Enable unprivileged retrieve of file listing and content.
This commit is contained in:
Maximilian Paß
@@ -104,7 +104,7 @@ func (w *AWSFunctionWorkload) ExecuteInteractively(id string, _ io.ReadWriter, s
|
||||
// ListFileSystem is currently not supported with this aws serverless function.
|
||||
// This is because the function execution ends with the termination of the workload code.
|
||||
// So an on-demand file system listing after the termination is not possible. Also, we do not want to copy all files.
|
||||
func (w *AWSFunctionWorkload) ListFileSystem(_ string, _ bool, _ io.Writer, _ context.Context) error {
|
||||
func (w *AWSFunctionWorkload) ListFileSystem(_ string, _ bool, _ io.Writer, _ bool, _ context.Context) error {
|
||||
return dto.ErrNotSupported
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@ func (w *AWSFunctionWorkload) UpdateFileSystem(request *dto.UpdateFileSystemRequ
|
||||
// GetFileContent is currently not supported with this aws serverless function.
|
||||
// This is because the function execution ends with the termination of the workload code.
|
||||
// So an on-demand file streaming after the termination is not possible. Also, we do not want to copy all files.
|
||||
func (w *AWSFunctionWorkload) GetFileContent(_ string, _ io.Writer, _ context.Context) error {
|
||||
func (w *AWSFunctionWorkload) GetFileContent(_ string, _ io.Writer, _ bool, _ context.Context) error {
|
||||
return dto.ErrNotSupported
|
||||
}
|
||||
|
||||
|
||||
@@ -118,7 +118,8 @@ func (r *NomadJob) ExecuteInteractively(
|
||||
return exit, cancel, nil
|
||||
}
|
||||
|
||||
func (r *NomadJob) ListFileSystem(path string, recursive bool, content io.Writer, ctx context.Context) error {
|
||||
func (r *NomadJob) ListFileSystem(
|
||||
path string, recursive bool, content io.Writer, privilegedExecution bool, ctx context.Context) error {
|
||||
r.ResetTimeout()
|
||||
command := "ls -l --time-style=+%s -1 --literal"
|
||||
if recursive {
|
||||
@@ -128,7 +129,8 @@ func (r *NomadJob) ListFileSystem(path string, recursive bool, content io.Writer
|
||||
ls2json := &nullio.Ls2JsonWriter{Target: content}
|
||||
defer ls2json.Close()
|
||||
retrieveCommand := (&dto.ExecutionRequest{Command: fmt.Sprintf("%s %q", command, path)}).FullCommand()
|
||||
exitCode, err := r.api.ExecuteCommand(r.id, ctx, retrieveCommand, false, &nullio.Reader{}, ls2json, io.Discard)
|
||||
exitCode, err := r.api.ExecuteCommand(r.id, ctx, retrieveCommand, false, privilegedExecution,
|
||||
&nullio.Reader{}, ls2json, io.Discard)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%w: nomad error during retrieve file headers: %v",
|
||||
nomad.ErrorExecutorCommunicationFailed, err)
|
||||
@@ -172,12 +174,13 @@ func (r *NomadJob) UpdateFileSystem(copyRequest *dto.UpdateFileSystemRequest) er
|
||||
return nil
|
||||
}
|
||||
|
||||
func (r *NomadJob) GetFileContent(path string, content io.Writer, ctx context.Context) error {
|
||||
func (r *NomadJob) GetFileContent(path string, content io.Writer, privilegedExecution bool, ctx context.Context) error {
|
||||
r.ResetTimeout()
|
||||
|
||||
retrieveCommand := (&dto.ExecutionRequest{Command: fmt.Sprintf("cat %q", path)}).FullCommand()
|
||||
// Improve: Instead of using io.Discard use a **fixed-sized** buffer. With that we could improve the error message.
|
||||
exitCode, err := r.api.ExecuteCommand(r.id, ctx, retrieveCommand, false, &nullio.Reader{}, content, io.Discard)
|
||||
exitCode, err := r.api.ExecuteCommand(r.id, ctx, retrieveCommand, false, privilegedExecution,
|
||||
&nullio.Reader{}, content, io.Discard)
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("%w: nomad error during retrieve file content copy: %v",
|
||||
|
||||
@@ -403,6 +403,6 @@ func NewRunner(id string, manager Accessor) Runner {
|
||||
func (s *UpdateFileSystemTestSuite) TestGetFileContentReturnsErrorIfExitCodeIsNotZero() {
|
||||
s.mockedExecuteCommandCall.RunFn = nil
|
||||
s.mockedExecuteCommandCall.Return(1, nil)
|
||||
err := s.runner.GetFileContent("", &bytes.Buffer{}, context.Background())
|
||||
err := s.runner.GetFileContent("", &bytes.Buffer{}, false, context.Background())
|
||||
s.ErrorIs(err, ErrFileNotFound)
|
||||
}
|
||||
|
||||
@@ -46,7 +46,7 @@ type Runner interface {
|
||||
|
||||
// ListFileSystem streams the listing of the file system of the requested directory into the Writer provided.
|
||||
// The result is streamed via the io.Writer in order to not overload the memory with user input.
|
||||
ListFileSystem(path string, recursive bool, result io.Writer, ctx context.Context) error
|
||||
ListFileSystem(path string, recursive bool, result io.Writer, privilegedExecution bool, ctx context.Context) error
|
||||
|
||||
// UpdateFileSystem processes a dto.UpdateFileSystemRequest by first deleting each given dto.FilePath recursively
|
||||
// and then copying each given dto.File to the runner.
|
||||
@@ -54,7 +54,7 @@ type Runner interface {
|
||||
|
||||
// GetFileContent streams the file content at the requested path into the Writer provided at content.
|
||||
// The result is streamed via the io.Writer in order to not overload the memory with user input.
|
||||
GetFileContent(path string, content io.Writer, ctx context.Context) error
|
||||
GetFileContent(path string, content io.Writer, privilegedExecution bool, ctx context.Context) error
|
||||
|
||||
// Destroy destroys the Runner in Nomad.
|
||||
Destroy() error
|
||||
|
||||
@@ -92,13 +92,13 @@ func (_m *RunnerMock) ExecutionExists(id string) bool {
|
||||
return r0
|
||||
}
|
||||
|
||||
// GetFileContent provides a mock function with given fields: path, content, ctx
|
||||
func (_m *RunnerMock) GetFileContent(path string, content io.Writer, ctx context.Context) error {
|
||||
ret := _m.Called(path, content, ctx)
|
||||
// GetFileContent provides a mock function with given fields: path, content, privilegedExecution, ctx
|
||||
func (_m *RunnerMock) GetFileContent(path string, content io.Writer, privilegedExecution bool, ctx context.Context) error {
|
||||
ret := _m.Called(path, content, privilegedExecution, ctx)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(string, io.Writer, context.Context) error); ok {
|
||||
r0 = rf(path, content, ctx)
|
||||
if rf, ok := ret.Get(0).(func(string, io.Writer, bool, context.Context) error); ok {
|
||||
r0 = rf(path, content, privilegedExecution, ctx)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
@@ -120,13 +120,13 @@ func (_m *RunnerMock) ID() string {
|
||||
return r0
|
||||
}
|
||||
|
||||
// ListFileSystem provides a mock function with given fields: path, recursive, result, ctx
|
||||
func (_m *RunnerMock) ListFileSystem(path string, recursive bool, result io.Writer, ctx context.Context) error {
|
||||
ret := _m.Called(path, recursive, result, ctx)
|
||||
// ListFileSystem provides a mock function with given fields: path, recursive, result, privilegedExecution, ctx
|
||||
func (_m *RunnerMock) ListFileSystem(path string, recursive bool, result io.Writer, privilegedExecution bool, ctx context.Context) error {
|
||||
ret := _m.Called(path, recursive, result, privilegedExecution, ctx)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(string, bool, io.Writer, context.Context) error); ok {
|
||||
r0 = rf(path, recursive, result, ctx)
|
||||
if rf, ok := ret.Get(0).(func(string, bool, io.Writer, bool, context.Context) error); ok {
|
||||
r0 = rf(path, recursive, result, privilegedExecution, ctx)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user