blob: 9657303563c996d37c11acad7b0401cb82ccae8e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
package config
import (
"gerrit.wikimedia.org/r/blubber/build"
)
// RunsConfig holds configuration fields related to the application's
// runtime environment.
//
type RunsConfig struct {
UserConfig `yaml:",inline"`
Insecurely Flag `yaml:"insecurely"` // runs user owns application files
Environment map[string]string `yaml:"environment" validate:"envvars"` // environment variables
}
// Merge takes another RunsConfig and overwrites this struct's fields. All
// fields except Environment are overwritten if set. The latter is an additive
// merge.
//
func (run *RunsConfig) Merge(run2 RunsConfig) {
run.UserConfig.Merge(run2.UserConfig)
run.Insecurely.Merge(run2.Insecurely)
if run.Environment == nil {
run.Environment = make(map[string]string)
}
for name, value := range run2.Environment {
run.Environment[name] = value
}
}
// InstructionsForPhase injects build instructions related to the runtime
// configuration.
//
// PhasePrivileged
//
// Creates LocalLibPrefix directory and unprivileged user home directory,
// creates the unprivileged user and its group, and sets up directory
// permissions.
//
// PhasePrivilegeDropped
//
// Injects build.Env instructions for all names/values defined by
// RunsConfig.Environment.
//
func (run RunsConfig) InstructionsForPhase(phase build.Phase) []build.Instruction {
switch phase {
case build.PhasePrivileged:
return []build.Instruction{build.RunAll{
build.CreateUser(run.As, run.UID, run.GID),
}}
case build.PhasePrivilegeDropped:
if len(run.Environment) > 0 {
return []build.Instruction{
build.Env{run.Environment},
}
}
}
return []build.Instruction{}
}
|
