v2.3.0, documenting new env flag

Author: alicethorne-ab

aws-ecsfargate-terraform/task-definitions/scim.json

@@ -1,7 +1,7 @@
 [
   {
     "name": "scim-bridge",
-    "image": "1password/scim:v2.2.1",
+    "image": "1password/scim:v2.3.0",
     "cpu": 128,
     "memory": 512,
     "essential": true,

docker/README.md

@@ -157,6 +157,7 @@ The following options are available for advanced or custom deployments. Unless y
 * `OP_REDIS_URL` - you can specify `redis://` or `rediss://` (for TLS) URL here to point towards an alternative Redis host. You can then strip out the sections in `docker-compose.yml` that refer to Redis to not deploy that container. Note that Redis is still required for the SCIM bridge to function.
 * `OP_PRETTY_LOGS` - can be set to `1` if you would like the SCIM bridge to output logs in a human-readable format. This can be helpful if you aren’t planning on doing custom log ingestion in your environment.
 * `OP_DEBUG` - can be set to `1` to enable debug output in the logs. Useful for troubleshooting or when contacting 1Password Support.
+* `OP_PING_SERVER` - can be set to `1` to enable an optional `/ping` endpoint on port `80`. Useful for health checks. Disabled if `OP_LETSENCRYPT_DOMAIN` is unset and TLS is not utilized.
 
 #### Generating `scim.env` file on Windows
 

docker/compose/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "2.2"
 services:
   scim:
-    image: 1password/scim:v2.2.1
+    image: 1password/scim:v2.3.0
     ports:
       - "3002:3002"
       - "80:8080"

docker/compose/scim.env

@@ -28,3 +28,7 @@ OP_REDIS_URL=redis://redis:6379
 
 # OP_LETSENCRYPT_EMAIL changes the email address provided to Let's Encrypt when a certificate is issued for your SCIM bridge, default: "1pw@[OP_LETSENCRYPT_DOMAIN]"
 #[email protected]
+
+# OP_PING_SERVER brings up a `/ping` endpoint which can be useful for health checks
+# It is disabled if OP_LETSENCRYPT_DOMAIN is unset
+#OP_PING_SERVER=1

docker/swarm/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.3"
 services:
   scim:
-    image: 1password/scim:v2.2.1
+    image: 1password/scim:v2.3.0
     deploy:
       replicas: 1
       restart_policy:

docker/swarm/scim.env

@@ -21,6 +21,10 @@ OP_REDIS_URL=redis://redis:6379
 # OP_DEBUG enables more detailed logging, which can be useful during troubleshooting or debugging
 #OP_DEBUG=1
 
+# OP_PING_SERVER brings up a `/ping` endpoint which can be useful for health checks
+# It is disabled if OP_LETSENCRYPT_DOMAIN is unset
+#OP_PING_SERVER=1
+
 # OP_SESSION can be either the base64-encoded string of a `scimsession` file, or it can be the path to a `scimsession` file (as in a Docker Swarm Secret)
 # examples: "OP_SESSION=abcdefg123456", "OP_SESSION=/path/to/scimsession"
 # NOTE: this should not be changed when deploying with Docker Swarm

kubernetes/README.md

@@ -155,3 +155,12 @@ You can set `OP_PRETTY_LOGS` to `1` if you would like the SCIM bridge to output
 ### Debug Mode
 
 You can set `OP_DEBUG` to `1` to enable debug output in the logs. Useful for troubleshooting or when contacting 1Password Support.
+
+### Health Check Ping Server
+
+When using Let’s Encrypt on some Kubernetes clusters, health checks can fail for the SCIM bridge before the bridge is able to obtain a Let’s Encrypt certificate.
+
+You can set `OP_PING_SERVER` to `1` to enable a `/ping` endpoint on port `80` so that health checks will always be brought online. For security reasons, no other endpoints (such as `/scim`) are exposed through this port.
+
+The endpoint is disabled if `OP_LETSENCRYPT_DOMAIN` is set to blank and TLS is not utilized.
+

kubernetes/op-scim-config.yaml

@@ -10,6 +10,7 @@ data:
   OP_SESSION: "/secret/scimsession"
   OP_PRETTY_LOGS: "0"
   OP_DEBUG: "0"
+  OP_PING_SERVER: "0"
   # (optional) uncomment this line to change the email that is used when Let's Encrypt issues your SCIM bridge a certificate
   # default: "1pw@[OP_LETSENCRYPT_DOMAIN]" 
   #OP_LETSENRYPT_EMAIL: "[email protected]"

kubernetes/op-scim-deployment.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: op-scim-bridge
-          image: 1password/scim:v2.2.1
+          image: 1password/scim:v2.3.0
           ports:
             - containerPort: 3002
           volumeMounts: