move check for working dir for exec functions

2026-05-17 18:25:26 +00:00 · 2021-08-20 10:07:32 -07:00
parent 1e1b9b484a
commit e100be620e
5 changed files with 42 additions and 20 deletions
--- a/kyaml/fn/runtime/container/container.go
+++ b/kyaml/fn/runtime/container/container.go
@@ -5,6 +5,7 @@ package container

 import (
 	"fmt"
+	"os"

 	runtimeexec "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec"
 	"sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil"
@@ -139,19 +140,27 @@ func (c Filter) GetExit() error {
 }

 func (c *Filter) Filter(nodes []*yaml.RNode) ([]*yaml.RNode, error) {
-	c.setupExec()
+	if err := c.setupExec(); err != nil {
+		return nil, err
+	}
 	return c.Exec.Filter(nodes)
 }

-func (c *Filter) setupExec() {
+func (c *Filter) setupExec() error {
 	// don't init 2x
 	if c.Exec.Path != "" {
-		return
+		return nil
 	}
+	wd, err := os.Getwd()
+	if err != nil {
+		return err
+	}
+	c.Exec.WorkingDir = wd

 	path, args := c.getCommand()
 	c.Exec.Path = path
 	c.Exec.Args = args
+	return nil
 }

 // getArgs returns the command + args to run to spawn the container
--- a/kyaml/fn/runtime/container/container_test.go
+++ b/kyaml/fn/runtime/container/container_test.go
@@ -6,6 +6,8 @@ package container
 import (
 	"bytes"
 	"fmt"
+	"github.com/stretchr/testify/require"
+	"os"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -128,7 +130,7 @@ metadata:
 			instance := NewContainer(tt.containerSpec, tt.UIDGID)
 			instance.Exec.FunctionConfig = cfg
 			instance.Env = append(instance.Env, "KYAML_TEST=FOO")
-			instance.setupExec()
+			assert.NoError(t, instance.setupExec())

 			tt.expectedArgs = append(tt.expectedArgs,
 				runtimeutil.NewContainerEnvFromStringSlice(instance.Env).GetDockerFlags()...)
@@ -173,6 +175,8 @@ metadata:
 	instance.Exec.FunctionConfig = cfg
 	instance.Exec.Path = "sed"
 	instance.Exec.Args = []string{"s/Deployment/StatefulSet/g"}
+	instance.Exec.WorkingDir = getWorkingDir(t)
+
 	output, err := instance.Filter(input)
 	if !assert.NoError(t, err) {
 		t.FailNow()
@@ -219,6 +223,7 @@ func TestFilter_ExitCode(t *testing.T) {
 	instance := Filter{}
 	instance.Exec.Path = "/not/real/command"
 	instance.Exec.DeferFailure = true
+	instance.Exec.WorkingDir = getWorkingDir(t)
 	_, err := instance.Filter(nil)
 	if !assert.NoError(t, err) {
 		t.FailNow()
@@ -231,3 +236,9 @@ func TestFilter_ExitCode(t *testing.T) {
 		t.FailNow()
 	}
 }
+
+func getWorkingDir(t *testing.T) string {
+	wd, err := os.Getwd()
+	require.NoError(t, err)
+	return wd
+}
--- a/kyaml/fn/runtime/exec/exec.go
+++ b/kyaml/fn/runtime/exec/exec.go
@@ -38,16 +38,17 @@ func (c *Filter) Run(reader io.Reader, writer io.Writer) error {
 	cmd.Stdin = reader
 	cmd.Stdout = writer
 	cmd.Stderr = os.Stderr
-	if c.WorkingDir != "" {
-		if !filepath.IsAbs(c.WorkingDir) {
-			return errors.Errorf(
-				"relative working directory %s not allowed", c.WorkingDir)
-		}
-		if c.WorkingDir == "/" {
-			return errors.Errorf(
-				"root working directory '/' not allowed")
-		}
-		cmd.Dir = c.WorkingDir
+	if c.WorkingDir == "" {
+		return errors.Errorf("no working directory set for exec function")
 	}
+	if !filepath.IsAbs(c.WorkingDir) {
+		return errors.Errorf(
+			"relative working directory %s not allowed", c.WorkingDir)
+	}
+	if c.WorkingDir == "/" {
+		return errors.Errorf(
+			"root working directory '/' not allowed")
+	}
+	cmd.Dir = c.WorkingDir
 	return cmd.Run()
 }
--- a/kyaml/fn/runtime/exec/exec_test.go
+++ b/kyaml/fn/runtime/exec/exec_test.go
@@ -4,15 +4,19 @@
 package exec_test

 import (
+	"os"
 	"strings"
 	"testing"

 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"sigs.k8s.io/kustomize/kyaml/fn/runtime/exec"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )

 func TestFunctionFilter_Filter(t *testing.T) {
+	wd, err := os.Getwd()
+	require.NoError(t, err)
 	var tests = []struct {
 		name           string
 		input          []string
@@ -51,8 +55,9 @@ metadata:
 			},
 			expectedError: "",
 			instance: exec.Filter{
-				Path: "sed",
-				Args: []string{"s/Deployment/StatefulSet/g"},
+				Path:       "sed",
+				Args:       []string{"s/Deployment/StatefulSet/g"},
+				WorkingDir: wd,
 			},
 		},
 	}
--- a/kyaml/runfn/runfn.go
+++ b/kyaml/runfn/runfn.go
@@ -510,10 +510,6 @@ func (r *RunFns) ffp(spec runtimeutil.FunctionSpec, api *yaml.RNode, currentUser
 	}

 	if r.EnableExec && spec.Exec.Path != "" {
-		if r.WorkingDir == "" {
-			return nil, fmt.Errorf("no working directory set for exec function")
-		}
-
 		ef := &exec.Filter{
 			Path:       spec.Exec.Path,
 			WorkingDir: r.WorkingDir,