | replace "." ",DC=" }} bind_mode: {{ default "cached" (((.Values).customBlueprints).ldapProvider).bindMode }} gid_start_number: {{ default "4000" (((.Values).customBlueprints).ldapProvider).gidStart }} - mfa_support: false + mfa_support: {{ default "false" (((.Values).customBlueprints).ldapProvider).mfaSupport }} name: LDAP search_group: !KeyOf ldap_search_group search_mode: {{ default "cached" (((.Values).customBlueprints).ldapProvider).searchMode }} diff --git a/charts/authentik/templates/sources-google-ldap-mappings.yaml b/charts/authentik/templates/sources-google-ldap-mappings.yaml index 8753f2a..3b37fab 100644 --- a/charts/authentik/templates/sources-google-ldap-mappings.yaml +++ b/charts/authentik/templates/sources-google-ldap-mappings.yaml @@ -3,227 +3,63 @@ data: google-ldap-mapping-blueprint.yaml: | # yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json context: {} + version: 1 metadata: labels: blueprints.goauthentik.io/instantiate: "{{ empty ((.Values.customBlueprints).federation).ldap | not }}" name: Custom Blueprints - Google Secure LDAP Mappings entries: - identifiers: - managed: goauthentik.io/sources/ldap/google-uid - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: uid" - object_field: "username" - expression: | - return ldap.get('uid') - - identifiers: - managed: goauthentik.io/sources/ldap/google-googleuid - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: googleUid" - object_field: "attributes.googleUid" - expression: | - return ldap.get('googleUid') - - identifiers: - managed: goauthentik.io/sources/ldap/google-posixuid - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: posixUid" - object_field: "attributes.posixUid" - expression: | - return ldap.get('posixUid') - - identifiers: - managed: goauthentik.io/sources/ldap/google-cn - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: cn" - object_field: "name" - expression: | - return ldap.get('cn') - - identifiers: - managed: goauthentik.io/sources/ldap/google-sn - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: sn" - object_field: "attributes.sn" - expression: | - return list_flatten(ldap.get('sn')) - - identifiers: - managed: goauthentik.io/sources/ldap/google-givenname - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: givenName" - object_field: "attributes.givenName" - expression: | - return list_flatten(ldap.get('givenName')) - - identifiers: - managed: goauthentik.io/sources/ldap/google-displayname - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: displayName" - object_field: "attributes.displayName" - expression: | - return ldap.get('displayName') - - identifiers: - managed: goauthentik.io/sources/ldap/google-mail - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: mail" - object_field: "email" - expression: | - return ldap.get('mail') - - identifiers: - managed: goauthentik.io/sources/ldap/google-memberof - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: memberOf" - object_field: "attributes.memberOf" - expression: | - return ldap.get('memberOf') - - identifiers: - managed: goauthentik.io/sources/ldap/google-title - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: title" - object_field: "attributes.title" - expression: | - return ldap.get('title') - - identifiers: - managed: goauthentik.io/sources/ldap/google-employeenumber - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: employeeNumber" - object_field: "attributes.employeeNumber" - expression: | - return ldap.get('employeeNumber') - - identifiers: - managed: goauthentik.io/sources/ldap/google-employeetype - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: employeeType" - object_field: "attributes.employeeType" - expression: | - return ldap.get('employeeType') - - identifiers: - managed: goauthentik.io/sources/ldap/google-departmentnumber - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: departmentNumber" - object_field: "attributes.departmentNumber" - expression: | - return ldap.get('departmentNumber') - - identifiers: - managed: goauthentik.io/sources/ldap/google-physicaldeliveryofficename - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: physicalDeliveryOfficeName" - object_field: "attributes.physicalDeliveryOfficeName" - expression: | - return ldap.get('physicalDeliveryOfficeName') - - identifiers: - managed: goauthentik.io/sources/ldap/google-jpegphoto - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: jpegPhoto" - object_field: "attributes.jpegPhoto" - expression: | - return ldap.get('jpegPhoto') - - identifiers: - managed: goauthentik.io/sources/ldap/google-entryuuid - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: entryUuid" - object_field: "attributes.entryUuid" - expression: | - return ldap.get('entryUuid') - - identifiers: - managed: goauthentik.io/sources/ldap/google-objectsid - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: objectSid" - object_field: "attributes.objectSid" - expression: | - return ldap.get('objectSid') - - identifiers: - managed: goauthentik.io/sources/ldap/google-uidnumber - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: uidNumber" - object_field: "attributes.uidNumber" - expression: | - return ldap.get('uidNumber') - - identifiers: - managed: goauthentik.io/sources/ldap/google-gidnumber - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: gidNumber" - object_field: "attributes.gidNumber" - expression: | - return ldap.get('gidNumber') - - identifiers: - managed: goauthentik.io/sources/ldap/google-homedirectory - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: homeDirectory" - object_field: "attributes.homeDirectory" - expression: | - return ldap.get('homeDirectory') - - identifiers: - managed: goauthentik.io/sources/ldap/google-loginshell - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: loginShell" - object_field: "attributes.loginShell" - expression: | - return ldap.get('loginShell') - - identifiers: - managed: goauthentik.io/sources/ldap/google-gidnumber - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: gidNumber" - object_field: "attributes.gidNumber" - expression: | - return ldap.get('gidNumber') - - identifiers: - managed: goauthentik.io/sources/ldap/google-sshpublickey - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: sshPublicKey" - object_field: "attributes.sshPublicKey" - expression: | - return ldap.get('sshPublicKey') - - identifiers: - managed: goauthentik.io/sources/ldap/google-description - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: description" - object_field: "attributes.description" - expression: | - return ldap.get('description') - - identifiers: - managed: goauthentik.io/sources/ldap/google-member - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: member" - object_field: "attributes.member" - expression: | - return ldap.get('member') - - identifiers: - managed: goauthentik.io/sources/ldap/google-memberuid - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: memberUid" - object_field: "attributes.memberUid" - expression: | - return ldap.get('memberUid') - - identifiers: - managed: goauthentik.io/sources/ldap/google-googleadmincreated - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Google Secure LDAP Mapping: googleAdminCreated" - object_field: "attributes.googleAdminCreated" - expression: | - return ldap.get('googleAdminCreated') + managed: goauthentik.io/sources/ldap/google-user + model: authentik_sources_ldap.ldapsourcepropertymapping + attrs: + name: "Google Secure LDAP Mapping: User Mapping Properties" + expression: | + return { + "attributes": { + "googleUid": ldap.get("googleUid"), + "posixUid": ldap.get("posixUid"), + "sn": list_flatten(ldap.get("sn")), + "givenName": list_flatten(ldap.get("givenName")), + "displayName": ldap.get("displayName"), + "title": ldap.get("title"), + "employeeNumber": ldap.get("employeeNumber"), + "employeeType": ldap.get("employeeType"), + "departmentNumber": ldap.get("departmentNumber"), + "physicalDeliveryOfficeName": ldap.get("physicalDeliveryOfficeName"), + "jpegPhoto": ldap.get("jpegPhoto"), + "entryUuid": list_flatten(ldap.get("entryUuid")), + "objectSid": ldap.get("objectSid"), + "uidNumber": ldap.get("uidNumber"), + "gidNumber": ldap.get("gidNumber"), + "homeDirectoy": ldap.get("homeDirectory"), + "loginShell": ldap.get("loginShell"), + "gecos": ldap.get("gecos"), + "sshPublicKey": ldap.get("sshPublicKey"), + }, + "username": ldap.get("uid"), + "name": ldap.get("cn"), + "email": ldap.get("mail"), + } + - identifiers: + managed: goauthentik.io/sources/ldap/google-group + model: authentik_sources_ldap.ldapsourcepropertymapping + attrs: + name: "Google Secure LDAP Mapping: Group Mapping Properties" + expression: | + return { + "attributes": { + "displayName": ldap.get("displayName"), + "description": ldap.get("description"), + "gidNumber": ldap.get("gidNumber"), + "entryUuid": ldap.get("entryUuid"), + "objectSid": ldap.get("objectSid"), + "googleAdminCreated": ldap.get("googleAdminCreated"), + }, + "name": ldap.get("cn"), + } + + kind: ConfigMap metadata: name: {{ .Release.Name }}-google-ldap-mapping-blueprint diff --git a/charts/authentik/templates/sources-okta-ldap-mappings.yaml b/charts/authentik/templates/sources-okta-ldap-mappings.yaml index 642b052..ffd0672 100644 --- a/charts/authentik/templates/sources-okta-ldap-mappings.yaml +++ b/charts/authentik/templates/sources-okta-ldap-mappings.yaml @@ -3,83 +3,47 @@ data: okta-ldap-mapping-blueprint.yaml: | # yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json context: {} + version: 1 metadata: labels: blueprints.goauthentik.io/instantiate: "{{ empty ((.Values.customBlueprints).federation).ldap | not }}" name: Custom Blueprints - Okta LDAP Mappings entries: - identifiers: - managed: goauthentik.io/sources/ldap/okta-uid - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: uid" - object_field: "username" - expression: | - return ldap.get('uid') - - identifiers: - managed: goauthentik.io/sources/ldap/okta-cn - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: cn" - object_field: "name" - expression: | - return ldap.get('cn') - - identifiers: - managed: goauthentik.io/sources/ldap/okta-givenname - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: givenName" - object_field: "attributes.givenName" - expression: | - return list_flatten(ldap.get('givenName')) - - identifiers: - managed: goauthentik.io/sources/ldap/okta-sn - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: sn" - object_field: "attributes.sn" - expression: | - return list_flatten(ldap.get('sn')) - - identifiers: - managed: goauthentik.io/sources/ldap/okta-displayname - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: displayName" - object_field: "attributes.displayName" - expression: | - return ldap.get('cn') - - identifiers: - managed: goauthentik.io/sources/ldap/okta-mail - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: mail" - object_field: "email" - expression: | - return ldap.get('mail') - - identifiers: - managed: goauthentik.io/sources/ldap/okta-description - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: description" - object_field: "attributes.description" - expression: | - return ldap.get('description') - - identifiers: - managed: goauthentik.io/sources/ldap/okta-uniquemember - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: uniqueMember" - object_field: "attributes.uniqueMember" - expression: | - return ldap.get('uniqueMember') - - identifiers: - managed: goauthentik.io/sources/ldap/okta-memberof - model: authentik_sources_ldap.ldappropertymapping - attrs: - name: "Okta LDAP Mapping: memberOf" - object_field: "attributes.memberOf" - expression: | - return ldap.get('memberOf') + managed: goauthentik.io/sources/ldap/okta-user + model: authentik_sources_ldap.ldapsourcepropertymapping + attrs: + name: "Okta LDAP: User Mapping Properties" + expression: | + return { + "attributes": { + "googleUid": ldap.get("googleUid"), + "givenName": list_flatten(ldap.get('givenName')), + "sn": list_flatten(ldap.get('sn')), + "dispalyName": ldap.get('cn'), + "description": ldap.get("description"), + "uniqueMember": ldap.get("uniqueMember"), + + }, + "username": ldap.get("uid"), + "name": ldap.get("cn"), + "email": ldap.get("mail"), + } + + - identifiers: + managed: goauthentik.io/sources/ldap/okta-group + model: authentik_sources_ldap.ldapsourcepropertymapping + attrs: + name: "Okta LDAP: Group Mapping Properties" + expression: | + return { + "attributes": { + "description": ldap.get("description"), + + }, + "name": ldap.get("cn"), + } + kind: ConfigMap metadata: name: {{ .Release.Name }}-okta-ldap-mapping-blueprint