diff --git a/comanage-registry-postgres/Dockerfile b/comanage-registry-postgres/Dockerfile index 06a3e0b..5e78d5b 100644 --- a/comanage-registry-postgres/Dockerfile +++ b/comanage-registry-postgres/Dockerfile @@ -36,7 +36,9 @@ ARG COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ENV COMANAGE_REGISTRY_POSTGRES_DATABASE ${COMANAGE_REGISTRY_POSTGRES_DATABASE:-registry} ENV COMANAGE_REGISTRY_POSTGRES_USER ${COMANAGE_REGISTRY_POSTGRES_USER:-registry_user} -ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-} +ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password} + +ENV POSTGRES_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password} ENTRYPOINT ["/usr/local/bin/comanage-registry-postgres-entrypoint.sh"] diff --git a/comanage-registry-postgres/README.md b/comanage-registry-postgres/README.md index 0adab5e..444816d 100644 --- a/comanage-registry-postgres/README.md +++ b/comanage-registry-postgres/README.md @@ -71,11 +71,9 @@ The image supports the environment variables below and the `_FILE` `POSTGRES_PASSWORD` * Description: password for superuser -* Required: no -* Default: none +* Required: yes +* Default: value of COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD * Example: `l7cX28O3mt03y41EndjM` -* Note: If you do not set a password for the superuser then -any client with access to the container may connect to the database. `COMANAGE_REGISTRY_POSTGRES_DATABASE` @@ -94,16 +92,15 @@ any client with access to the container may connect to the database. `COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD` * Description: password for database user -* Required: no -* Default: none +* Required: yes +* Default: `password` * Example: `5Aw9SzS4xqYi7daHw57c` -* Note: If you do not set a password for the COmanage Registry user then -any client with access to the container may connect to the database. ## Authentication -If you do not set a password for the superuser or the COmanage Registry user then -any client with access to the container may connect to the database. +Authentication is not required to connect from within the container, +but any client connecting from another host/container must provide +a password. ## Ports @@ -166,12 +163,14 @@ An example is docker run \ -it \ --rm \ - --network temp_default \ + --network _default \ comanage-registry-postgres \ + bash -c \ + 'PGPASSWORD="password" \ pg_dump \ -h comanage-registry-database \ -U registry_user \ - registry + registry' ``` The output from the `pg_dump` command is sent to the stdout of the temporary diff --git a/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh b/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh index 1652e74..43084e1 100755 --- a/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh +++ b/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh @@ -34,4 +34,9 @@ if [[ -f "${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD_FILE}" ]]; then export COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD fi +if [[ -z "${POSTGRES_PASSWORD}" && -z "${POSTGRES_PASSWORD_FILE}" ]]; then + POSTGRES_PASSWORD=${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password} + export POSTGRES_PASSWORD +fi + exec "/docker-entrypoint.sh" "$@"