treewide: improve template expansion
This commit is contained in:
parent
6b13a28e52
commit
00648c9940
@ -128,28 +128,39 @@ expand_dir_envsubst() {
|
||||
|
||||
__template_list=$(mktemp) || return
|
||||
|
||||
find "$@" -follow -type f -name '*.in' \
|
||||
find "$@" -follow -name '*.in' -type f \
|
||||
| {
|
||||
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
|
||||
grep -Ev -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
|
||||
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
|
||||
grep -E -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
|
||||
else
|
||||
cat
|
||||
fi
|
||||
} \
|
||||
| sort -uV > "${__template_list}"
|
||||
|
||||
__have_args="${ENVSUBST_ARGS:+1}"
|
||||
if [ -z "${__have_args}" ] ; then
|
||||
## optimize envsubst.sh invocation by caching argument list
|
||||
## ref: envsubst.sh
|
||||
ENVSUBST_ARGS=$(mktemp) || return
|
||||
envsubst-args.sh > "${ENVSUBST_ARGS}"
|
||||
export ENVSUBST_ARGS
|
||||
fi
|
||||
|
||||
__ret=0
|
||||
while read -r __orig_file ; do
|
||||
[ -n "${__orig_file}" ] || continue
|
||||
expand_file_envsubst "${__orig_file}" || __ret=1
|
||||
done < "${__template_list}"
|
||||
if [ -s "${__template_list}" ] ; then
|
||||
__have_args="${ENVSUBST_ARGS:+1}"
|
||||
if [ -z "${__have_args}" ] ; then
|
||||
## optimize envsubst.sh invocation by caching argument list
|
||||
## ref: envsubst.sh
|
||||
ENVSUBST_ARGS=$(mktemp) || return
|
||||
envsubst-args.sh > "${ENVSUBST_ARGS}"
|
||||
export ENVSUBST_ARGS
|
||||
fi
|
||||
|
||||
if [ -z "${__have_args}" ] ; then
|
||||
rm -f "${ENVSUBST_ARGS}" ; unset ENVSUBST_ARGS
|
||||
while read -r __orig_file ; do
|
||||
[ -n "${__orig_file}" ] || continue
|
||||
expand_file_envsubst "${__orig_file}" || __ret=1
|
||||
done < "${__template_list}"
|
||||
|
||||
if [ -z "${__have_args}" ] ; then
|
||||
rm -f "${ENVSUBST_ARGS}" ; unset ENVSUBST_ARGS
|
||||
fi
|
||||
unset __have_args
|
||||
fi
|
||||
unset __have_args
|
||||
|
||||
rm -f "${__template_list}" ; unset __template_list
|
||||
|
||||
@ -161,7 +172,16 @@ expand_dir_j2cfg() {
|
||||
|
||||
__template_list=$(mktemp) || return
|
||||
|
||||
find "$@" -follow -type f -name '*.j2' -printf '%p\0' \
|
||||
find "$@" -follow -name '*.j2' -type f -printf '%p\0' \
|
||||
| {
|
||||
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
|
||||
grep -zEv -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
|
||||
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
|
||||
grep -zE -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
|
||||
else
|
||||
cat
|
||||
fi
|
||||
} \
|
||||
| sort -zuV > "${__template_list}"
|
||||
|
||||
__ret=0
|
||||
|
@ -44,6 +44,10 @@ for i in ${NGX_DIRS_MERGE:-} ; do
|
||||
log_always "NGX_DIRS_MERGE: dir '$i' is not legal, skipping"
|
||||
continue
|
||||
;;
|
||||
j2cfg | j2cfg/* )
|
||||
log_always "NGX_DIRS_MERGE: '$i' is reserved for internal use, skipping"
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
|
||||
dirs=$(append_list "${dirs}" "$i")
|
||||
@ -59,6 +63,10 @@ for i in ${NGX_DIRS_LINK:-} ; do
|
||||
log_always "NGX_DIRS_LINK: dir '$i' is not legal, skipping"
|
||||
continue
|
||||
;;
|
||||
j2cfg | j2cfg/* )
|
||||
log_always "NGX_DIRS_MERGE: '$i' is reserved for internal use, skipping"
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
|
||||
if list_have_item "${NGX_DIRS_MERGE}" "$i" ; then
|
||||
|
@ -38,10 +38,13 @@ for n in ${NGX_DIRS_MERGE} ; do
|
||||
done
|
||||
|
||||
set -a
|
||||
ENVSUBST_ARGS="${volume_root}/diag.envsubst.txt"
|
||||
J2CFG_PATH="${merged_root}/j2cfg"
|
||||
J2CFG_SEARCH_PATH="${merged_root}"
|
||||
set +a
|
||||
|
||||
envsubst-args.sh > "${ENVSUBST_ARGS}"
|
||||
|
||||
## expand j2cfg templates first
|
||||
|
||||
expand_dir_envsubst j2cfg/ || expand_error
|
||||
@ -60,4 +63,29 @@ export J2CFG_CONFIG="${j2cfg_dump}"
|
||||
|
||||
expand_dir_j2cfg ${merge_dirs} || expand_error
|
||||
|
||||
## remove template sources in order to avoid leaking sensitive data
|
||||
if [ "${NGX_PROCESS_STATIC}" = 1 ] ; then
|
||||
__template_list=$(mktemp)
|
||||
|
||||
find static/ -follow -type f -printf '%p\0' \
|
||||
| grep -zE '\.(in|j2)$' \
|
||||
| {
|
||||
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
|
||||
grep -zEv -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
|
||||
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
|
||||
grep -zE -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
|
||||
else
|
||||
cat
|
||||
fi
|
||||
} \
|
||||
| sort -zuV > "${__template_list}"
|
||||
|
||||
if [ -s "${__template_list}" ] ; then
|
||||
xargs -0r -n 1000 -a "${__template_list}" \
|
||||
rm -fv < /dev/null
|
||||
fi
|
||||
|
||||
rm -f "${__template_list}" ; unset __template_list
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
@ -29,8 +29,11 @@ J2CFG_JINJA_EXTENSIONS = [
|
||||
]
|
||||
|
||||
J2CFG_BANNED_ENVS = [
|
||||
r'ANGIE(=|$)',
|
||||
r'ANGIE_BPF_MAPS(=|$)'
|
||||
r'__IEP_', r'IEP_',
|
||||
r'NGX_TEMPLATE_(EX|IN)CLUDE',
|
||||
r'ENVSUBST_',
|
||||
r'J2CFG_',
|
||||
r'ANGIE(|_BPF_MAPS)(=|$)',
|
||||
]
|
||||
|
||||
J2CFG_PRESERVE_ENVS = [
|
||||
|
@ -3,8 +3,12 @@ set -f
|
||||
|
||||
sed -znE '/^([^=]+)=.*$/s,,\1,p' /proc/$$/environ \
|
||||
| sed -zE \
|
||||
-e '/^_$/d;/^ENVSUBST_/d;' \
|
||||
-e '/^_$/d' \
|
||||
-e '/^__IEP_/d;/^IEP_$/d' \
|
||||
-e '/^NGX_TEMPLATE_(EX|IN)CLUDE/d' \
|
||||
-e '/^ENVSUBST_/d' \
|
||||
-e '/^J2CFG_/d' \
|
||||
-e '/^ANGIE(|_BPF_MAPS)$/d' \
|
||||
| {
|
||||
if [ -n "${ENVSUBST_EXCLUDE_REGEX:-}" ] ; then
|
||||
grep -zEv -e "${ENVSUBST_EXCLUDE_REGEX}"
|
||||
|
Loading…
Reference in New Issue
Block a user