If a user implements the user-auth-service trigger in a plugin and that plugin does not echo the passed in app(s) on stdout, the app is assumed to not exist. This mirrors the functionality for applications in regards to auth filtering.
This may still need auditing to ensure it covers everything and doesn't cause issues, but local testing implies that everything is working as expected.
This will help ensure that users upgrading to a new plugin version who stop/start databases will always get the same version. This is particularly important for datastores such as elasticsearch and postgres that have more involved upgraded processes.
The URL generated by this plugin is invalid, but since Redis on versions 5 and lower didn't have a notion of usernames, it pretty much went unnoticed.
Let's fix this by not setting the $SERVICE as the username in the service_url returned by this plugin.
I believe that clients ignore the username (otherwise the Redis connection wouldn't go through), so this should be a non-breaking change.
Fixes#155
If the ID file contained an incorrect value, calling :start would say the service is started but :info would still show the container as missing.
Also fix an issue where docker inspect leaked stderr when the container was missing.
Refs dokku/dokku-redis#133
This PR allows dashes in service names, while still sanitizing them before they are used as database names. If the datastore is pre-existing, the datatabase name is assumed to be the same as the service name, and returned appropriately.
In the previous method, if the container was renamed or there were multiple names attached to the container, fetching the container ID would fail as the regex would only match at the end. Instead of using grep, use the docker 'filter' functionality to fetch the container ID as appropriate.
We previously allowed a wide range of service names. As the service name is sometimes used to name databases, the name was actually more restricted than any character, resulting in services that wouldn't start. Going forward, only alphanumeric and underscore characters are allowed.
This only impacts service creation. Any services with invalid names should be migrated to a new service, with the data exported and imported as normal.
Closesdokku/dokku-redis#99Closesdokku/dokku-mysql#47Closesdokku/dokku-mongo#86Closesdokku/dokku-redis#81
This should actually be refactored to avoid the grep call completely, but the current fix will correct the issue for now.
Refs dokku/dokku-postgres#131
We run Dokku, and therefore dokku redis, in its own Docker container.
In order to make this work we map a path from the host into the
container as `/var/lib/dokku/services/redis`. Unfortunately the path
on the host is user-configurable, and generally _won't_ be the same
as the path in the container. This means that when we run `docker`
commands (e.g. to spin up Redis containers), the directory used for
bind mounts (the `-v` option) needs to be different.
This commit allows us to do this, but keeps the existing behaviour
(the redis root for Docker binds is the same as the redis root for
other uses) by default.
This change makes password authentication required
for redis usage, and removes anonymous access. Users
will need to change their underlying clients to enable
writing the auth token for authenticating, otherwise
requests will fail.
This is a non-optional change, and improves security
for users who wish to expose their redis installations
outside of their network.
