Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Wildcard option for ZITI_IDENTITIES #5

Merged
merged 4 commits into from
Dec 5, 2024
Merged

Added Wildcard option for ZITI_IDENTITIES #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0db9406
Added the posibility to use patterns for the enviroment variable ZITI…
erikmagkekse Dec 1, 2024
773a29b
Add support for symlinks, useful for kribbelnetes secrets
erikmagkekse Dec 5, 2024
251b7d3
Updated version and documentation
erikmagkekse Dec 5, 2024
95003b7
Updated python image
erikmagkekse Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM python:3.10.15-slim
FROM python:3-slim-bookworm

# Arguments
ENV USER=appuser
Expand All @@ -15,7 +15,7 @@
ENV SOCKS_PORT=1080
ENV HTTP_PORT=1080
ENV PROXY_USERNAME=user
ENV PROXY_PASSWORD=password

Check warning on line 18 in Dockerfile

View workflow job for this annotation

GitHub Actions / docker

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "PROXY_PASSWORD")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

# Go to app dir
RUN mkdir /app
Expand Down
22 changes: 11 additions & 11 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,17 @@ docker pull docker.io/erikmagkekse/ziti-edge-proxy:main
[DockerHub](https://hub.docker.com/r/erikmagkekse/ziti-edge-proxy)

### Environment variables
| Variable | Default Value | Usage |
| ---------------- | ----------------- | ----------------------------------------------------------- |
| PROXY_HOST | 127.0.0.1 | Where the SOCKS5 server should be attached |
| SOCKS_ENABLED | true | Enables SOCKS5 Server |
| HTTP_ENABLED | true | Enables HTTP Server |
| SOCKS_PORT | 1080 | Default port of the SOCKS5 server |
| HTTP_PORT | 8080 | Default port of the HTTP proxy server |
| PROXY_USERNAME | user | Username for the SOCKS5 server |
| PROXY_PASSWORD | password | Password for the SOCKS5 Server |
| *ZITI_IDENTITIES | *empty* | List of used Ziti identities, separated by semicolon |
| *ZITI_IDENTITY | *empty* | A Base64 encoded string of a single identity JSON |
| Variable | Default Value | Usage |
| ---------------- | ----------------- | ------------------------------------------------------------------------------------ |
| PROXY_HOST | 127.0.0.1 | Where the SOCKS5 server should be attached |
| SOCKS_ENABLED | true | Enables SOCKS5 Server |
| HTTP_ENABLED | true | Enables HTTP Server |
| SOCKS_PORT | 1080 | Default port of the SOCKS5 server |
| HTTP_PORT | 8080 | Default port of the HTTP proxy server |
| PROXY_USERNAME | user | Username for the SOCKS5 server |
| PROXY_PASSWORD | password | Password for the SOCKS5 Server |
| *ZITI_IDENTITIES | *empty* | List of used Ziti identities, separated by semicolon, can be also a wildcard. |
| *ZITI_IDENTITY | *empty* | A Base64 encoded string of a single identity JSON |

\*Only one of these can be used at a time and is not optional. If you use ZITI_IDENTITY, it will decode the identity JSON to "/app/identity.json" and update the var ZITI_IDENTITIES to point to the file.

Expand Down
2 changes: 1 addition & 1 deletion VERSION.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v0.2-alpha
v0.3-alpha
2 changes: 1 addition & 1 deletion docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ services:
PROXY_PASSWORD: 1234
ZITI_IDENTITIES: /app/identity.json
volumes:
- "../identity.json:/app/identity.json"
- "../identity.json:/app/identity.json"
27 changes: 27 additions & 0 deletions entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,33 @@ if [[ -n "$ZITI_IDENTITY" ]]; then
echo "Error: Failed to decode and create identity file."
exit 1
fi
else
echo "ZITI_IDENTITY not detected. Checking ZITI_IDENTITIES for configuration..."

if [[ -z "$ZITI_IDENTITIES" ]]; then
echo "Error: ZITI_IDENTITIES is not set. Please configure it as a file pattern."
exit 1
fi

dir=$(dirname "$ZITI_IDENTITIES")
pattern=$(basename "$ZITI_IDENTITIES")

if [[ ! -d "$dir" ]]; then
echo "Error: Directory $dir does not exist."
exit 1
fi

echo "Scanning for files matching: $ZITI_IDENTITIES"

files=$(find "$dir" -maxdepth 1 -name "$pattern" -type f,l 2>/dev/null | tr '\n' ',' | sed 's/,$//')

if [[ -n "$files" ]]; then
export ZITI_IDENTITIES="$files"
echo "ZITI_IDENTITIES updated to: $ZITI_IDENTITIES"
else
echo "Error: No files found matching the pattern: $ZITI_IDENTITIES"
exit 1
fi
fi

exec "$@"
Loading