diff --git a/alpine/docker-entrypoint.sh b/alpine/docker-entrypoint.sh index 9fe6cf2..08f9e7a 100755 --- a/alpine/docker-entrypoint.sh +++ b/alpine/docker-entrypoint.sh @@ -1,6 +1,28 @@ #!/bin/bash set -eu +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + # allow the container to be started with `--user` if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then if [ "$1" = 'rabbitmq-server' ]; then @@ -19,6 +41,12 @@ fi : "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}" : "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}" +# Allowed env vars that will be read from mounted files (i.e. Docker Secrets): +fileEnvKeys=( + default_user + default_pass +) + # https://www.rabbitmq.com/configure.html sslConfigKeys=( cacertfile @@ -61,6 +89,7 @@ declare -A configDefaults=( haveConfig= haveSslConfig= haveManagementSslConfig= +for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done for conf in "${allConfigKeys[@]}"; do var="RABBITMQ_${conf^^}" val="${!var:-}" diff --git a/debian/docker-entrypoint.sh b/debian/docker-entrypoint.sh index aa7d0db..466444e 100755 --- a/debian/docker-entrypoint.sh +++ b/debian/docker-entrypoint.sh @@ -1,6 +1,28 @@ #!/bin/bash set -eu +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + # allow the container to be started with `--user` if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then if [ "$1" = 'rabbitmq-server' ]; then @@ -19,6 +41,12 @@ fi : "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}" : "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}" +# Allowed env vars that will be read from mounted files (i.e. Docker Secrets): +fileEnvKeys=( + default_user + default_pass +) + # https://www.rabbitmq.com/configure.html sslConfigKeys=( cacertfile @@ -61,6 +89,7 @@ declare -A configDefaults=( haveConfig= haveSslConfig= haveManagementSslConfig= +for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done for conf in "${allConfigKeys[@]}"; do var="RABBITMQ_${conf^^}" val="${!var:-}"