airship
/
airship-in-a-bottle
Code Issues Proposed changes
airship-in-a-bottle/tools/multi_nodes_gate/airship_gate/lib/bootaction-runner.sh

135 lines
3.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Copyright 2019 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###############################################################################
# Helper functions
###############################################################################
# Key/value lookups from manifests
manifests_lookup(){
local file="$1"
local schema="$2"
local mdata_name="$3"
local key_path="$4"
local oper="$5"
local allow_fail="$6"
FAIL=false
RESULT=`python3 -c "
import yaml,sys
y = yaml.load_all(open('$file'))
for x in y:
if x.get('schema') == '$schema':
if x['metadata']['name'] == '$mdata_name':
if isinstance(x$key_path,list):
if '$oper' == 'get_size':
print(len(x$key_path))
break
else:
for i in x$key_path:
print(i)
break
else:
if '$oper' == 'dict_keys':
print(' '.join(x$key_path.keys()))
break
else:
print(x$key_path)
break
else:
sys.exit(1)" 2>&1` || FAIL=true
if [[ $FAIL = true ]] && [[ $allow_fail != true ]]; then
echo "Lookup failed for schema '$schema', metadata.name '$mdata_name', key path '$key_path'"
exit 1
fi
}
install_file(){
local path="$1"
local content="$2"
local permissions="$3"
local dirname=$(dirname "$path")
if [[ ! -d $dirname ]]; then
mkdir -p "$dirname"
fi
if [[ ! -f $path ]] || [ "$(cat "$path")" != "$content" ]; then
echo "$content" > "$path"
chmod "$permissions" "$path"
FILE_UPDATED=true
else
FILE_UPDATED=false
fi
}
###############################################################################
# Script inputs and validations
###############################################################################
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as sudo/root"
exit 1
fi
if ([[ -z $1 ]] && [[ -z $RENDERED ]]) || [[ $1 =~ .*[hH][eE][lL][pP].* ]]; then
echo "Missing required script argument"
echo "Usage: ./$(basename $BASH_SOURCE) /path/to/rendered/site/manifest.yaml"
exit 1
fi
if [[ -n $1 ]]; then
rendered_file="$1"
else
rendered_file="$RENDERED"
fi
if [[ ! -f $rendered_file ]]; then
echo "Specified rendered manifests file '$rendered_file' does not exist"
exit 1
fi
echo "Using rendered manifests file '$rendered_file'"
# env vars which can be set if you want to disable
: ${DISABLE_SECCOMP_PROFILE:=}
###############################################################################
# bootaction: seccomp-profiles
###############################################################################
if [[ ! $DISABLE_SECCOMP_PROFILE ]]; then
# Fetch seccomp profile data
manifests_lookup "$rendered_file" "drydock/BootAction/v1" \
"seccomp-profiles" "['data']['assets'][0]['path']"
path="$RESULT"
echo "seccomp profiles asset[0] path located: '$path'"
manifests_lookup "$rendered_file" "drydock/BootAction/v1" \
"seccomp-profiles" "['data']['assets'][0]['permissions']"
permissions="$RESULT"
echo "seccomp profiles asset[0] permissions located: '$permissions'"
manifests_lookup "$rendered_file" "drydock/BootAction/v1" \
"seccomp-profiles" "['data']['assets'][0]['data']"
content="$RESULT"
echo "seccomp profiles assets[0] data located: '$content'"
# seccomp_default
install_file "$path" "$content" "$permissions"
fi
View Git Blame Copy Permalink