SAML Support for docker

[LoveSkylark]

Added a new variable that allows the docker to install plugins that are needed for SAML.

"rebased"

[dot-mike]

I have one issue with this... INSTALL_PLUGINS is set-up so installing plugins only happens after container is started because it's a service in root-fs. That means running lnms plugin:add will require internet to work. Not everyone has internet access after an image is built and will be running internally ;)

A better way would be to install the plugins in Dockerfile during image build, all though this requires more steps to ensure things are done in the right order.

[LoveSkylark]

This is by design - installing third-party plugins in the Docker image has two major drawbacks:

1. You'd need to maintain and regularly update all included plugins within the image
2. You'd need to predict and include all possible plugins users might need

Note: If you don't have Internet access, you likely won't be using SAML auth anyway.

This approach is a compromise - plugins are installed during container startup if needed, rather than being pre-installed. While this adds some startup time, it keeps the image lean and flexible, allowing you to use plugins only when required. The installation only occurs when the "INSTALL_PLUGINS" variable is set, so it only affects those willing to accept that startup cost.

[LoveSkylark]

bump

[dot-mike]

Here's how to add plugins during container build... just an example. As mentioned, not everyone has internet access in prod, but images can be built with internet access (i.e proxy).

# install custom plugins
RUN set -eux; \
  PLUGINS="dot-mike/nmscustomfields"; \
  for PLUGIN in $PLUGINS; do \
  FORCE=1 ./scripts/composer_wrapper.php require --update-no-dev $PLUGIN; \
  COMPOSER=composer.plugins.json ./scripts/composer_wrapper.php require --no-update $PLUGIN; \
  done


# refresh env
RUN echo $'#!/usr/bin/with-contenv sh\n\
  set -e\n\
  if [ "$SIDECAR_DISPATCHER" = "1" ] || [ "$SIDECAR_SYSLOGNG" = "1" ] || [ "$SIDECAR_SNMPTRAPD" = "1" ]; then\n\
  exit 0\n\
  fi\n\
  php artisan route:clear\n\
  lnms migrate --force --no-ansi --no-interaction\n\
  artisan cache:clear --no-interaction\n\
  artisan config:cache --no-interaction\n\
  ' > /etc/cont-init.d/99-plugins.sh

[LoveSkylark]

@dot-mike Just to be clear you want me to bake all the auth plugins into the docker image?

I spent some of time figuring out how not to do that because I did not want to add bloat to the image for niche users, but I can easily do that I just assumed that that would be rejected on the principle that you would not want to add a 3rd party Laravel plugin support into the image.

[murrant]

This command does not exist :)