FEATURE/ custom user in toolbox

binbashar · May 6, 2024 · 4999524 · 4999524
1 parent 79bc496
commit 4999524
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 28 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,7 @@ RUN apk update &&\
     apk add --no-cache bash bash-completion ncurses git curl gcc musl-dev python3 python3-dev py3-pip
 
 ENV POETRY_VIRTUALENVS_CREATE=false
-ENV PATH="${PATH}:/root/.poetry/bin"
+ENV PATH="${PATH}:/opt/home/.poetry/bin"
 
 # Install bats from source
 RUN git clone https://github.com/bats-core/bats-core.git && ./bats-core/install.sh /usr/local
@@ -15,9 +15,9 @@ RUN git clone https://github.com/bats-core/bats-support.git
 RUN git clone https://github.com/bats-core/bats-assert.git
 
 # Needed as is mounted later on
-RUN mkdir /root/.ssh
+RUN mkdir /opt/home/.ssh
 # Needed for git to run propertly
-RUN touch /root/.gitconfig
+RUN touch /opt/home/.gitconfig
 
 RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local POETRY_VERSION=1.8.2 python3 -
 

diff --git a/leverage/container.py b/leverage/container.py
@@ -323,8 +323,8 @@ class AWSCLIContainer(SSOContainer):
     AWS_CLI_BINARY = "/usr/local/bin/aws"
 
     # SSO scripts
-    AWS_SSO_LOGIN_SCRIPT = "/root/scripts/aws-sso/aws-sso-login.sh"
-    AWS_SSO_LOGOUT_SCRIPT = "/root/scripts/aws-sso/aws-sso-logout.sh"
+    AWS_SSO_LOGIN_SCRIPT = "/opt/home/scripts/aws-sso/aws-sso-login.sh"
+    AWS_SSO_LOGOUT_SCRIPT = "/opt/home/scripts/aws-sso/aws-sso-logout.sh"
 
     # SSO constants
     AWS_SSO_LOGIN_URL = "https://device.sso.{region}.amazonaws.com/?user_code={user_code}"
@@ -434,8 +434,8 @@ class TerraformContainer(SSOContainer):
 
     TF_BINARY = "/bin/terraform"
 
-    TF_MFA_ENTRYPOINT = "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh"
-    TF_SSO_ENTRYPOINT = "/root/scripts/aws-sso/aws-sso-entrypoint.sh"
+    TF_MFA_ENTRYPOINT = "/opt/home/scripts/aws-mfa/aws-mfa-entrypoint.sh"
+    TF_SSO_ENTRYPOINT = "/opt/home/scripts/aws-sso/aws-sso-entrypoint.sh"
 
     def __init__(self, client, mounts=None, env_vars=None):
         super().__init__(client, mounts=mounts, env_vars=env_vars)

diff --git a/leverage/containers/kubectl.py b/leverage/containers/kubectl.py
@@ -12,7 +12,7 @@ class KubeCtlContainer(TerraformContainer):
     """Container specifically tailored to run kubectl commands."""
 
     KUBECTL_CLI_BINARY = "/usr/local/bin/kubectl"
-    KUBECTL_CONFIG_PATH = Path("/root/.kube")
+    KUBECTL_CONFIG_PATH = Path("/opt/home/.kube")
     KUBECTL_CONFIG_FILE = KUBECTL_CONFIG_PATH / Path("config")
 
     def __init__(self, client):

diff --git a/leverage/modules/terraform.py b/leverage/modules/terraform.py
@@ -325,13 +325,13 @@ def _init(tf, args):
 
     with LiveContainer(tf) as container:
         # create the .ssh directory
-        container.exec_run("mkdir -p /root/.ssh")
+        container.exec_run("mkdir -p /opt/home/.ssh")
         # copy the entire ~/.ssh/ folder
         tar_bytes = tar_directory(tf.paths.home / ".ssh")
-        # into /root/.ssh
-        container.put_archive("/root/.ssh/", tar_bytes)
+        # into /opt/home/.ssh
+        container.put_archive("/opt/home/.ssh/", tar_bytes)
         # correct the owner of the files to match with the docker internal user
-        container.exec_run("chown root:root -R /root/.ssh/")
+        container.exec_run("chown root:root -R /opt/home/.ssh/")
 
         with AwsCredsContainer(container, tf):
             dockerpty.exec_command(

diff --git a/leverage/path.py b/leverage/path.py
@@ -186,7 +186,7 @@ def backend_tfvars(self):
 
     @property
     def guest_aws_credentials_dir(self):
-        return f"/root/tmp/{self.project}"
+        return f"/opt/home/tmp/{self.project}"
 
     @property
     def host_aws_profiles_file(self):

diff --git a/tests/test_containers/test_aws.py b/tests/test_containers/test_aws.py
@@ -55,12 +55,12 @@ def test_sso_login(mocked_new_tab, aws_container, fake_os_user, propagate_logs,
 
     container_args = aws_container.client.api.create_container.call_args_list[0][1]
     # make sure we: point to the correct script
-    assert container_args["command"] == "/root/scripts/aws-sso/aws-sso-login.sh"
+    assert container_args["command"] == "/opt/home/scripts/aws-sso/aws-sso-login.sh"
     # the browser tab points to the correct code and the correct region
     assert mocked_new_tab.call_args[0][0] == "https://device.sso.us-east-1.amazonaws.com/?user_code=TEST-CODE"
     # ownership of the files was given back
     container_args = aws_container.client.api.create_container.call_args_list[1][1]
-    assert container_args["command"] == "chown 1234:5678 -R /root/tmp/test"
+    assert container_args["command"] == "chown 1234:5678 -R /opt/home/tmp/test"
     assert mocked_new_tab.call_args[0][0] == test_link
     # and the fallback method is printed
     assert caplog.messages[0] == aws_container.FALLBACK_LINK_MSG.format(link=test_link)
diff --git a/tests/test_containers/test_kubectl.py b/tests/test_containers/test_kubectl.py
@@ -57,14 +57,14 @@ def test_start_shell(kubectl_container):
     assert container_args["entrypoint"] == ""
 
     # make sure we are pointing to the AWS credentials
-    assert container_args["environment"]["AWS_CONFIG_FILE"] == "/root/tmp/test/config"
-    assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/root/tmp/test/credentials"
+    assert container_args["environment"]["AWS_CONFIG_FILE"] == "/opt/home/tmp/test/config"
+    assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/opt/home/tmp/test/credentials"
 
     # make sure we mounted the .kube config folder
-    assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/root/.kube")
+    assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/opt/home/.kube")
 
     # and the aws config folder
-    assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/root/tmp/test")
+    assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/opt/home/tmp/test")
 
 
 # don't rely on the filesystem
@@ -75,7 +75,7 @@ def test_configure(kubectl_container, fake_os_user):
     with patch.object(kubectl_container, "_start", return_value=0) as mock_start:
         kubectl_container.configure()
 
-    assert mock_start.call_args[0][0] == f'bash -c "{AWS_EKS_UPDATE_KUBECONFIG} && chown 1234:5678 /root/.kube/config"'
+    assert mock_start.call_args[0][0] == f'bash -c "{AWS_EKS_UPDATE_KUBECONFIG} && chown 1234:5678 /opt/home/.kube/config"'
 
 
 #####################
@@ -96,11 +96,11 @@ def test_start_shell_mfa(kubectl_container):
 
     # we want a shell, so -> /bin/bash with no entrypoint
     assert container_args["command"] == "/bin/bash"
-    assert container_args["entrypoint"] == "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh -- "
+    assert container_args["entrypoint"] == "/opt/home/scripts/aws-mfa/aws-mfa-entrypoint.sh -- "
 
     # make sure we are pointing to the right AWS credentials: /.aws/ folder for MFA
-    assert container_args["environment"]["AWS_CONFIG_FILE"] == "/root/.aws/test/config"
-    assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/root/.aws/test/credentials"
+    assert container_args["environment"]["AWS_CONFIG_FILE"] == "/opt/home/.aws/test/config"
+    assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/opt/home/.aws/test/credentials"
 
 
 @patch("leverage.container.refresh_layer_credentials")
@@ -118,5 +118,5 @@ def test_start_shell_sso(mock_refresh, kubectl_container):
     assert mock_refresh.called_once
 
     # make sure we are pointing to the right AWS credentials: /tmp/ folder for SSO
-    assert container_args["environment"]["AWS_CONFIG_FILE"] == "/root/tmp/test/config"
-    assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/root/tmp/test/credentials"
+    assert container_args["environment"]["AWS_CONFIG_FILE"] == "/opt/home/tmp/test/config"
+    assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/opt/home/tmp/test/credentials"
diff --git a/tests/test_containers/test_terraform.py b/tests/test_containers/test_terraform.py
@@ -51,7 +51,7 @@ def test_auth_method_mfa_enabled(terraform_container):
     terraform_container.sso_enabled = False
     terraform_container.mfa_enabled = True
 
-    assert terraform_container.auth_method() == "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh -- "
+    assert terraform_container.auth_method() == "/opt/home/scripts/aws-mfa/aws-mfa-entrypoint.sh -- "
 
 
 def test_auth_method_else(terraform_container):

diff --git a/tests/test_modules/test_terraform.py b/tests/test_modules/test_terraform.py
@@ -36,8 +36,8 @@ def test_init(terraform_container):
         with patch("dockerpty.exec_command") as mocked_pty:
             _init([])
 
-    assert live_container.exec_run.call_args_list[0].args[0] == "mkdir -p /root/.ssh"
-    assert live_container.exec_run.call_args_list[1].args[0] == "chown root:root -R /root/.ssh/"
+    assert live_container.exec_run.call_args_list[0].args[0] == "mkdir -p /opt/home/.ssh"
+    assert live_container.exec_run.call_args_list[1].args[0] == "chown root:root -R /opt/home/.ssh/"
     assert (
         mocked_pty.call_args_list[0].kwargs["command"]
         == f"terraform init -backend-config=/project/./config/backend.tfvars"