From 8716aefdcddca8f96e062362c9b53f77238d7daf Mon Sep 17 00:00:00 2001
From: James Nesbitt <jnesbitt@mirantis.com>
Date: Thu, 7 Nov 2024 13:31:22 +0200
Subject: [PATCH] PRODENG-2744 host override sudo test

- host flag allows explicit sudo assign, preventing rig discovery

STILL POC, and requires rig https://github.com/k0sproject/rig/pull/227

Signed-off-by: James Nesbitt <jnesbitt@mirantis.com>
---
 go.mod                                    | 18 +++---
 go.sum                                    | 24 +++----
 pkg/product/mke/api/host.go               |  1 +
 pkg/product/mke/apply.go                  |  1 +
 pkg/product/mke/client_config.go          |  1 +
 pkg/product/mke/describe.go               |  1 +
 pkg/product/mke/phase/overridehostsudo.go | 77 +++++++++++++++++++++++
 pkg/product/mke/reset.go                  |  1 +
 8 files changed, 103 insertions(+), 21 deletions(-)
 create mode 100644 pkg/product/mke/phase/overridehostsudo.go

diff --git a/go.mod b/go.mod
index b28fd408..cfbcc16f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,6 @@
 module github.com/Mirantis/mcc
 
-go 1.22.4
-
-toolchain go1.23.0
+go 1.23.2
 
 require (
 	github.com/AlecAivazis/survey/v2 v2.3.7
@@ -20,6 +18,7 @@ require (
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mattn/go-isatty v0.0.20
+	github.com/mattn/go-shellwords v1.0.12
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/schollz/progressbar/v3 v3.14.6
 	github.com/sirupsen/logrus v1.9.3
@@ -147,7 +146,6 @@ require (
 	github.com/masterzen/winrm v0.0.0-20240702205601-3fad6e106085 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
-	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
@@ -198,13 +196,13 @@ require (
 	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.opentelemetry.io/otel/trace v1.28.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
-	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/term v0.23.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	google.golang.org/api v0.169.0 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
@@ -228,3 +226,5 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
+
+replace github.com/k0sproject/rig v0.18.7 => github.com/james-nesbitt/rig v0.18.5-0.20241106064551-c604d0a85c44
diff --git a/go.sum b/go.sum
index 2818895f..49afa334 100644
--- a/go.sum
+++ b/go.sum
@@ -591,6 +591,8 @@ github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/james-nesbitt/rig v0.18.5-0.20241106064551-c604d0a85c44 h1:Lf3Me9DKejrpf66MsMcuvu2vSGr9R6/hcyoHYO+58Hc=
+github.com/james-nesbitt/rig v0.18.5-0.20241106064551-c604d0a85c44/go.mod h1:rV9v56TQ6e62jgpAO1kEuoMMczwNH/I1MIxiV8gsvmg=
 github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
@@ -623,8 +625,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw=
 github.com/k0sproject/dig v0.2.0 h1:cNxEIl96g9kqSMfPSZLhpnZ0P8bWXKv08nxvsMHop5w=
 github.com/k0sproject/dig v0.2.0/go.mod h1:rBcqaQlJpcKdt2x/OE/lPvhGU50u/e95CSm5g/r4s78=
-github.com/k0sproject/rig v0.18.7 h1:MFLTVmhj+lGcCHbemwoWorlCD26CwzxhKckec+lGgdc=
-github.com/k0sproject/rig v0.18.7/go.mod h1:FS9xKO2a4hco2XthIcXnYBozKSLr/V3tlP+fWi7OVyE=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
@@ -933,8 +933,8 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1026,8 +1026,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1146,8 +1146,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1155,8 +1155,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1168,8 +1168,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/pkg/product/mke/api/host.go b/pkg/product/mke/api/host.go
index d6cf7107..24730bbc 100644
--- a/pkg/product/mke/api/host.go
+++ b/pkg/product/mke/api/host.go
@@ -78,6 +78,7 @@ type Host struct {
 	Hooks            common.Hooks      `yaml:"hooks,omitempty" validate:"dive,keys,oneof=apply reset,endkeys,dive,keys,oneof=before after,endkeys,omitempty"`
 	ImageDir         string            `yaml:"imageDir,omitempty"`
 	SudoDocker       bool              `yaml:"sudodocker"`
+	SudoOverride     bool              `yaml:"sudooverride"` // some customers can't allow the default rig connection sudo detection
 
 	Metadata    *HostMetadata  `yaml:"-"`
 	MSRMetadata *MSRMetadata   `yaml:"-"`
diff --git a/pkg/product/mke/apply.go b/pkg/product/mke/apply.go
index 92499115..97565ad6 100644
--- a/pkg/product/mke/apply.go
+++ b/pkg/product/mke/apply.go
@@ -18,6 +18,7 @@ func (p *MKE) Apply(disableCleanup, force bool, concurrency int, forceUpgrade bo
 
 	phaseManager.AddPhases(
 		&mke.UpgradeCheck{},
+		&mke.OverrideHostSudo{},
 		&common.Connect{},
 		&mke.DetectOS{},
 		&mke.GatherFacts{},
diff --git a/pkg/product/mke/client_config.go b/pkg/product/mke/client_config.go
index 521ca46c..9dc0aa11 100644
--- a/pkg/product/mke/client_config.go
+++ b/pkg/product/mke/client_config.go
@@ -18,6 +18,7 @@ func (p *MKE) ClientConfig() error {
 
 	phaseManager := phase.NewManager(&p.ClusterConfig)
 	phaseManager.AddPhases(
+		&de.OverrideHostSudo{},
 		&common.Connect{},
 		&de.DetectOS{},
 		&de.GatherFacts{},
diff --git a/pkg/product/mke/describe.go b/pkg/product/mke/describe.go
index f9ed30c4..572de3a3 100644
--- a/pkg/product/mke/describe.go
+++ b/pkg/product/mke/describe.go
@@ -35,6 +35,7 @@ func (p *MKE) Describe(reportName string) error {
 	phaseManager.IgnoreErrors = true
 
 	phaseManager.AddPhases(
+		&de.OverrideHostSudo{},
 		&common.Connect{},
 		&de.DetectOS{},
 		&de.GatherFacts{},
diff --git a/pkg/product/mke/phase/overridehostsudo.go b/pkg/product/mke/phase/overridehostsudo.go
new file mode 100644
index 00000000..c47b682a
--- /dev/null
+++ b/pkg/product/mke/phase/overridehostsudo.go
@@ -0,0 +1,77 @@
+package phase
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/Mirantis/mcc/pkg/phase"
+	"github.com/Mirantis/mcc/pkg/product/mke/api"
+	"github.com/alessio/shellescape"
+	"github.com/mattn/go-shellwords"
+	log "github.com/sirupsen/logrus"
+)
+
+// OverrideHostSudo of the host if it has an override in the config.
+type OverrideHostSudo struct {
+	phase.Analytics
+	phase.HostSelectPhase
+
+	overrideHosts api.Hosts
+}
+
+// Title for the phase.
+func (p *OverrideHostSudo) Title() string {
+	return "Override the host sudo"
+}
+
+// ShouldRun should return true only when there is a host with an overridet.
+func (p *OverrideHostSudo) ShouldRun() bool {
+	for _, h := range p.Hosts {
+		if h.SudoOverride {
+			p.overrideHosts = append(p.overrideHosts, h)
+		}
+	}
+	return len(p.overrideHosts) > 0
+}
+
+// Run the phase.
+func (p *OverrideHostSudo) Run() error {
+	err := p.Hosts.ParallelEach(func(h *api.Host) error {
+		if h.SudoOverride {
+			log.Warnf("%s: overriding sudo for host", h)
+			h.SetSudofn(sudoSudo)
+		}
+		return nil
+	})
+	if err != nil {
+		return fmt.Errorf("failed to override sudo on hosts: %w", err)
+	}
+	return nil
+}
+
+// @see https://github.com/k0sproject/rig/blob/release-0.x/connection.go#L253
+func sudoSudo(cmd string) string {
+	parts, err := shellwords.Parse(cmd)
+	if err != nil {
+		return "sudo -- " + cmd
+	}
+
+	var idx int
+	for i, p := range parts {
+		if strings.Contains(p, "=") {
+			idx = i + 1
+			continue
+		}
+		break
+	}
+
+	if idx == 0 {
+		return "sudo -- " + cmd
+	}
+
+	for i, p := range parts {
+		parts[i] = shellescape.Quote(p)
+	}
+
+	return fmt.Sprintf("sudo %s -- %s", strings.Join(parts[0:idx], " "), strings.Join(parts[idx:], " "))
+}
diff --git a/pkg/product/mke/reset.go b/pkg/product/mke/reset.go
index 0832c878..ae229345 100644
--- a/pkg/product/mke/reset.go
+++ b/pkg/product/mke/reset.go
@@ -13,6 +13,7 @@ func (p *MKE) Reset() error {
 	phaseManager := phase.NewManager(&p.ClusterConfig)
 
 	phaseManager.AddPhases(
+		&mke.OverrideHostSudo{},
 		&common.Connect{},
 		&mke.DetectOS{},
 		&mke.GatherFacts{},