From e6a6a81dc368a2a1e05de6f3aee8cce92d1acb8d Mon Sep 17 00:00:00 2001 From: Valina Li Date: Wed, 13 Jul 2022 17:55:29 -0700 Subject: [PATCH 1/3] fix: security-secretstore-setup volume init semantics fixes: #3852 Signed-off-by: Valina Li --- cmd/security-secretstore-setup/entrypoint.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/security-secretstore-setup/entrypoint.sh b/cmd/security-secretstore-setup/entrypoint.sh index 090902fbbe..af2145b2f5 100644 --- a/cmd/security-secretstore-setup/entrypoint.sh +++ b/cmd/security-secretstore-setup/entrypoint.sh @@ -1,6 +1,6 @@ #!/usr/bin/dumb-init /bin/sh # ---------------------------------------------------------------------------------- -# Copyright (c) 2020 Intel Corporation +# Copyright (c) 2022 Intel Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,9 @@ set -e # env settings are populated from env files of docker-compose +# make config vault asset directory for case of helm +mkdir -p /vault/config/assets + echo "Initializing secret store..." /security-secretstore-setup --vaultInterval=10 From a2539fb0b7c5787bdc4e9ac1101705df06cfa510 Mon Sep 17 00:00:00 2001 From: Valina Li Date: Wed, 13 Jul 2022 20:00:25 -0700 Subject: [PATCH 2/3] moved make assets dir and chown to entrypoint Signed-off-by: Valina Li --- cmd/security-secretstore-setup/Dockerfile | 6 ++---- cmd/security-secretstore-setup/entrypoint.sh | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/cmd/security-secretstore-setup/Dockerfile b/cmd/security-secretstore-setup/Dockerfile index 064783bde2..fec3842628 100644 --- a/cmd/security-secretstore-setup/Dockerfile +++ b/cmd/security-secretstore-setup/Dockerfile @@ -1,6 +1,6 @@ # ---------------------------------------------------------------------------------- # Copyright 2019 Dell Technologies, Inc. -# Copyright 2020 Intel Corp. +# Copyright 2022 Intel Corp. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -52,8 +52,6 @@ COPY --from=builder /edgex-go/cmd/security-secretstore-setup/security-secretstor # Setup the entry point script, create token dir, and assign perms COPY --from=builder /edgex-go/cmd/security-secretstore-setup/entrypoint.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/entrypoint.sh \ - && ln -s /usr/local/bin/entrypoint.sh / \ - && mkdir -p /vault/config/assets \ - && chown -Rh 100:1000 /vault/ + && ln -s /usr/local/bin/entrypoint.sh / ENTRYPOINT ["entrypoint.sh"] diff --git a/cmd/security-secretstore-setup/entrypoint.sh b/cmd/security-secretstore-setup/entrypoint.sh index af2145b2f5..112b7bf9cc 100644 --- a/cmd/security-secretstore-setup/entrypoint.sh +++ b/cmd/security-secretstore-setup/entrypoint.sh @@ -21,8 +21,8 @@ set -e # env settings are populated from env files of docker-compose -# make config vault asset directory for case of helm mkdir -p /vault/config/assets +chown -Rh 100:1000 /vault/ echo "Initializing secret store..." /security-secretstore-setup --vaultInterval=10 From 5b96f283775bf9b7e7b55f69167ee5d90cf5ffb5 Mon Sep 17 00:00:00 2001 From: Valina Li Date: Thu, 14 Jul 2022 09:25:26 -0700 Subject: [PATCH 3/3] update comments Signed-off-by: Valina Li --- cmd/security-secretstore-setup/Dockerfile | 2 +- cmd/security-secretstore-setup/entrypoint.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cmd/security-secretstore-setup/Dockerfile b/cmd/security-secretstore-setup/Dockerfile index fec3842628..24c8e803c4 100644 --- a/cmd/security-secretstore-setup/Dockerfile +++ b/cmd/security-secretstore-setup/Dockerfile @@ -49,7 +49,7 @@ COPY --from=builder /edgex-go/cmd/security-secretstore-setup/res/kong-admin-conf COPY --from=builder /edgex-go/cmd/security-file-token-provider/security-file-token-provider . COPY --from=builder /edgex-go/cmd/security-secretstore-setup/security-secretstore-setup . -# Setup the entry point script, create token dir, and assign perms +# Setup the entry point script COPY --from=builder /edgex-go/cmd/security-secretstore-setup/entrypoint.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/entrypoint.sh \ && ln -s /usr/local/bin/entrypoint.sh / diff --git a/cmd/security-secretstore-setup/entrypoint.sh b/cmd/security-secretstore-setup/entrypoint.sh index 112b7bf9cc..1dcde1804a 100644 --- a/cmd/security-secretstore-setup/entrypoint.sh +++ b/cmd/security-secretstore-setup/entrypoint.sh @@ -21,6 +21,7 @@ set -e # env settings are populated from env files of docker-compose +# create token dir, and assign perms mkdir -p /vault/config/assets chown -Rh 100:1000 /vault/