[jira] [Work logged] (KNOX-3297) Docker - entrypoint fails

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3297?focusedWorklogId=1015589&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1015589
 ]

ASF GitHub Bot logged work on KNOX-3297:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 14/Apr/26 23:01
            Start Date: 14/Apr/26 23:01
    Worklog Time Spent: 10m 
      Work Description: sneethiraj commented on code in PR #1197:
URL: https://github.com/apache/knox/pull/1197#discussion_r3083003974


##########
gateway-docker/src/main/resources/docker/gateway-entrypoint.sh:
##########
@@ -187,45 +188,40 @@ then
   importMultipleCerts "$CUSTOM_CERT"
 fi
 
-# Add Amazon Root CA 1
-/usr/bin/keytool -importcert \
-  -keystore "${KEYSTORE_DIR}"/truststore.jks \
-  -alias amazon-ca-1 \
-  -file /home/knox/cacrts/AmazonRootCA1.cer \
-  -storepass "${ALIAS_PASSPHRASE}" \
-  -noprompt || true
-
-# Add Amazon Root CA 2
-/usr/bin/keytool -importcert \
-  -keystore "${KEYSTORE_DIR}"/truststore.jks \
-  -alias amazon-ca-2 \
-  -file /home/knox/cacrts/AmazonRootCA2.cer \
-  -storepass "${ALIAS_PASSPHRASE}" \
-  -noprompt || true
-
-# Add Amazon Root CA 3
-/usr/bin/keytool -importcert \
-  -keystore "${KEYSTORE_DIR}"/truststore.jks \
-  -alias amazon-ca-3 \
-  -file /home/knox/cacrts/AmazonRootCA3.cer \
-  -storepass "${ALIAS_PASSPHRASE}" \
-  -noprompt || true
-
-# Add Amazon Root CA 4
-/usr/bin/keytool -importcert \
-  -keystore "${KEYSTORE_DIR}"/truststore.jks \
-  -alias amazon-ca-4 \
-  -file /home/knox/cacrts/AmazonRootCA4.cer \
-  -storepass "${ALIAS_PASSPHRASE}" \
-  -noprompt || true
-
-# Add letsencrypt staging root CA
-/usr/bin/keytool -importcert \
-  -keystore "${KEYSTORE_DIR}"/truststore.jks \
-  -alias letsencrypt-stg-root \
-  -file /home/knox/cacrts/letsencrypt-stg-root-x1.pem \
-  -storepass "${ALIAS_PASSPHRASE}" \
-  -noprompt || true
+# This default was set to emulate the existing behaviour
+# Customer should be able to override this by specifying this via Docker 
environment settings
+if [[ ! -n ${TRUSTSTORE_IMPORTS} ]]
+then
+       TRUSTSTORE_IMPORTS="
+        amazon-ca-1:/home/knox/cacrts/AmazonRootCA1.cer
+     amazon-ca-2:/home/knox/cacrts/AmazonRootCA2.cer
+     amazon-ca-3:/home/knox/cacrts/AmazonRootCA3.cer
+        amazon-ca-4:/home/knox/cacrts/AmazonRootCA4.cer
+     letsencrypt-stg-root:/home/knox/cacrts/letsencrypt-stg-root-x1.pem"
+fi
+
+if [[ -n ${TRUSTSTORE_IMPORTS} ]]

Review Comment:
   addressed in commit - d03092d8e





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1015589)
    Time Spent: 50m  (was: 40m)

> Docker - entrypoint fails
> -------------------------
>
>                 Key: KNOX-3297
>                 URL: https://issues.apache.org/jira/browse/KNOX-3297
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: docker
>            Reporter: Selvamohan Neethiraj
>            Priority: Major
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Issues:
>  # keystore path was hardcoded to /usr/bin/keytool - JDK is installed in a 
> different path.
>  # The keystore passphrase was incorrect in the initialization process.
>  # There are few truststore certs are being added in the entrypoint script. 
> But, the certs are not found in the docker image.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)