dockerize icon indicating copy to clipboard operation
dockerize copied to clipboard

Published 20 hours ago verified publisher icon jwilder

Inject contents of INI files into environment variables for templates and wrapped app

Open sychan opened this issue 7 years ago • 4 comments

This is related to https://github.com/jwilder/dockerize/issues/74 requesting the ability to use config files for template generation. This goes somewhat against the pattern of putting all configuration into env vars, which I'm guessing may be one reason it was never acted upon.

I've implemented a hybrid solution where an INI file either in the filesystem or at a http/https URL is read and added into the running processes environment variables. These env vars are then available for template evaluation as well as to the wrapped application. If the INI file is at a URL that requires auth, headers can be specified similarly to wait-headers, however if the header value doesn't contain colons, then we try to use it as a path to a secrets files, which is read and then those contents parsed as a "header: value" string for http request headers.

The motivation for this instead of just using the env_file declaration in the docker_compose is to force the use of a remote git repo for the environment configuration, instead of files in the local filesystem. These kinds env_file setups also don't translate into Rancher configurations.

Values read in from the INI file do not overwrite existing environment variables, so environment variables explicitly passed at runtime take precedence over the INI file. This makes it easier to set env vars for testing without committing them to the git repo.

I've also provided the option of turning off cert validation for SSL connections - sometimes there are self-signed certs on test hosts, internal hosts or other non user facing hosts. This enables them to be used as a source for INI files as well as a dependency. By default cert validation is on.

sychan avatar Oct 27 '17 05:10 sychan

👍 for turning off cert validation

rall avatar Jan 26 '18 16:01 rall

@jwilder Any chance of merging this?

sychan avatar Jan 26 '18 21:01 sychan

We recently needed the ability to set the effective UID and GID. This can be used to drop privileges after doing some initial setup as root, or if you need to set the group ID in a way that isn't vulnerable to changes in docker-compose file specifications. Use the -egid and -euid flags - both take integer values.

sychan avatar May 02 '18 20:05 sychan

Already merged in https://github.com/powerman/dockerize (except set UID/GID feature).

powerman avatar Nov 30 '18 21:11 powerman