mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
034892e890
meldestelle/scripts/validation/validate-env.sh
stefan 2dc6a06990 ein wenig aufgeräumt
2025-09-06 13:35:32 +02:00

227 lines
7.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# =============================================================================
# Environment Variables Validation Script
# =============================================================================
# This script validates that all required environment variables are properly
# configured for the Meldestelle application.
# =============================================================================
# Load common utilities
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=../utils/common.sh
source "$SCRIPT_DIR/../utils/common.sh" || {
echo "Error: Could not load common utilities from $SCRIPT_DIR/../utils/common.sh"
exit 1
}
log_section "Meldestelle - Environment Variables Validation"
# Check if .env file exists
log_info "1. Checking .env file..."
if [ -f ".env" ]; then
log_success ".env file exists"
# Load .env file
set -a
source .env
set +a
log_success ".env file loaded successfully"
else
log_error ".env file not found"
log_error "Please create a .env file based on the documentation."
exit 1
fi
# Check if docker-compose.yml exists
log_info "2. Checking docker-compose.yml file..."
if [ -f "docker-compose.yml" ]; then
print_status "OK" "docker-compose.yml file exists"
else
log_error "docker-compose.yml file not found"
exit 1
fi
# Define required environment variables
log_info "3. Checking required environment variables..."
# Application Configuration
check_var() {
local var_name=$1
local var_value=${!var_name}
local is_required=${2:-false}
local description=$3
if [ -n "$var_value" ]; then
log_success "$var_name is set: '$var_value'"
elif [ "$is_required" = true ]; then
log_error "$var_name is required but not set ($description)"
else
log_warning "$var_name is not set ($description)"
fi
}
# Application Configuration
echo -e "${YELLOW}Application Configuration:${NC}"
check_var "API_HOST" true "Server host address"
check_var "API_PORT" true "Server port"
check_var "APP_NAME" false "Application name"
check_var "APP_VERSION" false "Application version"
check_var "APP_ENVIRONMENT" true "Current environment"
echo
# Database Configuration
echo -e "${YELLOW}Database Configuration:${NC}"
check_var "DB_HOST" true "Database host"
check_var "DB_PORT" true "Database port"
check_var "DB_NAME" true "Database name"
check_var "DB_USER" true "Database user"
check_var "DB_PASSWORD" true "Database password"
check_var "POSTGRES_USER" true "PostgreSQL container user"
check_var "POSTGRES_PASSWORD" true "PostgreSQL container password"
check_var "POSTGRES_DB" true "PostgreSQL container database"
echo
# Redis Configuration
echo -e "${YELLOW}Redis Configuration:${NC}"
check_var "REDIS_EVENT_STORE_HOST" true "Redis event store host"
check_var "REDIS_EVENT_STORE_PORT" true "Redis event store port"
check_var "REDIS_CACHE_HOST" true "Redis cache host"
check_var "REDIS_CACHE_PORT" true "Redis cache port"
echo
# Security Configuration
echo -e "${YELLOW}Security Configuration:${NC}"
check_var "JWT_SECRET" true "JWT secret key"
check_var "JWT_ISSUER" true "JWT issuer"
check_var "JWT_AUDIENCE" true "JWT audience"
check_var "JWT_REALM" true "JWT realm"
check_var "API_KEY" true "API key for internal services"
echo
# Keycloak Configuration
echo -e "${YELLOW}Keycloak Configuration:${NC}"
check_var "KEYCLOAK_ADMIN" true "Keycloak admin user"
check_var "KEYCLOAK_ADMIN_PASSWORD" true "Keycloak admin password"
check_var "KC_DB" true "Keycloak database type"
check_var "KC_DB_URL" true "Keycloak database URL"
check_var "KC_DB_USERNAME" true "Keycloak database user"
check_var "KC_DB_PASSWORD" true "Keycloak database password"
echo
# Service Discovery
echo -e "${YELLOW}Service Discovery Configuration:${NC}"
check_var "CONSUL_HOST" true "Consul host"
check_var "CONSUL_PORT" true "Consul port"
echo
# Messaging Configuration
echo -e "${YELLOW}Messaging Configuration:${NC}"
check_var "ZOOKEEPER_CLIENT_PORT" true "Zookeeper client port"
check_var "KAFKA_BROKER_ID" true "Kafka broker ID"
check_var "KAFKA_ZOOKEEPER_CONNECT" true "Kafka Zookeeper connection"
echo
# Monitoring Configuration
echo -e "${YELLOW}Monitoring Configuration:${NC}"
check_var "GF_SECURITY_ADMIN_USER" true "Grafana admin user"
check_var "GF_SECURITY_ADMIN_PASSWORD" true "Grafana admin password"
echo
# Security Checks
echo -e "${BLUE}4. Security validation...${NC}"
# Check JWT secret strength
if [ -n "$JWT_SECRET" ]; then
if [ ${#JWT_SECRET} -lt 32 ]; then
print_status "WARNING" "JWT_SECRET should be at least 32 characters long for security"
else
print_status "OK" "JWT_SECRET length is adequate (${#JWT_SECRET} characters)"
fi
if [[ "$JWT_SECRET" == *"default"* ]] || [[ "$JWT_SECRET" == *"change"* ]]; then
print_status "WARNING" "JWT_SECRET appears to be a default value - change for production"
else
print_status "OK" "JWT_SECRET appears to be customized"
fi
fi
# Check for default passwords
if [ "$POSTGRES_PASSWORD" = "meldestelle" ]; then
print_status "WARNING" "Using default PostgreSQL password - change for production"
fi
if [ "$KEYCLOAK_ADMIN_PASSWORD" = "admin" ]; then
print_status "WARNING" "Using default Keycloak admin password - change for production"
fi
if [ "$GF_SECURITY_ADMIN_PASSWORD" = "admin" ]; then
print_status "WARNING" "Using default Grafana admin password - change for production"
fi
echo
# Port conflict checks
echo -e "${BLUE}5. Port conflict checks...${NC}"
declare -A ports
ports["API_PORT"]=$API_PORT
ports["DB_PORT"]=$DB_PORT
ports["REDIS_EVENT_STORE_PORT"]=$REDIS_EVENT_STORE_PORT
ports["CONSUL_PORT"]=$CONSUL_PORT
ports["ZOOKEEPER_CLIENT_PORT"]=$ZOOKEEPER_CLIENT_PORT
# Check for duplicate ports
declare -A port_usage
for service in "${!ports[@]}"; do
port=${ports[$service]}
if [ -n "$port" ]; then
if [ -n "${port_usage[$port]}" ]; then
print_status "ERROR" "Port conflict: $service ($port) conflicts with ${port_usage[$port]}"
else
port_usage[$port]=$service
print_status "OK" "$service using port $port"
fi
fi
done
echo
# Environment-specific checks
echo -e "${BLUE}6. Environment-specific checks...${NC}"
if [ "$APP_ENVIRONMENT" = "production" ]; then
print_status "INFO" "Production environment detected - additional security checks recommended"
if [ "$LOGGING_LEVEL" = "DEBUG" ]; then
print_status "WARNING" "DEBUG logging enabled in production environment"
fi
if [ "$SERVER_CORS_ALLOWED_ORIGINS" = "*" ]; then
print_status "WARNING" "CORS allows all origins in production environment"
fi
else
print_status "OK" "Development environment detected"
fi
echo
# Summary
echo -e "${BLUE}==============================================================================${NC}"
echo -e "${BLUE}Validation Summary${NC}"
echo -e "${BLUE}==============================================================================${NC}"
echo -e "Total checks performed: ${CHECKS}"
echo -e "${GREEN}Successful checks: $((CHECKS - ERRORS - WARNINGS))${NC}"
echo -e "${YELLOW}Warnings: ${WARNINGS}${NC}"
echo -e "${RED}Errors: ${ERRORS}${NC}"
echo
if [ $ERRORS -eq 0 ]; then
if [ $WARNINGS -eq 0 ]; then
echo -e "${GREEN}✓ All checks passed! Your environment configuration is ready.${NC}"
exit 0
else
echo -e "${YELLOW}⚠ Configuration is valid but has warnings. Review the warnings above.${NC}"
exit 0
fi
else
echo -e "${RED}✗ Configuration has errors that must be fixed before running the application.${NC}"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink