Often, especially in production, you don’t know all of the configuration until your application is actually started. For example, in a cloud provider, important IP addresses and port numbers are often assigned dynamically. This information is provided to the processes via environment variables.
This approach has been codified as part of the12-Factor Appmanifesto.
However, in most Clojure projects, configuration is done primarily in terms of EDN formatconfiguration files.
This library provides a number of reader macros that allow an EDN configuration file to reference data provided in environment variables, JVM system properties, or elsewhere.
dyn-ednintroduces a little bit of indirection into the otherwise fixed content
of an EDN file, in the form of reader macros.
The dynamic bits areproperties:
-
Shell environment variables
-
JVM System properties
-
Explicitly provided properties
The following reader macros are available:
#dyn/prop-
Accesses dynamic properties. The value is either a key, or a vector of a key and a default value.
#dyn/join-
Joins a number of values together to form a single string; this is used when building a single string from a mix of properties and static text.
#dyn/long-
Converts a string to a long value. Typically used with
#dyn/prop. #dyn/boolean-
Converts a string to a boolean value. Typically used with
#dyn/prop. #dyn/keyword-
Converts a string to a keyword value. Typically used with
#dyn/prop.
Here’s an example showing all the variants:
{:connection-pool
{:user-name#dyn/prop [DB_USER"accountsuser"]
:user-pw#dyn/prop DB_PW
:url#dyn/join ["jdbc:postgresql://"
#dyn/prop [DB_HOST"localhost"]
":"
#dyn/prop [DB_PORT"5432"]
"/accounts"]}
:web-server
{:port#dyn/long #dyn/prop"WEB_PORT"}}In this example, theDB_USER,DB_PW,DB_HOST,andDB_PORT,andWEB_PORTenvironment variables
all play a role.
DB_USERandDB_PORTare optional, since default values have been provided.
Let’s assume that theDB_HOSTenvironment variable isdb.example.org,
DB_PWischange-me,andWEB_PORTwas8192,
and the other referenced environment variables are unset.
After parsing and reader macro expansion, the resulting data will be:
{:connection-pool
{:user-name"accountsuser"
:user-pw"change-me"
:url"jdbc:postgresql://db.example.org:5432/accounts"]}
:web-server
{:port8192}}Notice that combining#dyn/longand#dyn/prophas ensured that the web server port number is present
as a number, not as a string.
The#dyn/propmacro’s value is either single key, or a vector of a key and a default value.
The key may be a symbol, keyword, or string.
An exception is thrown if the property is not found and there is no default.
For environment variables or JVM system properties, the dynamic value that replaces the macro will always be a string. For explicit properties, the dynamic value is typically a string, but can be any Clojure data: string, number, keyword, even a map or vector.
Underneath the covers, the key is used for a simple lookup in a map. The map is a merge of all environment variables, all JVM system properties, and any application-provided properties.
As a convenience, each environment variable is added to the maptwice:one using a string key, and once with the string key converted to a symbol.
JVM system properties are added using string keys and string values.
Application properties are added exactly as provided; typically this means keyword keys and any kind of data values.
Theenv-readersfunction returns a map of readers; it may optionally be passed additional
properties beyond those obtained from docker secrets, environment variables and JVM system properties.
(require'[clojure.edn:asedn]
'[clojure.java.io:asio]
'[com.walmartlabs.dyn-edn:refer[env-readers])
(->>"config.edn"
io/resource
slurp
(edn/read-string{:readers(env-readers)})In a docker swarm secrets can be passed to a container when the container is added as a service to the swarm. In the default case, these secrets are mounted from tmpfs at /run/secrets although this location can be specified when the service is created.
e.g.
$printf<secret>|docker secret create my_secret -
$ docker service create --replicas 1 --name<servicename>\
--secret src=my-secret,target="/mysecrets/mysecret"\
--publish published=8081,target=8081<image:tag>The above will create a secret calledmy-secretand make it available as a file at/mysecrets/mysecret.
The following can be used to recover the secret within the Docker conainer:
(require'[clojure.edn:asedn]
'[clojure.java.io:asio]
'[com.walmartlabs.dyn-edn:refer[env-readers])
(->>"config.edn"
io/resource
slurp
(edn/read-string
{:readers(env-readers
{:docker-secrets-dir"/mysecrets"})})If the:docker-secrets-diris not available as a property, it’s assumed that all secrets have been mounted at
/run/secrets(which is Docker’s default location).
|
Note
|
In order for secrets to be available under this library, it is assumed that all secrets are mounted in the same directory. |
Using the example above
$printf5432|docker secret create DB_PORT -
$ docker service create --replicas 1 --name<servicename>\
--secret DB_PORT \
--publish published=8081,target=8081<image:tag>and if DB_PORT isnotin the Environment of the container, the outcome will be the same. The value of the parameter
will be read from the file at/run/secrets/DB_HOSTand made available.
|
Note
|
the value of an env variable with a particular name will overwrite a secret with that name i.e. an environment variable has precedence. |