Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(snap): source security-bootstrapper config overrides from env file #4283

Merged
merged 1 commit into from
Jan 17, 2023
Merged

fix(snap): source security-bootstrapper config overrides from env file #4283

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion snap/local/runtime-helpers/bin/service-config-overrides.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,18 @@ BINPATH="${ARGV[0]}"

# binary name == service name/key
SERVICE=$(basename "$BINPATH")
ENV_FILE="$SNAP_DATA/config/$SERVICE/res/$SERVICE.env"
if [ -z $ENV_FILE ]; then
ENV_FILE="$SNAP_DATA/config/$SERVICE/res/$SERVICE.env"
fi
TAG="edgex-$SERVICE."$(basename "$0")

if [ -f "$ENV_FILE" ]; then
logger --tag=$TAG "sourcing $ENV_FILE"
set -o allexport
source "$ENV_FILE" set
set +o allexport
else
logger --tag=$TAG --stderr "sourcing $ENV_FILE: not found!"
fi

exec "$@"
10 changes: 0 additions & 10 deletions snap/local/runtime-helpers/bin/setup-consul-acl.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,6 @@
# we don't want to exit out the whole Consul process when ACL bootstrapping failed, just that
# Consul won't have ACL to be used

# TODO: determine if this script is really necessary. I'm not sure why the command below isn't
# simply specified as the service command, with the command-chain service-overrides script to
# handle sourcing the .env file

SERVICE_ENV="$SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env"
if [ -f "$SERVICE_ENV" ]; then
logger "edgex service override: : sourcing $SERVICE_ENV"
source "$SERVICE_ENV"
fi

# setup Consul's ACL via security-bootstrapper's subcommand
"$SNAP"/bin/security-bootstrapper -configDir "$SNAP_DATA"/config/security-bootstrapper/res setupRegistryACL
setupACL_code=$?
Expand Down
7 changes: 6 additions & 1 deletion snap/snapcraft.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,8 +227,10 @@ apps:
after:
- security-secretstore-setup
command: bin/setup-redis-acl.sh
command-chain:
- bin/service-config-overrides.sh
environment:
# TODO: determine the correct cmd-line args & env var overrides...
ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env
SECRETSTORE_SERVERNAME: localhost
SECRETSTORE_TOKENFILE: $SNAP_DATA/secrets/security-bootstrapper-redis/secrets-token.json
DATABASECONFIG_PATH: $SNAP_DATA/redis/conf
Expand All @@ -242,7 +244,10 @@ apps:
after:
- security-secretstore-setup
command: bin/setup-consul-acl.sh
command-chain:
- bin/service-config-overrides.sh
environment:
ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env
STAGEGATE_REGISTRY_HOST: localhost
STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: $SNAP_DATA/secrets/consul-acl-token/bootstrap_token.json
STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: $SNAP_DATA/secrets/consul-acl-token/mgmt_token.json
Expand Down