Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Inject contents of INI files into environment variables for templates and wrapped app #95

Open
wants to merge 29 commits into
base: master
Choose a base branch
from

Conversation

sychan
Copy link
Contributor

@sychan sychan commented Oct 27, 2017

This is related to #74 requesting the ability to use config files for template generation. This goes somewhat against the pattern of putting all configuration into env vars, which I'm guessing may be one reason it was never acted upon.

I've implemented a hybrid solution where an INI file either in the filesystem or at a http/https URL is read and added into the running processes environment variables. These env vars are then available for template evaluation as well as to the wrapped application. If the INI file is at a URL that requires auth, headers can be specified similarly to wait-headers, however if the header value doesn't contain colons, then we try to use it as a path to a secrets files, which is read and then those contents parsed as a "header: value" string for http request headers.

The motivation for this instead of just using the env_file declaration in the docker_compose is to force the use of a remote git repo for the environment configuration, instead of files in the local filesystem. These kinds env_file setups also don't translate into Rancher configurations.

Values read in from the INI file do not overwrite existing environment variables, so environment variables explicitly passed at runtime take precedence over the INI file. This makes it easier to set env vars for testing without committing them to the git repo.

I've also provided the option of turning off cert validation for SSL connections - sometimes there are self-signed certs on test hosts, internal hosts or other non user facing hosts. This enables them to be used as a source for INI files as well as a dependency. By default cert validation is on.

@rall
Copy link

rall commented Jan 26, 2018

👍 for turning off cert validation

@sychan
Copy link
Contributor Author

sychan commented Jan 26, 2018

@jwilder Any chance of merging this?

@sychan
Copy link
Contributor Author

sychan commented May 2, 2018

We recently needed the ability to set the effective UID and GID. This can be used to drop privileges after doing some initial setup as root, or if you need to set the group ID in a way that isn't vulnerable to changes in docker-compose file specifications.
Use the -egid and -euid flags - both take integer values.

@powerman
Copy link
Contributor

Already merged in https://github.com/powerman/dockerize (except set UID/GID feature).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants