Update Dockerfile, scripts/createuser.sh, hardening_manifest.yaml files

8358eb0c · WingKwan Lau · e511954f · 8358eb0c · 8358eb0c · 8358eb0c
Commit 8358eb0c authored Aug 23, 2021 by WingKwan Lau
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 6 deletions

Dockerfile Dockerfile +7 -4

hardening_manifest.yaml hardening_manifest.yaml +2 -2

scripts/createuser.sh scripts/createuser.sh +15 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,9 @@ RUN mkdir -p $WORKING_DIR
 # copy over the script to make permissions compatible with OpenShift
 COPY scripts/fix-permissions.sh /usr/local/bin

+# copy create user script
+COPY scripts/createuser.sh /docker-entrypoint-initdb.d/
+
 # ensure the script is executable
 RUN chmod a+x /usr/local/bin/fix-permissions.sh

@@ -26,12 +29,12 @@ RUN fix-permissions.sh ${DATA_DIR} -P && \
    fix-permissions.sh ${CONFIG_DIR} -P && \
    fix-permissions.sh ${WORKING_DIR} -P 

-RUN ls -ltrh ${DATA_DIR}
-RUN ls -ltrh ${CONFIG_DIR}
-RUN ls -ltrh ${WORKING_DIR}
-
 # set home directory to persistent volume directory
 ENV HOME=/var/lib/mongodb/data

+# ensure folder is writable
+RUN chown -R mongodb:mongodb /usr/local/bin 
+
 # switch back to mongodb (for non-containerized environments)
 USER mongodb:mongodb
+
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -7,7 +7,7 @@ name: "diat/aap-mongo"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
- "14.1"
+- "15.1"
 - "latest"

 # Build args passed to Dockerfile ARGs
@@ -29,7 +29,7 @@ labels:
  # Name of the distributing entity, organization or individual
  org.opencontainers.image.vendor: "aap-mongo"
  # Authoritative version of the software
-  org.opencontainers.image.version: "14.1"
+  org.opencontainers.image.version: "15.1"
  # Keywords to help with search (ex. "cicd,gitops,golang")
  mil.dso.ironbank.image.keywords: "aap,mongo,aap-mongo,aapmongo,mongodb,aap-mongodb,atlas,diat"
  # This value can be "opensource" or "commercial"

--- a/scripts/createuser.sh
+++ b/scripts/createuser.sh
+#!/bin/sh
+
+echo "Initializing database $MONGO_INITDB_DATABASE and creating database user $MONGODB_USER" 
+
+mongo=( mongo --host 127.0.0.1 --port 27017 --quiet )
+
+"${mongo[@]}" "$MONGO_INITDB_DATABASE" <<-EOJS
+    db.createUser({
+        user: $(_js_escape "$MONGODB_USER"),
+        pwd: $(_js_escape "$MONGODB_PASSWORD"),
+        roles: [ { role: 'readWrite', db: $(_js_escape "$MONGO_INITDB_DATABASE") } ]
+    })
+
+EOJS
+