From ebf10d9ed6721d9496f54c3bddd5f1e42735ee16 Mon Sep 17 00:00:00 2001 From: nhas Date: Fri, 8 Nov 2024 11:56:02 +1300 Subject: [PATCH] Make docker compose a bit more robust with health check, add redaction for sensitive env variables when printing --- README.md | 7 +++++++ config/config.go | 32 ++++++++++++++++++++++---------- docker-compose.dev.yaml | 22 +++++++++++++++------- docker-compose.yaml | 9 +++++++-- 4 files changed, 51 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index a9a1c2e..10ac4a7 100644 --- a/README.md +++ b/README.md @@ -162,3 +162,10 @@ features: dbname: (string) Which database to use sslmode: (string) postgres sslmode ``` + +## Development + +```sh +docker compose -f docker-compose.dev.yaml down --remove-orphans +docker compose -f docker-compose.dev.yaml --env-file .env.dev up --build --force-recreate +``` \ No newline at end of file diff --git a/config/config.go b/config/config.go index 71e7d94..d3c7d7e 100644 --- a/config/config.go +++ b/config/config.go @@ -29,7 +29,7 @@ type Config struct { PublicURL string `yaml:"public_url"` IssuerURL string `yaml:"issuer_url"` ClientID string `yaml:"client_id"` - ClientSecret string `yaml:"client_secret"` + ClientSecret string `yaml:"client_secret" sensitive:"yes"` AdminGroupClaimName string `yaml:"admin_group_claim_name"` AdminGroup string `yaml:"admin_group_name"` } @@ -42,7 +42,7 @@ type Config struct { Host string `yaml:"host"` Port int `yaml:"port"` Username string `yaml:"username"` - Password string `yaml:"password"` + Password string `yaml:"password" sensitive:"yes"` FromEmail string `yaml:"from"` } @@ -60,12 +60,17 @@ type Config struct { User string `yaml:"user"` DBname string `yaml:"dbname"` SSLmode string `yaml:"sslmode"` - Password string `yaml:"password"` + Password string `yaml:"password" sensitive:"yes"` } } -func listFields(v interface{}) []string { - var fields []string +type fieldDescription struct { + Name string + Sensitive bool +} + +func listFields(v interface{}) []fieldDescription { + var fields []fieldDescription t := reflect.TypeOf(v).Elem() for i := 0; i < t.NumField(); i++ { field := t.Field(i) @@ -74,10 +79,11 @@ func listFields(v interface{}) []string { if field.Type.Kind() == reflect.Struct { subFields := listFields(reflect.New(field.Type).Interface()) for _, subField := range subFields { - fields = append(fields, fmt.Sprintf("%s.%s", fieldName, subField)) + fields = append(fields, fieldDescription{Name: fmt.Sprintf("%s.%s", fieldName, subField.Name), Sensitive: subField.Sensitive}) } } else { - fields = append(fields, fieldName) + value, _ := field.Tag.Lookup("sensitive") + fields = append(fields, fieldDescription{Name: fieldName, Sensitive: (value == "true" || value == "yes")}) } } return fields @@ -129,12 +135,18 @@ func LoadConfig(path string) (c Config, err error) { fields := listFields(&c) setSomething := false for _, field := range fields { - envVariable := os.Getenv(field) - fmt.Printf("%s=%s\n", field, envVariable) + envVariable := os.Getenv(field.Name) + + printedValue := envVariable + if field.Sensitive && envVariable != "" { + printedValue = "**********" + } + + fmt.Printf("%s=%s\n", field.Name, printedValue) if envVariable != "" { setSomething = true - setField(&c, field, envVariable) + setField(&c, field.Name, envVariable) } } diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index b3921e3..5b5b4cd 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -2,14 +2,24 @@ services: postgres: image: postgres:13 environment: - - POSTGRES_USER=gohunt + - POSTGRES_USER=${GOHUNT_DB_USERNAME:-gohunt} - POSTGRES_PASSWORD=gohunt - POSTGRES_DB=gohunt + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${GOHUNT_DB_USERNAME:-gohunt}"] + interval: 5s + timeout: 5s + retries: 5 volumes: - - db-data:/var/lib/postgresql/data + - db-data-dev:/var/lib/postgresql/data gohunt: - image: ghcr.io/nhas/gohunt:main + depends_on: + - postgres + build: + context: . + dockerfile: Dockerfile + restart: on-failure environment: - GOHUNT_USERNAME=${GOHUNT_USERNAME} - GOHUNT_PASSWORD=${GOHUNT_PASSWORD} @@ -20,7 +30,7 @@ services: - Notification.Webhooks.Enabled=true - Database.Host=postgres - Database.Port=5432 - - Database.User=gohunt + - Database.User=${GOHUNT_DB_USERNAME:-gohunt} - Database.DBname=gohunt - Database.SSLmode=disable - Database.Password=gohunt @@ -28,6 +38,4 @@ services: - 8081:8081 volumes: - db-data: - caddy-data: - caddy_config: \ No newline at end of file + db-data-dev: diff --git a/docker-compose.yaml b/docker-compose.yaml index bd858c3..874e3bb 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -3,9 +3,14 @@ services: image: postgres:13 restart: on-failure environment: - - POSTGRES_USER=gohunt + - POSTGRES_USER=${GOHUNT_DB_USERNAME:-gohunt} - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=gohunt + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${GOHUNT_DB_USERNAME:-gohunt}"] + interval: 5s + timeout: 5s + retries: 5 volumes: - db-data:/var/lib/postgresql/data @@ -25,7 +30,7 @@ services: - Notification.Webhooks.Enabled=true - Database.Host=postgres - Database.Port=5432 - - Database.User=gohunt + - Database.User=${GOHUNT_DB_USERNAME:-gohunt} - Database.DBname=gohunt - Database.SSLmode=disable - Database.Password=${DB_PASSWORD}