diff --git a/README.md b/README.md index c112179..f35d0df 100644 --- a/README.md +++ b/README.md @@ -338,11 +338,11 @@ management technology, and is beyond the scope of this documentation. The unset function is executed in the entrypoint. Set to `false` if you want to allow passing sensitive environment variables to Confluence container. -* `ATL_WHITELIST_SENSITIVE_ENV_VARS` +* `ATL_ALLOWLIST_SENSITIVE_ENV_VARS` - **WARNING:** When using this property, the values to sensitive environment variables will be available in clear text on the host OS. As such, this data may be exposed to users or processes running on the host OS. + **WARNING:** When using this property, the values to sensitive environment variables will be available in clear text on the host OS. As such, this data may be exposed to users or processes running on the host OS. - Define a comma separated list of environment variables containing keywords 'PASS', 'SECRET' or 'TOKEN' to be ignored by the unset function which is executed in the entrypoint. The function uses `^` regex. For example, if you set `ATL_WHITELIST_SENSITIVE_ENV_VARS="PATH_TO_SECRET_FILE"`, all variables starting with `PATH_TO_SECRET_FILE` will be whitelisted. + Define a comma separated list of environment variables containing keywords 'PASS', 'SECRET' or 'TOKEN' to be ignored by the unset function which is executed in the entrypoint. The function uses `^` regex. For example, if you set `ATL_ALLOWLIST_SENSITIVE_ENV_VARS="PATH_TO_SECRET_FILE"`, all variables starting with `PATH_TO_SECRET_FILE` will not be unset. ## Advanced Configuration diff --git a/shared-components b/shared-components index 7e24220..821a0fb 160000 --- a/shared-components +++ b/shared-components @@ -1 +1 @@ -Subproject commit 7e242207638140041da240a086ed464cf00b9e8c +Subproject commit 821a0fbca09e76d6b82b433a4bfd50d5a6cad10c diff --git a/tests/test_image.py b/tests/test_image.py index dfc63c1..104e74a 100644 --- a/tests/test_image.py +++ b/tests/test_image.py @@ -608,7 +608,7 @@ def test_skip_unset_secure_vars(docker_cli, image, run_user): if rpat.search(line): raise EOFError(f"Found unexpected log line '{var_unset_log_line}'") -def test_skip_default_whitelisted_secure_vars(docker_cli, image, run_user): +def test_skip_default_allowlist_secure_vars(docker_cli, image, run_user): environment = { 'AWS_WEB_IDENTITY_TOKEN_FILE': '/path/to/file', 'com_atlassian_db_config_password_ciphers_algorithm_javax_crypto_foor_bar': '/path/to/file' @@ -627,12 +627,12 @@ def test_skip_default_whitelisted_secure_vars(docker_cli, image, run_user): print(line) raise EOFError(f"Found unexpected log line") -def test_skip_custom_whitelisted_secure_vars(docker_cli, image, run_user): +def test_skip_custom_allowlist_secure_vars(docker_cli, image, run_user): environment = { 'MY_TOKEN': 'tokenvalue', 'SECRET': 'secretvalue', 'MY_PASS': 'passvalue', - 'ATL_WHITELIST_SENSITIVE_ENV_VARS': 'MY_TOKEN, MY_PASS', + 'ATL_ALLOWLIST_SENSITIVE_ENV_VARS': 'MY_TOKEN, MY_PASS', } container = docker_cli.containers.run(image, detach=True, user=run_user, environment=environment, ports={PORT: PORT}) wait_for_state(STATUS_URL, expected_state='FIRST_RUN')