-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathentrypoint.sh
More file actions
executable file
·56 lines (47 loc) · 2.06 KB
/
entrypoint.sh
File metadata and controls
executable file
·56 lines (47 loc) · 2.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/env python3
"""
entrypoint.sh
=============
1. Reads POSTGRES_SECRET_ARN from the environment.
2. Fetches the secret from AWS Secrets Manager via IAM role (no hardcoded keys).
3. Builds POSTGRES_CONNECTION_STRING and exec's cq-platform-mcp.
Expected secret format (JSON):
{ "username": "...", "password": "...", "host": "...", "port": 5432, "dbname": "..." }
OR a plain connection string under key "connection_string".
"""
import json, os, sys
import boto3
def get_connection_string():
secret_arn = os.environ.get("POSTGRES_SECRET_ARN")
if not secret_arn:
print("[entrypoint] FATAL: POSTGRES_SECRET_ARN is not set.", file=sys.stderr)
sys.exit(1)
region = os.environ.get("AWS_REGION", "us-east-1")
print(f"[entrypoint] Fetching secret: {secret_arn}", flush=True)
try:
response = boto3.client("secretsmanager", region_name=region) \
.get_secret_value(SecretId=secret_arn)
except Exception as exc:
print(f"[entrypoint] FATAL: {exc}", file=sys.stderr)
sys.exit(1)
raw = response.get("SecretString", "")
try:
secret = json.loads(raw)
except json.JSONDecodeError:
return raw.strip()
if "connection_string" in secret:
return secret["connection_string"]
for k in ("username", "password", "host", "dbname"):
if k not in secret:
print(f"[entrypoint] FATAL: secret missing field '{k}'", file=sys.stderr)
sys.exit(1)
u, p, h = secret["username"], secret["password"], secret["host"]
port = secret.get("port", 5432)
db = secret["dbname"]
print(f"[entrypoint] Built connection string for host={h} db={db}", flush=True)
return f"postgres://{u}:{p}@{h}:{port}/{db}?sslmode=require"
os.environ["POSTGRES_CONNECTION_STRING"] = get_connection_string()
os.environ.setdefault("HTTP_ADDRESS", ":8080")
os.environ.setdefault("CQAPI_LOG_LEVEL", "info")
print(f"[entrypoint] Starting cq-platform-mcp on {os.environ['HTTP_ADDRESS']}", flush=True)
os.execv("/usr/local/bin/cq-platform-mcp", ["/usr/local/bin/cq-platform-mcp"])