// copies a user's config file from user's home directory to the equivalent
// location in the chroot
func copyUserConfigFile(source, chroot string) error {
userInfo, err := user.Current()
if err != nil {
return err
}
sourcepath := filepath.Join(userInfo.HomeDir, source)
if _, err := os.Stat(sourcepath); err != nil {
return nil
}
chrootHome := filepath.Join(chroot, "home", userInfo.Username)
sourceDir := filepath.Dir(source)
if sourceDir != "." {
if err := os.MkdirAll(
filepath.Join(chrootHome, sourceDir), 0700); err != nil {
return err
}
}
tartgetpath := filepath.Join(chrootHome, source)
if err := system.CopyRegularFile(sourcepath, tartgetpath); err != nil {
return err
}
return nil
}
// CopyGoogleCreds copies a Google credentials JSON file if one exists.
// Unfortunately gsutil only partially supports these JSON files and does not
// respect GOOGLE_APPLICATION_CREDENTIALS at all so a boto file is created.
// TODO(marineam): integrate with mantle/auth package to migrate towards
// consistent handling of credentials across all of mantle and the SDK.
func (e *enter) CopyGoogleCreds() error {
const (
name = "application_default_credentials.json"
env = "GOOGLE_APPLICATION_CREDENTIALS"
)
path := os.Getenv(env)
if path == "" {
path = filepath.Join(e.User.HomeDir, ".config", "gcloud", name)
}
if _, err := os.Stat(path); err != nil {
// Skip but do not pass along the invalid env var
os.Unsetenv("BOTO_PATH")
return os.Unsetenv(env)
}
newDir, err := ioutil.TempDir(e.UserRunDir, "google-")
if err != nil {
return err
}
if err := os.Chown(newDir, e.User.UidNo, e.User.GidNo); err != nil {
return err
}
newPath := filepath.Join(newDir, name)
chrootPath := strings.TrimPrefix(newPath, e.Chroot)
credsRaw, err := ioutil.ReadFile(path)
if err != nil {
return err
}
var creds googleCreds
if err := json.Unmarshal(credsRaw, &creds); err != nil {
return err
}
creds.Path = chrootPath
botoPath := filepath.Join(newDir, "boto")
boto, err := os.OpenFile(botoPath, os.O_CREATE|os.O_WRONLY, 0600)
if err != nil {
return err
}
defer boto.Close()
if err := botoTemplate.Execute(boto, &creds); err != nil {
return err
}
if err := boto.Chown(e.User.UidNo, e.User.GidNo); err != nil {
return err
}
// Include the default boto path as well for user customization.
chrootBoto := fmt.Sprintf("%s:/home/%s/.boto",
strings.TrimPrefix(botoPath, e.Chroot), e.User.Username)
if err := os.Setenv("BOTO_PATH", chrootBoto); err != nil {
return err
}
if err := system.CopyRegularFile(path, newPath); err != nil {
return err
}
if err := os.Chown(newPath, e.User.UidNo, e.User.GidNo); err != nil {
return err
}
return os.Setenv(env, chrootPath)
}