Skip to content
This repository has been archived by the owner on Jul 27, 2023. It is now read-only.

java-openliberty: use ENV variables for security credentials #770

Closed
wants to merge 1 commit into from
Closed

java-openliberty: use ENV variables for security credentials #770

wants to merge 1 commit into from

Conversation

awisniew90
Copy link
Collaborator

@awisniew90 awisniew90 commented Apr 21, 2020
edited
Loading

Checklist:

Modifying an existing stack:

  • [x ] Updated the stack version in stack.yaml
  1. Use environment variables for quick-start-security username/password
  2. Add a "default-credentials.xml" which gets gets removed during appsody build
  3. Add documentation to show how to enable the HTTPS port and set user credential env vars
  4. Add documentation on how to add a Service Monitor to allow Prometheus to authenticate

Related Issues:

Fixes #750

scottkurz
scottkurz suggested changes Apr 21, 2020
View reviewed changes
Copy link
Contributor

@scottkurz scottkurz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking we might as well do the same thing for java-microprofile. It's already otherwise in-sync, so might be better to keep it in sync, even though it's deprecated.... After all java-microprofile previously had this capability (before we crippled it in 1Q), so it's not like we're adding something brand new to the deprecated stack.

incubator/java-openliberty/README.md Outdated
name: mySecret
```

This will set environment variables in the deployment called `STACK_USERNAME` and `STACK_PASSWORD` which map to the username and password of the "mySecret" Secret respectively.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

of the "mySecret" Secret
=>
of mySecret, respectively.

(You mentioned it's a Secret enough I think).

incubator/java-openliberty/templates/default/src/main/liberty/config/server.xml Outdated
@@ -3,6 +3,8 @@
<feature>microProfile-3.2</feature>
</featureManager>

<quickStartSecurity userName="${stack.username}" userPassword="${stack.password}" />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks great from the perspective of something new, but we changed the "contract" on configDropins/defaults mid-stream.

Is this OK? Can you maybe spell out some more thought about why this shouldn't be a concern? Is there any way to do this with a file named: configDropins/defaults/quick-start-security.xml?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what you mean by "contract." Is the concern that we had a file called quick-start-security.xml and now we dont? Or that we were removing it and now we aren't? Given that this is just a change to the template, not sure if it matters.

@awisniew90 awisniew90 force-pushed the ol-security branch 2 times, most recently from 262c8aa to d5c150e Compare April 23, 2020 01:43
@scottkurz
Copy link
Contributor

If this is steering us towards a 0.3 update because of back-compatibility with already-init'd 0.2 projects then I think we should slow down and consider doing this via doc, especially since we've talked (maybe just privately though?) about using an Open Liberty service token.

I'm going to close this PR for now, while we discuss.

@scottkurz scottkurz closed this Apr 24, 2020
@scottkurz scottkurz added the stack/java-openliberty Issues related to java-openliberty stack label Apr 27, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@scottkurz scottkurz scottkurz requested changes

@uberskigeek uberskigeek Awaiting requested review from uberskigeek

@arthurdm arthurdm Awaiting requested review from arthurdm

@leochr leochr Awaiting requested review from leochr

Assignees
No one assigned
Labels
stack/java-openliberty Issues related to java-openliberty stack
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

java-openliberty: Use environment variables for username and password in appsody build image
2 participants
@awisniew90 @scottkurz