From 499952463b43acb89d761ebf2375091028c237da Mon Sep 17 00:00:00 2001 From: Juan Matias Kungfoo de la Camara Beovide Date: Mon, 6 May 2024 17:05:52 -0300 Subject: [PATCH] FEATURE/ custom user in toolbox --- Dockerfile | 6 +++--- leverage/container.py | 8 ++++---- leverage/containers/kubectl.py | 2 +- leverage/modules/terraform.py | 8 ++++---- leverage/path.py | 2 +- tests/test_containers/test_aws.py | 4 ++-- tests/test_containers/test_kubectl.py | 20 ++++++++++---------- tests/test_containers/test_terraform.py | 2 +- tests/test_modules/test_terraform.py | 4 ++-- 9 files changed, 28 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8d1b0b94..57b88c5d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ RUN apk update &&\ apk add --no-cache bash bash-completion ncurses git curl gcc musl-dev python3 python3-dev py3-pip ENV POETRY_VIRTUALENVS_CREATE=false -ENV PATH="${PATH}:/root/.poetry/bin" +ENV PATH="${PATH}:/opt/home/.poetry/bin" # Install bats from source RUN git clone https://github.com/bats-core/bats-core.git && ./bats-core/install.sh /usr/local @@ -15,9 +15,9 @@ RUN git clone https://github.com/bats-core/bats-support.git RUN git clone https://github.com/bats-core/bats-assert.git # Needed as is mounted later on -RUN mkdir /root/.ssh +RUN mkdir /opt/home/.ssh # Needed for git to run propertly -RUN touch /root/.gitconfig +RUN touch /opt/home/.gitconfig RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local POETRY_VERSION=1.8.2 python3 - diff --git a/leverage/container.py b/leverage/container.py index 5e3964f3..7c0e4783 100644 --- a/leverage/container.py +++ b/leverage/container.py @@ -323,8 +323,8 @@ class AWSCLIContainer(SSOContainer): AWS_CLI_BINARY = "/usr/local/bin/aws" # SSO scripts - AWS_SSO_LOGIN_SCRIPT = "/root/scripts/aws-sso/aws-sso-login.sh" - AWS_SSO_LOGOUT_SCRIPT = "/root/scripts/aws-sso/aws-sso-logout.sh" + AWS_SSO_LOGIN_SCRIPT = "/opt/home/scripts/aws-sso/aws-sso-login.sh" + AWS_SSO_LOGOUT_SCRIPT = "/opt/home/scripts/aws-sso/aws-sso-logout.sh" # SSO constants AWS_SSO_LOGIN_URL = "https://device.sso.{region}.amazonaws.com/?user_code={user_code}" @@ -434,8 +434,8 @@ class TerraformContainer(SSOContainer): TF_BINARY = "/bin/terraform" - TF_MFA_ENTRYPOINT = "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh" - TF_SSO_ENTRYPOINT = "/root/scripts/aws-sso/aws-sso-entrypoint.sh" + TF_MFA_ENTRYPOINT = "/opt/home/scripts/aws-mfa/aws-mfa-entrypoint.sh" + TF_SSO_ENTRYPOINT = "/opt/home/scripts/aws-sso/aws-sso-entrypoint.sh" def __init__(self, client, mounts=None, env_vars=None): super().__init__(client, mounts=mounts, env_vars=env_vars) diff --git a/leverage/containers/kubectl.py b/leverage/containers/kubectl.py index c8d62c74..446a59be 100644 --- a/leverage/containers/kubectl.py +++ b/leverage/containers/kubectl.py @@ -12,7 +12,7 @@ class KubeCtlContainer(TerraformContainer): """Container specifically tailored to run kubectl commands.""" KUBECTL_CLI_BINARY = "/usr/local/bin/kubectl" - KUBECTL_CONFIG_PATH = Path("/root/.kube") + KUBECTL_CONFIG_PATH = Path("/opt/home/.kube") KUBECTL_CONFIG_FILE = KUBECTL_CONFIG_PATH / Path("config") def __init__(self, client): diff --git a/leverage/modules/terraform.py b/leverage/modules/terraform.py index 7e769c42..2b7b8c5e 100644 --- a/leverage/modules/terraform.py +++ b/leverage/modules/terraform.py @@ -325,13 +325,13 @@ def _init(tf, args): with LiveContainer(tf) as container: # create the .ssh directory - container.exec_run("mkdir -p /root/.ssh") + container.exec_run("mkdir -p /opt/home/.ssh") # copy the entire ~/.ssh/ folder tar_bytes = tar_directory(tf.paths.home / ".ssh") - # into /root/.ssh - container.put_archive("/root/.ssh/", tar_bytes) + # into /opt/home/.ssh + container.put_archive("/opt/home/.ssh/", tar_bytes) # correct the owner of the files to match with the docker internal user - container.exec_run("chown root:root -R /root/.ssh/") + container.exec_run("chown root:root -R /opt/home/.ssh/") with AwsCredsContainer(container, tf): dockerpty.exec_command( diff --git a/leverage/path.py b/leverage/path.py index a6564d87..5f7662a7 100644 --- a/leverage/path.py +++ b/leverage/path.py @@ -186,7 +186,7 @@ def backend_tfvars(self): @property def guest_aws_credentials_dir(self): - return f"/root/tmp/{self.project}" + return f"/opt/home/tmp/{self.project}" @property def host_aws_profiles_file(self): diff --git a/tests/test_containers/test_aws.py b/tests/test_containers/test_aws.py index 4532109d..d9fe4132 100644 --- a/tests/test_containers/test_aws.py +++ b/tests/test_containers/test_aws.py @@ -55,12 +55,12 @@ def test_sso_login(mocked_new_tab, aws_container, fake_os_user, propagate_logs, container_args = aws_container.client.api.create_container.call_args_list[0][1] # make sure we: point to the correct script - assert container_args["command"] == "/root/scripts/aws-sso/aws-sso-login.sh" + assert container_args["command"] == "/opt/home/scripts/aws-sso/aws-sso-login.sh" # the browser tab points to the correct code and the correct region assert mocked_new_tab.call_args[0][0] == "https://device.sso.us-east-1.amazonaws.com/?user_code=TEST-CODE" # ownership of the files was given back container_args = aws_container.client.api.create_container.call_args_list[1][1] - assert container_args["command"] == "chown 1234:5678 -R /root/tmp/test" + assert container_args["command"] == "chown 1234:5678 -R /opt/home/tmp/test" assert mocked_new_tab.call_args[0][0] == test_link # and the fallback method is printed assert caplog.messages[0] == aws_container.FALLBACK_LINK_MSG.format(link=test_link) diff --git a/tests/test_containers/test_kubectl.py b/tests/test_containers/test_kubectl.py index 8435e4ee..862c63b9 100644 --- a/tests/test_containers/test_kubectl.py +++ b/tests/test_containers/test_kubectl.py @@ -57,14 +57,14 @@ def test_start_shell(kubectl_container): assert container_args["entrypoint"] == "" # make sure we are pointing to the AWS credentials - assert container_args["environment"]["AWS_CONFIG_FILE"] == "/root/tmp/test/config" - assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/root/tmp/test/credentials" + assert container_args["environment"]["AWS_CONFIG_FILE"] == "/opt/home/tmp/test/config" + assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/opt/home/tmp/test/credentials" # make sure we mounted the .kube config folder - assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/root/.kube") + assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/opt/home/.kube") # and the aws config folder - assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/root/tmp/test") + assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/opt/home/tmp/test") # don't rely on the filesystem @@ -75,7 +75,7 @@ def test_configure(kubectl_container, fake_os_user): with patch.object(kubectl_container, "_start", return_value=0) as mock_start: kubectl_container.configure() - assert mock_start.call_args[0][0] == f'bash -c "{AWS_EKS_UPDATE_KUBECONFIG} && chown 1234:5678 /root/.kube/config"' + assert mock_start.call_args[0][0] == f'bash -c "{AWS_EKS_UPDATE_KUBECONFIG} && chown 1234:5678 /opt/home/.kube/config"' ##################### @@ -96,11 +96,11 @@ def test_start_shell_mfa(kubectl_container): # we want a shell, so -> /bin/bash with no entrypoint assert container_args["command"] == "/bin/bash" - assert container_args["entrypoint"] == "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh -- " + assert container_args["entrypoint"] == "/opt/home/scripts/aws-mfa/aws-mfa-entrypoint.sh -- " # make sure we are pointing to the right AWS credentials: /.aws/ folder for MFA - assert container_args["environment"]["AWS_CONFIG_FILE"] == "/root/.aws/test/config" - assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/root/.aws/test/credentials" + assert container_args["environment"]["AWS_CONFIG_FILE"] == "/opt/home/.aws/test/config" + assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/opt/home/.aws/test/credentials" @patch("leverage.container.refresh_layer_credentials") @@ -118,5 +118,5 @@ def test_start_shell_sso(mock_refresh, kubectl_container): assert mock_refresh.called_once # make sure we are pointing to the right AWS credentials: /tmp/ folder for SSO - assert container_args["environment"]["AWS_CONFIG_FILE"] == "/root/tmp/test/config" - assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/root/tmp/test/credentials" + assert container_args["environment"]["AWS_CONFIG_FILE"] == "/opt/home/tmp/test/config" + assert container_args["environment"]["AWS_SHARED_CREDENTIALS_FILE"] == "/opt/home/tmp/test/credentials" diff --git a/tests/test_containers/test_terraform.py b/tests/test_containers/test_terraform.py index 4c91e2de..16c55e86 100644 --- a/tests/test_containers/test_terraform.py +++ b/tests/test_containers/test_terraform.py @@ -51,7 +51,7 @@ def test_auth_method_mfa_enabled(terraform_container): terraform_container.sso_enabled = False terraform_container.mfa_enabled = True - assert terraform_container.auth_method() == "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh -- " + assert terraform_container.auth_method() == "/opt/home/scripts/aws-mfa/aws-mfa-entrypoint.sh -- " def test_auth_method_else(terraform_container): diff --git a/tests/test_modules/test_terraform.py b/tests/test_modules/test_terraform.py index d8030bcb..f74bf7f4 100644 --- a/tests/test_modules/test_terraform.py +++ b/tests/test_modules/test_terraform.py @@ -36,8 +36,8 @@ def test_init(terraform_container): with patch("dockerpty.exec_command") as mocked_pty: _init([]) - assert live_container.exec_run.call_args_list[0].args[0] == "mkdir -p /root/.ssh" - assert live_container.exec_run.call_args_list[1].args[0] == "chown root:root -R /root/.ssh/" + assert live_container.exec_run.call_args_list[0].args[0] == "mkdir -p /opt/home/.ssh" + assert live_container.exec_run.call_args_list[1].args[0] == "chown root:root -R /opt/home/.ssh/" assert ( mocked_pty.call_args_list[0].kwargs["command"] == f"terraform init -backend-config=/project/./config/backend.tfvars"