From 573b6440d3aab2f373f57eccc7c9fd2611c64d3d Mon Sep 17 00:00:00 2001
From: pyunramura <35285259+pyunramura@users.noreply.github.com>
Date: Thu, 3 Mar 2022 07:43:14 -0600
Subject: [PATCH] Add support for consuming docker / kubernetes secrets passed
 as _FILE environment variables (#136)

* mod: condense Dockerfile

* add: _FILE feature
add: list of sensitive env_vars

* mod: sorted env_var list

* add: complete current env_var list

* fix: formatting

* mod: revert Dockerfile to prev. version

* mod: updated comment to be more descriptive
mod: rename variables to be more descriptive

* rem: list of env_var; no longer needed.
mod: env_file_replace function
^ search for all <env_var>_FILE variables and replace
^ <env_var> if the file exists and is not empty
mod: env_file_replace comment

Co-authored-by: pyunramura <jeremy.cummings@live.com>
---
 entrypoint | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/entrypoint b/entrypoint
index 640424c..a7d779f 100644
--- a/entrypoint
+++ b/entrypoint
@@ -4,6 +4,17 @@ set -e
 ssl_dir="/opt/ssl"
 php_dir="/opt/ldap_user_manager"
 
+env_file_replace() {
+  for env_file in $(env|grep _FILE=); do
+    read -a env <<< "$(echo "$env_file" | sed 's/\(.*\)_FILE=\(.*\)/\1 \2/')"
+    if [ -s "${env[1]}" ]; then
+      echo Setting "${env[0]}" from "${env[1]}"
+      export "${env[0]}"="$(cat "${env[1]}")"
+      else echo "${env[1]} does not exist or is empty. Leaving ${env[0]} unset"
+    fi
+  done
+}
+
 if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME="ldapusermanager.org"; fi
 if [ ! "$SERVER_PATH" ]; then
   export SERVER_PATH="/";
@@ -72,7 +83,7 @@ else
 
     echo "Generating openssl configuration"
 
-    cat <<EoCertConf>$confout
+    cat <<EoCertConf >$confout
 subjectAltName = DNS:${SERVER_HOSTNAME},IP:127.0.0.1
 extendedKeyUsage = serverAuth
 EoCertConf
@@ -145,12 +156,16 @@ fi
 
 cat /etc/apache2/sites-enabled/lum.conf
 
+########################
+#If <env_var>_FILE is set, read and export env_var from the referenced file's contents
+env_file_replace
+
 ########################
 #Run Apache
 
 # first arg is `-f` or `--some-option`
 if [ "${1#-}" != "$1" ]; then
-	set -- apache2-foreground "$@"
+        set -- apache2-foreground "$@"
 fi
 
 exec "$@"