Feature: Improve automated containerized deployment #2550
Conversation
|
|
||
| String generateEnvVariableName(ConfigPropertyConstants configProperty) { | ||
| StringBuilder sb = new StringBuilder(); | ||
| sb.append(configProperty.getGroupName().toUpperCase().replaceAll("[\\-\\.]", "_")); |
There was a problem hiding this comment.
Should we require a common prefix here, too? Similar to DEPENDENCY_TRACK_ADMIN_USERNAME.
Perhaps DT would be a better choice than DEPENDENCY_TRACK, to keep the length reasonable :D
There was a problem hiding this comment.
I thought about it and didn't add a prefix out of pure lazyness. For consistency sake it would require env variable like DEFAULT_TEMPLATES_OVERRIDE_ENABLED to have the prefix also.
I'll add the DT prefix to match alpine behaviour.
syalioune
force-pushed
the
feature/2443-improve-automated-deployment
branch
from
bd5396f
to
f792e54
Compare
| @@ -48,6 +48,24 @@ public class DefaultObjectGenerator implements ServletContextListener { | |||
|
|
|||
| private static final Logger LOGGER = Logger.getLogger(DefaultObjectGenerator.class); | |||
|
|
|||
| static final String DEFAULT_ADMIN_USERNAME = "admin"; | |||
|
|
|||
| static final String ADMIN_USERNAME_ENV_VARIABLE = "DEPENDENCY_TRACK_ADMIN_USERNAME"; | |||
There was a problem hiding this comment.
Should it be made even more clear that this is just about the initial value for these variables, i.e. DEPENDENCY_TRACK_INITIAL_ADMIN_USERNAME? To prevent people on Slack asking why the "change of the admin password env variable doesn't work".
See DependencyTrack#2443. Allow configuration by environment variables. Signed-off-by: syalioune <sy_alioune@yahoo.fr>
Shielding unit test from theCaseInsensitiveEnvironment field absence (JVM dependent) Signed-off-by: syalioune <sy_alioune@yahoo.fr>
Adding a prefix (DT) for all dependency track specific env variable name with backward compatibility for templates Signed-off-by: syalioune <sy_alioune@yahoo.fr>
Using DT_INIT prefix to be more explicit about the usage of the environment variables Signed-off-by: syalioune <sy_alioune@yahoo.fr>
syalioune
force-pushed
the
feature/2443-improve-automated-deployment
branch
from
f792e54
to
ad9f25e
Compare
There was a problem hiding this comment.
@syalioune thanks for adding this feature!! I've been thinking about how to do this on my laptop before it gets deployed. looking forward to using it :)
I only have 1 minor comment on 2 lines. It may be a misinterpretation on my part, but wanted to make sure.
| @@ -79,8 +79,8 @@ public enum ConfigPropertyConstants { | |||
| KENNA_TOKEN("integrations", "kenna.token", null, PropertyType.ENCRYPTEDSTRING, "The token to use when authenticating to Kenna Security"), | |||
| KENNA_CONNECTOR_ID("integrations", "kenna.connector.id", null, PropertyType.STRING, "The Kenna Security connector identifier to upload to"), | |||
| ACCESS_MANAGEMENT_ACL_ENABLED("access-management", "acl.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable access control to projects in the portfolio"), | |||
| NOTIFICATION_TEMPLATE_BASE_DIR("notification", "template.baseDir", SystemUtils.getEnvironmentVariable("DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY", System.getProperty("user.home")), PropertyType.STRING, "The base directory to use when searching for notification templates"), | |||
| NOTIFICATION_TEMPLATE_DEFAULT_OVERRIDE_ENABLED("notification", "template.default.override.enabled", SystemUtils.getEnvironmentVariable("DEFAULT_TEMPLATES_OVERRIDE_ENABLED", "false"), PropertyType.BOOLEAN, "Flag to enable/disable override of default notification templates"), | |||
| NOTIFICATION_TEMPLATE_BASE_DIR("notification", "template.baseDir", SystemUtils.getEnvironmentVariable("DT_DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY", SystemUtils.getEnvironmentVariable("DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY", System.getProperty("user.home"))), PropertyType.STRING, "The base directory to use when searching for notification templates"), | |||
There was a problem hiding this comment.
@syalioune maybe im misinterpreting this line. in the deploy-docker.md and docker-compose.yml you replaced:
DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY
with
DT_DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY
should this state:
....SystemUtils.getEnvironmentVariable("DT_DEFAULT_TEMPLATES_OVERRIDE_BASE_DIRECTORY", System.get.....
There was a problem hiding this comment.
similar comment for the next line "DEFAULT_TEMPLATES_OVERRIDE_ENABLED" is called, but was removed earlier.
There was a problem hiding this comment.
Hello @melba-lopez
Sorry I missed your comment.
The intent is to be backward compatible with previous releases where DEFAULT_TEMPLATES_OVERRIDE_.* variables were valid so the code fetches the values from (decreasing priority order) :
DT_DEFAULT_TEMPLATES_.*DEFAULT_TEMPLATES_.*user.home
|
Thanks for your work on this @syalioune. I am going to postpone merging this though. I've had a few discussions around this and having environment variables that are only effective upon first launch of the application turn out to be rather confusing to users. It was pointed out that something akin to what Grafana is doing would be preferable. Keeping it under the umbrella of "provisioning" makes it more obvious what it's doing. It also makes more sense given that we need similar functionality for other areas of the application, e.g. alert configurations, policy definitions, and more (see for example #3101). |
No worries 👍 |
|
Hello, I've seen that #2550 has not been integrated in 4.9 or 4.10. Do you know the plan to handle it? thanks, I'm very interested in this so we can create a small operator (mainly for configuration) dealing with Dependency Track |
|
@sylvainOL There's no one actively working on this ATM. But given your plans to build an operator around DT, we'd love to hear from you how configuration should look like ideally. What would make your life the easiest? |
|
Hello @nscuro, After a quick research, I think I've got two big missing point to simplify creating a (configuration) operator:
After, as @phoenixadb (disclosure, we're on same company ;) ) said in #2443, if basic configuration (enabling the different vuln databases) could be also done via env variable it would be good. And by configuration operator, I mean a basic one but if community is interested, we can opensource it (when we have something, we don't have anything ad far of today). |
Description
Allow to configure several items through environment variables on first startup for containerized deployments :
ConfigPropertyvaluesAddressed Issue
#2443
Additional Details
This flexibility given by this PR could also be part of #2524 solution. Experienced users or first timers could disable NVD mirroring with
VULN_SOURCE_NVD_ENABLED=falseenvironment variable (default is true)Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR introduces changes to the database model, and I have added corresponding update logic