From 226c91df064e01f65bad871427c06f72d888168f Mon Sep 17 00:00:00 2001
From: Maksim Nabokikh <32434187+nabokihms@users.noreply.github.com>
Date: Fri, 29 Jan 2021 01:48:30 +0400
Subject: [PATCH] Apply suggestions from code review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
---
Dockerfile | 22 +++++++--------
.../config-example.tmpl => config.docker.yaml | 22 +++++----------
docker-entrypoint.sh | 27 +++++++++++++++++++
entrypoint.sh | 13 ---------
4 files changed, 45 insertions(+), 39 deletions(-)
rename examples/config-example.tmpl => config.docker.yaml (66%)
create mode 100755 docker-entrypoint.sh
delete mode 100755 entrypoint.sh
diff --git a/Dockerfile b/Dockerfile
index 836b81fe..495f6404 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,16 +7,11 @@ RUN apk add --no-cache --update alpine-sdk
ARG TARGETOS
ARG TARGETARCH
ARG TARGETVARIANT=""
-ARG GOMPLATE_VERSION=v3.9.0
ENV GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOARM=${TARGETVARIANT}
ARG GOPROXY
-RUN wget -O /usr/local/bin/gomplate \
- "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${GOOS:-linux}-${GOARCH:-amd64}${GOARM}" \
- && chmod +x /usr/local/bin/gomplate
-
COPY go.mod go.sum ./
COPY api/v2/go.mod api/v2/go.sum ./api/v2/
RUN go mod download
@@ -27,26 +22,31 @@ RUN make release-binary
FROM alpine:3.13.1
+ARG TARGETOS="linux"
+ARG TARGETARCH="amd64"
+ARG TARGETVARIANT=""
+ARG GOMPLATE_VERSION=v3.9.0
# Dex connectors, such as GitHub and Google logins require root certificates.
# Proper installations should manage those certificates, but it's a bad user
# experience when this doesn't work out of the box.
#
# OpenSSL is required so wget can query HTTPS endpoints for health checking.
-
RUN apk add --no-cache --update ca-certificates openssl
+RUN wget -O /usr/local/bin/gomplate \
+ "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT}" \
+ && chmod +x /usr/local/bin/gomplate
RUN mkdir -p /var/dex
RUN chown -R 1001:1001 /var/dex
RUN mkdir -p /etc/dex
-COPY examples/config-example.tmpl /etc/dex/config.tmpl
+COPY config.docker.yaml /etc/dex/config.docker.yaml
RUN chown -R 1001:1001 /etc/dex
# Copy module files for CVE scanning / dependency analysis.
COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/
COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/
-COPY --from=builder /usr/local/bin/gomplate /usr/local/bin/gomplate
COPY --from=builder /go/bin/dex /usr/local/bin/dex
USER 1001:1001
@@ -57,7 +57,7 @@ COPY --from=builder /usr/local/src/dex/web /web
USER 1001:1001
-COPY entrypoint.sh /
+COPY docker-entrypoint.sh /
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["serve", "/etc/dex/config.tmpl"]
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["serve", "/etc/dex/config.docker.yaml"]
diff --git a/examples/config-example.tmpl b/config.docker.yaml
similarity index 66%
rename from examples/config-example.tmpl
rename to config.docker.yaml
index acbe90e2..341544e6 100644
--- a/examples/config-example.tmpl
+++ b/config.docker.yaml
@@ -3,25 +3,17 @@ issuer: {{ getenv "DEX_ISSUER" "http://127.0.0.1:5556/dex" }}
storage:
type: sqlite3
config:
- file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/etc/dex/dex.db" }}
+ file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/var/dex/dex.db" }}
web:
{{- if getenv "DEX_WEB_HTTPS" "" }}
https: {{ .Env.DEX_WEB_HTTPS }}
- {{- if getenv "DEX_WEB_TLS_KEY" }}
- tlsKey: {{ .Env.DEX_WEB_TLS_KEY }}
- {{- else }}
-{{- fail "$DEX_WEB_TLS_KEY is required" }}
- {{- end }}
- {{- if getenv "DEX_WEB_TLS_CERT" "" }}
- tlsCert: {{ .Env.DEX_WEB_TLS_CERT }}
- {{- else }}
-{{- fail "$DEX_WEB_TLS_CERT is required" }}
- {{- end }}
+ tlsKey: {{ getenv "DEX_WEB_TLS_KEY" | required "$DEX_WEB_TLS_KEY in case of web.https is enabled" }}
+ tlsCert: {{ getenv "DEX_WEB_TLS_CERT" | required "$DEX_WEB_TLS_CERT in case of web.https is enabled" }}
{{- end }}
http: {{ getenv "DEX_WEB_HTTP" "0.0.0.0:5556" }}
-{{- if getenv "DEX_TELEMETRY_HTTP" "" }}
+{{- if getenv "DEX_TELEMETRY_HTTP" }}
telemetry:
http: {{ .Env.DEX_TELEMETRY_HTTP }}
{{- end }}
@@ -33,8 +25,8 @@ expiry:
authRequests: {{ getenv "DEX_EXPIRY_AUTH_REQUESTS" "24h" }}
logger:
- level: {{ getenv "DEX_LOGGER_LEVEL" "info" }}
- format: {{ getenv "DEX_LOGGER_FORMAT" "text" }}
+ level: {{ getenv "DEX_LOG_LEVEL" "info" }}
+ format: {{ getenv "DEX_LOG_FORMAT" "text" }}
oauth2:
responseTypes: {{ getenv "DEX_OAUTH2_RESPONSE_TYPES" "[code]" }}
@@ -47,7 +39,7 @@ oauth2:
enablePasswordDB: {{ getenv "DEX_ENABLE_PASSWORD_DB" "true" }}
connectors:
-{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" "" }}
+{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" }}
- type: mockCallback
id: mock
name: Example
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 00000000..59bb34c6
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,27 @@
+#!/bin/sh -e
+
+### Usage: /docker-entrypoint.sh <command> <args>
+command=$1
+
+case "$command" in
+ serve)
+ for file_candidate in $@ ; do
+ if test -f "$file_candidate"; then
+ tmpfile=$(mktemp /tmp/dex.config.yaml-XXXXXX)
+ gomplate -f "$file_candidate" -o "$tmpfile"
+ echo "config rendered successfully into the tmp file ${tmpfile}"
+
+ args="${args} ${tmpfile}"
+ else
+ args="${args} ${file_candidate}"
+ fi
+ done
+ exec dex $args
+ ;;
+ --help|-h|version)
+ exec dex $@
+ ;;
+ *)
+ exec $@
+ ;;
+esac
diff --git a/entrypoint.sh b/entrypoint.sh
deleted file mode 100755
index 3e6a8e27..00000000
--- a/entrypoint.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh -e
-
-### Usage: /entrypoint.sh <command> <args>
-set -e
-command=$1
-
-if [ "$command" == "serve" ]; then
- file="$2"
- gomplate -f "$file" -o "/etc/dex/config.yaml";
- exec dex serve "/etc/dex/config.yaml"
-else
- exec dex $@
-fi
--
GitLab