From 7f4d810f5d8eb9dce695356a7b107219596addca Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 27 Mar 2024 09:46:02 -0600 Subject: [PATCH 1/2] pull config from AppConfig if APP_ID is not empty --- Dockerfile | 5 ++++- README.md | 22 ++++++++++++++++++++-- application/run.sh | 7 +++++++ local.env.dist | 15 +++++++++++++++ 4 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 application/run.sh diff --git a/Dockerfile b/Dockerfile index 022d335..c6a8bae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,4 +19,7 @@ COPY application/ /data/ RUN chown -R www-data:www-data \ console/runtime/ -CMD ["/data/yii", "batch/full"] +ADD https://github.com/silinternational/config-shim/releases/latest/download/config-shim.gz config-shim.gz +RUN gzip -d config-shim.gz && chmod 755 config-shim && mv config-shim /usr/local/bin + +CMD ["/data/run.sh"] diff --git a/README.md b/README.md index 288b8ae..555963b 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,26 @@ # IdP ID Sync Tool to synchronize user records between the ID Broker and an ID Store -## Configuration files -Copy ```local.env.dist``` to ```local.env``` and supply any necessary values. +## Configuration +By default, configuration is read from environment variables documented in the `local.env.dist` +file. Copy this file to `local.env` and supply any necessary values. + +Optionally, you can define configuration in AWS AppConfig. To do this, set the following +environment variables to point to the configuration in AWS: + +* `AWS_REGION` - the AWS region in use +* `APP_ID` - the application ID or name +* `CONFIG_ID` - the configuration profile ID or name +* `ENV_ID` - the environment ID or name + +In addition, the AWS API requires authentication. It is best to use an access role +such as an [ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html). +If that is not an option, you can specify an access token using the `AWS_ACCESS_KEY_ID` and +`AWS_SECRET_ACCESS_KEY` variables. + +The content of the configuration profile takes the form of a typical .env file, using +`#` for comments and `=` for variable assignment. Any variables read from AppConfig +will overwrite variables set in the execution environment. ## Testing diff --git a/application/run.sh b/application/run.sh new file mode 100644 index 0000000..ef97125 --- /dev/null +++ b/application/run.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +if [[ -z "${APP_ID}" ]]; then + /data/yii batch/full +else + config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID /data/yii batch/full +fi diff --git a/local.env.dist b/local.env.dist index b53810c..0b44d27 100644 --- a/local.env.dist +++ b/local.env.dist @@ -71,6 +71,21 @@ ID_STORE_ADAPTER= ### Optional ENV vars ### +# === AWS AppConfig (optional) === + +# The AWS region in use +#AWS_REGION= + +# The AppConfig Application ID (or name) +#APP_ID= + +# The AppConfig Configuration Profile ID (or name) +#CONFIG_ID= + +# The AppConfig Environment ID (or name) +#ENV_ID= + + # Where to email error logs. #ALERTS_EMAIL= From b366ae26c5c1f9e497adea7cfa63136c42e8378f Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:44:06 -0600 Subject: [PATCH 2/2] set execute bit on run.sh --- application/run.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 application/run.sh diff --git a/application/run.sh b/application/run.sh old mode 100644 new mode 100755