From 48ccb6db43047db8ae1301296bf5171c9fead94f Mon Sep 17 00:00:00 2001
From: Dariusz Janny <janny@man.poznan.pl>
Date: Fri, 29 Jan 2021 01:21:25 +0100
Subject: [PATCH] [edugain/faas#28] moving secrets to separate env file.

---
 Makefile                             | 9 +++++++--
 conf/credentials/.gitignore          | 1 +
 conf/credentials/.gitkeep            | 0
 conf/credentials/faas-db-default.cnf | 1 +
 conf/faas-db.cnf                     | 7 +------
 5 files changed, 10 insertions(+), 8 deletions(-)
 create mode 100644 conf/credentials/.gitignore
 create mode 100644 conf/credentials/.gitkeep
 create mode 100644 conf/credentials/faas-db-default.cnf

diff --git a/Makefile b/Makefile
index d534494..1c7de0a 100644
--- a/Makefile
+++ b/Makefile
@@ -3,6 +3,11 @@ config ?= conf/faas-db.cnf
 include $(config)
 export $(shell sed 's/=.*//' $(config))
 
+credentials ?= conf/credentials/faas-db-default.cnf
+include $(credentials)
+export $(shell sed 's/=.*//' $(credentials))
+
+export FAAS_DB_IMAGE=${FAAS_DB_REPO}/${FAAS_DB_NAME}:${FAAS_DB_VERSION}
 
 .DEFAULT_GOAL := help
 
@@ -16,10 +21,10 @@ build-nc: # build container without caching
 	docker build --no-cache -t ${FAAS_DB_IMAGE} --build-arg FAAS_DB_NAME=${FAAS_DB_NAME} --build-arg FAAS_DB_IMAGE=${FAAS_DB_IMAGE} --build-arg FAAS_DB_VERSION=${FAAS_DB_VERSION} .
 
 run: # run container
-	docker run -i -t --detach --rm --env-file=$(config) -p=${FAAS_DB_PORT}:3306 --name="${FAAS_DB_NAME}" -v ${FAAS_DB_VOLUME_VAR_LIB_MYSQL}:/var/lib/mysql ${FAAS_DB_IMAGE}
+	docker run -i -t --detach --rm --env-file=$(config) --env-file=$(credentials) -p=${FAAS_DB_PORT}:3306 --name="${FAAS_DB_NAME}" -v ${FAAS_DB_VOLUME_VAR_LIB_MYSQL}:/var/lib/mysql ${FAAS_DB_IMAGE}
 
 run-nd: # run container in no-deamon mode
-	docker run -i -t --rm --env-file=$(config) -p=${FAAS_DB_PORT}:3306 --name="${FAAS_DB_NAME}" -v ${FAAS_DB_VOLUME_VAR_LIB_MYSQL}:/var/lib/mysql ${FAAS_DB_IMAGE}
+	docker run -i -t --env-file=$(config) --env-file=$(credentials) --rm -p=${FAAS_DB_PORT}:3306 --name="${FAAS_DB_NAME}" -v ${FAAS_DB_VOLUME_VAR_LIB_MYSQL}:/var/lib/mysql ${FAAS_DB_IMAGE}
 
 up: build run # build and run container
 
diff --git a/conf/credentials/.gitignore b/conf/credentials/.gitignore
new file mode 100644
index 0000000..d93e641
--- /dev/null
+++ b/conf/credentials/.gitignore
@@ -0,0 +1 @@
+/faas-db-test.cnf
diff --git a/conf/credentials/.gitkeep b/conf/credentials/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/conf/credentials/faas-db-default.cnf b/conf/credentials/faas-db-default.cnf
new file mode 100644
index 0000000..f28eb17
--- /dev/null
+++ b/conf/credentials/faas-db-default.cnf
@@ -0,0 +1 @@
+MYSQL_ROOT_PASSWORD=changeme
\ No newline at end of file
diff --git a/conf/faas-db.cnf b/conf/faas-db.cnf
index e60dca3..4708820 100644
--- a/conf/faas-db.cnf
+++ b/conf/faas-db.cnf
@@ -2,10 +2,5 @@ FAAS_DB_REPO=faas
 FAAS_DB_VERSION=1.0-SNAPSHOT
 FAAS_DB_NAME=faas-db
 
-FAAS_DB_IMAGE=${FAAS_DB_REPO}/${FAAS_DB_NAME}:${FAAS_DB_VERSION}
-
 FAAS_DB_VOLUME_VAR_LIB_MYSQL=/tmp/faas-db
-FAAS_DB_PORT=8306
-
-# TODO - remove to external resource
-MYSQL_ROOT_PASSWORD=secure
+FAAS_DB_PORT=9306
-- 
GitLab