Move settings and mysql env vars around

oivindoh · ostefano · commit 043437c83fb1 · 2024-09-08T10:31:06.000+01:00
diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
@@ -3,8 +3,6 @@
 source /rest_client.sh
 source /utilities.sh
 
-MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
-
 # We now use envsubst for safe variable substitution with pseudo-json objects for env var enforcement
 # envsubst won't evaluate anything like $() or conditional variable expansion so lets do that here
 export PYTHON_BIN="$(which python3)"
@@ -210,10 +208,10 @@ init_user() {
     # Create the main user if it is not there already
     sudo -u www-data /var/www/MISP/app/Console/cake user init -q > /dev/null 2>&1
 
-    echo "UPDATE $MYSQL_DATABASE.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
+    echo "UPDATE $MYSQL_DATABASE.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQL_CMD}
 
     if [ ! -z "$ADMIN_ORG" ]; then
-        echo "UPDATE $MYSQL_DATABASE.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
+        echo "UPDATE $MYSQL_DATABASE.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQL_CMD}
     fi
 
     if [ -n "$ADMIN_KEY" ]; then
@@ -243,7 +241,7 @@ init_user() {
     else
         echo "... setting admin password skipped"
     fi
-    echo "UPDATE $MYSQL_DATABASE.users SET change_pw = 0 WHERE id = 1;" | ${MYSQLCMD}
+    echo "UPDATE $MYSQL_DATABASE.users SET change_pw = 0 WHERE id = 1;" | ${MYSQL_CMD}
 }
 
 apply_critical_fixes() {
@@ -280,76 +278,6 @@ apply_optional_fixes() {
 #    fi
 #}
 
-# Kludgy alternative to using cake Admin getSetting.
-setting_is_set_alt() {
-    local setting="$1"
-    local config_json=$(echo '<?php require_once "/var/www/MISP/app/Config/config.php"; echo json_encode($config, JSON_THROW_ON_ERROR | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); ?>'|/usr/bin/php)
-    local db_settings_enabled=$(jq -e 'getpath(("MISP.system_setting_db" | split("."))) // false' <<< $config_json)
-    local setting_in_config_file=$(jq -e 'getpath(("'"$setting"'" | split("."))) != null' <<< $config_json) 
-    if $setting_in_config_file; then
-        return 0
-    elif $db_settings_enabled; then
-        local setting_in_db=$(echo "SELECT EXISTS(SELECT 1 FROM $MYSQL_DATABASE.system_settings WHERE setting = \"${setting}\");" | ${MYSQLCMD})
-        if [[ $setting_in_db -eq 1 ]]; then
-            return 0
-        fi
-    fi
-    return 1
-}
-
-set_default_settings() {
-    local settings_json="$1"
-    local description="$2"
-
-    for setting in $(jq -r 'keys[]' <<< $settings_json); do
-        local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
-        local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
-
-        set_safe_default "$setting" "$default_value" "$description" "$command_args"
-    done
-}
-
-enforce_env_settings() {
-    local settings_json="$1"
-    local description="$2"
-    for setting in $(jq -r 'keys[]' <<< $settings_json); do
-        local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
-        local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
-        echo "Enforcing $description setting '$setting' to env var or default value '$default_value'..."
-        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
-    done
-}
-
-set_safe_default() {
-    local setting="$1"
-    local default_value="$2"
-    local description="$3"
-    local command_args="$4"
-
-    if ! setting_is_set_alt "$setting"; then
-        echo "Updating unset $description setting '$setting' to '$default_value'..."
-        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
-    fi
-}
-
-init_settings() {
-    local description="$1"
-    local enforced="/etc/misp-docker/${description}.envars.json"
-    local defaults="/etc/misp-docker/${description}.defaults.json"
-
-    if [[ -e "$enforced" ]]; then
-        echo "... enforcing env var settings"
-        local settings_json="$(envsubst < $enforced)"
-        enforce_env_settings "$settings_json" "$description"
-    fi
-
-    if [[ -e "$defaults" ]]; then
-        echo "... checking for unset default settings"
-        local settings_json="$(cat $defaults)"
-        set_default_settings "$settings_json" "$description"
-    fi
-}
-
 update_components() {
     UPDATE_SUDO_CMD="sudo -u www-data"
     if [ ! -z "${DB_ALREADY_INITIALISED}" ]; then
diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh
@@ -12,6 +12,7 @@ export MYSQL_PORT=${MYSQL_PORT:-3306}
 export MYSQL_USER=${MYSQL_USER:-misp}
 export MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}
 export MYSQL_DATABASE=${MYSQL_DATABASE:-misp}
+export MYSQL_CMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
 export REDIS_HOST=${REDIS_HOST:-redis}
 export REDIS_PORT=${REDIS_PORT:-6379}
 export REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}
diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh
@@ -8,19 +8,17 @@ term_proc() {
 
 trap term_proc SIGTERM
 
-MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
-
 init_mysql(){
     # Test when MySQL is ready....
     # wait for Database come ready
     isDBup () {
-        echo "SHOW STATUS" | $MYSQLCMD 1>/dev/null
+        echo "SHOW STATUS" | $MYSQL_CMD 1>/dev/null
         echo $?
     }
 
     isDBinitDone () {
         # Table attributes has existed since at least v2.1
-        echo "DESCRIBE attributes" | $MYSQLCMD 1>/dev/null
+        echo "DESCRIBE attributes" | $MYSQL_CMD 1>/dev/null
         echo $?
     }
 
@@ -40,7 +38,7 @@ init_mysql(){
         export DB_ALREADY_INITIALISED=true
     else
         echo "... database has not been initialized, importing MySQL scheme..."
-        $MYSQLCMD < /var/www/MISP/INSTALL/MYSQL.sql
+        $MYSQL_CMD < /var/www/MISP/INSTALL/MYSQL.sql
     fi
 }
 
diff --git a/core/files/utilities.sh b/core/files/utilities.sh
@@ -16,3 +16,73 @@ check_env_vars() {
         exit 1
     fi
 }
+
+# Kludgy alternative to using cake Admin getSetting.
+setting_is_set_alt() {
+    local setting="$1"
+    local config_json=$(echo '<?php require_once "/var/www/MISP/app/Config/config.php"; echo json_encode($config, JSON_THROW_ON_ERROR | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); ?>'|/usr/bin/php)
+    local db_settings_enabled=$(jq -e 'getpath(("MISP.system_setting_db" | split("."))) // false' <<< $config_json)
+    local setting_in_config_file=$(jq -e 'getpath(("'"$setting"'" | split("."))) != null' <<< $config_json) 
+    if $setting_in_config_file; then
+        return 0
+    elif $db_settings_enabled; then
+        local setting_in_db=$(echo "SELECT EXISTS(SELECT 1 FROM $MYSQL_DATABASE.system_settings WHERE setting = \"${setting}\");" | ${MYSQL_CMD})
+        if [[ $setting_in_db -eq 1 ]]; then
+            return 0
+        fi
+    fi
+    return 1
+}
+
+set_default_settings() {
+    local settings_json="$1"
+    local description="$2"
+
+    for setting in $(jq -r 'keys[]' <<< $settings_json); do
+        local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
+        local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
+
+        set_safe_default "$setting" "$default_value" "$description" "$command_args"
+    done
+}
+
+enforce_env_settings() {
+    local settings_json="$1"
+    local description="$2"
+    for setting in $(jq -r 'keys[]' <<< $settings_json); do
+        local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
+        local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
+        echo "Enforcing $description setting '$setting' to env var or default value '$default_value'..."
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
+    done
+}
+
+set_safe_default() {
+    local setting="$1"
+    local default_value="$2"
+    local description="$3"
+    local command_args="$4"
+
+    if ! setting_is_set_alt "$setting"; then
+        echo "Updating unset $description setting '$setting' to '$default_value'..."
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
+    fi
+}
+
+init_settings() {
+    local description="$1"
+    local enforced="/etc/misp-docker/${description}.envars.json"
+    local defaults="/etc/misp-docker/${description}.defaults.json"
+
+    if [[ -e "$enforced" ]]; then
+        echo "... enforcing env var settings"
+        local settings_json="$(envsubst < $enforced)"
+        enforce_env_settings "$settings_json" "$description"
+    fi
+
+    if [[ -e "$defaults" ]]; then
+        echo "... checking for unset default settings"
+        local settings_json="$(cat $defaults)"
+        set_default_settings "$settings_json" "$description"
+    fi
+}
