diff --git a/Dockerfile b/Dockerfile index 986c714..779290e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,7 @@ FROM osixia/openldap:1.5.0 ADD ldif /container/service/slapd/assets/config/bootstrap/ldif +ADD templates /container/templates ENV LDAP_TLS="false" ENV LDAP_BASE_DN="" @@ -11,3 +12,10 @@ ENV LDAP_REPLICATION="false" ENV KEEP_EXISTING_CONFIG="false" ENV LDAP_REMOVE_CONFIG_AFTER_SETUP="true" ENV LDAP_SSL_HELPER_PREFIX="ldap" + +ENV NVM_DIR=/usr/local/nvm +ENV NODE_VERSION=22 + +ADD start /container/start + +ENTRYPOINT ["/container/start"] diff --git a/cloudformation/lib/api.js b/cloudformation/lib/api.js index ba17e5d..0ea073e 100644 --- a/cloudformation/lib/api.js +++ b/cloudformation/lib/api.js @@ -2,6 +2,12 @@ import cf from '@openaddresses/cloudfriend'; export default { Parameters: { + EnableExecute: { + Description: 'Allow SSH into docker container - should only be enabled for limited debugging', + Type: 'String', + AllowedValues: [ 'true', 'false' ], + Default: false + }, SSLCertificateIdentifier: { Description: 'ACM SSL Certificate for HTTP Protocol', Type: 'String' @@ -99,6 +105,15 @@ export default { PolicyName: cf.join('-', [cf.stackName, 'api-policy']), PolicyDocument: { Statement: [{ + Effect: 'Allow', + Action: [ + 'ssmmessages:CreateControlChannel', + 'ssmmessages:CreateDataChannel', + 'ssmmessages:OpenControlChannel', + 'ssmmessages:OpenDataChannel' + ], + Resource: '*' + },{ Effect: 'Allow', Action: [ 'logs:CreateLogGroup', @@ -226,6 +241,7 @@ export default { Properties: { ServiceName: cf.join('-', [cf.stackName, 'Service']), Cluster: cf.join(['coe-ecs-', cf.ref('Environment')]), + EnableExecuteCommand: cf.ref('EnableExecute'), TaskDefinition: cf.ref('TaskDefinition'), LaunchType: 'FARGATE', HealthCheckGracePeriodSeconds: 300, diff --git a/start b/start new file mode 100755 index 0000000..29161c7 --- /dev/null +++ b/start @@ -0,0 +1,21 @@ +#!/bin/bash + +set -euo pipefail + +echo "Generating LDIF" + +cotak.gov + +echo "Domain: ${LDAPDomain}" + +ORG=$(echo "${LDAPDomain}" | sed 's/\..*$//') +TLD=$(echo "${LDAPDomain}" | sed 's/^.*\.//') + +for filename in /container/templates/; do + sed -i "s/\$\{ORG\}/${ORG}/" "${filename}" + sed -i "s/\$\{ORG\}/${TLD}/" "${filename}" + + cp "${filename}" "/container/service/slapd/assets/config/bootstrap/ldif/" +done + +/container/tool/run diff --git a/templates/05-orgUnit.ldif b/templates/05-orgUnit.ldif new file mode 100644 index 0000000..1385cc0 --- /dev/null +++ b/templates/05-orgUnit.ldif @@ -0,0 +1,6 @@ +dn: ou=People,dc=${ORG},dc=${TLD} +objectclass: organizationalUnit +ou: People +dn: ou=Group,dc=${ORG},dc=${TLD} +objectclass: organizationalUnit +ou: Group