remove chown for TLS certificates in proxy container
This commit is contained in:
acidtib
@@ -18,7 +18,6 @@ class Kamal::Cli::App::SslCertificates
|
|||||||
if key_content = role.proxy.private_key_pem_content
|
if key_content = role.proxy.private_key_pem_content
|
||||||
execute *app.write_private_key_file(key_content)
|
execute *app.write_private_key_file(key_content)
|
||||||
end
|
end
|
||||||
execute *app.set_certificate_permissions
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -33,10 +33,6 @@ module Kamal::Commands::App::Proxy
|
|||||||
[ :sh, "-c", Kamal::Utils.sensitive("cat > #{config.proxy_boot.tls_directory}/key.pem << 'KAMAL_KEY_EOF'\n#{content}\nKAMAL_KEY_EOF", redaction: "cat > #{config.proxy_boot.tls_directory}/key.pem << 'KAMAL_KEY_EOF'\n[PRIVATE KEY CONTENT REDACTED]\nKAMAL_KEY_EOF") ]
|
[ :sh, "-c", Kamal::Utils.sensitive("cat > #{config.proxy_boot.tls_directory}/key.pem << 'KAMAL_KEY_EOF'\n#{content}\nKAMAL_KEY_EOF", redaction: "cat > #{config.proxy_boot.tls_directory}/key.pem << 'KAMAL_KEY_EOF'\n[PRIVATE KEY CONTENT REDACTED]\nKAMAL_KEY_EOF") ]
|
||||||
end
|
end
|
||||||
|
|
||||||
def set_certificate_permissions
|
|
||||||
[ :docker, :exec, "--user", "root", proxy_container_name, "chown", "-R", "kamal-proxy:kamal-proxy", config.proxy_boot.tls_container_directory ]
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
private
|
||||||
def proxy_exec(*command)
|
def proxy_exec(*command)
|
||||||
docker :exec, proxy_container_name, "kamal-proxy", *command
|
docker :exec, proxy_container_name, "kamal-proxy", *command
|
||||||
|
|||||||
@@ -230,7 +230,6 @@ class CliAppTest < CliTestCase
|
|||||||
assert_match "Writing SSL certificates for web on 1.1.1.1", output
|
assert_match "Writing SSL certificates for web on 1.1.1.1", output
|
||||||
assert_match "mkdir -p .kamal/proxy/apps-config/app/tls", output
|
assert_match "mkdir -p .kamal/proxy/apps-config/app/tls", output
|
||||||
assert_match "sh -c [REDACTED]", output
|
assert_match "sh -c [REDACTED]", output
|
||||||
assert_match "docker exec --user root kamal-proxy chown -R kamal-proxy:kamal-proxy", output
|
|
||||||
assert_match "--tls-certificate-path=\"/home/kamal-proxy/.apps-config/app/tls/cert.pem\"", output
|
assert_match "--tls-certificate-path=\"/home/kamal-proxy/.apps-config/app/tls/cert.pem\"", output
|
||||||
assert_match "--tls-private-key-path=\"/home/kamal-proxy/.apps-config/app/tls/key.pem\"", output
|
assert_match "--tls-private-key-path=\"/home/kamal-proxy/.apps-config/app/tls/key.pem\"", output
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -143,12 +143,6 @@ class CommandsAppTest < ActiveSupport::TestCase
|
|||||||
new_command.deploy(target: "172.1.0.2").join(" ")
|
new_command.deploy(target: "172.1.0.2").join(" ")
|
||||||
end
|
end
|
||||||
|
|
||||||
test "set certificate permissions" do
|
|
||||||
assert_equal \
|
|
||||||
"docker exec --user root kamal-proxy chown -R kamal-proxy:kamal-proxy /home/kamal-proxy/.apps-config/app/tls",
|
|
||||||
new_command.set_certificate_permissions.join(" ")
|
|
||||||
end
|
|
||||||
|
|
||||||
test "remove" do
|
test "remove" do
|
||||||
assert_equal \
|
assert_equal \
|
||||||
"docker exec kamal-proxy kamal-proxy remove app-web",
|
"docker exec kamal-proxy kamal-proxy remove app-web",
|
||||||
|
|||||||
Reference in New Issue
Block a user