Hexadite · SwatantraYadav · Mar 11, 2022 · Mar 11, 2022 · Mar 14, 2022 · Mar 14, 2022
diff --git a/.gitignore b/.gitignore
@@ -100,3 +100,4 @@ ENV/
 # mypy
 .mypy_cache/
 .idea/
+/.vs
diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,34 @@
-FROM python:3.9-slim
+FROM ubuntu:18.04 as build-env
+
+LABEL name="docker_acs_keyvault_agent" \
+      version="2.0.1" \
+      description="Build acs_keyvault_agent image" \
+      maintainer="[email protected]" \
+      repo="https://msazure.visualstudio.com/One/_git/Compute-Runtime-Tux-GenevaContainers"
 
-RUN useradd -m -u 999 appuser
+# Use azure mirror for security reason
+RUN sed -i "s://archive\.ubuntu\.com/://azure.archive.ubuntu.com/:" /etc/apt/sources.list
 
-WORKDIR /app
+# Update cache and upgrade base packages
+RUN apt-get update && apt-get upgrade -y
 
-COPY requirements.txt ./
+# Install dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends python-pip
+RUN apt-get install -y --no-install-recommends git
 
-RUN python3 -m pip install --no-cache-dir -r requirements.txt
+# Clone acs-keyvault-agent github repository
+WORKDIR /repo
+RUN git clone https://github.com/Hexadite/acs-keyvault-agent.git
+# Checkout version 
+WORKDIR /repo/acs-keyvault-agent
+RUN git checkout ca85044b7c4f4d11b43b9d318ddfb1d4016e0792
+
+# Build runtime image
+FROM python:3.9-slim
 
-COPY ./app/ ./
+COPY --from=build-env /repo/acs-keyvault-agent .
 
-USER 999
+# install requirements
+RUN pip3 install --no-cache-dir -r requirements.txt
 
-CMD ["python3", "./main.py"]
+ENTRYPOINT [ "python3", "/app/main.py" ]
diff --git a/app/main.py b/app/main.py
@@ -86,7 +86,7 @@ def _parse_sp_env(self):
 
     def _get_client(self):
         if os.getenv("USE_MSI", "false").lower() == "true":
-            _logger.info('Using MSI')
+            _logger.info('Using MSI because USE_MSI is set')
             if "MSI_CLIENT_ID" in os.environ:
                 msi_client_id = os.environ["MSI_CLIENT_ID"]
                 _logger.info('Using client_id: %s', msi_client_id)
@@ -109,7 +109,7 @@ def _get_client(self):
             # azure.json file will have "msi" as the client_id and client_secret
             # if the node is running managed identity
             if self.client_id == "msi" and self.client_secret == "msi":
-                _logger.info('Using MSI')
+                _logger.info('Using pod managed MSI')
                 # refer _parse_sp_file, potentially we could have mi client id from sp
                 if self.user_assigned_identity_id != "":
                     _logger.info('Using client_id: %s', self.user_assigned_identity_id)

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,5 @@
-azure-keyvault==1.0.0
-msrestazure==0.4.34
-adal==1.2.4
-pyopenssl==18.0.0
-kubernetes==12.0.1
+azure-keyvault==4.1.0
+msrestazure==0.6.4
+adal==1.2.7
+pyopenssl==22.0.0
+kubernetes==23.3.0
-Original file line number
+Diff line change
@@ Expand Up / @@ -100,3 +100,4 @@ ENV/ @@
     # mypy
     .mypy_cache/
     .idea/
+    /.vs