Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker user directives cont #968

Merged
merged 8 commits into from
Feb 7, 2024
Merged

Docker user directives cont #968

merged 8 commits into from
Feb 7, 2024

Conversation

noah-paige
Copy link
Contributor

Feature or Bugfix

  • Bugfix

Detail

Relates

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes
    fetching data from storage outside the application (e.g. a database, an S3 bucket)?
    • Is the input sanitized?
    • What precautions are you taking before deserializing the data you consume?
    • Is injection prevented by parametrizing queries?
    • Have you ensured no eval or similar functions are used?
  • Does this PR introduce any functionality or component that requires authorization?
    • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
    • Are you logging failed auth attempts?
  • Are you using or adding any cryptographic features?
    • Do you use a standard proven implementations?
    • Are the used keys controlled by the customer? Where are they stored?
  • Are you introducing any new policies/roles/users?
    • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@noah-paige noah-paige added this to the v2.3.0 milestone Jan 11, 2024
@noah-paige noah-paige linked an issue Jan 11, 2024 that may be closed by this pull request
Docker User Directives - Continued #964
Closed
@noah-paige
Copy link
Contributor Author

noah-paige commented Jan 11, 2024
edited
Loading

Fixes / Status Update:

  • Local Postgres DB
    • Error Message
2024-01-11 16:22:50 The files belonging to this database system will be owned by user "cuser".
2024-01-11 16:22:50 This user must also own the server process.
2024-01-11 16:22:07 initdb: could not access directory "/var/lib/postgresql/data": Permission denied

Resolved By
- Update to 13.12
- Remove User Commands
- Delete Container and Image and re build to get working with 13.12

  • Local ElasticSearch
    • Error Message
java.lang.IllegalStateException: failed to obtain node locks, tried [[/usr/share/elasticsearch/data]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?

Resolved By
- Remove User Commands and ReBuild

  • Docker Compose AWS Credentials

    • Have to change Mount Volumes for Docker User to get AWS Credentials locally
    • Otherwise getting Credentials Can Not be Located error from botocore because user can not access /.aws/credentials file
    • Resolved By
      • Update docker compose volume mounts

  • VPC Facing AWS Deployment

    • Error building Image using frontend/docker/prod/Dockerfile

    • Resolved By

      • Moving WORKDIR /app command

    • Error withe permissions to bind as non-root user on port 80 for nginx

    • Resolved By

      • Adding permissions for user created and editing nginx.conf

Testing:
Local data.all

  • Local docker compose up re-building all images
  • Access UI
  • Create Environment
  • Create CDK Pipeline

Local data.all

  • CICD Pipeline Completes (Frontend Image Built Successful)
  • Access UI
  • Create Environment
  • Create CDK Pipeline

@noah-paige noah-paige marked this pull request as ready for review January 16, 2024 19:31
@noah-paige noah-paige self-assigned this Feb 7, 2024
@noah-paige noah-paige merged commit 3943ae3 into main Feb 7, 2024
8 checks passed
@noah-paige noah-paige deleted the docker-user-directives-cont branch February 7, 2024 15:05
@noah-paige noah-paige mentioned this pull request Feb 19, 2024
Merged
dlpzx pushed a commit that referenced this pull request Feb 19, 2024
@noah-paige
Edit local deploy command to include UID (#1066)
89c686e 
### Feature or Bugfix
<!-- please choose -->
- Documentation

### Detail
- Update the local deploy instructions to reflect the latest changes to
include `export UID`


### Relates
- #968

### Security
N/A
Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlpzx dlpzx dlpzx left review comments

@petrkalos petrkalos petrkalos approved these changes

Assignees

@noah-paige noah-paige

Labels
None yet
Projects
None yet
Milestone
v2.3.0
Development

Successfully merging this pull request may close these issues.

Docker User Directives - Continued
3 participants
@noah-paige @petrkalos @dlpzx