From cffb77e9dbb14db23ed11c24c68579bd75891f9d Mon Sep 17 00:00:00 2001
From: Dan Duvall <dduvall@wikimedia.org>
Date: Fri, 9 Mar 2018 14:33:13 -0800
Subject: Provide a `runs.insecurely` to be used with test variants

Summary:
Use cases involving running of test suites and doc generation require
more liberal ownership and read/write permission to application files.
When `runs.insecurely` is set to `true`, the effective runtime user will
be `lives.as`, the same user that owns the application files and
installed dependencies.

D999 is a complement to this change to allow restrictions on this and
other potentially sensitive configuration.

Depends on D999, D1002

Test Plan: Run `go test ./...`.

Reviewers: thcipriani, mmodell, hashar, #release-engineering-team, demon

Reviewed By: thcipriani, #release-engineering-team

Tags: #release-engineering-team

Differential Revision: https://phabricator.wikimedia.org/D1003
---
 blubber.example.yaml   |  2 ++
 config/runs.go         |  2 ++
 config/runs_test.go    |  2 ++
 config/variant.go      |  8 ++++++--
 config/variant_test.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/blubber.example.yaml b/blubber.example.yaml
index 5dc7233..e47eefb 100644
--- a/blubber.example.yaml
+++ b/blubber.example.yaml
@@ -28,6 +28,8 @@ variants:
       packages: [chromium]
     python:
       requirements: [requirements.txt, test-requirements.txt, docs/requirements.txt]
+    runs:
+      insecurely: true
     entrypoint: [npm, test]
 
   prep:
diff --git a/config/runs.go b/config/runs.go
index a4147e5..361ac78 100644
--- a/config/runs.go
+++ b/config/runs.go
@@ -9,6 +9,7 @@ import (
 //
 type RunsConfig struct {
 	UserConfig  `yaml:",inline"`
+	Insecurely  Flag              `yaml:"insecurely"`                     // runs user owns application files
 	Environment map[string]string `yaml:"environment" validate:"envvars"` // environment variables
 }
 
@@ -18,6 +19,7 @@ type RunsConfig struct {
 //
 func (run *RunsConfig) Merge(run2 RunsConfig) {
 	run.UserConfig.Merge(run2.UserConfig)
+	run.Insecurely.Merge(run2.Insecurely)
 
 	if run.Environment == nil {
 		run.Environment = make(map[string]string)
diff --git a/config/runs_test.go b/config/runs_test.go
index 4d46eb4..18d3726 100644
--- a/config/runs_test.go
+++ b/config/runs_test.go
@@ -14,6 +14,7 @@ func TestRunsConfig(t *testing.T) {
     base: foo
     runs:
       as: someuser
+      insecurely: true
       uid: 666
       gid: 777
       environment: { FOO: bar }
@@ -27,6 +28,7 @@ func TestRunsConfig(t *testing.T) {
 	assert.Nil(t, err)
 
 	assert.Equal(t, "someuser", variant.Runs.As)
+	assert.Equal(t, true, variant.Runs.Insecurely.True)
 	assert.Equal(t, uint(666), variant.Runs.UID)
 	assert.Equal(t, uint(777), variant.Runs.GID)
 	assert.Equal(t, map[string]string{"FOO": "bar"}, variant.Runs.Environment)
diff --git a/config/variant.go b/config/variant.go
index 85bb1a0..3737e22 100644
--- a/config/variant.go
+++ b/config/variant.go
@@ -61,8 +61,12 @@ func (vc *VariantConfig) InstructionsForPhase(phase build.Phase) []build.Instruc
 		}
 
 	case build.PhasePostInstall:
-		switchUser = vc.Runs.As
-		uid, gid = vc.Runs.UID, vc.Runs.GID
+		if vc.Runs.Insecurely.True {
+			uid, gid = vc.Lives.UID, vc.Lives.GID
+		} else {
+			switchUser = vc.Runs.As
+			uid, gid = vc.Runs.UID, vc.Runs.GID
+		}
 
 		if len(vc.EntryPoint) > 0 {
 			instructions = append(instructions, build.EntryPoint{vc.EntryPoint})
diff --git a/config/variant_test.go b/config/variant_test.go
index 6a1f615..a2f52c9 100644
--- a/config/variant_test.go
+++ b/config/variant_test.go
@@ -154,6 +154,60 @@ func TestVariantConfigInstructions(t *testing.T) {
 				cfg.InstructionsForPhase(build.PhasePostInstall),
 			)
 		})
+
+		t.Run("without Runs.Insecurely", func(t *testing.T) {
+			cfg := config.VariantConfig{
+				CommonConfig: config.CommonConfig{
+					Lives: config.LivesConfig{
+						UserConfig: config.UserConfig{
+							As: "foouser",
+						},
+					},
+					Runs: config.RunsConfig{
+						Insecurely: config.Flag{True: false},
+						UserConfig: config.UserConfig{
+							As: "baruser",
+						},
+					},
+					EntryPoint: []string{"/foo", "bar"},
+				},
+			}
+
+			assert.Equal(t,
+				[]build.Instruction{
+					build.User{"baruser"},
+					build.Env{map[string]string{"HOME": "/home/baruser"}},
+					build.EntryPoint{[]string{"/foo", "bar"}},
+				},
+				cfg.InstructionsForPhase(build.PhasePostInstall),
+			)
+		})
+
+		t.Run("with Runs.Insecurely", func(t *testing.T) {
+			cfg := config.VariantConfig{
+				CommonConfig: config.CommonConfig{
+					Lives: config.LivesConfig{
+						UserConfig: config.UserConfig{
+							As: "foouser",
+						},
+					},
+					Runs: config.RunsConfig{
+						Insecurely: config.Flag{True: true},
+						UserConfig: config.UserConfig{
+							As: "baruser",
+						},
+					},
+					EntryPoint: []string{"/foo", "bar"},
+				},
+			}
+
+			assert.Equal(t,
+				[]build.Instruction{
+					build.EntryPoint{[]string{"/foo", "bar"}},
+				},
+				cfg.InstructionsForPhase(build.PhasePostInstall),
+			)
+		})
 	})
 }
 
-- 
cgit v1.2.1