fix: scratch env vars and args parsing

andrmr · andrmr · commit 41779f98104d · 2025-12-31T18:54:18.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -30,8 +30,6 @@ ENV POLICY="/policies/traefik.json"
 ENV LISTEN_ADDR=":2375"
 ENV DOCKER_SOCKET_PATH="/var/run/docker.sock"
 
-CMD ["-policy=$POLICY", "-listen-addr=$LISTEN_ADDR", "-socket-path=$DOCKER_SOCKET_PATH"]
-
 LABEL org.opencontainers.image.description="Docker Socket Proxy"
 LABEL org.opencontainers.image.url="https://github.com/andrmr/docker-socket-proxy"
 LABEL org.opencontainers.image.source="https://github.com/andrmr/docker-socket-proxy.git"
diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"flag"
+	"fmt"
 	"log/slog"
 	"net/http"
 	"os"
@@ -23,19 +24,48 @@ const (
 	shutdownTimeout         = 10 * time.Second
 )
 
+func getEnv(key, fallback string) string {
+	if value, ok := os.LookupEnv(key); ok {
+		return value
+	}
+	return fallback
+}
+
 func main() {
-	policyPath := flag.String("policy", "policy.json", "Path to the authorization policy JSON file")
-	listenAddr := flag.String("listen-addr", ":2375", "Address to listen on")
-	socketPath := flag.String("socket-path", "/var/run/docker.sock", "Path to the Docker Unix socket")
+	flag.Usage = func() {
+		fmt.Fprintf(os.Stderr, "Docker Socket Proxy using JSON policy for access control.\n\n")
+		fmt.Fprintf(os.Stderr, "Usage:\n")
+		fmt.Fprintf(os.Stderr, "  docker-socket-proxy [flags]\n\n")
+		fmt.Fprintf(os.Stderr, "Configuration can be provided via flags or environment variables.\n")
+		fmt.Fprintf(os.Stderr, "Flags take precedence over environment variables.\n\n")
+		fmt.Fprintf(os.Stderr, "Flags:\n")
+		flag.PrintDefaults()
+		fmt.Fprintf(os.Stderr, "\nEnvironment Variables:\n")
+		fmt.Fprintf(os.Stderr, "  POLICY              Path to the authorization policy JSON file (default: policy.json)\n")
+		fmt.Fprintf(os.Stderr, "  LISTEN_ADDR         Address to listen on (default: :2375)\n")
+		fmt.Fprintf(os.Stderr, "  DOCKER_SOCKET_PATH  Path to the Docker Unix socket (default: /var/run/docker.sock)\n\n")
+		fmt.Fprintf(os.Stderr, "Example:\n")
+		fmt.Fprintf(os.Stderr, "  DOCKER_SOCKET_PATH=/run/docker.sock docker-socket-proxy -listen-addr :2376\n")
+	}
+
+	policyPath := flag.String("policy", getEnv("POLICY", "policy.json"), "Path to the authorization policy JSON file")
+	listenAddr := flag.String("listen-addr", getEnv("LISTEN_ADDR", ":2375"), "Address to listen on")
+	socketPath := flag.String("socket-path", getEnv("DOCKER_SOCKET_PATH", "/var/run/docker.sock"), "Path to the Docker Unix socket")
 	flag.Parse()
 
 	logger := initLogger()
 
 	logger.Info("starting docker socket proxy", "listen", *listenAddr, "socket", *socketPath, "policy", *policyPath)
 
+	if _, err := os.Stat(*policyPath); os.IsNotExist(err) {
+		fmt.Fprintf(os.Stderr, "Error: Policy file not found: %s\n\n", *policyPath)
+		flag.Usage()
+		os.Exit(1)
+	}
+
 	pol, err := auth.LoadPolicy(*policyPath)
 	if err != nil {
-		logger.Error("failed to load policy", "err", err)
+		fmt.Fprintf(os.Stderr, "Error: Failed to load policy: %v\n", err)
 		os.Exit(1)
 	}
 
