[BV-195] Run toolbox with the host user #269
Conversation
Pull Request Test Coverage Report for Build 11221535107Details
💛 - Coveralls |
Makefile
Outdated
| @@ -1,7 +1,7 @@ | |||
| .PHONY: help build | |||
| LEVERAGE_TESTING_IMAGE := binbash/leverage-cli-testing | |||
| LEVERAGE_TESTING_TAG := 2.5.0 | |||
| LEVERAGE_IMAGE_TAG := 1.2.7-0.0.5 | |||
| LEVERAGE_IMAGE_TAG := 1.2.7-0.1.14 | |||
There was a problem hiding this comment.
0.0.5 doesn't have the groupadd binary so the local image fails to compile
this is a good case to use the minimal required version section
There was a problem hiding this comment.
actually we now need the last toolbox image (0.1.19) that support the custom home folder
| @@ -381,61 +428,14 @@ def system_exec(self, command): | |||
| self.entrypoint = self.AWS_CLI_BINARY | |||
| return exit_code, output | |||
|
|
|||
| def get_sso_code(self, container) -> str: | |||
There was a problem hiding this comment.
these were moved to the SSOContainer class, where they fit better
|
|
||
| class TerraformContainer(SSOContainer): | ||
| """Leverage container specifically tailored to run Terraform commands. | ||
| It handles authentication and some checks regarding where the command is being executed.""" | ||
|
|
||
| TF_BINARY = "/bin/terraform" | ||
|
|
||
| TF_MFA_ENTRYPOINT = "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh" | ||
| TF_SSO_ENTRYPOINT = "/root/scripts/aws-sso/aws-sso-entrypoint.sh" |
There was a problem hiding this comment.
the SSO script was unused, is part of the CLI (in python) already
There was a problem hiding this comment.
These were moved from the toolbox into the CLI, and are mounted into the container when we run commands.
That give us a better control and an easier way to introduce modifications over them.
| @@ -323,23 +313,9 @@ def _init(tf, args): | |||
|
|
|||
| tf.paths.check_for_layer_location() | |||
|
|
|||
| with LiveContainer(tf) as container: | |||
There was a problem hiding this comment.
copying ssh keys and changing permissions is not required anymore, given now the user of the container and the host matches (thus permissions matches!)
leverage/containers/kubectl.py
Outdated
| from leverage.container import TerraformContainer | ||
|
|
||
|
|
||
| class KubeCtlContainer(TerraformContainer): | ||
| """Container specifically tailored to run kubectl commands.""" | ||
|
|
||
| KUBECTL_CLI_BINARY = "/usr/local/bin/kubectl" | ||
| KUBECTL_CONFIG_PATH = Path("/root/.kube") | ||
| KUBECTL_CONFIG_PATH = Path("/home/leverage/.kube") |
There was a problem hiding this comment.
Please replace 'leverage' with the constant that defines that.
Franr
requested review from
juanmatias,
borland667,
angelofenoglio and
diego-ojeda-binbash
* adding python 3.12 in pyproject.toml * autogenerating python 3.12 in poetry.lock
What?
We now run the commands in the toolbox with the same uid/gid of the host.
That remove many needs, like changing the ownership of files generated inside the container.
Why?
References
closes #193
Before release
Review the checklist here
Integrations tests must be fixed (ref: #272)