Inject contents of INI files into environment variables for templates and wrapped app #95
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… of INI file into environment before template generation and execution of wrapped program
…esult in DefaultTransport, but actually results in seg fault
|
👍 for turning off cert validation |
|
@jwilder Any chance of merging this? |
|
We recently needed the ability to set the effective UID and GID. This can be used to drop privileges after doing some initial setup as root, or if you need to set the group ID in a way that isn't vulnerable to changes in docker-compose file specifications. |
Restore old behavior for logfiles
Bug fix for line.err
|
Already merged in https://github.com/powerman/dockerize (except set UID/GID feature). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is related to #74 requesting the ability to use config files for template generation. This goes somewhat against the pattern of putting all configuration into env vars, which I'm guessing may be one reason it was never acted upon.
I've implemented a hybrid solution where an INI file either in the filesystem or at a http/https URL is read and added into the running processes environment variables. These env vars are then available for template evaluation as well as to the wrapped application. If the INI file is at a URL that requires auth, headers can be specified similarly to wait-headers, however if the header value doesn't contain colons, then we try to use it as a path to a secrets files, which is read and then those contents parsed as a "header: value" string for http request headers.
The motivation for this instead of just using the env_file declaration in the docker_compose is to force the use of a remote git repo for the environment configuration, instead of files in the local filesystem. These kinds env_file setups also don't translate into Rancher configurations.
Values read in from the INI file do not overwrite existing environment variables, so environment variables explicitly passed at runtime take precedence over the INI file. This makes it easier to set env vars for testing without committing them to the git repo.
I've also provided the option of turning off cert validation for SSL connections - sometimes there are self-signed certs on test hosts, internal hosts or other non user facing hosts. This enables them to be used as a source for INI files as well as a dependency. By default cert validation is on.