image/Dockerfile - airflow-openldap - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 FROM debian:buster-slim

 COPY base-image /container
 RUN /container/build.sh

 ARG AIRFLOW_OPENLDAP_VERSION
 ARG OPENLDAP_VERSION
 ARG COMMIT_SHA

 ARG LDAP_OPENLDAP_GID
 ARG LDAP_OPENLDAP_UID

 ARG PQCHECKER_VERSION=2.0.0
 ARG PQCHECKER_MD5=c005ce596e97d13e39485e711dcbc7e1

 MAINTAINER "Apache Airflow Community <dev@airflow.apache.org>"

 ENV LANG="en_US.UTF-8" \
     LANGUAGE="en_US:en" \
     LC_ALL="en_US.UTF-8"


 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 # If explicit uid or gid is given, use it.
 RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -g 911 -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
     && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -u 911 -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi

 # Add buster-backports in preparation for downloading newer openldap components, especially sladp
 RUN echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

 # Install OpenLDAP, ldap-utils and ssl-tools from the (backported) baseimage and clean apt-get files
 # sources: https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-service-available
 #          https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/download.sh
 RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update \
     && /container/tool/add-service-available :ssl-tools \
     && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t buster-backports install -y --no-install-recommends \
     ca-certificates \
     curl \
     ldap-utils \
     libsasl2-modules \
     libsasl2-modules-db \
     libsasl2-modules-gssapi-mit \
     libsasl2-modules-ldap \
     libsasl2-modules-otp \
     libsasl2-modules-sql \
     openssl \
     slapd \
     slapd-contrib \
     krb5-kdc-ldap \
     && curl -o pqchecker.deb -SL http://www.meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb \
     && echo "${PQCHECKER_MD5} *pqchecker.deb" | md5sum -c - \
     && dpkg -i pqchecker.deb \
     && rm pqchecker.deb \
     && update-ca-certificates \
     && apt-get remove -y --purge --auto-remove curl ca-certificates \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

 # Add service directory to /container/service
 ADD service /container/service

 # Use baseimage install-service script
 # https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service
 RUN /container/tool/install-service

 # Add default env variables
 ADD environment /container/environment/99-default

 # Expose default ldap and ldaps ports
 EXPOSE 389 636

 LABEL org.apache.airflow.component="openldap"
 LABEL org.apache.airflow.openldap.version="${OPENLDAP_VERSION}"
 LABEL org.apache.airflow.airflow_openldap.version="${AIRFLOW_OPENLDAP_VERSION}"
 LABEL org.apache.airflow.commit_sha="${COMMIT_SHA}"

 ENTRYPOINT ["/container/tool/run"]

 # Put ldap config and database dir in a volume to persist data.
 # VOLUME /etc/ldap/slapd.d /var/lib/ldap
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	FROM debian:buster-slim

	COPY base-image /container
	RUN /container/build.sh

	ARG AIRFLOW_OPENLDAP_VERSION
	ARG OPENLDAP_VERSION
	ARG COMMIT_SHA

	ARG LDAP_OPENLDAP_GID
	ARG LDAP_OPENLDAP_UID

	ARG PQCHECKER_VERSION=2.0.0
	ARG PQCHECKER_MD5=c005ce596e97d13e39485e711dcbc7e1

	MAINTAINER "Apache Airflow Community <dev@airflow.apache.org>"

	ENV LANG="en_US.UTF-8" \
	LANGUAGE="en_US:en" \
	LC_ALL="en_US.UTF-8"


	# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
	# If explicit uid or gid is given, use it.
	RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -g 911 -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
	&& if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -u 911 -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi

	# Add buster-backports in preparation for downloading newer openldap components, especially sladp
	RUN echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

	# Install OpenLDAP, ldap-utils and ssl-tools from the (backported) baseimage and clean apt-get files
	# sources: https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-service-available
	# https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/download.sh
	RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update \
	&& /container/tool/add-service-available :ssl-tools \
	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t buster-backports install -y --no-install-recommends \
	ca-certificates \
	curl \
	ldap-utils \
	libsasl2-modules \
	libsasl2-modules-db \
	libsasl2-modules-gssapi-mit \
	libsasl2-modules-ldap \
	libsasl2-modules-otp \
	libsasl2-modules-sql \
	openssl \
	slapd \
	slapd-contrib \
	krb5-kdc-ldap \
	&& curl -o pqchecker.deb -SL http://www.meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb \
	&& echo "${PQCHECKER_MD5} *pqchecker.deb" \| md5sum -c - \
	&& dpkg -i pqchecker.deb \
	&& rm pqchecker.deb \
	&& update-ca-certificates \
	&& apt-get remove -y --purge --auto-remove curl ca-certificates \
	&& apt-get clean \
	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

	# Add service directory to /container/service
	ADD service /container/service

	# Use baseimage install-service script
	# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service
	RUN /container/tool/install-service

	# Add default env variables
	ADD environment /container/environment/99-default

	# Expose default ldap and ldaps ports
	EXPOSE 389 636

	LABEL org.apache.airflow.component="openldap"
	LABEL org.apache.airflow.openldap.version="${OPENLDAP_VERSION}"
	LABEL org.apache.airflow.airflow_openldap.version="${AIRFLOW_OPENLDAP_VERSION}"
	LABEL org.apache.airflow.commit_sha="${COMMIT_SHA}"

	ENTRYPOINT ["/container/tool/run"]

	# Put ldap config and database dir in a volume to persist data.
	# VOLUME /etc/ldap/slapd.d /var/lib/ldap