fix: add specific permissions for serverless runs

GluuFederation · Feb 28, 2022 · fdf9c7b · fdf9c7b
1 parent 51fe9e1
commit fdf9c7b
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
@@ -148,6 +148,13 @@ RUN mkdir -p /opt/flex/admin-ui/dist \
 # adjust ownership
 RUN chown -R 1000:1000 /var/lib/nginx \
     && chown 1000:1000 /run/nginx/nginx.pid \
+    && chown -R 1000:1000 /etc/certs \
+    && chown -R 1000:1000 /opt/flex/admin-ui/.env \
+    && chown -R 1000:1000 /opt/flex/admin-ui/dist \
+    && chown -R 1000:1000 /etc/nginx/http.d/default.conf \
+    && chown -R 1000:1000 /var/lib/nginx \
+    && chown -R 1000:1000 /var/log/nginx \
+    && chown -R 1000:1000 /run/nginx/nginx.pid \
     && chgrp -R 0 /etc/certs && chmod -R g=u /etc/certs \
     && chgrp -R 0 /opt/flex/admin-ui/.env && chmod -R g=u /opt/flex/admin-ui/.env \
     && chgrp -R 0 /opt/flex/admin-ui/dist && chmod -R g=u /opt/flex/admin-ui/dist \

diff --git a/docker-casa/scripts/entrypoint.sh b/docker-casa/scripts/entrypoint.sh
@@ -1,19 +1,20 @@
 #!/bin/sh
 set -e
 
-# ===============
-# PREPARE PLUGINS
-# ===============
-
-CASA_PLUGIN_DIRECTORY=/opt/jans/jetty/casa/plugins
-CASA_PLUGIN_REPO=https://maven.gluu.org/maven/org/gluu/casa/plugins
-wget -q ${CASA_PLUGIN_REPO}/strong-authn-settings/${GLUU_VERSION}/strong-authn-settings-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/strong-authn-settings-${GLUU_VERSION}.jar \
+get_casa_plugins(){
+  # ===============
+  # PREPARE PLUGINS
+  # ===============
+  CASA_PLUGIN_DIRECTORY=/opt/jans/jetty/casa/plugins
+  CASA_PLUGIN_REPO=https://maven.gluu.org/maven/org/gluu/casa/plugins
+  wget -q ${CASA_PLUGIN_REPO}/strong-authn-settings/${GLUU_VERSION}/strong-authn-settings-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/strong-authn-settings-${GLUU_VERSION}.jar \
     && wget -q ${CASA_PLUGIN_REPO}/authorized-clients/${GLUU_VERSION}/authorized-clients-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/authorized-clients-${GLUU_VERSION}.jar \
     && wget -q ${CASA_PLUGIN_REPO}/custom-branding/${GLUU_VERSION}/custom-branding-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/custom-branding-${GLUU_VERSION}.jar
     #&& wget -q ${CASA_PLUGIN_REPO}/account-linking/${GLUU_VERSION}/account-linking-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/account-linking-${GLUU_VERSION}.jar \
     #&& wget -q ${CASA_PLUGIN_REPO}/bioid-plugin/${GLUU_VERSION}/bioid-plugin-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/bioid-plugin-${GLUU_VERSION}.jar \
     #&& wget -q ${CASA_PLUGIN_REPO}/cert-authn/${GLUU_VERSION}/cert-authn-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/cert-authn-${GLUU_VERSION}.jar \
     #&& wget -q ${CASA_PLUGIN_REPO}/duo-plugin/${GLUU_VERSION}/duo-plugin-${GLUU_VERSION}.jar -O ${CASA_PLUGIN_DIRECTORY}/duo-plugin-${GLUU_VERSION}.jar
+}
 
 # =========
 # FUNCTIONS
@@ -28,6 +29,7 @@ python3 /app/scripts/bootstrap.py
 # python3 /app/scripts/jca_sync.py &
 python3 /app/scripts/auth_conf.py
 
+get_casa_plugins || echo "Casa plugins were not downloaded. You may mount the plugins at /opt/jans/jetty/casa/plugins. For more information please go to https://gluu.org/docs/casa/latest/plugins/2fa-settings/"
 # run Casa server
 cd /opt/jans/jetty/casa
 exec java \