From 2e7beb8209341c251e903b1e156442b926b3649e Mon Sep 17 00:00:00 2001
From: Mussab Abdalla <mussab.abdalla@eox.at>
Date: Fri, 14 Aug 2020 16:03:48 +0200
Subject: [PATCH] attemt to os as secret

---
 core/entrypoint.sh     | 31 +++++++++++++++++++++++++++++++
 docker-compose.emg.yml |  7 ++++---
 env_setup.sh           |  2 +-
 3 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/core/entrypoint.sh b/core/entrypoint.sh
index e78b1330..86dad559 100644
--- a/core/entrypoint.sh
+++ b/core/entrypoint.sh
@@ -1,4 +1,6 @@
 #!/bin/bash -e
+set -eo pipefail
+shopt -s nullglob
 
 SERVICES=${WAIT_SERVICES:=''}
 TIMEOUT=${WAIT_TIMEOUT:='15'}
@@ -8,5 +10,34 @@ if [[ ! -z $SERVICES ]] ; then
         wait-for-it -t $TIMEOUT $service
     done
 fi
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo "Both $var and $fileVar are set (but are exclusive)"
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+    echo " the ${var} shall be set to ${val}"
+	unset "$fileVar"
+}
+# Loads various settings that are used elsewhere in the script
+# This should be called after mysql_check_config, but before any other functions
+docker_setup_env() {
 
+	# Initialize values that might be stored in a file
+	file_env 'OS_PASSWORD'
+
+}
+docker_setup_env "$@"
 eval "/opt/eoxserver/eoxserver-entrypoint.sh $@"
diff --git a/docker-compose.emg.yml b/docker-compose.emg.yml
index 1a435e26..377cefc6 100644
--- a/docker-compose.emg.yml
+++ b/docker-compose.emg.yml
@@ -130,7 +130,7 @@ services:
       - env/emg_obs.env
       - env/emg_redis.env
     secrets:
-      - my_secret
+      - os_password
     environment:
       INSTANCE_ID: "prism-view-server_registrar"
       INSTALL_DIR: "/var/www/pvs/dev/"
@@ -140,6 +140,7 @@ services:
       INIT_SCRIPTS: "/configure.sh /init-db.sh /initialized.sh"
       STARTUP_SCRIPTS: "/wait-initialized.sh"
       WAIT_SERVICES: "redis:6379 database:5432"
+      OS_PASSWORD_FILE: /run/secrets/os_password
     configs:
       - source: init-db
         target: /init-db.sh
@@ -172,5 +173,5 @@ volumes:
 networks:
   intnet:
 secrets:
-  my_secret:
-    external: true
+  os_password:
+    file: OS_PASSWORD.txt
diff --git a/env_setup.sh b/env_setup.sh
index 9f2bb95b..51a88088 100644
--- a/env_setup.sh
+++ b/env_setup.sh
@@ -6,7 +6,7 @@ cat $vhr18_obs > ./env/vhr18_obs.env
 cat $emg_db > ./env/emg_db.env
 cat $emg_django > ./env/emg_django.env
 cat $emg_obs > ./env/emg_obs.env
-
+echo "OS_PASSWORD=${OS_PASSWORD}" >> ./OS_PASSWORD.txt
 
 set -o allexport
 
-- 
GitLab