-
Notifications
You must be signed in to change notification settings - Fork 414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inject contents of INI files into environment variables for templates and wrapped app #95
base: master
Are you sure you want to change the base?
Conversation
… of INI file into environment before template generation and execution of wrapped program
…esult in DefaultTransport, but actually results in seg fault
👍 for turning off cert validation |
@jwilder Any chance of merging this? |
We recently needed the ability to set the effective UID and GID. This can be used to drop privileges after doing some initial setup as root, or if you need to set the group ID in a way that isn't vulnerable to changes in docker-compose file specifications. |
Restore old behavior for logfiles
Bug fix for line.err
Already merged in https://github.com/powerman/dockerize (except set UID/GID feature). |
This is related to #74 requesting the ability to use config files for template generation. This goes somewhat against the pattern of putting all configuration into env vars, which I'm guessing may be one reason it was never acted upon.
I've implemented a hybrid solution where an INI file either in the filesystem or at a http/https URL is read and added into the running processes environment variables. These env vars are then available for template evaluation as well as to the wrapped application. If the INI file is at a URL that requires auth, headers can be specified similarly to wait-headers, however if the header value doesn't contain colons, then we try to use it as a path to a secrets files, which is read and then those contents parsed as a "header: value" string for http request headers.
The motivation for this instead of just using the env_file declaration in the docker_compose is to force the use of a remote git repo for the environment configuration, instead of files in the local filesystem. These kinds env_file setups also don't translate into Rancher configurations.
Values read in from the INI file do not overwrite existing environment variables, so environment variables explicitly passed at runtime take precedence over the INI file. This makes it easier to set env vars for testing without committing them to the git repo.
I've also provided the option of turning off cert validation for SSL connections - sometimes there are self-signed certs on test hosts, internal hosts or other non user facing hosts. This enables them to be used as a source for INI files as well as a dependency. By default cert validation is on.