Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-2242] Dockerfile and entrypoint changes for kerberos #2931

Closed
wants to merge 13 commits into from
Closed

[PM-2242] Dockerfile and entrypoint changes for kerberos #2931

wants to merge 13 commits into from

Conversation

keithhubner
Copy link
Collaborator

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [X] Other

Objective

The purpose of this change is to allow the optional configuration of AD integrated authentication using Kerberos.

This involves the krb5-user package installation and the initialising kinit if the keytab file is present for services which require connection to the database:

Admin / API / Events / Identity / Scim / Sso

Code changes

Added:

...
krb5-user \
...

to each of the following Dockerfiles:
/server/src/Admin/Dockerfile
/server/src/Api/Dockerfile
/server/src/Events/Dockerfile
/server/src/Identity/Dockerfile
/server/bitwarden_license/src/Scim/Dockerfile
/server/bitwarden_license/src/Sso/Dockerfile

Added:

...
if [ -f "/etc/krb5/bitwarden.keytab" ]; then
  gosu $USERNAME:$GROUPNAME kinit bitwarden -k -t /etc/krb5/bitwarden.keytab
fi
...

to each of the following entrypoint.sh files:
/server/src/Admin/entrypoint.sh
/server/src/Api/entrypoint.sh
/server/src/Events/entrypoint.sh
/server/src/Identity/entrypoint.sh
/server/bitwarden_license/src/Scim/entrypoint.sh
/server/bitwarden_license/src/Sso/entrypoint.sh

@keithhubner keithhubner requested review from a team as code owners May 12, 2023 13:19
@bitwarden-bot
Copy link

Thank you for your contribution! We've added this to our internal Community PR board for review.
ID: PM-2242

@bitwarden-bot bitwarden-bot changed the title Dockerfile and entrypoint changes for kerberos [PM-2242] Dockerfile and entrypoint changes for kerberos May 12, 2023
@MGibson1 MGibson1 mentioned this pull request Jun 29, 2023
Closed
@bitwarden-bot
Copy link

bitwarden-bot commented Aug 4, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details0c7b562f-76aa-4bea-a6c3-07e967964b85

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: 82 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

Fixed Issues

Severity Issue Source File / Package
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Reflected_XSS_All_Clients /test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs: 38
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: 91
LOW Healthcheck Instruction Missing /Dockerfile: 1
LOW Healthcheck Instruction Missing /Dockerfile: 1
LOW Healthcheck Instruction Missing /Dockerfile: 1

@keithhubner keithhubner requested a review from a team as a code owner January 16, 2024 10:57
r-tome
r-tome previously approved these changes Jan 16, 2024
View reviewed changes
@djsmith85
Copy link
Contributor

@keithhubner Does this replace #3156

@keithhubner keithhubner dismissed stale reviews from r-tome and michalchecinski via 41e7d54 February 5, 2024 10:35
@keithhubner keithhubner closed this Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalchecinski michalchecinski michalchecinski left review comments

@r-tome r-tome r-tome left review comments

Assignees
No one assigned
Labels
community-pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@keithhubner @bitwarden-bot @djsmith85 @michalchecinski @r-tome