0

I'm trying to load AWS SSM Parameters in my docker-entrypoint.sh I'm testing the failure case and it continues to the CMD if it fails.

#!/bin/bash
set -eo pipefail

ssm_available() {
  if [ -z ${SSM_BASE_PATH+x} ]; then
    return 1
  fi

  return 0
}

get_ssm_params() {
  aws ssm get-parameters-by-path --no-paginate --path ${SSM_BASE_PATH} --with-decryption --query Parameters | \
  jq -r 'map("\(.Name | sub("'${SSM_BASE_PATH}'";""))=\(.Value)") | join("\n")'
}

exec_with_ssm_parameters() {
  for parameter in `get_ssm_params`; do
    echo "Info: Exporting parameter ${parameter%%=*}"
    export ${parameter}
  done
  exec "$@"
}

main() {
  if ssm_available; then
    echo "Info: Loading SSM Parameters" >&2
    exec_with_ssm_parameters "$@"
  fi

  echo "Info: Starting ..." >&2
  exec "$@"
}

main "$@"

I've tried both set -e and set -eo pipefail but if the aws call fails, it will still continue to start the server.

How do I make Docker stop executing if the there are any failures in docker-entrypoint.sh?

EDIT: I believe it's because the command is completing successfully, but I'm not handling errors in the response.

PGT
  • 1,468
  • 20
  • 34

1 Answers1

1

The command aws ssm get-parameters-by-path --no-paginate --path ${SSM_BASE_PATH} --with-decryption --query Parameters is not failing so will not trigger any non-zero exit code handling.

Instead you should deal with the empty response from the get_ssm_params function in the exec_with_ssm_parameters function by checking if the response exists.

Something like the following using the -z flag to test whether the string is empty should resolve your issue:

exec_with_ssm_parameters() {
  local params=$(get_ssm_params)

  if [ -z "$params" ]; then
    echo "Error: No SSM parameters found"
    exit 1
  fi

  for parameter in $params; do
    echo "Info: Exporting parameter ${parameter%%=*}"
    export ${parameter}
  done

  exec "$@"
}
AdamMcKay
  • 549
  • 6
  • 15