lifecycle: add early check for missing/invalid secret key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-19 09:42:46 +01:00
parent 14c7d8c4f4
commit 89abd44b76
2 changed files with 10 additions and 1 deletions

View file

@ -62,7 +62,10 @@ if [[ "$1" == "server" ]]; then
wait_for_db wait_for_db
echo "server" > $MODE_FILE echo "server" > $MODE_FILE
# We only set prometheus_multiproc_dir for serer, as with the worker it just fills up the disk # We only set prometheus_multiproc_dir for serer, as with the worker it just fills up the disk
export prometheus_multiproc_dir=/dev/shm/ # as one file is created per process
#
# Set to TMPDIR instead hardcoded path so this can be used outside docker too
export prometheus_multiproc_dir=$TMPDIR
python -m lifecycle.migrate python -m lifecycle.migrate
/authentik-proxy /authentik-proxy
elif [[ "$1" == "worker" ]]; then elif [[ "$1" == "worker" ]]; then

View file

@ -25,6 +25,12 @@ def j_print(event: str, log_level: str = "info", **kwargs):
print(dumps(data), file=stderr) print(dumps(data), file=stderr)
# Sanity check, ensure SECRET_KEY is set before we even check for database connectivity
if CONFIG.y("secret_key") is None or len(CONFIG.y("secret_key")) == 0:
j_print("Secret key missing, check https://goauthentik.io/docs/installation/.")
exit(1)
while True: while True:
try: try:
conn = connect( conn = connect(