1
0

treewide: improve template expansion

This commit is contained in:
Konstantin Demin 2024-11-18 11:30:16 +03:00
parent 6b13a28e52
commit 00648c9940
Signed by: krd
GPG Key ID: 4D56F87A8BA65FD0
5 changed files with 84 additions and 21 deletions

View File

@ -128,9 +128,20 @@ expand_dir_envsubst() {
__template_list=$(mktemp) || return __template_list=$(mktemp) || return
find "$@" -follow -type f -name '*.in' \ find "$@" -follow -name '*.in' -type f \
| {
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
grep -Ev -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
grep -E -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
else
cat
fi
} \
| sort -uV > "${__template_list}" | sort -uV > "${__template_list}"
__ret=0
if [ -s "${__template_list}" ] ; then
__have_args="${ENVSUBST_ARGS:+1}" __have_args="${ENVSUBST_ARGS:+1}"
if [ -z "${__have_args}" ] ; then if [ -z "${__have_args}" ] ; then
## optimize envsubst.sh invocation by caching argument list ## optimize envsubst.sh invocation by caching argument list
@ -140,7 +151,6 @@ expand_dir_envsubst() {
export ENVSUBST_ARGS export ENVSUBST_ARGS
fi fi
__ret=0
while read -r __orig_file ; do while read -r __orig_file ; do
[ -n "${__orig_file}" ] || continue [ -n "${__orig_file}" ] || continue
expand_file_envsubst "${__orig_file}" || __ret=1 expand_file_envsubst "${__orig_file}" || __ret=1
@ -150,6 +160,7 @@ expand_dir_envsubst() {
rm -f "${ENVSUBST_ARGS}" ; unset ENVSUBST_ARGS rm -f "${ENVSUBST_ARGS}" ; unset ENVSUBST_ARGS
fi fi
unset __have_args unset __have_args
fi
rm -f "${__template_list}" ; unset __template_list rm -f "${__template_list}" ; unset __template_list
@ -161,7 +172,16 @@ expand_dir_j2cfg() {
__template_list=$(mktemp) || return __template_list=$(mktemp) || return
find "$@" -follow -type f -name '*.j2' -printf '%p\0' \ find "$@" -follow -name '*.j2' -type f -printf '%p\0' \
| {
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
grep -zEv -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
grep -zE -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
else
cat
fi
} \
| sort -zuV > "${__template_list}" | sort -zuV > "${__template_list}"
__ret=0 __ret=0

View File

@ -44,6 +44,10 @@ for i in ${NGX_DIRS_MERGE:-} ; do
log_always "NGX_DIRS_MERGE: dir '$i' is not legal, skipping" log_always "NGX_DIRS_MERGE: dir '$i' is not legal, skipping"
continue continue
;; ;;
j2cfg | j2cfg/* )
log_always "NGX_DIRS_MERGE: '$i' is reserved for internal use, skipping"
continue
;;
esac esac
dirs=$(append_list "${dirs}" "$i") dirs=$(append_list "${dirs}" "$i")
@ -59,6 +63,10 @@ for i in ${NGX_DIRS_LINK:-} ; do
log_always "NGX_DIRS_LINK: dir '$i' is not legal, skipping" log_always "NGX_DIRS_LINK: dir '$i' is not legal, skipping"
continue continue
;; ;;
j2cfg | j2cfg/* )
log_always "NGX_DIRS_MERGE: '$i' is reserved for internal use, skipping"
continue
;;
esac esac
if list_have_item "${NGX_DIRS_MERGE}" "$i" ; then if list_have_item "${NGX_DIRS_MERGE}" "$i" ; then

View File

@ -38,10 +38,13 @@ for n in ${NGX_DIRS_MERGE} ; do
done done
set -a set -a
ENVSUBST_ARGS="${volume_root}/diag.envsubst.txt"
J2CFG_PATH="${merged_root}/j2cfg" J2CFG_PATH="${merged_root}/j2cfg"
J2CFG_SEARCH_PATH="${merged_root}" J2CFG_SEARCH_PATH="${merged_root}"
set +a set +a
envsubst-args.sh > "${ENVSUBST_ARGS}"
## expand j2cfg templates first ## expand j2cfg templates first
expand_dir_envsubst j2cfg/ || expand_error expand_dir_envsubst j2cfg/ || expand_error
@ -60,4 +63,29 @@ export J2CFG_CONFIG="${j2cfg_dump}"
expand_dir_j2cfg ${merge_dirs} || expand_error expand_dir_j2cfg ${merge_dirs} || expand_error
## remove template sources in order to avoid leaking sensitive data
if [ "${NGX_PROCESS_STATIC}" = 1 ] ; then
__template_list=$(mktemp)
find static/ -follow -type f -printf '%p\0' \
| grep -zE '\.(in|j2)$' \
| {
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
grep -zEv -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
grep -zE -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
else
cat
fi
} \
| sort -zuV > "${__template_list}"
if [ -s "${__template_list}" ] ; then
xargs -0r -n 1000 -a "${__template_list}" \
rm -fv < /dev/null
fi
rm -f "${__template_list}" ; unset __template_list
fi
exit 0 exit 0

View File

@ -29,8 +29,11 @@ J2CFG_JINJA_EXTENSIONS = [
] ]
J2CFG_BANNED_ENVS = [ J2CFG_BANNED_ENVS = [
r'ANGIE(=|$)', r'__IEP_', r'IEP_',
r'ANGIE_BPF_MAPS(=|$)' r'NGX_TEMPLATE_(EX|IN)CLUDE',
r'ENVSUBST_',
r'J2CFG_',
r'ANGIE(|_BPF_MAPS)(=|$)',
] ]
J2CFG_PRESERVE_ENVS = [ J2CFG_PRESERVE_ENVS = [

View File

@ -3,8 +3,12 @@ set -f
sed -znE '/^([^=]+)=.*$/s,,\1,p' /proc/$$/environ \ sed -znE '/^([^=]+)=.*$/s,,\1,p' /proc/$$/environ \
| sed -zE \ | sed -zE \
-e '/^_$/d;/^ENVSUBST_/d;' \ -e '/^_$/d' \
-e '/^__IEP_/d;/^IEP_$/d' \ -e '/^__IEP_/d;/^IEP_$/d' \
-e '/^NGX_TEMPLATE_(EX|IN)CLUDE/d' \
-e '/^ENVSUBST_/d' \
-e '/^J2CFG_/d' \
-e '/^ANGIE(|_BPF_MAPS)$/d' \
| { | {
if [ -n "${ENVSUBST_EXCLUDE_REGEX:-}" ] ; then if [ -n "${ENVSUBST_EXCLUDE_REGEX:-}" ] ; then
grep -zEv -e "${ENVSUBST_EXCLUDE_REGEX}" grep -zEv -e "${ENVSUBST_EXCLUDE_REGEX}"