diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 1f48c028..9d8938d7 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -7,24 +7,6 @@ set -eo pipefail export STEPPATH=$(step path) -# List of env vars required for step ca init -declare -ra REQUIRED_INIT_VARS=(DOCKER_STEPCA_INIT_NAME DOCKER_STEPCA_INIT_DNS_NAMES) - -# Ensure all env vars required to run step ca init are set. -function init_if_possible () { - local missing_vars=0 - for var in "${REQUIRED_INIT_VARS[@]}"; do - if [ -z "${!var}" ]; then - missing_vars=1 - fi - done - if [ ${missing_vars} = 1 ]; then - >&2 echo "there is no ca.json config file; please run step ca init, or provide config parameters via DOCKER_STEPCA_INIT_ vars" - else - step_ca_init "${@}" - fi -} - function generate_password () { set +o pipefail < /dev/urandom tr -dc A-Za-z0-9 | head -c40 @@ -35,8 +17,7 @@ function generate_password () { # Initialize a CA if not already initialized function step_ca_init () { local -a setup_args=( - --name "${DOCKER_STEPCA_INIT_NAME}" - --dns "${DOCKER_STEPCA_INIT_DNS_NAMES}" + --name "${DOCKER_STEPCA_INIT_NAME:-Smallstep}" --provisioner "${DOCKER_STEPCA_INIT_PROVISIONER_NAME:-admin}" --password-file "${STEPPATH}/password" --address ":9000" @@ -46,15 +27,27 @@ function step_ca_init () { else generate_password > "${STEPPATH}/password" fi + if [ -n "${DOCKER_STEPCA_INIT_SSH}" ]; then setup_args=("${setup_args[@]}" --ssh) fi - step ca init "${setup_args[@]}" + + if [ -n "${DOCKER_STEPCA_INIT_DNS_NAMES}" ]; then + setup_args=("$[setup_args[@]}" --dns "localhost" --dns "127.0.0.1" --dns "[::1]") + fi + + IFS=',' read -r -a dns_names <<< "${DOCKER_STEPCA_INIT_DNS_NAMES}" + for dns_name in "${dns_names[@]}" + do + setup_args=("${setup_args[@]}" --dns "$dns_name") + done + step ca init "${setup_args[@]}" mv $STEPPATH/password $PWDPATH } if [ ! -f "${STEPPATH}/config/ca.json" ]; then - init_if_possible + >&2 echo "There is no ca.json config file; running 'step ca init'." + step_ca_init "${@}" fi exec "${@}"