Commit fabb459c authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Evita reemplazo de dólar al usar Compose 

Anteriormente, Compose no interpretaba valores en el fichero .env que
contuvieran el símbolo dólar, pero ahora si lo hace.

Esto provoca que se emitan avisos durante la comprobación de la
configuración, pudiendo incluso exponer valores secretos recibidos
mediante dichas variables. También afecta al despliegue mediante
Compose, ya que no recibirá los valores deseados sino previamente
resueltos (incorrectamente).

Para evitarlo, se analizan los valores recibidos antes de escribirlos al
fichero .env de trabajo, duplicando los símbolos dólar que se detecten
(y que sean únicos, si ya vienen 2 los deja pasar).

Permite deshabilitar este comportamiento mediante variable.
parent 579e6649

README.md

+1 −0
Original line number Diff line number Diff line
@@ -96,6 +96,7 @@ You may define these environment variables (**bold** are mandatory): 
| *FORCE_DOCKER_COMPOSE* | `0` | Use always standard (*Compose*) mode instead of Docker *Swarm*, even if it is available at deployment target host. |

| *GREP_BIN* | `grep` | Path to *grep* binary in deployment target host. |

| *OMIT_CLEAN_DEPLOY* | `0` | Leave at deployment target host all deployment resources after doing a deploy. Useful when using bind mounts or *Compose* secrets (pointing to static content in deployment resources) or you want to check sent contents. |

| *OMIT_DOLLAR_DUPLICATION* | `0` | Allow passing variable values containing single dollar character, to let *Compose* resolve it. By default, dollar characters found will be duplicated into variable value to avoid getting empty variables resolution by *Compose*. Useful only for *Compose* mode, both config check and deployment. |

| *OMIT_STATUS_CHECK* | `0` | Bypass status check process after deploying services. Useful when you need to be fast. |

| *REGISTRY_PASS* | - | Docker registry password, corresponding to a user with read permissions. **Required** for private registry or repository. |

| *REGISTRY_URL* | - | Docker registry address, where Docker must log in to retrieve images. Useful only when using private registry or repository. Default is empty, to use Docker Hub registry. |

script/_definitions.sh

+1 −0
Original line number Diff line number Diff line
@@ -10,6 +10,7 @@ DEFAULT_DEPLOY_FILES="${DEFAULT_DEPLOY_FILES:-*compose*.y*ml ${COMPOSE_ENV_FILE_ 
FORCE_DOCKER_COMPOSE="${FORCE_DOCKER_COMPOSE:-0}"

OMIT_CLEAN_DEPLOY="${OMIT_CLEAN_DEPLOY:-0}"

SWARM_RESOLVE_IMAGE="${SWARM_RESOLVE_IMAGE:-always}"

OMIT_DOLLAR_DUPLICATION="${OMIT_DOLLAR_DUPLICATION:-0}"



OMIT_STATUS_CHECK="${OMIT_STATUS_CHECK:-0}"

STATUS_CHECK_RETRIES="${STATUS_CHECK_RETRIES:-10}"

script/_prepare-env.sh

+12 −2
Original line number Diff line number Diff line
@@ -20,8 +20,18 @@ echo -en " ${INFO_COLOR}variable names [ ${DATA_COLOR}STACK${INFO_COLOR}" 
envDefs="STACK=${STACK}"



addVariableToEnv() {

	envDefs="${envDefs}\\n${1}"

	variableName=$(echo "${1}" | cut -d '=' -f 1)

	varDefinition="${1}"

	if [ ! ${docker23CompatibleTarget} -eq 0 ] || [ ! ${deployingToSwarm} -eq 0 ]

	then

		if [ ${OMIT_DOLLAR_DUPLICATION} -eq 0 ]

		then

			varDefinition=$(echo "${varDefinition}" | sed -r 's/([^\$])(\$)([^\$])/\1\2\2\3/g')

		fi

	fi



	envDefs="${envDefs}\\n${varDefinition}"



	variableName=$(echo "${varDefinition}" | cut -d '=' -f 1)

	echo -en "${INFO_COLOR}, ${DATA_COLOR}${variableName}${INFO_COLOR}"

}