add beaker secrets to start ckan

compose/2.10/.env

@@ -12,7 +12,7 @@ POSTGRES_PORT=5432
 DATASTORE_READONLY_PASSWORD=datastore
 
 # CKAN
-CKAN_VERSION=2.10.2
+CKAN_VERSION=2.10
 CKAN_SITE_ID=default
 CKAN_SITE_URL=http://localhost:5000
 CKAN_PORT=5000

images/ckan/2.10/setup/app/start_ckan.sh

@@ -12,12 +12,24 @@ then
     done
 fi
 
+# Add session secret from chart
+if [[ -z $BEAKER_SESSION_SECRET || -v $BEAKER_SESSION_SECRET || -z $JWT_ENCODE_SECRET || -v $JWT_ENCODE_SECRET || -z $JWT_DECODE_SECRET || -v $JWT_DECODE_SECRET ]];then
+  echo "Not all environment variables are set. Generating sessions..."
+else
+  echo "Setting session secrets from environment variables"
+  ckan config-tool $APP_DIR/production.ini "beaker.session.secret=$BEAKER_SESSION_SECRET"
+  ckan config-tool $APP_DIR/production.ini "api_token.jwt.encode.secret=$JWT_ENCODE_SECRET"
+  ckan config-tool $APP_DIR/production.ini "api_token.jwt.decode.secret=$JWT_DECODE_SECRET"
+fi
+
 if grep -E "beaker.session.secret ?= ?$" $APP_DIR/production.ini
 then
     echo "Setting secrets in ini file"
     ckan config-tool $APP_DIR/production.ini "beaker.session.secret=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
-    ckan config-tool $APP_DIR/production.ini "api_token.jwt.encode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
-    ckan config-tool $APP_DIR/production.ini "api_token.jwt.decode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+    ckan config-tool $APP_DIR/production.ini "WTF_CSRF_SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
+    JWT_SECRET=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')
+    ckan config-tool $APP_DIR/production.ini "api_token.jwt.encode.secret=$JWT_SECRET"
+    ckan config-tool $APP_DIR/production.ini "api_token.jwt.decode.secret=$JWT_SECRET"
 fi
 
 echo "Starting UWSGI with '${UWSGI_PROC_NO:-2}' workers"