From da43150cc9a48513b104445d59f170e13413d4ce Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 19 Feb 2025 16:18:17 +0800 Subject: [PATCH] add Parameter Store as an alternative to AppConfig --- Dockerfile | 2 +- README.md | 20 +++++++++++++------- dockerbuild/run.sh | 12 +++++------- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9ab0709a..fd79f0de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,7 @@ COPY dockerbuild/config/* $SSP_PATH/config/ COPY dockerbuild/ssp-overrides/sp-php.patch sp-php.patch RUN patch /data/vendor/simplesamlphp/simplesamlphp/modules/saml/src/Auth/Source/SP.php sp-php.patch -ADD https://github.com/silinternational/config-shim/releases/download/v1.1.0/config-shim.gz config-shim.gz +ADD https://github.com/silinternational/config-shim/releases/download/v1.2.0/config-shim.gz config-shim.gz RUN gzip -d config-shim.gz && chmod 755 config-shim && mv config-shim /usr/local/bin # Set permissions for cache directory. Corresponds to the `cachedir` setting in config.php. diff --git a/README.md b/README.md index 441bf3f9..5e5865fb 100644 --- a/README.md +++ b/README.md @@ -11,24 +11,30 @@ must be installed. [Make](https://www.gnu.org/software/make) is optional but simplifies the build process. ## Configuration + By default, configuration is read from environment variables. These are documented -in the `local.env.dist` file. Optionally, you can define configuration in AWS AppConfig. +in the `local.env.dist` file. Optionally, you can define configuration in AWS Systems Manager. To do this, set the following environment variables to point to the configuration in AWS: * `AWS_REGION` - the AWS region in use -* `APP_ID` - the application ID or name -* `CONFIG_ID` - the configuration profile ID or name -* `ENV_ID` - the environment ID or name +* `APP_ID` - AppConfig application ID or name +* `CONFIG_ID` - AppConfig configuration profile ID or name +* `ENV_ID` - AppConfig environment ID or name +* `PARAMETER_STORE_PATH` - Parameter Store base path for this app, e.g. "/idp-pw-api/idp-name/prod" In addition, the AWS API requires authentication. It is best to use an access role such as an [ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html). If that is not an option, you can specify an access token using the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` variables. -The content of the configuration profile takes the form of a typical .env file, using -`#` for comments and `=` for variable assignment. Any variables read from AppConfig -will overwrite variables set in the execution environment. +If `PARAMETER_STORE_PATH` is given, AWS Parameter Store will be used. Each parameter in AWS Parameter +Store is set as an environment variable in the execution environment. + +If `PARAMETER_STORE_PATH` is not given but the AppConfig variables are, AWS AppConfig will be used. +The content of the AppConfig configuration profile takes the form of a typical .env file, using `#` +for comments and `=` for variable assignment. Any variables read from AppConfig will overwrite variables +set in the execution environment. ### SimpleSAMLphp Metadata diff --git a/dockerbuild/run.sh b/dockerbuild/run.sh index 27e75441..cdc4aa32 100755 --- a/dockerbuild/run.sh +++ b/dockerbuild/run.sh @@ -20,14 +20,12 @@ cd /data cat /etc/*release | grep PRETTY php -v | head -n 1 -if [[ -z "${APP_ID}" ]]; then - apache2ctl -k start -D FOREGROUND +if [[ $PARAMETER_STORE_PATH ]]; then + config-shim --path $PARAMETER_STORE_PATH apache2ctl -k start -D FOREGROUND +elif [[ $APP_ID ]]; then + config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND else - if [[ -z "${STRATEGY_ID}" ]]; then - config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND - else - config-shim -u --strategy $STRATEGY_ID --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND - fi + apache2ctl -k start -D FOREGROUND fi # endless loop with a wait is needed for the trap to work