MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 04:42:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

add code to parse secrets natively instead of shell scripts (#13883)

Browse Source
This commit is contained in:
Harshavardhana
2021-12-13 18:23:31 -08:00
committed by GitHub
parent 40dbe243d9
commit 113c7ff49a
6 changed files with 271 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
dockerscripts/docker-entrypoint.sh
View File

@@ -8,79 +8,6 @@ if [ "${1}" != "minio" ]; then
fi
fi
## look for specific a `config.env` file to load all the
## minio settings from
docker_minio_env() {
if [ -f "$MINIO_CONFIG_ENV_FILE" ]; then
config_env_file="${MINIO_CONFIG_ENV_FILE}"
else
config_env_file="/run/secrets/${MINIO_CONFIG_ENV_FILE}"
fi
if [ -f "$config_env_file" ]; then
# shellcheck source=/dev/null
. "${config_env_file}"
fi
}
## Look for docker secrets at given absolute path or in default documented location.
docker_secrets_env_old() {
if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
else
ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
fi
if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
else
SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
fi
if [ -f "$ACCESS_KEY_FILE" ]; then
MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
export MINIO_ACCESS_KEY
fi
if [ -f "$SECRET_KEY_FILE" ]; then
MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
export MINIO_SECRET_KEY
fi
}
docker_secrets_env() {
if [ -f "$MINIO_ROOT_USER_FILE" ]; then
ROOT_USER_FILE="$MINIO_ROOT_USER_FILE"
else
ROOT_USER_FILE="/run/secrets/$MINIO_ROOT_USER_FILE"
fi
if [ -f "$MINIO_ROOT_PASSWORD_FILE" ]; then
ROOT_PASSWORD_FILE="$MINIO_ROOT_PASSWORD_FILE"
else
ROOT_PASSWORD_FILE="/run/secrets/$MINIO_ROOT_PASSWORD_FILE"
fi
if [ -f "$ROOT_USER_FILE" ]; then
MINIO_ROOT_USER="$(cat "$ROOT_USER_FILE")"
export MINIO_ROOT_USER
fi
if [ -f "$ROOT_PASSWORD_FILE" ]; then
MINIO_ROOT_PASSWORD="$(cat "$ROOT_PASSWORD_FILE")"
export MINIO_ROOT_PASSWORD
fi
}
## Set KMS_SECRET_KEY from docker secrets if provided
docker_kms_secret_encryption_env() {
if [ -f "$MINIO_KMS_SECRET_KEY_FILE" ]; then
KMS_SECRET_KEY_FILE="$MINIO_KMS_SECRET_KEY_FILE"
else
KMS_SECRET_KEY_FILE="/run/secrets/$MINIO_KMS_SECRET_KEY_FILE"
fi
if [ -f "$KMS_SECRET_KEY_FILE" ]; then
MINIO_KMS_SECRET_KEY="$(cat "$KMS_SECRET_KEY_FILE")"
export MINIO_KMS_SECRET_KEY
fi
}
# su-exec to requested user, if service cannot run exec will fail.
docker_switch_user() {
if [ -n "${MINIO_USERNAME}" ] && [ -n "${MINIO_GROUPNAME}" ]; then
@@ -98,19 +25,5 @@ docker_switch_user() {
fi
}
## Set access env from secrets if necessary. Legacy
docker_secrets_env_old
## Set access env from secrets if necessary. Override
docker_secrets_env
## Set kms encryption from secrets if necessary. Override
docker_kms_secret_encryption_env
## Set all config environment variables from 'config.env' if necessary.
## Overrides all previous settings and also overrides all
## environment values passed from 'podman run -e ENV=value'
docker_minio_env
## Switch to user if applicable.
docker_switch_user "$@"