Mirrored_Repos/docker-atlassian-confluence-server
1
0
Fork 0
mirror of https://bitbucket.org/atlassian-docker/docker-atlassian-confluence-server.git synced 2024-08-30 18:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename env var

Browse Source
This commit is contained in:
Yevhen Ivantsov 2023-08-11 15:08:14 +10:00
parent e21958b4dc
commit 7e0d472f81
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -338,11 +338,11 @@ management technology, and is beyond the scope of this documentation.
The unset function is executed in the entrypoint. Set to `false` if you want to allow passing The unset function is executed in the entrypoint. Set to `false` if you want to allow passing
sensitive environment variables to Confluence container. sensitive environment variables to Confluence container.
* `ATL_WHITELIST_SENSITIVE_ENV_VARS` * `ATL_ALLOWLIST_SENSITIVE_ENV_VARS`
**WARNING:** When using this property, the values to sensitive environment variables will be available in clear text on the host OS. As such, this data may be exposed to users or processes running on the host OS. **WARNING:** When using this property, the values to sensitive environment variables will be available in clear text on the host OS. As such, this data may be exposed to users or processes running on the host OS.
Define a comma separated list of environment variables containing keywords 'PASS', 'SECRET' or 'TOKEN' to be ignored by the unset function which is executed in the entrypoint. The function uses `^` regex. For example, if you set `ATL_WHITELIST_SENSITIVE_ENV_VARS="PATH_TO_SECRET_FILE"`, all variables starting with `PATH_TO_SECRET_FILE` will be whitelisted. Define a comma separated list of environment variables containing keywords 'PASS', 'SECRET' or 'TOKEN' to be ignored by the unset function which is executed in the entrypoint. The function uses `^` regex. For example, if you set `ATL_ALLOWLIST_SENSITIVE_ENV_VARS="PATH_TO_SECRET_FILE"`, all variables starting with `PATH_TO_SECRET_FILE` will not be unset.
## Advanced Configuration ## Advanced Configuration

2
shared-components

@ -1 +1 @@
Subproject commit 7e242207638140041da240a086ed464cf00b9e8c Subproject commit 821a0fbca09e76d6b82b433a4bfd50d5a6cad10c

6
tests/test_image.py
View File

@ -608,7 +608,7 @@ def test_skip_unset_secure_vars(docker_cli, image, run_user):
if rpat.search(line): if rpat.search(line):
raise EOFError(f"Found unexpected log line '{var_unset_log_line}'") raise EOFError(f"Found unexpected log line '{var_unset_log_line}'")
def test_skip_default_whitelisted_secure_vars(docker_cli, image, run_user): def test_skip_default_allowlist_secure_vars(docker_cli, image, run_user):
environment = { environment = {
'AWS_WEB_IDENTITY_TOKEN_FILE': '/path/to/file', 'AWS_WEB_IDENTITY_TOKEN_FILE': '/path/to/file',
'com_atlassian_db_config_password_ciphers_algorithm_javax_crypto_foor_bar': '/path/to/file' 'com_atlassian_db_config_password_ciphers_algorithm_javax_crypto_foor_bar': '/path/to/file'
@ -627,12 +627,12 @@ def test_skip_default_whitelisted_secure_vars(docker_cli, image, run_user):
print(line) print(line)
raise EOFError(f"Found unexpected log line") raise EOFError(f"Found unexpected log line")
def test_skip_custom_whitelisted_secure_vars(docker_cli, image, run_user): def test_skip_custom_allowlist_secure_vars(docker_cli, image, run_user):
environment = { environment = {
'MY_TOKEN': 'tokenvalue', 'MY_TOKEN': 'tokenvalue',
'SECRET': 'secretvalue', 'SECRET': 'secretvalue',
'MY_PASS': 'passvalue', 'MY_PASS': 'passvalue',
'ATL_WHITELIST_SENSITIVE_ENV_VARS': 'MY_TOKEN, MY_PASS', 'ATL_ALLOWLIST_SENSITIVE_ENV_VARS': 'MY_TOKEN, MY_PASS',
} }
container = docker_cli.containers.run(image, detach=True, user=run_user, environment=environment, ports={PORT: PORT}) container = docker_cli.containers.run(image, detach=True, user=run_user, environment=environment, ports={PORT: PORT})
wait_for_state(STATUS_URL, expected_state='FIRST_RUN') wait_for_state(STATUS_URL, expected_state='FIRST_RUN')