Fix ACL for services starting with s

2024-03-12 11:31:55 +01:00 · 2024-03-12 11:31:55 +01:00 · 505bf7b9d2
parent 82abbf8e37
commit 505bf7b9d2
5 changed files with 10 additions and 4 deletions
--- a/example/images/squid/root/entrypoint.d/10-squid-conf.sh
+++ b/example/images/squid/root/entrypoint.d/10-squid-conf.sh
@ -5,6 +5,8 @@ set -e
 mkdir -p ${SQUID_CONFDIR}

 mkdir -p ${SQUID_CONFDIR}/conf.d
+echo "Wipe ${SQUID_CONFDIR}/conf.d/env.conf"
+> ${SQUID_CONFDIR}/conf.d/env.conf
 if [ -n "${SQUID_LISTS_DIR}" -a -d "${SQUID_LISTS_DIR}" ]; then
  for CATEGORY in $(find "${SQUID_LISTS_DIR}" -type d -mindepth 1 -maxdepth 1); do
    for LIST in $(ls ${CATEGORY}/*.list); do
--- a/example/squid.nomad.hcl
+++ b/example/squid.nomad.hcl
@ -46,7 +46,7 @@ job "squid" {
      driver = "docker"

      config {
-        image           = "danielberteaud/squid:24.3-1"
+        image           = "danielberteaud/squid:24.3-2"
        readonly_rootfs = true
        pids_limit      = 100
        volumes = [
@ -70,7 +70,7 @@ set -euo pipefail
 # Remove any line containing auth_XXX acl not present in /secrets/acl.conf
 IFS=$'\n'
 for LINE in $(grep -E "http_access .* auth_.*" /secrets/env.conf); do
-  ACL=$(echo ${LINE} | sed -E 's/http_access .* (auth_[^\s]+).*/\1/')
+  ACL=$(echo ${LINE} | sed -E 's/http_access .* (auth_[^\ ]+).*/\1/')
  if ! grep -q ${ACL} /secrets/acl.conf; then
    echo "Remove ${LINE} from /secrets/env.conf because acl ${ACL} doesn't exist"
    sed -i -E "/.*${ACL}.*/d" /secrets/env.conf
@ -227,6 +227,8 @@ _EOT
        mode        = "file"
      }

+
+
      # Use a template block instead of env {} so we can fetch values from vault
      template {
        data        = <<_EOT
--- a/images/squid/root/entrypoint.d/10-squid-conf.sh
+++ b/images/squid/root/entrypoint.d/10-squid-conf.sh
@ -5,6 +5,8 @@ set -e
 mkdir -p ${SQUID_CONFDIR}

 mkdir -p ${SQUID_CONFDIR}/conf.d
+echo "Wipe ${SQUID_CONFDIR}/conf.d/env.conf"
+> ${SQUID_CONFDIR}/conf.d/env.conf
 if [ -n "${SQUID_LISTS_DIR}" -a -d "${SQUID_LISTS_DIR}" ]; then
  for CATEGORY in $(find "${SQUID_LISTS_DIR}" -type d -mindepth 1 -maxdepth 1); do
    for LIST in $(ls ${CATEGORY}/*.list); do
--- a/templates/filter_acl.sh.tpl
+++ b/templates/filter_acl.sh.tpl
@ -5,7 +5,7 @@ set -euo pipefail
 # Remove any line containing auth_XXX acl not present in /secrets/acl.conf
 IFS=$'\n'
 for LINE in $(grep -E "http_access .* auth_.*" /secrets/env.conf); do
-  ACL=$(echo ${LINE} | sed -E 's/http_access .* (auth_[^\s]+).*/\1/')
+  ACL=$(echo ${LINE} | sed -E 's/http_access .* (auth_[^\ ]+).*/\1/')
  if ! grep -q ${ACL} /secrets/acl.conf; then
    echo "Remove ${LINE} from /secrets/env.conf because acl ${ACL} doesn't exist"
    sed -i -E "/.*${ACL}.*/d" /secrets/env.conf
--- a/variables.yml
+++ b/variables.yml
@ -6,7 +6,7 @@ instance: squid
 squid:

  # Docker image to use
-  image: '[[ .docker.repo ]]squid:24.3-1'
+  image: '[[ .docker.repo ]]squid:24.3-2'

  # Number of instances to run:
  count: 1