GUACAMOLE-626: Merge add support for Docker secrets to startup.sh

2025-09-06 05:07:41 +00:00 · 2019-02-02 14:38:25 -05:00
parent 48f5f57ce7 f12dd1e2bb
commit 8c5002cd7b
2 changed files with 141 additions and 42 deletions
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -84,6 +84,29 @@ set_optional_property() {

 }

+# Print error message regarding missing required variables for MySQL authentication
+mysql_missing_vars() {
+   cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using a MySQL database, you must provide each of the following
+environment variables or their corresponding Docker secrets by appending _FILE
+to the environment variable, and setting the value to the path of the 
+corresponding secret:
+
+    MYSQL_USER         The user to authenticate as when connecting to
+                       MySQL.
+
+    MYSQL_PASSWORD     The password to use when authenticating with MySQL as
+                       MYSQL_USER.
+
+    MYSQL_DATABASE     The name of the MySQL database to use for Guacamole
+                       authentication.
+END
+    exit 1;
+}
+
+
 ##
 ## Adds properties to guacamole.properties which select the MySQL
 ## authentication provider, and configure it to connect to the linked MySQL
@@ -125,32 +148,38 @@ END
        exit 1;
    fi

-    # Verify required parameters are present
-    if [ -z "$MYSQL_USER" -o -z "$MYSQL_PASSWORD" -o -z "$MYSQL_DATABASE" ]; then
-        cat <<END
-FATAL: Missing required environment variables
-------------------------------------------------------------------------------
-If using a MySQL database, you must provide each of the following
-environment variables:

-    MYSQL_USER         The user to authenticate as when connecting to
-                       MySQL.
+    # Verify that the required Docker secrets are present, else, default to their normal environment variables
+    if [ -n "$MYSQL_USER_FILE" ]; then
+        set_property "mysql-username" `cat $MYSQL_USER_FILE`
+    elif [ -n "$MYSQL_USER" ]; then
+        set_property "mysql-username" "$MYSQL_USER"
+    else
+        mysql_missing_vars
+        exit 1;
+    fi
+    
+    if [ -n "$MYSQL_PASSWORD_FILE" ]; then
+        set_property "mysql-password" `cat $MYSQL_PASSWORD_FILE`
+    elif [ -n "$MYSQL_PASSWORD" ]; then
+        set_property "mysql-password" "$MYSQL_PASSWORD"
+    else
+        mysql_missing_vars
+        exit 1;
+    fi

-    MYSQL_PASSWORD     The password to use when authenticating with MySQL as
-                       MYSQL_USER.
-
-    MYSQL_DATABASE     The name of the MySQL database to use for Guacamole
-                       authentication.
-END
+    if [ -n "$MYSQL_DATABASE_FILE" ]; then
+        set_property "mysql-database" `cat $MYSQL_DATABASE_FILE`
+    elif [ -n "$MYSQL_DATABASE" ]; then
+        set_property "mysql-database" "$MYSQL_DATABASE"
+    else
+        mysql_missing_vars
        exit 1;
    fi

    # Update config file
    set_property "mysql-hostname" "$MYSQL_HOSTNAME"
    set_property "mysql-port"     "$MYSQL_PORT"
-    set_property "mysql-database" "$MYSQL_DATABASE"
-    set_property "mysql-username" "$MYSQL_USER"
-    set_property "mysql-password" "$MYSQL_PASSWORD"

    set_optional_property               \
        "mysql-absolute-max-connections" \
@@ -178,6 +207,28 @@ END

 }

+# Print error message regarding missing required variables for PostgreSQL authentication
+postgres_missing_vars() {
+    cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using a PostgreSQL database, you must provide each of the following
+environment variables or their corresponding Docker secrets by appending _FILE
+to the environment variable, and setting the value to the path of the 
+corresponding secret:
+
+    POSTGRES_USER      The user to authenticate as when connecting to
+                       PostgreSQL.
+
+    POSTGRES_PASSWORD  The password to use when authenticating with PostgreSQL
+                       as POSTGRES_USER.
+
+    POSTGRES_DATABASE  The name of the PostgreSQL database to use for Guacamole
+                       authentication.
+END
+    exit 1;
+}
+
 ##
 ## Adds properties to guacamole.properties which select the PostgreSQL
 ## authentication provider, and configure it to connect to the linked
@@ -221,32 +272,37 @@ END
        exit 1;
    fi

-    # Verify required parameters are present
-    if [ -z "$POSTGRES_USER" -o -z "$POSTGRES_PASSWORD" -o -z "$POSTGRES_DATABASE" ]; then
-        cat <<END
-FATAL: Missing required environment variables
-------------------------------------------------------------------------------
-If using a PostgreSQL database, you must provide each of the following
-environment variables:
+    # Verify that the required Docker secrets are present, else, default to their normal environment variables
+    if [ -n "$POSTGRES_USER_FILE" ]; then
+        set_property "postgresql-username" `cat $POSTGRES_USER_FILE`
+    elif [ -n "$POSTGRES_USER" ]; then
+        set_property "postgresql-username" "$POSTGRES_USER"
+    else
+        postgres_missing_vars
+        exit 1;
+    fi
+    
+    if [ -n "$POSTGRES_PASSWORD_FILE" ]; then
+        set_property "postgresql-password" `cat $POSTGRES_PASSWORD_FILE`
+    elif [ -n "$POSTGRES_PASSWORD" ]; then
+        set_property "postgresql-password" "$POSTGRES_PASSWORD"
+    else
+        postgres_missing_vars
+        exit 1;
+    fi

-    POSTGRES_USER      The user to authenticate as when connecting to
-                       PostgreSQL.
-
-    POSTGRES_PASSWORD  The password to use when authenticating with PostgreSQL
-                       as POSTGRES_USER.
-
-    POSTGRES_DATABASE  The name of the PostgreSQL database to use for Guacamole
-                       authentication.
-END
+    if [ -n "$POSTGRES_DATABASE_FILE" ]; then
+        set_property "postgresql-database" `cat $POSTGRES_DATABASE_FILE`
+    elif [ -n "$POSTGRES_DATABASE" ]; then
+        set_property "postgresql-database" "$POSTGRES_DATABASE"
+    else
+        postgres_missing_vars
        exit 1;
    fi

    # Update config file
    set_property "postgresql-hostname" "$POSTGRES_HOSTNAME"
    set_property "postgresql-port"     "$POSTGRES_PORT"
-    set_property "postgresql-database" "$POSTGRES_DATABASE"
-    set_property "postgresql-username" "$POSTGRES_USER"
-    set_property "postgresql-password" "$POSTGRES_PASSWORD"

    set_optional_property               \
        "postgresql-absolute-max-connections" \
@@ -596,13 +652,13 @@ set_property "guacd-port"     "$GUACD_PORT"
 INSTALLED_AUTH=""

 # Use MySQL if database specified
-if [ -n "$MYSQL_DATABASE" ]; then
+if [ -n "$MYSQL_DATABASE" -o -n "$MYSQL_DATABASE_FILE" ]; then
    associate_mysql
    INSTALLED_AUTH="$INSTALLED_AUTH mysql"
 fi

 # Use PostgreSQL if database specified
-if [ -n "$POSTGRES_DATABASE" ]; then
+if [ -n "$POSTGRES_DATABASE" -o -n "$POSTGRES_DATABASE_FILE" ]; then
    associate_postgresql
    INSTALLED_AUTH="$INSTALLED_AUTH postgres"
 fi