chore: use new immuadmin flags in docker entrypoint

tauu · tauu · commit bb6c81756cc8 · 2023-07-14T03:44:52.000+02:00
diff --git a/build/Dockerfile.full b/build/Dockerfile.full
@@ -49,10 +49,6 @@ RUN addgroup --system --gid $IMMU_GID immu && \
     chmod 775 /var/run/immudb && \
     chmod 555 /usr/local/bin/create_user_db.sh
 
-RUN apt-get update && \
-    apt-get install -y expect && \
-    apt-get clean
-
 EXPOSE 3322
 EXPOSE 9497
 EXPOSE 8080
diff --git a/tools/user_db/create_user_db.sh b/tools/user_db/create_user_db.sh
@@ -3,9 +3,26 @@
 # PID file to use for an initialization immudb instance.
 INIT_PID_FILE=/var/run/immudb/init.pid
 
+# Directory in which temporary files may be created.
+TEMP_DIR="/tmp"
+TEMP_USER_PASSWORD_FILE=${TEMP_DIR}/user-pass
+IMMUDB_ADMIN_PASSWORD_FILE=${TEMP_DIR}/admin-pass
+
+# Cleanup temporary password files.
+CLEANUP() {
+   if [ -f "$TEMP_USER_PASSWORD_FILE" ]
+   then
+      rm $TEMP_USER_PASSWORD_FILE
+   fi
+   if [ -f "$IMMUDB_ADMIN_PASSWORD_FILE" ]
+   then
+      rm $IMMUDB_ADMIN_PASSWORD_FILE
+   fi
+}
+
 # Trap interrupts.
 # This is required to exit the waiting loops in the init function.
-trap "echo aborted; exit;" INT TERM
+trap "echo aborted; CLEANUP; exit;" INT TERM
 
 INIT() {
    # If an initial user or database to be created is configured,
@@ -20,29 +37,49 @@ INIT() {
    then
       CREATE_DATABASE=1
    fi
-   CREATE_USER=0
-   if [ -n "$IMMUDB_USER" ] && [ -n "$IMMUDB_PASSWORD" ]
-   then
-      CREATE_USER=1
-   fi
 
    # Check if a secret file for the user password was specified.
    if [ -n "$IMMUDB_PASSWORD_FILE" ]
    then
-      if [ -f "$IMMUDB_PASSWORD_FILE" ]
+      if [ ! -f "$IMMUDB_PASSWORD_FILE" ]
       then
-         IMMUDB_PASSWORD=$(cat "$IMMUDB_PASSWORD_FILE" | tr -d \d\r)
-      else
          echo "file ${IMMUDB_PASSWORD_FILE} specified for IMMUDB_PASSWORD_FILE does not exist"
          return 1
       fi
+   else 
+      # If no password file was specified, create a temporary file with
+      # the content of the IMMUDB_PASSWORD variable.
+      if [ -n "$IMMUDB_PASSWORD" ]
+      then
+         if ! echo "$IMMUDB_PASSWORD" > $TEMP_USER_PASSWORD_FILE
+         then
+            echo "creating temporary password file to create IMMUDB_USER failed"
+            return 1
+         fi
+         IMMUDB_PASSWORD_FILE=$TEMP_USER_PASSWORD_FILE
+      fi
+   fi
+
+   CREATE_USER=0
+   if [ -n "$IMMUDB_USER" ] && [ -n "$IMMUDB_PASSWORD_FILE" ]
+   then
+      CREATE_USER=1
    fi
    
-   # Run immudb on localhost.
+   # Check if a user and or a database should be initialized.
    if [ $CREATE_USER -eq 0 ] && [ $CREATE_DATABASE -eq 0 ]
    then
       return
    fi
+
+   # Create temporary file with admin password to issue immuadmin commands.
+   if ! echo "$IMMUDB_ADMIN_PASSWORD" > $IMMUDB_ADMIN_PASSWORD_FILE
+   then
+      echo "creating temporary password file with immudb admin passsword failed"
+      return 1
+   fi
+
+   # Start immudb on localhost to setup the database and user.
    echo "starting init immudb instance on localhost."
    if ! $@ --address 127.0.0.1 -d --pidfile $INIT_PID_FILE
    then
@@ -51,20 +88,19 @@ INIT() {
    fi
 
    # Wait until the server is running.
-   until immuadmin status
+   until immuadmin status --password-file $IMMUDB_ADMIN_PASSWORD_FILE --non-interactive
    do
       echo "waiting for immudb instance on localhost to be ready"
       sleep 1
    done
 
-   # Log into the immudb instance.
-   echo -n "${IMMUDB_ADMIN_PASSWORD}" | immuadmin login immudb
-
    # Create it, if it is not the database created by default.
    if [ $CREATE_DATABASE -eq 1 ]
    then
       echo "creating user database ${IMMUDB_DATABASE@Q}"
-      if ! immuadmin database create "${IMMUDB_DATABASE}"
+      if ! immuadmin database create "${IMMUDB_DATABASE}" \
+         --password-file $IMMUDB_ADMIN_PASSWORD_FILE \
+         --non-interactive
       then
         echo "creating database ${IMMUDB_DATABASE@Q} failed"
         return 1
@@ -73,41 +109,20 @@ INIT() {
    # Create a user if configured and grant it access to the user database.
    if [ $CREATE_USER -eq 1 ]
    then
-      echo "creating user ${IMMUDB_USER@Q}"
-      # Assemble expect script to create the user.
-      CREATE_USER_SCRIPT_FORMAT='
-spawn immuadmin user create "%q" readwrite "%q"
-expect "Choose a password for %q:"
-send "%q\r"
-expect {
-    timeout     { exit 1 }
-    eof         { exit 1 }
-    "Password does not meet the requirements."  { exit 1 }
-    "Confirm password:"
-}
-send "%q\r"
-catch wait result
-exit [lindex $result 3]
-'
-      printf -v CREATE_USER_SCRIPT "${CREATE_USER_SCRIPT_FORMAT}"\
-       "${IMMUDB_USER}" "${USER_DATABASE}"\
-       "${IMMUDB_USER}"\
-       "${IMMUDB_PASSWORD}"\
-       "${IMMUDB_PASSWORD}"
-      # Execute the expect script.
-      if ! expect -c "$CREATE_USER_SCRIPT"
+      if ! immuadmin user create "${IMMUDB_USER}" readwrite "${IMMUDB_DATABASE}" \
+       --new-password-file $IMMUDB_PASSWORD_FILE \
+       --password-file $IMMUDB_ADMIN_PASSWORD_FILE \
+       --non-interactive
       then
         echo "creating user ${IMMUDB_USER@Q} failed"
         return 1
       fi
    fi
-
+   
    # Stop the init instance.
    if [ -f $INIT_PID_FILE ]
    then
       echo "stopping init immudb instance on localhost."
-      # Log out of the instance.
-      immuadmin logout
       # Kill the immudb instance.
       INIT_PID=$(cat $INIT_PID_FILE)
       kill $INIT_PID
@@ -127,9 +142,13 @@ then
     echo "initialilzing database"
     if ! INIT $@
     then
+       # Cleanup temporary files.
+       CLEANUP
        echo "initializing database failed"
        exit 1
     fi
+    # Cleanup temporary files.
+    CLEANUP
 fi
 
 exec $@
