From 6f1eba7f58c491183e3b80c24ae0d23421892504 Mon Sep 17 00:00:00 2001 From: James Nesbitt Date: Thu, 7 Nov 2024 13:31:22 +0200 Subject: [PATCH] PRODENG-2744 host override sudo test - host flag allows explicit sudo assign, preventing rig discovery STILL POC, and requires rig https://github.com/k0sproject/rig/pull/227 Signed-off-by: James Nesbitt --- go.mod | 18 +++--- go.sum | 12 ++++ pkg/product/mke/api/host.go | 1 + pkg/product/mke/apply.go | 1 + pkg/product/mke/client_config.go | 1 + pkg/product/mke/describe.go | 1 + pkg/product/mke/phase/overridehostsudo.go | 76 +++++++++++++++++++++++ pkg/product/mke/reset.go | 1 + 8 files changed, 102 insertions(+), 9 deletions(-) create mode 100644 pkg/product/mke/phase/overridehostsudo.go diff --git a/go.mod b/go.mod index b28fd408..cfbcc16f 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/Mirantis/mcc -go 1.22.4 - -toolchain go1.23.0 +go 1.23.2 require ( github.com/AlecAivazis/survey/v2 v2.3.7 @@ -20,6 +18,7 @@ require ( github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/logrusorgru/aurora v2.0.3+incompatible github.com/mattn/go-isatty v0.0.20 + github.com/mattn/go-shellwords v1.0.12 github.com/mitchellh/go-homedir v1.1.0 github.com/schollz/progressbar/v3 v3.14.6 github.com/sirupsen/logrus v1.9.3 @@ -147,7 +146,6 @@ require ( github.com/masterzen/winrm v0.0.0-20240702205601-3fad6e106085 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect - github.com/mattn/go-shellwords v1.0.12 // indirect github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect @@ -198,13 +196,13 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/crypto v0.26.0 // indirect - golang.org/x/net v0.28.0 // indirect + golang.org/x/crypto v0.28.0 // indirect + golang.org/x/net v0.30.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect golang.org/x/time v0.6.0 // indirect google.golang.org/api v0.169.0 // indirect google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect @@ -228,3 +226,5 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) + +replace github.com/k0sproject/rig v0.18.7 => github.com/james-nesbitt/rig v0.18.5-0.20241106064551-c604d0a85c44 diff --git a/go.sum b/go.sum index 2818895f..83360cf9 100644 --- a/go.sum +++ b/go.sum @@ -591,6 +591,8 @@ github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/james-nesbitt/rig v0.18.5-0.20241106064551-c604d0a85c44 h1:Lf3Me9DKejrpf66MsMcuvu2vSGr9R6/hcyoHYO+58Hc= +github.com/james-nesbitt/rig v0.18.5-0.20241106064551-c604d0a85c44/go.mod h1:rV9v56TQ6e62jgpAO1kEuoMMczwNH/I1MIxiV8gsvmg= github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= @@ -935,6 +937,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1028,6 +1032,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1148,6 +1154,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1157,6 +1165,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1170,6 +1180,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/pkg/product/mke/api/host.go b/pkg/product/mke/api/host.go index d6cf7107..24730bbc 100644 --- a/pkg/product/mke/api/host.go +++ b/pkg/product/mke/api/host.go @@ -78,6 +78,7 @@ type Host struct { Hooks common.Hooks `yaml:"hooks,omitempty" validate:"dive,keys,oneof=apply reset,endkeys,dive,keys,oneof=before after,endkeys,omitempty"` ImageDir string `yaml:"imageDir,omitempty"` SudoDocker bool `yaml:"sudodocker"` + SudoOverride bool `yaml:"sudooverride"` // some customers can't allow the default rig connection sudo detection Metadata *HostMetadata `yaml:"-"` MSRMetadata *MSRMetadata `yaml:"-"` diff --git a/pkg/product/mke/apply.go b/pkg/product/mke/apply.go index 92499115..97565ad6 100644 --- a/pkg/product/mke/apply.go +++ b/pkg/product/mke/apply.go @@ -18,6 +18,7 @@ func (p *MKE) Apply(disableCleanup, force bool, concurrency int, forceUpgrade bo phaseManager.AddPhases( &mke.UpgradeCheck{}, + &mke.OverrideHostSudo{}, &common.Connect{}, &mke.DetectOS{}, &mke.GatherFacts{}, diff --git a/pkg/product/mke/client_config.go b/pkg/product/mke/client_config.go index 521ca46c..0f3638b6 100644 --- a/pkg/product/mke/client_config.go +++ b/pkg/product/mke/client_config.go @@ -18,6 +18,7 @@ func (p *MKE) ClientConfig() error { phaseManager := phase.NewManager(&p.ClusterConfig) phaseManager.AddPhases( + &mke.OverrideHostSudo{}, &common.Connect{}, &de.DetectOS{}, &de.GatherFacts{}, diff --git a/pkg/product/mke/describe.go b/pkg/product/mke/describe.go index f9ed30c4..4060ce5d 100644 --- a/pkg/product/mke/describe.go +++ b/pkg/product/mke/describe.go @@ -35,6 +35,7 @@ func (p *MKE) Describe(reportName string) error { phaseManager.IgnoreErrors = true phaseManager.AddPhases( + &mke.OverrideHostSudo{}, &common.Connect{}, &de.DetectOS{}, &de.GatherFacts{}, diff --git a/pkg/product/mke/phase/overridehostsudo.go b/pkg/product/mke/phase/overridehostsudo.go new file mode 100644 index 00000000..fcd6ef57 --- /dev/null +++ b/pkg/product/mke/phase/overridehostsudo.go @@ -0,0 +1,76 @@ +package phase + +import ( + "fmt" + "strings" + + "github.com/alessio/shellescape" + "github.com/mattn/go-shellwords" + + "github.com/Mirantis/mcc/pkg/phase" + "github.com/Mirantis/mcc/pkg/product/mke/api" +) + +// OverrideHostSudo of the host if it has an override in the config. +type OverrideHostSudo struct { + phase.Analytics + phase.HostSelectPhase + + overrideHosts api.Hosts +} + +// Title for the phase. +func (p *OverrideHostSudo) Title() string { + return "Override the host sudo" +} + +// ShouldRun should return true only when there is a host with an overridet. +func (p *OverrideHostSudo) ShouldRun() bool { + for _, h := range p.Hosts { + if h.SudoOverride { + p.overrideHosts = append(p.overrideHosts, h) + } + } + return len(p.overrideHosts) > 1 +} + +// Run the phase. +func (p *OverrideHostSudo) Run() error { + err := p.Hosts.ParallelEach(func(h *api.Host) error { + if h.SudoOverride { + h.SetSudofn(sudoSudo) + } + return nil + }) + if err != nil { + return fmt.Errorf("failed to override sudo on hosts: %w", err) + } + return nil +} + +// @see https://github.com/k0sproject/rig/blob/release-0.x/connection.go#L253 +func sudoSudo(cmd string) string { + parts, err := shellwords.Parse(cmd) + if err != nil { + return "sudo -- " + cmd + } + + var idx int + for i, p := range parts { + if strings.Contains(p, "=") { + idx = i + 1 + continue + } + break + } + + if idx == 0 { + return "sudo -- " + cmd + } + + for i, p := range parts { + parts[i] = shellescape.Quote(p) + } + + return fmt.Sprintf("sudo %s -- %s", strings.Join(parts[0:idx], " "), strings.Join(parts[idx:], " ")) +} diff --git a/pkg/product/mke/reset.go b/pkg/product/mke/reset.go index 0832c878..ae229345 100644 --- a/pkg/product/mke/reset.go +++ b/pkg/product/mke/reset.go @@ -13,6 +13,7 @@ func (p *MKE) Reset() error { phaseManager := phase.NewManager(&p.ClusterConfig) phaseManager.AddPhases( + &mke.OverrideHostSudo{}, &common.Connect{}, &mke.DetectOS{}, &mke.GatherFacts{},