Move settings and mysql env vars around

pull/143/head
Øivind Hoel 2024-09-03 14:27:12 +00:00 committed by Stefano Ortolani
parent 7e595ff585
commit 043437c83f
4 changed files with 77 additions and 80 deletions

View File

@ -3,8 +3,6 @@
source /rest_client.sh
source /utilities.sh
MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
# We now use envsubst for safe variable substitution with pseudo-json objects for env var enforcement
# envsubst won't evaluate anything like $() or conditional variable expansion so lets do that here
export PYTHON_BIN="$(which python3)"
@ -210,10 +208,10 @@ init_user() {
# Create the main user if it is not there already
sudo -u www-data /var/www/MISP/app/Console/cake user init -q > /dev/null 2>&1
echo "UPDATE $MYSQL_DATABASE.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
echo "UPDATE $MYSQL_DATABASE.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQL_CMD}
if [ ! -z "$ADMIN_ORG" ]; then
echo "UPDATE $MYSQL_DATABASE.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
echo "UPDATE $MYSQL_DATABASE.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQL_CMD}
fi
if [ -n "$ADMIN_KEY" ]; then
@ -243,7 +241,7 @@ init_user() {
else
echo "... setting admin password skipped"
fi
echo "UPDATE $MYSQL_DATABASE.users SET change_pw = 0 WHERE id = 1;" | ${MYSQLCMD}
echo "UPDATE $MYSQL_DATABASE.users SET change_pw = 0 WHERE id = 1;" | ${MYSQL_CMD}
}
apply_critical_fixes() {
@ -280,76 +278,6 @@ apply_optional_fixes() {
# fi
#}
# Kludgy alternative to using cake Admin getSetting.
setting_is_set_alt() {
local setting="$1"
local config_json=$(echo '<?php require_once "/var/www/MISP/app/Config/config.php"; echo json_encode($config, JSON_THROW_ON_ERROR | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); ?>'|/usr/bin/php)
local db_settings_enabled=$(jq -e 'getpath(("MISP.system_setting_db" | split("."))) // false' <<< $config_json)
local setting_in_config_file=$(jq -e 'getpath(("'"$setting"'" | split("."))) != null' <<< $config_json)
if $setting_in_config_file; then
return 0
elif $db_settings_enabled; then
local setting_in_db=$(echo "SELECT EXISTS(SELECT 1 FROM $MYSQL_DATABASE.system_settings WHERE setting = \"${setting}\");" | ${MYSQLCMD})
if [[ $setting_in_db -eq 1 ]]; then
return 0
fi
fi
return 1
}
set_default_settings() {
local settings_json="$1"
local description="$2"
for setting in $(jq -r 'keys[]' <<< $settings_json); do
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
set_safe_default "$setting" "$default_value" "$description" "$command_args"
done
}
enforce_env_settings() {
local settings_json="$1"
local description="$2"
for setting in $(jq -r 'keys[]' <<< $settings_json); do
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
echo "Enforcing $description setting '$setting' to env var or default value '$default_value'..."
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
done
}
set_safe_default() {
local setting="$1"
local default_value="$2"
local description="$3"
local command_args="$4"
if ! setting_is_set_alt "$setting"; then
echo "Updating unset $description setting '$setting' to '$default_value'..."
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
fi
}
init_settings() {
local description="$1"
local enforced="/etc/misp-docker/${description}.envars.json"
local defaults="/etc/misp-docker/${description}.defaults.json"
if [[ -e "$enforced" ]]; then
echo "... enforcing env var settings"
local settings_json="$(envsubst < $enforced)"
enforce_env_settings "$settings_json" "$description"
fi
if [[ -e "$defaults" ]]; then
echo "... checking for unset default settings"
local settings_json="$(cat $defaults)"
set_default_settings "$settings_json" "$description"
fi
}
update_components() {
UPDATE_SUDO_CMD="sudo -u www-data"
if [ ! -z "${DB_ALREADY_INITIALISED}" ]; then

View File

@ -12,6 +12,7 @@ export MYSQL_PORT=${MYSQL_PORT:-3306}
export MYSQL_USER=${MYSQL_USER:-misp}
export MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}
export MYSQL_DATABASE=${MYSQL_DATABASE:-misp}
export MYSQL_CMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
export REDIS_HOST=${REDIS_HOST:-redis}
export REDIS_PORT=${REDIS_PORT:-6379}
export REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}

View File

@ -8,19 +8,17 @@ term_proc() {
trap term_proc SIGTERM
MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
init_mysql(){
# Test when MySQL is ready....
# wait for Database come ready
isDBup () {
echo "SHOW STATUS" | $MYSQLCMD 1>/dev/null
echo "SHOW STATUS" | $MYSQL_CMD 1>/dev/null
echo $?
}
isDBinitDone () {
# Table attributes has existed since at least v2.1
echo "DESCRIBE attributes" | $MYSQLCMD 1>/dev/null
echo "DESCRIBE attributes" | $MYSQL_CMD 1>/dev/null
echo $?
}
@ -40,7 +38,7 @@ init_mysql(){
export DB_ALREADY_INITIALISED=true
else
echo "... database has not been initialized, importing MySQL scheme..."
$MYSQLCMD < /var/www/MISP/INSTALL/MYSQL.sql
$MYSQL_CMD < /var/www/MISP/INSTALL/MYSQL.sql
fi
}

View File

@ -16,3 +16,73 @@ check_env_vars() {
exit 1
fi
}
# Kludgy alternative to using cake Admin getSetting.
setting_is_set_alt() {
local setting="$1"
local config_json=$(echo '<?php require_once "/var/www/MISP/app/Config/config.php"; echo json_encode($config, JSON_THROW_ON_ERROR | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); ?>'|/usr/bin/php)
local db_settings_enabled=$(jq -e 'getpath(("MISP.system_setting_db" | split("."))) // false' <<< $config_json)
local setting_in_config_file=$(jq -e 'getpath(("'"$setting"'" | split("."))) != null' <<< $config_json)
if $setting_in_config_file; then
return 0
elif $db_settings_enabled; then
local setting_in_db=$(echo "SELECT EXISTS(SELECT 1 FROM $MYSQL_DATABASE.system_settings WHERE setting = \"${setting}\");" | ${MYSQL_CMD})
if [[ $setting_in_db -eq 1 ]]; then
return 0
fi
fi
return 1
}
set_default_settings() {
local settings_json="$1"
local description="$2"
for setting in $(jq -r 'keys[]' <<< $settings_json); do
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
set_safe_default "$setting" "$default_value" "$description" "$command_args"
done
}
enforce_env_settings() {
local settings_json="$1"
local description="$2"
for setting in $(jq -r 'keys[]' <<< $settings_json); do
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
echo "Enforcing $description setting '$setting' to env var or default value '$default_value'..."
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
done
}
set_safe_default() {
local setting="$1"
local default_value="$2"
local description="$3"
local command_args="$4"
if ! setting_is_set_alt "$setting"; then
echo "Updating unset $description setting '$setting' to '$default_value'..."
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
fi
}
init_settings() {
local description="$1"
local enforced="/etc/misp-docker/${description}.envars.json"
local defaults="/etc/misp-docker/${description}.defaults.json"
if [[ -e "$enforced" ]]; then
echo "... enforcing env var settings"
local settings_json="$(envsubst < $enforced)"
enforce_env_settings "$settings_json" "$description"
fi
if [[ -e "$defaults" ]]; then
echo "... checking for unset default settings"
local settings_json="$(cat $defaults)"
set_default_settings "$settings_json" "$description"
fi
}