Protect nginx vars from being interpreted as env vars

Fixes #465.
luizalabs · Mar 26, 2018 · d0a38a1 · d0a38a1
1 parent ec1026d
commit d0a38a1
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Fixed
 - `.teresaignore` behavior (to work like `.gitignore`)
+- Protect nginx vars from being interpreted as env vars
 
 ## [0.17.0] - 2018-03-20
 ### Changed

diff --git a/pkg/server/spec/container.go b/pkg/server/spec/container.go
@@ -3,6 +3,7 @@ package spec
 import (
 	"fmt"
 	"strconv"
+	"strings"
 
 	"github.com/luizalabs/teresa/pkg/server/app"
 	"github.com/luizalabs/teresa/pkg/server/storage"
@@ -12,7 +13,7 @@ const (
 	nginxConfTmplDir = "/etc/nginx/template/"
 	nginxConfDir     = "/etc/nginx/"
 	nginxConfFile    = "nginx.conf"
-	nginxArgTmpl     = "envsubst < %s%s > %s%s && nginx -g 'daemon off;'"
+	nginxArgTmpl     = "envsubst '%s' < %s%s > %s%s && nginx -g 'daemon off;'"
 	nginxBackendTmpl = "http://localhost:%d"
 )
 
@@ -88,9 +89,13 @@ func newNginxVolumeMount() *VolumeMounts {
 }
 
 func newNginxContainer(image string) *Container {
-	args := fmt.Sprintf(nginxArgTmpl, nginxConfTmplDir, nginxConfFile, nginxConfDir, nginxConfFile)
 	port := strconv.Itoa(DefaultPort)
 	backend := fmt.Sprintf(nginxBackendTmpl, secondaryPort)
+	env := map[string]string{
+		"NGINX_PORT":    port,
+		"NGINX_BACKEND": backend,
+	}
+	args := newNginxContainerArgs(env)
 
 	return &Container{
 		Name:    "nginx",
@@ -101,16 +106,31 @@ func newNginxContainer(image string) *Container {
 			Name:          "nginx",
 			ContainerPort: int32(DefaultPort),
 		}},
-		Env: map[string]string{
-			"NGINX_PORT":    port,
-			"NGINX_BACKEND": backend,
-		},
+		Env: env,
 		VolumeMounts: []*VolumeMounts{
 			newNginxVolumeMount(),
 		},
 	}
 }
 
+func newNginxContainerArgs(env map[string]string) string {
+	tmp := make([]string, len(env))
+	var i int
+	for key, _ := range env {
+		tmp[i] = fmt.Sprintf("$%s", key)
+		i++
+	}
+	args := fmt.Sprintf(
+		nginxArgTmpl,
+		strings.Join(tmp, " "),
+		nginxConfTmplDir,
+		nginxConfFile,
+		nginxConfDir,
+		nginxConfFile,
+	)
+	return args
+}
+
 func newAppContainer(name, image string, envVars map[string]string, port int, secrets []string) *Container {
 	return &Container{
 		Name:    name,

diff --git a/pkg/server/spec/container_test.go b/pkg/server/spec/container_test.go
@@ -0,0 +1,25 @@
+package spec
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestNewNginxContainerArgs(t *testing.T) {
+	env := map[string]string{"key1": "value1", "key2": "value2"}
+	keys := "$key1 $key2"
+	want := fmt.Sprintf(
+		nginxArgTmpl,
+		keys,
+		nginxConfTmplDir,
+		nginxConfFile,
+		nginxConfDir,
+		nginxConfFile,
+	)
+
+	got := newNginxContainerArgs(env)
+
+	if got != want {
+		t.Errorf("got %s; want %s", got, want)
+	}
+}