Skip to content

Deprecate RABBITMQ_DEFAULT_USER/PASS env vars #440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Deprecate RABBITMQ_DEFAULT_USER/PASS env vars #440

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8f131b3
Deprecate RABBITMQ_DEFAULT_USER/PASS env vars
coro Sep 17, 2020
c99e763
Stop writing env var config to a conf.d config file
coro Sep 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 54 additions & 3 deletions 3.8-rc/alpine/docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,18 @@ fileConfigKeys=(
ssl_certfile
ssl_keyfile
)

allConfigKeys=(
"${managementConfigKeys[@]/#/management_}"
"${rabbitConfigKeys[@]}"
"${sslConfigKeys[@]/#/ssl_}"
)
# Configuration through environment variables will be removed in a future release.
# These keys should be configured through config files matching $RABBITMQ_CONFIG_FILES (/etc/rabbitmq/conf.d/*.conf by default)
deprecatedConfigKeys=(
default_user
default_pass
)

declare -A configDefaults=(
[management_ssl_fail_if_no_peer_cert]='false'
Expand Down Expand Up @@ -200,6 +207,7 @@ fi
configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}"
oldConfigFile="$configBase.config"
newConfigFile="$configBase.conf"
writtenDeprecatedConfig=

shouldWriteConfig="$haveConfig"
if [ -n "$shouldWriteConfig" ] && ! touch "$newConfigFile"; then
Expand Down Expand Up @@ -249,6 +257,14 @@ rabbit_set_config() {
echo "$key = $val" >> "$newConfigFile"
fi
}
rabbit_set_deprecated_config() {
local key="$1"; shift
local val="$1"; shift

# Keep track of any deprecated config written to the config file, to print a deprecation notice later.
writtenDeprecatedConfig="$writtenDeprecatedConfig\n$key = $val"
rabbit_set_config "$key" "$val"
}
rabbit_comment_config() {
local key="$1"; shift

Expand Down Expand Up @@ -286,13 +302,42 @@ rabbit_env_config() {
vm_memory_high_watermark) continue ;; # handled separately
esac

if [ -n "$rawVal" ]; then
rabbit_set_config "$key" "$rawVal"
else

if [ -z "$rawVal" ]; then
rabbit_comment_config "$key"
elif env_config_key_is_deprecated "$key"; then
rabbit_set_deprecated_config "$key" "$rawVal"
else
rabbit_set_config "$key" "$rawVal"
fi
done
}
env_config_key_is_deprecated() {
local configKey="$1"
local deprecated=1

for deprecatedKey in "${deprecatedConfigKeys[@]}"
do
if [[ $configKey == "$deprecatedKey" ]]
then
deprecated=0
break
fi
done
return $deprecated
}
show_deprecated_config_warning() {
local additionalConfigFiles="${RABBITMQ_CONFIG_FILES:-/etc/rabbitmq/conf.d/*.conf}"

echo ""
echo "WARNING! RabbitMQ configuration via environment variables is strongly discouraged where there is a config file alternative, and will be deprecated in a future version."
echo "In order to configure RabbitMQ without using environment variables in the future, you should mount a config file on the container"
echo "matching the file path regex defined by \$RABBITMQ_CONFIG_FILES ($additionalConfigFiles)"
echo ""
echo "The environment variable config you have set can be represented as follows in such a config file:"
echo -e "$writtenDeprecatedConfig"
echo ""
}

if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then
rabbit_set_config 'loopback_users.guest' 'false'
Expand Down Expand Up @@ -414,4 +459,10 @@ if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then
export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs"
fi

# If any config has been written through deprecated means, such as through environment variables,
# print a warning to the user now.
if [[ -n $writtenDeprecatedConfig ]]; then
show_deprecated_config_warning
fi

exec "$@"
57 changes: 54 additions & 3 deletions 3.8-rc/ubuntu/docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,18 @@ fileConfigKeys=(
ssl_certfile
ssl_keyfile
)

allConfigKeys=(
"${managementConfigKeys[@]/#/management_}"
"${rabbitConfigKeys[@]}"
"${sslConfigKeys[@]/#/ssl_}"
)
# Configuration through environment variables will be removed in a future release.
# These keys should be configured through config files matching $RABBITMQ_CONFIG_FILES (/etc/rabbitmq/conf.d/*.conf by default)
deprecatedConfigKeys=(
default_user
default_pass
)

declare -A configDefaults=(
[management_ssl_fail_if_no_peer_cert]='false'
Expand Down Expand Up @@ -200,6 +207,7 @@ fi
configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}"
oldConfigFile="$configBase.config"
newConfigFile="$configBase.conf"
writtenDeprecatedConfig=

shouldWriteConfig="$haveConfig"
if [ -n "$shouldWriteConfig" ] && ! touch "$newConfigFile"; then
Expand Down Expand Up @@ -249,6 +257,14 @@ rabbit_set_config() {
echo "$key = $val" >> "$newConfigFile"
fi
}
rabbit_set_deprecated_config() {
local key="$1"; shift
local val="$1"; shift

# Keep track of any deprecated config written to the config file, to print a deprecation notice later.
writtenDeprecatedConfig="$writtenDeprecatedConfig\n$key = $val"
rabbit_set_config "$key" "$val"
}
rabbit_comment_config() {
local key="$1"; shift

Expand Down Expand Up @@ -286,13 +302,42 @@ rabbit_env_config() {
vm_memory_high_watermark) continue ;; # handled separately
esac

if [ -n "$rawVal" ]; then
rabbit_set_config "$key" "$rawVal"
else

if [ -z "$rawVal" ]; then
rabbit_comment_config "$key"
elif env_config_key_is_deprecated "$key"; then
rabbit_set_deprecated_config "$key" "$rawVal"
else
rabbit_set_config "$key" "$rawVal"
fi
done
}
env_config_key_is_deprecated() {
local configKey="$1"
local deprecated=1

for deprecatedKey in "${deprecatedConfigKeys[@]}"
do
if [[ $configKey == "$deprecatedKey" ]]
then
deprecated=0
break
fi
done
return $deprecated
}
show_deprecated_config_warning() {
local additionalConfigFiles="${RABBITMQ_CONFIG_FILES:-/etc/rabbitmq/conf.d/*.conf}"

echo ""
echo "WARNING! RabbitMQ configuration via environment variables is strongly discouraged where there is a config file alternative, and will be deprecated in a future version."
echo "In order to configure RabbitMQ without using environment variables in the future, you should mount a config file on the container"
echo "matching the file path regex defined by \$RABBITMQ_CONFIG_FILES ($additionalConfigFiles)"
echo ""
echo "The environment variable config you have set can be represented as follows in such a config file:"
echo -e "$writtenDeprecatedConfig"
echo ""
}

if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then
rabbit_set_config 'loopback_users.guest' 'false'
Expand Down Expand Up @@ -414,4 +459,10 @@ if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then
export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs"
fi

# If any config has been written through deprecated means, such as through environment variables,
# print a warning to the user now.
if [[ -n $writtenDeprecatedConfig ]]; then
show_deprecated_config_warning
fi

exec "$@"
57 changes: 54 additions & 3 deletions 3.8/alpine/docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,18 @@ fileConfigKeys=(
ssl_certfile
ssl_keyfile
)

allConfigKeys=(
"${managementConfigKeys[@]/#/management_}"
"${rabbitConfigKeys[@]}"
"${sslConfigKeys[@]/#/ssl_}"
)
# Configuration through environment variables will be removed in a future release.
# These keys should be configured through config files matching $RABBITMQ_CONFIG_FILES (/etc/rabbitmq/conf.d/*.conf by default)
deprecatedConfigKeys=(
default_user
default_pass
)

declare -A configDefaults=(
[management_ssl_fail_if_no_peer_cert]='false'
Expand Down Expand Up @@ -200,6 +207,7 @@ fi
configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}"
oldConfigFile="$configBase.config"
newConfigFile="$configBase.conf"
writtenDeprecatedConfig=

shouldWriteConfig="$haveConfig"
if [ -n "$shouldWriteConfig" ] && ! touch "$newConfigFile"; then
Expand Down Expand Up @@ -249,6 +257,14 @@ rabbit_set_config() {
echo "$key = $val" >> "$newConfigFile"
fi
}
rabbit_set_deprecated_config() {
local key="$1"; shift
local val="$1"; shift

# Keep track of any deprecated config written to the config file, to print a deprecation notice later.
writtenDeprecatedConfig="$writtenDeprecatedConfig\n$key = $val"
rabbit_set_config "$key" "$val"
}
rabbit_comment_config() {
local key="$1"; shift

Expand Down Expand Up @@ -286,13 +302,42 @@ rabbit_env_config() {
vm_memory_high_watermark) continue ;; # handled separately
esac

if [ -n "$rawVal" ]; then
rabbit_set_config "$key" "$rawVal"
else

if [ -z "$rawVal" ]; then
rabbit_comment_config "$key"
elif env_config_key_is_deprecated "$key"; then
rabbit_set_deprecated_config "$key" "$rawVal"
else
rabbit_set_config "$key" "$rawVal"
fi
done
}
env_config_key_is_deprecated() {
local configKey="$1"
local deprecated=1

for deprecatedKey in "${deprecatedConfigKeys[@]}"
do
if [[ $configKey == "$deprecatedKey" ]]
then
deprecated=0
break
fi
done
return $deprecated
}
show_deprecated_config_warning() {
local additionalConfigFiles="${RABBITMQ_CONFIG_FILES:-/etc/rabbitmq/conf.d/*.conf}"

echo ""
echo "WARNING! RabbitMQ configuration via environment variables is strongly discouraged where there is a config file alternative, and will be deprecated in a future version."
echo "In order to configure RabbitMQ without using environment variables in the future, you should mount a config file on the container"
echo "matching the file path regex defined by \$RABBITMQ_CONFIG_FILES ($additionalConfigFiles)"
echo ""
echo "The environment variable config you have set can be represented as follows in such a config file:"
echo -e "$writtenDeprecatedConfig"
echo ""
}

if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then
rabbit_set_config 'loopback_users.guest' 'false'
Expand Down Expand Up @@ -414,4 +459,10 @@ if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then
export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs"
fi

# If any config has been written through deprecated means, such as through environment variables,
# print a warning to the user now.
if [[ -n $writtenDeprecatedConfig ]]; then
show_deprecated_config_warning
fi

exec "$@"
57 changes: 54 additions & 3 deletions 3.8/ubuntu/docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,18 @@ fileConfigKeys=(
ssl_certfile
ssl_keyfile
)

allConfigKeys=(
"${managementConfigKeys[@]/#/management_}"
"${rabbitConfigKeys[@]}"
"${sslConfigKeys[@]/#/ssl_}"
)
# Configuration through environment variables will be removed in a future release.
# These keys should be configured through config files matching $RABBITMQ_CONFIG_FILES (/etc/rabbitmq/conf.d/*.conf by default)
deprecatedConfigKeys=(
default_user
default_pass
)

declare -A configDefaults=(
[management_ssl_fail_if_no_peer_cert]='false'
Expand Down Expand Up @@ -200,6 +207,7 @@ fi
configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}"
oldConfigFile="$configBase.config"
newConfigFile="$configBase.conf"
writtenDeprecatedConfig=

shouldWriteConfig="$haveConfig"
if [ -n "$shouldWriteConfig" ] && ! touch "$newConfigFile"; then
Expand Down Expand Up @@ -249,6 +257,14 @@ rabbit_set_config() {
echo "$key = $val" >> "$newConfigFile"
fi
}
rabbit_set_deprecated_config() {
local key="$1"; shift
local val="$1"; shift

# Keep track of any deprecated config written to the config file, to print a deprecation notice later.
writtenDeprecatedConfig="$writtenDeprecatedConfig\n$key = $val"
rabbit_set_config "$key" "$val"
}
rabbit_comment_config() {
local key="$1"; shift

Expand Down Expand Up @@ -286,13 +302,42 @@ rabbit_env_config() {
vm_memory_high_watermark) continue ;; # handled separately
esac

if [ -n "$rawVal" ]; then
rabbit_set_config "$key" "$rawVal"
else

if [ -z "$rawVal" ]; then
rabbit_comment_config "$key"
elif env_config_key_is_deprecated "$key"; then
rabbit_set_deprecated_config "$key" "$rawVal"
else
rabbit_set_config "$key" "$rawVal"
fi
done
}
env_config_key_is_deprecated() {
local configKey="$1"
local deprecated=1

for deprecatedKey in "${deprecatedConfigKeys[@]}"
do
if [[ $configKey == "$deprecatedKey" ]]
then
deprecated=0
break
fi
done
return $deprecated
}
show_deprecated_config_warning() {
local additionalConfigFiles="${RABBITMQ_CONFIG_FILES:-/etc/rabbitmq/conf.d/*.conf}"

echo ""
echo "WARNING! RabbitMQ configuration via environment variables is strongly discouraged where there is a config file alternative, and will be deprecated in a future version."
echo "In order to configure RabbitMQ without using environment variables in the future, you should mount a config file on the container"
echo "matching the file path regex defined by \$RABBITMQ_CONFIG_FILES ($additionalConfigFiles)"
echo ""
echo "The environment variable config you have set can be represented as follows in such a config file:"
echo -e "$writtenDeprecatedConfig"
echo ""
}

if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then
rabbit_set_config 'loopback_users.guest' 'false'
Expand Down Expand Up @@ -414,4 +459,10 @@ if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then
export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs"
fi

# If any config has been written through deprecated means, such as through environment variables,
# print a warning to the user now.
if [[ -n $writtenDeprecatedConfig ]]; then
show_deprecated_config_warning
fi

exec "$@"
Loading