Merge e0d43d1 into e310336

telefonicaid · Feb 5, 2019 · 3bf3980 · 3bf3980
2 parents e310336 + e0d43d1
commit 3bf3980
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 2 deletions.
diff --git a/config.js b/config.js
@@ -134,6 +134,18 @@ config.iota = {
      */
         port: 4041
     },
+    authentication: {
+        enabled: false,
+        type: 'keystone',
+        header: 'X-Auth-Token',
+        host: 'localhost',
+        port: '5000',
+     /**
+      * Usename and password must be overriden by setting them using difficult pattern for security issues.
+      */
+        user: 'iotagent',
+        password: 'iotagent'
+    },
     /**
      * Defines the configuration for the Device Registry, where all the information about devices and configuration
      * groups will be stored. There are currently just two types of registries allowed:

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -14,7 +14,12 @@ ENV DOWNLOAD=${DOWNLOAD}
 
 MAINTAINER FIWARE IoTAgent Team. Telefónica I+D
 
-#
+# IMPORTANT: For a Production Environment Use Docker Secrets to define
+#  these values and add _FILE to the name of the variable.
+
+# ENV IOTA_AUTH_USER "iotagent"
+# ENV IOTA_AUTH_PASSWORD "iotagent"
+
 # The following RUN command retrieves the source code from GitHub.
 # 
 # To obtain the latest stable release run this Docker file with the parameters
@@ -28,6 +33,7 @@ MAINTAINER FIWARE IoTAgent Team. Telefónica I+D
 # replace the whole RUN statement by the following COPY statement in your local source using :
 #
 # COPY . /opt/iotajson/
+# COPY ./docker/entrypoint.sh/
 #
 RUN if [ "${DOWNLOAD}" = "latest" ] ; \
 	then \
@@ -71,5 +77,5 @@ RUN \
 USER node
 ENV NODE_ENV=production
 
-ENTRYPOINT ["pm2-runtime", "bin/iotagent-json"]
+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["-- ", "config.js"]
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+    local var="$1"
+    local fileVar="${var}_FILE"
+    local def="${2:-}"
+    if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+        exit 1
+    fi
+    local val="$def"
+    if [ "${!var:-}" ]; then
+        val="${!var}"
+    elif [ "${!fileVar:-}" ]; then
+        val="$(< "${!fileVar}")"
+    fi
+    export "$var"="$val"
+    unset "$fileVar"
+}
+
+file_env 'IOTA_AUTH_USER'
+file_env 'IOTA_AUTH_PASSWORD'
+
+if [[ $IOTA_AUTH_USER ==  config.getconfig().iota.authentication.user ]] || [[ $IOTA_AUTH_PASSWORD == config.getconfig().iota.authentication.password ]]; then
+        echo "***********************************************"
+        echo "WARNING: It is recommended to set IOTA Auth credentials(using difficult pattern) keeping security in mind and not to use default values"
+        echo "These keys should be set using Docker Secrets"
+        echo "***********************************************"
+fi
+
+node pm2-runtime
+node /bin/iotagent-json
+
+exec /sbin/init
+
+
+#/bin/bash
diff --git a/lib/configService.js b/lib/configService.js
@@ -224,7 +224,9 @@ function getLogger() {
     return logger;
 }
 
+
 exports.setConfig = setConfig;
 exports.getConfig = getConfig;
 exports.setLogger = setLogger;
 exports.getLogger = getLogger;
+