docker-compose pull | api fails
dmspils opened this issue · comments
I just did a docker-compose pull && docker-compose up -d
to update my deployment to the latest images but the api now fails to start and goes into a restart loop (nothing has changed in the config).
Looking at the logs for the api container, I see this failure which looks to be linked to SSO (which I have set in my .env file to USE_SAML=false
):
[Nest] 39 - 07/15/2020, 11:41:07 AM [ExceptionHandler] Invalid property: cert must not be empty +2ms
Error: Invalid property: cert must not be empty
at SAML.initialize (/home/node/app/node_modules/passport-saml/lib/passport-saml/saml.js:28:11)
at new SAML (/home/node/app/node_modules/passport-saml/lib/passport-saml/saml.js:18:23)
at new Strategy (/home/node/app/node_modules/passport-saml/lib/passport-saml/strategy.js:28:16)
at new MixinStrategy (/home/node/app/node_modules/@nestjs/passport/dist/passport/passport.strategy.js:31:13)
at new SamlStrategy (/home/node/app/dist/auth/saml.strategy.js:20:9)
at Injector.instantiateClass (/home/node/app/node_modules/@nestjs/core/injector/injector.js:288:19)
at callback (/home/node/app/node_modules/@nestjs/core/injector/injector.js:75:41)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async Injector.resolveConstructorParams (/home/node/app/node_modules/@nestjs/core/injector/injector.js:116:24)
at async Injector.loadInstance (/home/node/app/node_modules/@nestjs/core/injector/injector.js:79:9)
at async Injector.loadProvider (/home/node/app/node_modules/@nestjs/core/injector/injector.js:36:9)
at async Promise.all (index 8)
at async InstanceLoader.createInstancesOfProviders (/home/node/app/node_modules/@nestjs/core/injector/instance-loader.js:42:9)
at async /home/node/app/node_modules/@nestjs/core/injector/instance-loader.js:27:13
at async Promise.all (index 10)
at async InstanceLoader.createInstances (/home/node/app/node_modules/@nestjs/core/injector/instance-loader.js:26:9)
The cert for the website is fine and has a couple of months left on it so I assume it is a SAML cert error. As I mentioned, I've disabled the use of SAML (and LDAP) in my config but it still seems to be calling them. Is there any way to completely disable that check?
I've tried rolling back to previous tags of purify-api
but all seem to have been updated over the past couple of days and all now exhibit the same error behaviour.
I've found a temporary fix! By modding .api/.env.custom
to include the following, it now doesn't check the SAML cert and the api successfully loads:
USE_LDAP=false
USE_SAML=false
SAML_LOCAL_KEY_ONELINE=<random value that is insignificant>
SAML_IDP_CERT_ONELINE=<random value that is insignificant>
SAML_EMAIL_FIELD_NAME=email
SAML_USERNAME_FIELD_NAME=name
Yep, you're right, SAML_IDP_CERT_ONELINE
should have some value, even fake, to load the rest of a module.
I will fix this one by adding a default value for this variable at startup.