Skip to content

Commit 5f3f581

Browse files
0x2b3bfa0restyled-commits
0x2b3bfa0
and
restyled-commits
authored
Separate credentials from other environment variables (#583)
* Separate task credentials from task script * Simplify environment variable escaping code * Restyled by gofmt * Use raw variables for credentials * Restyled by gofmt * Move /var/cache to /opt Co-authored-by: Restyled.io <commits@restyled.io>
1 parent d368ca2 commit 5f3f581

File tree

4 files changed

+33
-30
lines changed

4 files changed

+33
-30
lines changed

task/aws/resources/resource_launch_template.go

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -45,12 +45,8 @@ func (l *LaunchTemplate) Create(ctx context.Context) error {
4545
if l.Attributes.Environment.Variables == nil {
4646
l.Attributes.Environment.Variables = make(map[string]*string)
4747
}
48-
for name, value := range *l.Dependencies.Credentials.Resource {
49-
valueCopy := value
50-
l.Attributes.Environment.Variables[name] = &valueCopy
51-
}
5248

53-
script := machine.Script(l.Attributes.Environment.Script, l.Attributes.Environment.Variables, l.Attributes.Environment.Timeout)
49+
script := machine.Script(l.Attributes.Environment.Script, l.Dependencies.Credentials.Resource, l.Attributes.Environment.Variables, l.Attributes.Environment.Timeout)
5450
userData := base64.StdEncoding.EncodeToString([]byte(script))
5551

5652
size := l.Attributes.Size.Machine

task/az/resources/resource_virtual_machine_scale_set.go

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -75,12 +75,8 @@ func (v *VirtualMachineScaleSet) Create(ctx context.Context) error {
7575
if v.Attributes.Environment.Variables == nil {
7676
v.Attributes.Environment.Variables = make(map[string]*string)
7777
}
78-
for name, value := range *v.Dependencies.Credentials.Resource {
79-
valueCopy := value
80-
v.Attributes.Environment.Variables[name] = &valueCopy
81-
}
8278

83-
script := machine.Script(v.Attributes.Environment.Script, v.Attributes.Environment.Variables, v.Attributes.Environment.Timeout)
79+
script := machine.Script(v.Attributes.Environment.Script, v.Dependencies.Credentials.Resource, v.Attributes.Environment.Variables, v.Attributes.Environment.Timeout)
8480

8581
image := v.Attributes.Environment.Image
8682
images := map[string]string{

task/common/machine/script.go

Lines changed: 30 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -7,25 +7,32 @@ import (
77
"strings"
88
"time"
99

10+
"github.com/alessio/shellescape"
11+
1012
"terraform-provider-iterative/task/common"
1113
)
1214

13-
func Script(script string, variables common.Variables, timeout time.Duration) string {
14-
var environment string
15+
func Script(script string, credentials *map[string]string, variables common.Variables, timeout time.Duration) string {
16+
timeoutString := strconv.Itoa(int(timeout / time.Second))
17+
if timeout <= 0 {
18+
timeoutString = "infinity"
19+
}
20+
21+
environment := ""
1522
for name, value := range variables.Enrich() {
1623
escaped := strings.ReplaceAll(value, `"`, `\"`) // FIXME: \" edge cases.
1724
environment += fmt.Sprintf("%s=\"%s\"\n", name, escaped)
1825
}
1926

20-
timeoutString := strconv.Itoa(int(timeout / time.Second))
21-
if timeout <= 0 {
22-
timeoutString = "infinity"
27+
exportCredentials := ""
28+
for name, value := range *credentials {
29+
exportCredentials += "export " + shellescape.Quote(name+"="+value) + "\n"
2330
}
2431

2532
return fmt.Sprintf(
2633
`#!/bin/bash
27-
sudo mkdir --parents /tmp/tpi-task
28-
chmod u=rwx,g=rwx,o=rwx /tmp/tpi-task
34+
sudo mkdir --parents /opt/task/directory
35+
chmod u=rwx,g=rwx,o=rwx /opt/task/directory
2936
3037
base64 --decode << END | sudo tee /usr/bin/tpi-task > /dev/null
3138
%s
@@ -35,37 +42,44 @@ chmod u=rwx,g=rx,a=rx /usr/bin/tpi-task
3542
sudo tee /usr/bin/tpi-task-shutdown << 'END'
3643
#!/bin/bash
3744
sleep 20; while pgrep rclone > /dev/null; do sleep 1; done
45+
source /opt/task/credentials
3846
if ! test -z "$CI"; then
3947
cml rerun-workflow
4048
fi
4149
(systemctl is-system-running | grep stopping) || tpi --stop;
4250
END
4351
chmod u=rwx,g=rx,o=rx /usr/bin/tpi-task-shutdown
4452
45-
base64 --decode << END | sudo tee /tmp/tpi-environment > /dev/null
53+
base64 --decode << END | sudo tee /opt/task/variables > /dev/null
4654
%s
4755
END
48-
chmod u=rw,g=,o= /tmp/tpi-environment
56+
base64 --decode << END | sudo tee /opt/task/credentials > /dev/null
57+
%s
58+
END
59+
chmod u=rw,g=,o= /opt/task/variables
60+
chmod u=rw,g=,o= /opt/task/credentials
4961
5062
while IFS= read -rd $'\0' variable; do
5163
export "$(perl -0777p -e 's/\\"/"/g;' -e 's/(.+?)="(.+)"/$1=$2/sg' <<< "$variable")"
52-
done < <(perl -0777pe 's/\n*(.+?=".*?((?<!\\)"|\\\\"))\n*/$1\x00/sg' /tmp/tpi-environment)
64+
done < <(perl -0777pe 's/\n*(.+?=".*?((?<!\\)"|\\\\"))\n*/$1\x00/sg' /opt/task/variables)
5365
5466
TPI_MACHINE_IDENTITY="$(uuidgen)"
5567
TPI_LOG_DIRECTORY="$(mktemp --directory)"
56-
TPI_DATA_DIRECTORY="/tmp/tpi-task"
68+
TPI_DATA_DIRECTORY="/opt/task/directory"
69+
70+
source /opt/task/credentials
5771
5872
sudo tee /etc/systemd/system/tpi-task.service > /dev/null <<END
5973
[Unit]
6074
After=default.target
6175
[Service]
6276
Type=simple
6377
ExecStart=-/bin/bash -lc 'exec /usr/bin/tpi-task'
64-
ExecStop=/bin/bash -c 'systemctl is-system-running | grep stopping || echo "{\\\\"result\\\\": \\\\"\$SERVICE_RESULT\\\\", \\\\"code\\\\": \\\\"\$EXIT_STATUS\\\\", \\\\"status\\\\": \\\\"\$EXIT_CODE\\\\"}" > "$TPI_LOG_DIRECTORY/status-$TPI_MACHINE_IDENTITY" && RCLONE_CONFIG= rclone copy "$TPI_LOG_DIRECTORY" "\$RCLONE_REMOTE/reports"'
78+
ExecStop=/bin/bash -c 'source /opt/task/credentials; systemctl is-system-running | grep stopping || echo "{\\\\"result\\\\": \\\\"\$SERVICE_RESULT\\\\", \\\\"code\\\\": \\\\"\$EXIT_STATUS\\\\", \\\\"status\\\\": \\\\"\$EXIT_CODE\\\\"}" > "$TPI_LOG_DIRECTORY/status-$TPI_MACHINE_IDENTITY" && RCLONE_CONFIG= rclone copy "$TPI_LOG_DIRECTORY" "\$RCLONE_REMOTE/reports"'
6579
ExecStopPost=/usr/bin/tpi-task-shutdown
6680
Environment=HOME=/root
67-
EnvironmentFile=/tmp/tpi-environment
68-
WorkingDirectory=/tmp/tpi-task
81+
EnvironmentFile=/opt/task/variables
82+
WorkingDirectory=/opt/task/directory
6983
TimeoutStartSec=%s
7084
TimeoutStopSec=infinity
7185
[Install]
@@ -100,7 +114,7 @@ if ! command -v rclone 2>&1 > /dev/null; then
100114
rm --recursive rclone-*-linux-amd64*
101115
fi
102116
103-
rclone copy "$RCLONE_REMOTE/data" /tmp/tpi-task
117+
rclone copy "$RCLONE_REMOTE/data" /opt/task/directory
104118
105119
yes | /etc/profile.d/install-driver-prompt.sh # for GCP GPU machines
106120
@@ -139,5 +153,6 @@ done &
139153
`,
140154
base64.StdEncoding.EncodeToString([]byte(script)),
141155
base64.StdEncoding.EncodeToString([]byte(environment)),
156+
base64.StdEncoding.EncodeToString([]byte(exportCredentials)),
142157
timeoutString)
143158
}

task/gcp/resources/resource_instance_template.go

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -58,12 +58,8 @@ func (i *InstanceTemplate) Create(ctx context.Context) error {
5858
if i.Attributes.Environment.Variables == nil {
5959
i.Attributes.Environment.Variables = make(map[string]*string)
6060
}
61-
for name, value := range *i.Dependencies.Credentials.Resource {
62-
valueCopy := value
63-
i.Attributes.Environment.Variables[name] = &valueCopy
64-
}
6561

66-
script := machine.Script(i.Attributes.Environment.Script, i.Attributes.Environment.Variables, i.Attributes.Environment.Timeout)
62+
script := machine.Script(i.Attributes.Environment.Script, i.Dependencies.Credentials.Resource, i.Attributes.Environment.Variables, i.Attributes.Environment.Timeout)
6763

6864
size := i.Attributes.Size.Machine
6965
sizes := map[string]string{

0 commit comments

Comments
 (0)