diff --git a/pkg/config/nerdctl_config_applier.go b/pkg/config/nerdctl_config_applier.go index 9dbe97adc..78c6ee157 100644 --- a/pkg/config/nerdctl_config_applier.go +++ b/pkg/config/nerdctl_config_applier.go @@ -91,11 +91,18 @@ func addLineToBashrc(fs afero.Fs, profileFilePath string, profStr string, cmd st func updateEnvironment(fs afero.Fs, fc *Finch, finchDir, homeDir, limaVMHomeDir string) error { cmdArr := []string{ `export DOCKER_CONFIG="$FINCH_DIR"`, - "[ -L /usr/local/bin/docker-credential-ecr-login ] " + - `|| sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/`, `[ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws`, } + //nolint:gosec // G101: Potential hardcoded credentials false positive + const configureCredHelperTemplate = `([ -e "$FINCH_DIR"/cred-helpers/docker-credential-%s ] +|| (echo "error: docker-credential-%s not found in $FINCH_DIR/cred-helpers directory.")) && +([ -L /usr/local/bin/docker-credential-%s ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-%s /usr/local/bin)` + + for _, credHelper := range fc.CredsHelpers { + cmdArr = append(cmdArr, fmt.Sprintf(configureCredHelperTemplate, credHelper, credHelper, credHelper, credHelper)) + } + awsDir := fmt.Sprintf("%s/.aws", homeDir) if *fc.VMType == "wsl2" { diff --git a/pkg/config/nerdctl_config_applier_test.go b/pkg/config/nerdctl_config_applier_test.go index 5039506cd..4903d46a6 100644 --- a/pkg/config/nerdctl_config_applier_test.go +++ b/pkg/config/nerdctl_config_applier_test.go @@ -67,7 +67,6 @@ func Test_updateEnvironment(t *testing.T) { FINCH_DIR=/finch/dir AWS_DIR=/home/dir/.aws export DOCKER_CONFIG="$FINCH_DIR" -[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/ [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes)) }, @@ -95,7 +94,6 @@ export DOCKER_CONFIG="$FINCH_DIR" FINCH_DIR=/finch/dir AWS_DIR=/home/dir/.aws export DOCKER_CONFIG="$FINCH_DIR" -[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/ [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws) [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`, ), @@ -110,7 +108,6 @@ export DOCKER_CONFIG="$FINCH_DIR" FINCH_DIR=/finch/dir AWS_DIR=/home/dir/.aws export DOCKER_CONFIG="$FINCH_DIR" -[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/ [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws) [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes)) }, @@ -140,6 +137,82 @@ export DOCKER_CONFIG="$FINCH_DIR" }, ), }, + { + name: "put docker-credential-ecr-login in path", + cfg: &Finch{ + SystemSettings: SystemSettings{ + SharedSystemSettings: SharedSystemSettings{ + VMType: pointer.String("vz"), + }, + }, + SharedSettings: SharedSettings{ + CredsHelpers: []string{"ecr-login"}, + }, + }, + finchDir: "/finch/dir", + homeDir: "/home/dir", + limaVMHomeDir: "/home/mock_user.linux", + mockSvc: func(t *testing.T, fs afero.Fs) { + require.NoError(t, afero.WriteFile(fs, "/home/mock_user.linux/.bashrc", []byte(""), 0o644)) + }, + postRunCheck: func(t *testing.T, fs afero.Fs) { + fileBytes, err := afero.ReadFile(fs, "/home/mock_user.linux/.bashrc") + require.NoError(t, err) + assert.Equal(t, string( + "\nFINCH_DIR=/finch/dir\n"+ + "AWS_DIR=/home/dir/.aws\n"+ + "export DOCKER_CONFIG=\"$FINCH_DIR\"\n"+ + "[ -L /root/.aws ] || sudo ln -fs \"$AWS_DIR\" /root/.aws\n"+ + "([ -e \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login ] \n"+ + "|| (echo \"error: docker-credential-ecr-login not found in $FINCH_DIR/cred-helpers directory.\")) && \n"+ + "([ -L /usr/local/bin/docker-credential-ecr-login ] "+ + "|| sudo ln -s \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login /usr/local/bin)\n"+ + "[ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch"), + string(fileBytes), + ) + }, + want: nil, + }, + { + name: "put docker-credential-ecr-login and secretservice in path", + cfg: &Finch{ + SystemSettings: SystemSettings{ + SharedSystemSettings: SharedSystemSettings{ + VMType: pointer.String("vz"), + }, + }, + SharedSettings: SharedSettings{ + CredsHelpers: []string{"ecr-login", "secretservice"}, + }, + }, + finchDir: "/finch/dir", + homeDir: "/home/dir", + limaVMHomeDir: "/home/mock_user.linux", + mockSvc: func(t *testing.T, fs afero.Fs) { + require.NoError(t, afero.WriteFile(fs, "/home/mock_user.linux/.bashrc", []byte(""), 0o644)) + }, + postRunCheck: func(t *testing.T, fs afero.Fs) { + fileBytes, err := afero.ReadFile(fs, "/home/mock_user.linux/.bashrc") + require.NoError(t, err) + assert.Equal(t, string( + "\nFINCH_DIR=/finch/dir\n"+ + "AWS_DIR=/home/dir/.aws\n"+ + "export DOCKER_CONFIG=\"$FINCH_DIR\"\n"+ + "[ -L /root/.aws ] || sudo ln -fs \"$AWS_DIR\" /root/.aws\n"+ + "([ -e \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login ] \n"+ + "|| (echo \"error: docker-credential-ecr-login not found in $FINCH_DIR/cred-helpers directory.\")) && \n"+ + "([ -L /usr/local/bin/docker-credential-ecr-login ] "+ + "|| sudo ln -s \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login /usr/local/bin)\n"+ + "([ -e \"$FINCH_DIR\"/cred-helpers/docker-credential-secretservice ] \n"+ + "|| (echo \"error: docker-credential-secretservice not found in $FINCH_DIR/cred-helpers directory.\")) && \n"+ + "([ -L /usr/local/bin/docker-credential-secretservice ] "+ + "|| sudo ln -s \"$FINCH_DIR\"/cred-helpers/docker-credential-secretservice /usr/local/bin)\n"+ + "[ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch"), + string(fileBytes), + ) + }, + want: nil, + }, } for _, tc := range testCases {