You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/09/16 09:01:39 UTC

[tomcat] 01/03: PropertySource: Add an environment variable based source

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 86848bbb4cc8da5d8d2f02ecadbff683cdd96a33
Author: Thomas Meyer <th...@m3y3r.de>
AuthorDate: Sat Jul 20 22:22:42 2019 +0200

    PropertySource: Add an environment variable based source
    
    When tomcat runs in an Openshift based container a Secret containing
    passwords can be mapped as environment variables (with an additional
    prefix).
    An webapp containing an embedded context.xml which defines JDBC
    datasources and placeholder variables can be used with this new
    PropertySource to easily inject configuration from a Secret or
    ConfigMap.
---
 java/org/apache/tomcat/util/digester/Digester.java | 15 +++++++++++++++
 webapps/docs/changelog.xml                         |  8 +++++++-
 webapps/docs/config/systemprops.xml                | 17 +++++++++++++++--
 3 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/digester/Digester.java b/java/org/apache/tomcat/util/digester/Digester.java
index 8985649..22f9cec 100644
--- a/java/org/apache/tomcat/util/digester/Digester.java
+++ b/java/org/apache/tomcat/util/digester/Digester.java
@@ -169,6 +169,21 @@ public class Digester extends DefaultHandler2 {
     }
 
 
+    public class EnvironmentPropertySource implements IntrospectionUtils.PropertySource {
+        @Override
+        public String getProperty(String key) {
+            ClassLoader cl = getClassLoader();
+            if (cl instanceof PermissionCheck) {
+                Permission p = new RuntimePermission("getenv." + key, null);
+                if (!((PermissionCheck) cl).check(p)) {
+                    return null;
+                }
+            }
+            return System.getenv(key);
+        }
+    }
+
+
     protected IntrospectionUtils.PropertySource source[] = new IntrospectionUtils.PropertySource[] {
             new SystemPropertySource() };
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0a75e46..1f8f198 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,13 @@
         Service is embedded directly (i.e. with no Server) in an applciation
         and JNDI is enabled. Patch provided by S. Ali Tokmen. (markt)
       </fix>
-     </changelog>
+      <add>
+        Add a new <code>PropertySource</code> implementation,
+        <code>EnvironmentPropertySource</code>, that can be used to do property
+        replacement in configuration files with environment variables. Pull
+        request provided by Thomas Meyer. (markt)
+      </add>
+    </changelog>
   </subsection>
   <subsection name="Coyote">
     <changelog>
diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
index fe67649..d35623d 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -43,8 +43,21 @@
       <p>Set this to a fully qualified name of a class that implements
          <code>org.apache.tomcat.util.IntrospectionUtils.PropertySource</code>.
          Required to have a public constructor with no arguments.</p>
-      <p>Use this to add a property source, that will be invoked when <code>${parameter}</code>
-         denoted parameters are found in the XML files that Tomcat parses.</p>
+      <p>Use this to add a property source, that will be invoked when
+         <code>${parameter}</code> denoted parameters are found in the XML files
+         that Tomcat parses.</p>
+      <p>Property replacement from the specified property source on the JVM
+         system properties can also be done using the
+         <code>REPLACE_SYSTEM_PROPERTIES</code> system property.</p>
+      <p><code>org.apache.tomcat.util.digester.Digester$EnvironmentPropertySource</code>
+         can be used to replace parameters from the process' environment
+         variables, e.g. injected ConfigMaps or Secret objects in container
+         based systems like OpenShift or Kubernetes.</p>
+    </property>
+    <property name="org.apache.tomcat.util.digester. REPLACE_SYSTEM_PROPERTIES">
+      <p>Set this boolean system property to <code>true</code> to cause
+         property replacement from the digester property source on the JVM
+         system properties.</p>
     </property>
   </properties>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org