Add CORE_STUB_KEYSTORE_FILE property #60
Conversation
merlinc
force-pushed
the
KBV-254/build-container-without-config
branch
2 times, most recently
from
c13c2ad to
59f2e06
Compare
merlinc
changed the title
| @@ -21,7 +21,6 @@ COPY --from=build \ | |||
| /app/ | |||
|
|
|||
| WORKDIR /app | |||
| ADD config config | |||
There was a problem hiding this comment.
Why are you removing the adding of the config directory?
Edit: I reread the PR. Its so it can be public facing?
There was a problem hiding this comment.
I'm not that fussed about whether the image is public or private - I just need it somewhere that it can be easily accessed. The config on the other hand is definitely private, and I don't want an entire config repo exposed for a few settings.
So the approach is build the image so it works without config. Locally it can be run with a sibling path to the config. In a PR we get the necessary config from a S3 bucket, which reduces the blast radius if something went wrong.
merlinc
force-pushed
the
KBV-254/build-container-without-config
branch
from
59f2e06 to
c6aedc4
Compare
| @@ -0,0 +1,17 @@ | |||
| version: "3.9" | |||
There was a problem hiding this comment.
The script & .env file have been swapped for a docker-compose file with environment variables and volumes. The secret stuff is still elsewhere
| @@ -17,29 +17,30 @@ This stub allows us to: | |||
| ## Config | |||
|
|
|||
| Core Stub config from the `di-ipv-config` repository directory `/stubs/di-ipv-core-stub` will be available at: | |||
| * Docker image: `/app/config/` | |||
| * Docker image: `/app/` | |||
There was a problem hiding this comment.
Rather than create an empty config directory, it seemed easier to mount the required files into the existing app directory.
Yeah, there's an additional property now for the "keystore as a keystore file" to match the "keystore as a base64 string".
Local usage of the stub doesn't change. The config directory is referenced by the Dockerfile, and that's mentioned in the |
merlinc
force-pushed
the
KBV-254/build-container-without-config
branch
from
c6aedc4 to
2ef7284
Compare
| keystore.load( | ||
| inputStream, CoreStubConfig.CORE_STUB_KEYSTORE_PASSWORD.toCharArray()); | ||
| } | ||
| } else if (CoreStubConfig.CORE_STUB_KEYSTORE_BASE64 != null) { |
There was a problem hiding this comment.
Heads up but looking at the current deployment in PaaS, this has already been set. So you might need to update it
- Add CORE_STUB_KEYSTORE_FILE property - Add property for keystore_file - Add conditional logic to handle missing both of keystore_file and keystore_base64 properties - Add compose file for docker-compose startup - Delete bash script for startup
merlinc
force-pushed
the
KBV-254/build-container-without-config
branch
from
2ef7284 to
bb91fb4
Compare
Proposed changes
What changed
Why did it change
This Docker image needs to be built without config in it to be a publicly available image
Issue tracking
Checklists
Environment variables or secrets
Other considerations