Use mysql Docker image (#53)

Resolves: #52 Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
dee-hms · Aug 4, 2023 · 4fc18b6 · 4fc18b6
1 parent 61ea8b0
commit 4fc18b6
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry-proxy.engineering.redhat.com/rh-osbs/ubi9-minimal:9.2-717
+FROM quay.io/sec-eng-special/mysql-server-deehms:latest
 
 ENV SUMMARY="Tang IAM proxy" \
     DESCRIPTION="Tang IAM proxy allows to redirect traffic to tang backend by SPIFFE ID" \
@@ -9,20 +9,21 @@ LABEL name="rhel9/tang-iam-proxy" \
       summary="${SUMMARY}" \
       description="${DESCRIPTION}" \
       version="${VERSION}" \
-      usage="podman run -d -p 8000:8000 -v database-dir:/var/db --name tang rhel9/tang-iam-proxy" \
+      usage="podman run -d -p 8000:8000 -v database-dir:/var/db --name tang-iam-proxy quay.io/sec-eng-special/tang-iam-proxy" \
       maintainer="Red Hat, Inc." \
       help="cat /README.md" \
       com.redhat.component="tang-iam-proxy" \
       io.k8s.display-name="Tang IAM Proxy" \
       io.k8s.description="${DESCRIPTION}" \
       io.openshift.expose-services="8000:tang-iam-proxy" \
-      io.openshift.tags="tang-iam-proxy,container,NBDE,PBD,clevis,LUKS,McCallum-Relyea,Network Bound Disk Encryption"
+      io.openshift.tags="tang,tang-iam-proxy,container,NBDE,PBD,clevis,LUKS,McCallum-Relyea,Network Bound Disk Encryption"
 
 
 RUN microdnf update -y && \
     microdnf install -y \
-        psmisc \
-        procps-ng && \
+             procps-ng \
+             psmisc \
+             vim && \
     microdnf clean all && \
     rm -rf /var/cache/yum
 
@@ -31,4 +32,4 @@ COPY root /
 VOLUME ["/var/db"]
 EXPOSE ${PORT}
 
-CMD ["/usr/bin/tang-iam-proxy"]
+CMD ["/usr/bin/entrypoint.sh"]
diff --git a/Makefile b/Makefile
@@ -9,6 +9,8 @@ all: bin img
 
 bin:
 	mkdir -p $(ROOT_TARGET)
+	cp generate-signed-certificate.sh $(ROOT_TARGET)
+	cp entrypoint.sh $(ROOT_TARGET)
 	go build -o $(BIN_TARGET) tang_iam_proxy.go
 
 img:

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# Copyright 2023
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+db_command() {
+  echo "$1" | mysql --user=root --password=redhat123
+}
+
+mysqld &
+sleep 5
+generate-signed-certificate.sh
+db_command "UPDATE mysql.user SET host='%' WHERE user='root';" 2>/dev/null 1>/dev/null
+db_command "grant all on db.* to 'root'@'127.0.0.1';" 2>/dev/null 1>/dev/null
+db_command "CREATE DATABASE tang_bindings;" 2>/dev/null 1>/dev/null
+db_command "USE tang_bindings; create table bindings (spiffe_id VARCHAR(255) NOT NULL, tang_workspace VARCHAR(255) NOT NULL);" 2>/dev/null 1>/dev/null
+/usr/bin/tang-iam-proxy -dbUser root -dbPass redhat123 -httpUser jdoe -httpPass jdoe12345 -port 8000 -serverCert server_bundle.pem --serverKey server.key -tangServer TANG_SERVER_HERE