Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
POSTGRES_PASSWORD required
The upstream PostgreSQL image now requires that POSTGRES_PASSWORD
be set. This commit sets POSTGRES_PASSWORD to be the value
of COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD if not set,
or uses the Dockerfile default of password.
  • Loading branch information
skoranda committed Mar 27, 2020
1 parent 389d8cb commit 8d2162b
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 13 deletions.
4 changes: 3 additions & 1 deletion comanage-registry-postgres/Dockerfile
Expand Up @@ -36,7 +36,9 @@ ARG COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD

ENV COMANAGE_REGISTRY_POSTGRES_DATABASE ${COMANAGE_REGISTRY_POSTGRES_DATABASE:-registry}
ENV COMANAGE_REGISTRY_POSTGRES_USER ${COMANAGE_REGISTRY_POSTGRES_USER:-registry_user}
ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-}
ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password}

ENV POSTGRES_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password}

ENTRYPOINT ["/usr/local/bin/comanage-registry-postgres-entrypoint.sh"]

Expand Down
23 changes: 11 additions & 12 deletions comanage-registry-postgres/README.md
Expand Up @@ -71,11 +71,9 @@ The image supports the environment variables below and the `_FILE`
`POSTGRES_PASSWORD`

* Description: password for superuser
* Required: no
* Default: none
* Required: yes
* Default: value of COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD
* Example: `l7cX28O3mt03y41EndjM`
* Note: If you do not set a password for the superuser then
any client with access to the container may connect to the database.

`COMANAGE_REGISTRY_POSTGRES_DATABASE`

Expand All @@ -94,16 +92,15 @@ any client with access to the container may connect to the database.
`COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD`

* Description: password for database user
* Required: no
* Default: none
* Required: yes
* Default: `password`
* Example: `5Aw9SzS4xqYi7daHw57c`
* Note: If you do not set a password for the COmanage Registry user then
any client with access to the container may connect to the database.

## Authentication

If you do not set a password for the superuser or the COmanage Registry user then
any client with access to the container may connect to the database.
Authentication is not required to connect from within the container,
but any client connecting from another host/container must provide
a password.

## Ports

Expand Down Expand Up @@ -166,12 +163,14 @@ An example is
docker run \
-it \
--rm \
--network temp_default \
--network _default \
comanage-registry-postgres \
bash -c \
'PGPASSWORD="password" \
pg_dump \
-h comanage-registry-database \
-U registry_user \
registry
registry'
```

The output from the `pg_dump` command is sent to the stdout of the temporary
Expand Down
Expand Up @@ -34,4 +34,9 @@ if [[ -f "${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD_FILE}" ]]; then
export COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD
fi

if [[ -z "${POSTGRES_PASSWORD}" && -z "${POSTGRES_PASSWORD_FILE}" ]]; then
POSTGRES_PASSWORD=${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password}
export POSTGRES_PASSWORD
fi

exec "/docker-entrypoint.sh" "$@"

0 comments on commit 8d2162b

Please sign in to comment.