Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cmd/deploy.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ func runDeploy(cmd *cobra.Command, args []string) error {
if err != nil {
return fmt.Errorf("failed to create deployer: %w", err)
}
defer d.Cleanup()

if overrideFile != "" {
var err error
Expand Down
16 changes: 8 additions & 8 deletions cmd/subshell.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,22 +32,22 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error {
endpoint, password, caCertFile, kubeContext, exposure := d.GetDeploymentInfo()

if endpoint != "" {
env = append(env, fmt.Sprintf("API_ENDPOINT=%q", endpoint))
env = append(env, fmt.Sprintf("ROX_ENDPOINT=%q", endpoint))
env = append(env, fmt.Sprintf("ROX_BASE_URL='https://%s'", endpoint))
env = append(env, fmt.Sprintf("API_ENDPOINT=%s", endpoint))
Comment thread
mclasmeier marked this conversation as resolved.
env = append(env, fmt.Sprintf("ROX_ENDPOINT=%s", endpoint))
env = append(env, fmt.Sprintf("ROX_BASE_URL=https://%s", endpoint))
}

if password != "" {
env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%q", password))
env = append(env, fmt.Sprintf("ROX_ADMIN_PASSWORD=%s", password))
}

if caCertFile != "" {
env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%q", caCertFile))
env = append(env, fmt.Sprintf("ROX_CA_CERT_FILE=%s", caCertFile))
}

env = append(env, fmt.Sprintf("ROX_USERNAME=%q", deployer.AdminUsername))
env = append(env, fmt.Sprintf("ROX_USERNAME=%s", deployer.AdminUsername))
env = append(env, "ROXIE_SHELL=1")
env = append(env, fmt.Sprintf("name='acs@%s'", kubeContext))
env = append(env, fmt.Sprintf("name=acs@%s", kubeContext))

haproxyAvailable := isHAProxyAvailable()

Expand All @@ -61,7 +61,7 @@ func spawnSubshell(d *deployer.Deployer, log *logger.Logger) error {
if err != nil {
log.Warningf("Failed to start HAProxy: %v", err)
} else {
env = append(env, fmt.Sprintf("ROXIE_HAPROXY_CFG_FILE=%q", haproxyConfigPath))
env = append(env, fmt.Sprintf("ROXIE_HAPROXY_CFG_FILE=%s", haproxyConfigPath))
haproxyStarted = true
defer cleanupHAProxy(haproxyCmd, haproxyConfigPath)
}
Expand Down
1 change: 1 addition & 0 deletions cmd/teardown.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ func runTeardown(cmd *cobra.Command, args []string) error {
if err != nil {
return fmt.Errorf("failed to create deployer: %w", err)
}
defer d.Cleanup()

d.SetSingleNamespace(singleNamespace)

Expand Down
19 changes: 13 additions & 6 deletions internal/deployer/deploy_via_operator.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"context"
"errors"
"fmt"
"os"
"os/exec"
"strings"
"time"
Expand Down Expand Up @@ -569,14 +570,20 @@ func (d *Deployer) fetchCentralCACert(ctx context.Context) error {
return fmt.Errorf("failed to decode CA cert: %w", err)
}

// TODO(#91): possible symlink race vulnerability
d.roxCACertFile = "/tmp/roxie-ca-cert.pem"
// TODO(#91): this is a REALLY weird way to write a temporary file in go
writeCmd := exec.CommandContext(ctx, "sh", "-c", fmt.Sprintf("cat > %s", d.roxCACertFile))
writeCmd.Stdin = bytes.NewReader(caCert)
if err := writeCmd.Run(); err != nil {
caCertFile, err := os.CreateTemp(d.tempDir, "roxie-central-ca-*.pem")
if err != nil {
return fmt.Errorf("failed to create temp file for CA cert: %w", err)
}

d.roxCACertFile = caCertFile.Name()
if _, err := caCertFile.Write(caCert); err != nil {
_ = caCertFile.Close()
_ = os.Remove(d.roxCACertFile)
return fmt.Errorf("failed to write CA cert: %w", err)
}
if err := caCertFile.Close(); err != nil {
return fmt.Errorf("failed to close CA cert file: %w", err)
}

d.logger.Successf("✓ CA certificate saved to: %s", d.roxCACertFile)
return nil
Expand Down
23 changes: 23 additions & 0 deletions internal/deployer/deployer.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ type Deployer struct {
securedClusterWaitTimeout time.Duration
dockerCreds *dockerauth.Credentials
clusterResourceKinds map[string]struct{}
tempDir string
}

type ResourceToDelete struct {
Expand Down Expand Up @@ -502,6 +503,10 @@ func (d *Deployer) SetFeatureFlags(featureFlags []string) error {
return nil
}

// New creates a new Deployer instance.
// It verifies that the current environment contains necessary tools.
// It creates a temporary directory for the deployer to use during deployment,
// and it is the caller's responsibility to clean it up using the Cleanup() method when not used anymore.
func New(log *logger.Logger) (*Deployer, error) {
if err := checkRequiredTools(); err != nil {
return nil, err
Expand All @@ -512,6 +517,11 @@ func New(log *logger.Logger) (*Deployer, error) {
return nil, err
}

tempDir, err := os.MkdirTemp("", "roxie-deployer-*")
if err != nil {
return nil, fmt.Errorf("failed to create temporary directory: %w", err)
}

d := &Deployer{
logger: log,
startTime: time.Now(),
Expand All @@ -522,6 +532,7 @@ func New(log *logger.Logger) (*Deployer, error) {
shouldDeployOperator: true,
centralWaitTimeout: DefaultCentralWaitTimeout,
securedClusterWaitTimeout: DefaultSecuredClusterWaitTimeout,
tempDir: tempDir,
}

d.dockerAuth = dockerauth.New(log)
Expand Down Expand Up @@ -578,6 +589,18 @@ func (d *Deployer) getClusterResourceKinds() (map[string]struct{}, error) {
return kinds, nil
}

// Cleanup cleans up any temporary resources created by the deployer, such as temporary files.
func (d *Deployer) Cleanup() {
if d.tempDir != "" && d.envrcFile == "" {
// In the case of envrc file usage, we need to keep temporary files around after deployment.
// (It contains CA certificates, for example.)
if err := os.RemoveAll(d.tempDir); err != nil {
d.logger.Warningf("Deployer Cleanup failed to remove %q: %v", d.tempDir, err)
}
}
}

// Deploy deploys the specified components to the cluster.
func (d *Deployer) Deploy(ctx context.Context, components component.Component, resources, exposure string) error {
adjustedResources, adjustedExposure, adjustedPortForward := d.clusterDefaults.ApplyConvenienceDefaults(
d.kubeContext,
Expand Down
2 changes: 1 addition & 1 deletion internal/deployer/operator.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func (d *Deployer) deployOperatorNonOLM(ctx context.Context) error {

// downloadAndExtractOperatorBundle downloads and extracts the operator bundle
func (d *Deployer) downloadAndExtractOperatorBundle(ctx context.Context, bundleImage string) (string, error) {
bundleDir, err := os.MkdirTemp("", "stackrox-operator-bundle-")
bundleDir, err := os.MkdirTemp(d.tempDir, "stackrox-operator-bundle-")
if err != nil {
return "", fmt.Errorf("failed to create temp dir: %w", err)
}
Expand Down
Loading