kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-06-13 01:50:55 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

move check for working dir for exec functions

Browse Source
This commit is contained in:
Natasha Sarkar
2021-08-20 10:07:32 -07:00
parent 1e1b9b484a
commit e100be620e
5 changed files with 42 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
kyaml/fn/runtime/container/container.go
View File

@@ -5,6 +5,7 @@ package container
import ( import (
"fmt" "fmt"
"os"
runtimeexec "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec" runtimeexec "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec"
"sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil" "sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil"
@@ -139,19 +140,27 @@ func (c Filter) GetExit() error {
} }
func (c *Filter) Filter(nodes []*yaml.RNode) ([]*yaml.RNode, error) { func (c *Filter) Filter(nodes []*yaml.RNode) ([]*yaml.RNode, error) {
c.setupExec() if err := c.setupExec(); err != nil {
return nil, err
}
return c.Exec.Filter(nodes) return c.Exec.Filter(nodes)
} }
func (c *Filter) setupExec() { func (c *Filter) setupExec() error {
// don't init 2x // don't init 2x
if c.Exec.Path != "" { if c.Exec.Path != "" {
return return nil
} }
wd, err := os.Getwd()
if err != nil {
return err
}
c.Exec.WorkingDir = wd
path, args := c.getCommand() path, args := c.getCommand()
c.Exec.Path = path c.Exec.Path = path
c.Exec.Args = args c.Exec.Args = args
return nil
} }
// getArgs returns the command + args to run to spawn the container // getArgs returns the command + args to run to spawn the container

13
kyaml/fn/runtime/container/container_test.go
View File

@@ -6,6 +6,8 @@ package container
import ( import (
"bytes" "bytes"
"fmt" "fmt"
"github.com/stretchr/testify/require"
"os"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@@ -128,7 +130,7 @@ metadata:
instance := NewContainer(tt.containerSpec, tt.UIDGID) instance := NewContainer(tt.containerSpec, tt.UIDGID)
instance.Exec.FunctionConfig = cfg instance.Exec.FunctionConfig = cfg
instance.Env = append(instance.Env, "KYAML_TEST=FOO") instance.Env = append(instance.Env, "KYAML_TEST=FOO")
instance.setupExec() assert.NoError(t, instance.setupExec())
tt.expectedArgs = append(tt.expectedArgs, tt.expectedArgs = append(tt.expectedArgs,
runtimeutil.NewContainerEnvFromStringSlice(instance.Env).GetDockerFlags()...) runtimeutil.NewContainerEnvFromStringSlice(instance.Env).GetDockerFlags()...)
@@ -173,6 +175,8 @@ metadata:
instance.Exec.FunctionConfig = cfg instance.Exec.FunctionConfig = cfg
instance.Exec.Path = "sed" instance.Exec.Path = "sed"
instance.Exec.Args = []string{"s/Deployment/StatefulSet/g"} instance.Exec.Args = []string{"s/Deployment/StatefulSet/g"}
instance.Exec.WorkingDir = getWorkingDir(t)
output, err := instance.Filter(input) output, err := instance.Filter(input)
if !assert.NoError(t, err) { if !assert.NoError(t, err) {
t.FailNow() t.FailNow()
@@ -219,6 +223,7 @@ func TestFilter_ExitCode(t *testing.T) {
instance := Filter{} instance := Filter{}
instance.Exec.Path = "/not/real/command" instance.Exec.Path = "/not/real/command"
instance.Exec.DeferFailure = true instance.Exec.DeferFailure = true
instance.Exec.WorkingDir = getWorkingDir(t)
_, err := instance.Filter(nil) _, err := instance.Filter(nil)
if !assert.NoError(t, err) { if !assert.NoError(t, err) {
t.FailNow() t.FailNow()
@@ -231,3 +236,9 @@ func TestFilter_ExitCode(t *testing.T) {
t.FailNow() t.FailNow()
} }
} }
func getWorkingDir(t *testing.T) string {
wd, err := os.Getwd()
require.NoError(t, err)
return wd
}

21
kyaml/fn/runtime/exec/exec.go
View File

@@ -38,16 +38,17 @@ func (c *Filter) Run(reader io.Reader, writer io.Writer) error {
cmd.Stdin = reader cmd.Stdin = reader
cmd.Stdout = writer cmd.Stdout = writer
cmd.Stderr = os.Stderr cmd.Stderr = os.Stderr
if c.WorkingDir != "" { if c.WorkingDir == "" {
if !filepath.IsAbs(c.WorkingDir) { return errors.Errorf("no working directory set for exec function")
return errors.Errorf(
"relative working directory %s not allowed", c.WorkingDir)
}
if c.WorkingDir == "/" {
return errors.Errorf(
"root working directory '/' not allowed")
}
cmd.Dir = c.WorkingDir
} }
if !filepath.IsAbs(c.WorkingDir) {
return errors.Errorf(
"relative working directory %s not allowed", c.WorkingDir)
}
if c.WorkingDir == "/" {
return errors.Errorf(
"root working directory '/' not allowed")
}
cmd.Dir = c.WorkingDir
return cmd.Run() return cmd.Run()
} }

9
kyaml/fn/runtime/exec/exec_test.go
View File

@@ -4,15 +4,19 @@
package exec_test package exec_test
import ( import (
"os"
"strings" "strings"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"sigs.k8s.io/kustomize/kyaml/fn/runtime/exec" "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec"
"sigs.k8s.io/kustomize/kyaml/yaml" "sigs.k8s.io/kustomize/kyaml/yaml"
) )
func TestFunctionFilter_Filter(t *testing.T) { func TestFunctionFilter_Filter(t *testing.T) {
wd, err := os.Getwd()
require.NoError(t, err)
var tests = []struct { var tests = []struct {
name string name string
input []string input []string
@@ -51,8 +55,9 @@ metadata:
}, },
expectedError: "", expectedError: "",
instance: exec.Filter{ instance: exec.Filter{
Path: "sed", Path: "sed",
Args: []string{"s/Deployment/StatefulSet/g"}, Args: []string{"s/Deployment/StatefulSet/g"},
WorkingDir: wd,
}, },
}, },
} }

4
kyaml/runfn/runfn.go
View File

@@ -510,10 +510,6 @@ func (r *RunFns) ffp(spec runtimeutil.FunctionSpec, api *yaml.RNode, currentUser
} }
if r.EnableExec && spec.Exec.Path != "" { if r.EnableExec && spec.Exec.Path != "" {
if r.WorkingDir == "" {
return nil, fmt.Errorf("no working directory set for exec function")
}
ef := &exec.Filter{ ef := &exec.Filter{
Path: spec.Exec.Path, Path: spec.Exec.Path,
WorkingDir: r.WorkingDir, WorkingDir: r.WorkingDir,