lifecycle: add early check for missing/invalid secret key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 09:42:46 +01:00 · 2022-01-19 09:42:46 +01:00 · 89abd44b76
parent 14c7d8c4f4
commit 89abd44b76
2 changed files with 10 additions and 1 deletions
--- a/lifecycle/ak
+++ b/lifecycle/ak
@ -62,7 +62,10 @@ if [[ "$1" == "server" ]]; then
    wait_for_db
    echo "server" > $MODE_FILE
    # We only set prometheus_multiproc_dir for serer, as with the worker it just fills up the disk
-    export prometheus_multiproc_dir=/dev/shm/
+    # as one file is created per process
+    #
+    # Set to TMPDIR instead hardcoded path so this can be used outside docker too
+    export prometheus_multiproc_dir=$TMPDIR
    python -m lifecycle.migrate
    /authentik-proxy
 elif [[ "$1" == "worker" ]]; then
--- a/lifecycle/wait_for_db.py
+++ b/lifecycle/wait_for_db.py
@ -25,6 +25,12 @@ def j_print(event: str, log_level: str = "info", **kwargs):
    print(dumps(data), file=stderr)


+# Sanity check, ensure SECRET_KEY is set before we even check for database connectivity
+if CONFIG.y("secret_key") is None or len(CONFIG.y("secret_key")) == 0:
+    j_print("Secret key missing, check https://goauthentik.io/docs/installation/.")
+    exit(1)
+
+
 while True:
    try:
        conn = connect(