Oauth client secret as docker secret for roundcube docker (#247)

* Add support for docker secrets for oauth secret - apache version only

* Add oauth secret handling to template

* Add oauth secret handling to template. Generate examples from template

---------

Co-authored-by: Indriði Einarsson <redacted>

diff --git a/README.md b/README.md
index c590523068a735a9fcb403bcff667581c60d6b0d..18f181827625bdd224ed2ed2b1ee5cb7978c1700 100644 (file)
--- a/README.md
+++ b/README.md
@@ -103,6 +103,7 @@ to share credentials across all instances. The following secrets are currently s
 * `roundcube_des_key`: Unique and random key for encryption purposes
 * `roundcube_db_user`: Database connection username (mappend to `ROUNDCUBEMAIL_DB_USER`)
 * `roundcube_db_password`: Database connection password (mappend to `ROUNDCUBEMAIL_DB_PASSWORD`)
+* `roundcube_oauth_client_secret`: OAuth client secret (mappend to `ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET`)
 
 ## Advanced configuration
 

diff --git a/apache/docker-entrypoint.sh b/apache/docker-entrypoint.sh
index f76c04272be656fd4c2314905247de8dc34a4b80..0ffdc1ddf93337220fdac5eb8282394adcfe6a5d 100755 (executable)
--- a/apache/docker-entrypoint.sh
+++ b/apache/docker-entrypoint.sh
@@ -27,6 +27,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
   if [ -f /run/secrets/roundcube_db_password ]; then
     ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
   fi
+  if [ -f /run/secrets/roundcube_oauth_client_secret ]; then
+    ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET=`cat /run/secrets/roundcube_oauth_client_secret`
+  fi
 
   if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
     : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
@@ -111,6 +114,10 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
     echo "\$config['des_key'] = getenv('ROUNDCUBEMAIL_DES_KEY');" >> config/config.docker.inc.php
   fi
 
+  if [ ! -z "${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}" ]; then
+    echo "\$config['oauth_client_secret'] = '${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}';" >> config/config.docker.inc.php
+  fi
+
   if [ ! -z "${ROUNDCUBEMAIL_SPELLCHECK_URI}"]; then
     echo "\$config['spellcheck_engine'] = 'googie';" >> config/config.docker.inc.php
     echo "\$config['spellcheck_uri'] = '${ROUNDCUBEMAIL_SPELLCHECK_URI}';" >> config/config.docker.inc.php

diff --git a/fpm-alpine/docker-entrypoint.sh b/fpm-alpine/docker-entrypoint.sh
index f76c04272be656fd4c2314905247de8dc34a4b80..0ffdc1ddf93337220fdac5eb8282394adcfe6a5d 100755 (executable)
--- a/fpm-alpine/docker-entrypoint.sh
+++ b/fpm-alpine/docker-entrypoint.sh
@@ -27,6 +27,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
   if [ -f /run/secrets/roundcube_db_password ]; then
     ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
   fi
+  if [ -f /run/secrets/roundcube_oauth_client_secret ]; then
+    ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET=`cat /run/secrets/roundcube_oauth_client_secret`
+  fi
 
   if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
     : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
@@ -111,6 +114,10 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
     echo "\$config['des_key'] = getenv('ROUNDCUBEMAIL_DES_KEY');" >> config/config.docker.inc.php
   fi
 
+  if [ ! -z "${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}" ]; then
+    echo "\$config['oauth_client_secret'] = '${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}';" >> config/config.docker.inc.php
+  fi
+
   if [ ! -z "${ROUNDCUBEMAIL_SPELLCHECK_URI}"]; then
     echo "\$config['spellcheck_engine'] = 'googie';" >> config/config.docker.inc.php
     echo "\$config['spellcheck_uri'] = '${ROUNDCUBEMAIL_SPELLCHECK_URI}';" >> config/config.docker.inc.php

diff --git a/fpm/docker-entrypoint.sh b/fpm/docker-entrypoint.sh
index f76c04272be656fd4c2314905247de8dc34a4b80..0ffdc1ddf93337220fdac5eb8282394adcfe6a5d 100755 (executable)
--- a/fpm/docker-entrypoint.sh
+++ b/fpm/docker-entrypoint.sh
@@ -27,6 +27,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
   if [ -f /run/secrets/roundcube_db_password ]; then
     ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
   fi
+  if [ -f /run/secrets/roundcube_oauth_client_secret ]; then
+    ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET=`cat /run/secrets/roundcube_oauth_client_secret`
+  fi
 
   if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
     : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
@@ -111,6 +114,10 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
     echo "\$config['des_key'] = getenv('ROUNDCUBEMAIL_DES_KEY');" >> config/config.docker.inc.php
   fi
 
+  if [ ! -z "${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}" ]; then
+    echo "\$config['oauth_client_secret'] = '${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}';" >> config/config.docker.inc.php
+  fi
+
   if [ ! -z "${ROUNDCUBEMAIL_SPELLCHECK_URI}"]; then
     echo "\$config['spellcheck_engine'] = 'googie';" >> config/config.docker.inc.php
     echo "\$config['spellcheck_uri'] = '${ROUNDCUBEMAIL_SPELLCHECK_URI}';" >> config/config.docker.inc.php

diff --git a/templates/docker-entrypoint.sh b/templates/docker-entrypoint.sh
index f76c04272be656fd4c2314905247de8dc34a4b80..0ffdc1ddf93337220fdac5eb8282394adcfe6a5d 100644 (file)
--- a/templates/docker-entrypoint.sh
+++ b/templates/docker-entrypoint.sh
@@ -27,6 +27,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
   if [ -f /run/secrets/roundcube_db_password ]; then
     ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
   fi
+  if [ -f /run/secrets/roundcube_oauth_client_secret ]; then
+    ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET=`cat /run/secrets/roundcube_oauth_client_secret`
+  fi
 
   if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
     : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
@@ -111,6 +114,10 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
     echo "\$config['des_key'] = getenv('ROUNDCUBEMAIL_DES_KEY');" >> config/config.docker.inc.php
   fi
 
+  if [ ! -z "${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}" ]; then
+    echo "\$config['oauth_client_secret'] = '${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}';" >> config/config.docker.inc.php
+  fi
+
   if [ ! -z "${ROUNDCUBEMAIL_SPELLCHECK_URI}"]; then
     echo "\$config['spellcheck_engine'] = 'googie';" >> config/config.docker.inc.php
     echo "\$config['spellcheck_uri'] = '${ROUNDCUBEMAIL_SPELLCHECK_URI}';" >> config/config.docker.inc.php