From 31cefc93871c776164b1d00dd6355546b9a529d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Guitaut?= Date: Tue, 15 Sep 2015 19:35:20 +0200 Subject: [PATCH] Use authentication when creating database --- README.md | 3 +-- commands | 17 +++++++++++++---- functions | 4 ++-- tests/service_connect.bats | 3 ++- tests/service_export.bats | 3 ++- tests/service_import.bats | 3 ++- tests/service_info.bats | 3 ++- 7 files changed, 24 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index a7218a1..1e62d0b 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ Official mongo plugin for dokku. Currently defaults to installing [mongo 3.0.6]( ``` cd /var/lib/dokku/plugins git clone https://github.com/dokku/dokku-mongo.git mongo -dokku plugins-install-dependencies dokku plugins-install ``` @@ -65,7 +64,7 @@ dokku mongo:link lolipop playground # the above will expose the following environment variables # -# MONGO_URL=mongo://172.17.0.1:27017/lolipop +# MONGO_URL=mongo://l:PASSWORD@172.17.0.1:27017/lolipop # MONGO_NAME=/lolipop/DATABASE # MONGO_PORT=tcp://172.17.0.1:27017 # MONGO_PORT_27017_TCP=tcp://172.17.0.1:27017 diff --git a/commands b/commands index 0fefc6c..46e3633 100755 --- a/commands +++ b/commands @@ -27,16 +27,22 @@ case "$1" in mkdir -p "$SERVICE_ROOT" || dokku_log_fail "Unable to create service directory" mkdir -p "$SERVICE_ROOT/data" || dokku_log_fail "Unable to create service data directory" + rootpassword=$(openssl rand -hex 16) + password=$(openssl rand -hex 16) + echo "$rootpassword" > "$SERVICE_ROOT/ROOTPASSWORD" + echo "$password" > "$SERVICE_ROOT/PASSWORD" touch "$LINKS_FILE" dokku_log_info1 "Starting container" SERVICE_NAME=$(get_service_name "$SERVICE") - ID=$(docker run --name "$SERVICE_NAME" -v "$SERVICE_ROOT/data:/data" -d --restart always --label dokku=service --label dokku.service=mongo "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" mongod --storageEngine wiredTiger) + ID=$(docker run --name "$SERVICE_NAME" -v "$SERVICE_ROOT/data:/data" -d --restart always --label dokku=service --label dokku.service=mongo "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" mongod --storageEngine wiredTiger --auth) echo "$ID" > "$SERVICE_ROOT/ID" dokku_log_verbose_quiet "Waiting for container to be ready" docker run --rm --link "$SERVICE_NAME:$PLUGIN_COMMAND_PREFIX" aanand/wait > /dev/null + echo "db.createUser({user:'admin',pwd:'$rootpassword',roles:[{role:'userAdminAnyDatabase',db:'admin'}]})" | docker exec -i "$SERVICE_NAME" mongo admin > /dev/null + echo "db.createUser({user:'$SERVICE',pwd:'$password',roles:[{role:'readWrite',db:'$SERVICE'}]})" | docker exec -i "$SERVICE_NAME" mongo -u admin -p "$rootpassword" --authenticationDatabase admin "$SERVICE" > /dev/null dokku_log_info2 "$PLUGIN_SERVICE container created: $SERVICE" dokku "$PLUGIN_COMMAND_PREFIX:info" "$SERVICE" ;; @@ -103,8 +109,9 @@ case "$1" in verify_service_name "$2" SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" SERVICE_NAME="$(get_service_name "$SERVICE")" + PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")" - docker exec "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && mongodump -d $SERVICE -o=\"\$DIR\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\"" + docker exec "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && mongodump -d $SERVICE -o=\"\$DIR\" -u \"$SERVICE\" -p \"$PASSWORD\" --authenticationDatabase \"$SERVICE\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\"" ;; $PLUGIN_COMMAND_PREFIX:import) @@ -112,11 +119,12 @@ case "$1" in verify_service_name "$2" SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" SERVICE_NAME="$(get_service_name "$SERVICE")" + PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")" if [[ -t 0 ]]; then dokku_log_fail "No data provided on stdin." fi - docker exec -i "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d $SERVICE \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\"" + docker exec -i "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d $SERVICE -u \"$SERVICE\" -p \"$PASSWORD\" --authenticationDatabase \"$SERVICE\" \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\"" ;; $PLUGIN_COMMAND_PREFIX:logs) @@ -150,8 +158,9 @@ case "$1" in verify_service_name "$2" SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" SERVICE_NAME="$(get_service_name "$SERVICE")" + PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")" - docker exec -it "$SERVICE_NAME" mongo "$SERVICE" + docker exec -it "$SERVICE_NAME" mongo -u "$SERVICE" -p "$PASSWORD" --authenticationDatabase "$SERVICE" "$SERVICE" ;; $PLUGIN_COMMAND_PREFIX:info) diff --git a/functions b/functions index 61541d9..1e7ed85 100755 --- a/functions +++ b/functions @@ -247,10 +247,10 @@ service_unlink() { service_url() { local SERVICE="$1" local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" - local ID="$(cat "$SERVICE_ROOT/ID")" local IP="$(get_container_ip "$ID")" - echo "$PLUGIN_SCHEME://$IP:${PLUGIN_DATASTORE_PORTS[0]}/$SERVICE" + local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")" + echo "$PLUGIN_SCHEME://$SERVICE:$PASSWORD@$IP:${PLUGIN_DATASTORE_PORTS[0]}/$SERVICE" } is_container_status () { diff --git a/tests/service_connect.bats b/tests/service_connect.bats index c3581c9..e4dcf69 100755 --- a/tests/service_connect.bats +++ b/tests/service_connect.bats @@ -24,6 +24,7 @@ teardown() { @test "($PLUGIN_COMMAND_PREFIX:connect) success" { export ECHO_DOCKER_COMMAND="true" run dokku "$PLUGIN_COMMAND_PREFIX:connect" l - assert_output 'docker exec -it dokku.mongo.l mongo l' + password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")" + assert_output "docker exec -it dokku.mongo.l mongo -u l -p $password --authenticationDatabase l l" } diff --git a/tests/service_export.bats b/tests/service_export.bats index 1ddd52e..afa4ae7 100755 --- a/tests/service_export.bats +++ b/tests/service_export.bats @@ -24,6 +24,7 @@ teardown() { @test "($PLUGIN_COMMAND_PREFIX:export) success" { export ECHO_DOCKER_COMMAND="true" run dokku "$PLUGIN_COMMAND_PREFIX:export" l - assert_output "docker exec dokku.mongo.l bash -c DIR=\$(mktemp -d) && mongodump -d l -o=\"\$DIR\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\"" + password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")" + assert_output "docker exec dokku.mongo.l bash -c DIR=\$(mktemp -d) && mongodump -d l -o=\"\$DIR\" -u \"l\" -p \"$password\" --authenticationDatabase \"l\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\"" } diff --git a/tests/service_import.bats b/tests/service_import.bats index 8627853..65f0400 100755 --- a/tests/service_import.bats +++ b/tests/service_import.bats @@ -31,6 +31,7 @@ teardown() { @test "($PLUGIN_COMMAND_PREFIX:import) success" { export ECHO_DOCKER_COMMAND="true" run dokku "$PLUGIN_COMMAND_PREFIX:import" l < "$PLUGIN_DATA_ROOT/fake.dump.tar" - assert_output "docker exec -i dokku.mongo.l bash -c DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d l \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\"" + password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")" + assert_output "docker exec -i dokku.mongo.l bash -c DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d l -u \"l\" -p \"$password\" --authenticationDatabase \"l\" \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\"" } diff --git a/tests/service_info.bats b/tests/service_info.bats index f733616..559efae 100755 --- a/tests/service_info.bats +++ b/tests/service_info.bats @@ -21,5 +21,6 @@ teardown() { @test "($PLUGIN_COMMAND_PREFIX:info) success" { run dokku "$PLUGIN_COMMAND_PREFIX:info" l - assert_contains "${lines[*]}" "DSN: mongodb://172.17.0.34:27017/l" + password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")" + assert_contains "${lines[*]}" "DSN: mongodb://l:$password@172.17.0.34:27017/l" }