diff --git a/Dockerfile b/Dockerfile index 95e011f4..af1012b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,6 +55,9 @@ COPY tests /data/tests RUN cp $SSP_PATH/modules/sildisco/sspoverrides/www_saml2_idp/SSOService.php $SSP_PATH/www/saml2/idp/ RUN chmod a+x /data/run.sh /data/run-tests.sh +ADD https://github.com/silinternational/config-shim/releases/latest/download/config-shim.gz config-shim.gz +RUN gzip -d config-shim.gz && chmod 755 config-shim && mv config-shim /usr/local/bin + EXPOSE 80 ENTRYPOINT ["/usr/local/bin/s3-expand"] CMD ["/data/run.sh"] diff --git a/README.md b/README.md index 79f62f12..19c2e4dc 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,26 @@ must be installed. [Vagrant](https://www.vagrantup.com) for Windows users. +## Configuration +By default, configuration is read from environment variables. These are documented +in the `local.env.dist` file. Optionally, you can define configuration in AWS AppConfig. +To do this, set the following environment variables to point to the configuration in +AWS: + +* `AWS_REGION` - the AWS region in use +* `APP_ID` - the application ID or name +* `CONFIG_ID` - the configuration profile ID or name +* `ENV_ID` - the environment ID or name + +In addition, the AWS API requires authentication. It is best to use an access role +such as an [ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html). +If that is not an option, you can specify an access token using the `AWS_ACCESS_KEY_ID` and +`AWS_SECRET_ACCESS_KEY` variables. + +The content of the configuration profile takes the form of a typical .env file, using +`#` for comments and `=` for variable assignment. Any variables read from AppConfig +will overwrite variables set in the execution environment. + ## Local testing 1. `cp local.env.dist local.env` within project root and make adjustments as needed. diff --git a/dockerbuild/run.sh b/dockerbuild/run.sh index 8fa2f08f..748fc0b6 100755 --- a/dockerbuild/run.sh +++ b/dockerbuild/run.sh @@ -17,7 +17,11 @@ cd /data cat /etc/*release | grep PRETTY php -v | head -n 1 -apache2ctl -k start -D FOREGROUND +if [[ -z "${APP_ID}" ]]; then + apache2ctl -k start -D FOREGROUND +else + config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND +fi # endless loop with a wait is needed for the trap to work while true diff --git a/local.env.dist b/local.env.dist index 7f1a46cc..eba75656 100644 --- a/local.env.dist +++ b/local.env.dist @@ -17,6 +17,22 @@ HUB_MODE=false IDPDISCO_LAYOUT= ENABLE_DEBUG= + +# === AWS AppConfig (optional) === + +# The AWS region in use +#AWS_REGION= + +# The AppConfig Application ID (or name) +#APP_ID= + +# The AppConfig Configuration Profile ID (or name) +#CONFIG_ID= + +# The AppConfig Environment ID (or name) +#ENV_ID= + + # LOGGING_LEVEL default is NOTICE, or may be one of: ERR, WARNING, NOTICE, INFO, DEBUG LOGGING_LEVEL=