From b4f3d3796f5e4a543acc54ea282569be45c8b663 Mon Sep 17 00:00:00 2001 From: Bryon Nevis Date: Wed, 12 Jul 2023 08:26:54 -0700 Subject: [PATCH] feat: Take secrets base directory from existing configuration (#4592) Closes #4570 Signed-off-by: Bryon Nevis --- cmd/security-secretstore-setup/Dockerfile | 2 +- cmd/security-secretstore-setup/entrypoint.sh | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/cmd/security-secretstore-setup/Dockerfile b/cmd/security-secretstore-setup/Dockerfile index 0962eec735..6345da825c 100644 --- a/cmd/security-secretstore-setup/Dockerfile +++ b/cmd/security-secretstore-setup/Dockerfile @@ -32,7 +32,7 @@ RUN make cmd/security-file-token-provider/security-file-token-provider \ FROM alpine:3.17 -RUN apk add --update --no-cache ca-certificates dumb-init su-exec +RUN apk add --update --no-cache ca-certificates dumb-init su-exec yq LABEL license='SPDX-License-Identifier: Apache-2.0' \ copyright='Copyright (c) 2019: Dell Technologies, Inc.; Copyright (C) 2023 Intel Corporation' diff --git a/cmd/security-secretstore-setup/entrypoint.sh b/cmd/security-secretstore-setup/entrypoint.sh index 5446ed9503..af03f1b598 100644 --- a/cmd/security-secretstore-setup/entrypoint.sh +++ b/cmd/security-secretstore-setup/entrypoint.sh @@ -19,7 +19,12 @@ set -e -# env settings are populated from env files of docker-compose +# EDGEX_SECRETS_ROOT should default to /tmp/edgex/secrets +# unless changed in configuration.yaml or overridden by environment variable +EDGEX_SECRETS_ROOT=`yq -r .TokenFileProvider.OutputDir /res-file-token-provider/configuration.yaml` +if [ ! -z "${TOKENFILEPROVIDER_OUTPUTDIR}" ]; then + EDGEX_SECRETS_ROOT="${TOKENFILEPROVIDER_OUTPUTDIR}" +fi # create token dir, and assign perms mkdir -p /vault/config/assets @@ -36,8 +41,8 @@ fi # /tmp/edgex/secrets need to be shared with all other services that need secrets and # thus change the ownership to EDGEX_USER:EDGEX_GROUP -echo "$(date) Changing ownership of secrets to ${EDGEX_USER}:${EDGEX_GROUP}" -chown -Rh ${EDGEX_USER}:${EDGEX_GROUP} /tmp/edgex/secrets +echo "$(date) Changing ownership of ${EDGEX_SECRETS_ROOT} to ${EDGEX_USER}:${EDGEX_GROUP}" +chown -Rh ${EDGEX_USER}:${EDGEX_GROUP} "${EDGEX_SECRETS_ROOT}" # Signal tokens ready port for other services waiting on exec su-exec ${EDGEX_USER} /edgex-init/security-bootstrapper --configDir=/edgex-init/res listenTcp \