8000 feature: Privilege providers by martintc · Pull Request #479 · comtrya/comtrya · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feature: Privilege providers #479

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Oct 4, 2024
Merged

feature: Privilege providers #479

merged 15 commits into from
Oct 4, 2024

Conversation

martintc
Copy link
Member

I'm submitting a

  • bug fix
  • feature
  • documentation addition

What is the current behaviour?

Comtrya also utilizes sudo for privilege escalation.

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

What is the expected behavior?

Add the ability to specify a provider for privilege escalation with the initial offering of using doas as a privilege provider.

What is the motivation / use case for changing the behavior?

Issue #429

Please tell us about your environment:

Version (comtrya --version): 0.8.9
Operating system: macOS 15.0

@martintc
Copy link
Member Author
martintc commented Sep 27, 2024
edited
Loading

This is a pretty early rough draft, it still needs clean up. I am placing a draft here for anyone who wishes to test this and have input while I still clean up and play with the code.

To use this, you will need a Comtrya.yaml file with your manifests.

The Comtrya.yaml file will need this in there, in order to use doas.

privilege: doas

If you want to specify using sudo:

privilege: sudo

However, sudo is default. So if none is specified, comtrya will use sudo.

Another note that I need help testing. I had some issues with getting the password prompt for doas and was only able to get it work, configuring nopass for my user in doas. I would like a verification of that. Possibly also some input from doas users to know if this is fine. I see often that people configure their user for nopass in the doas.conf file.

Test also need to be adjusted. I will get to that also.

For my testing when developing:

~/Testing/manifests/ tree
.
├── Comtrya.yaml
└── command.yaml

Comtrya.yaml

privilege: doas

variables:
  test: "one"

command.yaml

where: variables.test == "one"

actions:
  - action: command.run
    command: echo
    args:
      - Starting test.....
  - action: command.run
    command: echo
    privileged: true
    args:
      - {{ variables.test }}
  - action: command.run
    command: echo
    args:
      - Ending test....

From within my ~/Testing/manifests/

comtrya apply

@martintc
Copy link
Member Author

@yonas Here is a branch with a draft PR if you would like to test this. If you need more instructions, let me know. There are some above this comment.

@yonas
Copy link
Contributor
yonas commented Sep 27, 2024

@martintc Thanks, this worked for me.

Another note that I need help testing. I had some issues with getting the password prompt for doas and was only able to get it work,

I can't reproduce this. I get a password prompt without nopass, and no password prompt when it's present.

@yonas
Copy link
Contributor
yonas commented Sep 27, 2024
edited
Loading

My only suggestion is to add some auto-detect logic so that non-default options like doas are used if the default sudo isn't installed.

This could be overridden by adding the privilege context to Comtrya.yaml

@martintc
Copy link
Member Author

@martintc Thanks, this worked for me.

Another note that I need help testing. I had some issues with getting the password prompt for doas and was only able to get it work,

I can't reproduce this. I get a password prompt without nopass, and no password prompt when it's present.

It could just be my system and having compiled opendoas for it to work on macOS, haha. I'd try it on my BSD machine, but I am currently out of town, so no access to it.

@martintc
Copy link
Member Author

Update for those watching. What else is lefts:

  1. Adding in the code for privilege providers to package actions.
  2. Fix tests on other platforms, this is fairly easy and straight forward.

@codecov-commenter
Copy link
codecov-commenter commented Oct 3, 2024
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 31.65468% with 95 lines in your changes missing coverage. Please review.

Project coverage is 26.84%. Comparing base (b574682) to head (da8e178).
Report is 55 commits behind head on main.

Files with missing lines Patch % Lines
lib/src/actions/package/providers/bsdpkg.rs 0.00% 9 Missing ⚠️
lib/src/actions/user/providers/freebsd.rs 0.00% 7 Missing ⚠️
lib/src/actions/user/providers/macos.rs 0.00% 7 Missing ⚠️
lib/src/actions/package/providers/aptitude.rs 45.45% 6 Missing ⚠️
lib/src/actions/package/providers/dnf.rs 45.45% 6 Missing ⚠️
lib/src/actions/package/providers/pkgin.rs 0.00% 6 Missing ⚠️
lib/src/actions/package/install.rs 0.00% 5 Missing ⚠️
lib/src/actions/package/providers/macports.rs 0.00% 5 Missing ⚠️
lib/src/actions/package/providers/xbps.rs 0.00% 5 Missing ⚠️
lib/src/actions/package/providers/yay.rs 0.00% 5 Missing ⚠️
... and 14 more

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #479      +/-   ##
==========================================
- Coverage   28.59%   26.84%   -1.75%     
==========================================
  Files          85       85              
  Lines        2301     2395      +94     
==========================================
- Hits          658      643      -15     
- Misses       1643     1752     +109

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@martintc martintc marked this pull request as ready for review October 3, 2024 00:41
@martintc
Copy link
Member Author
martintc commented Oct 3, 2024

I think I've got everything buttoned up and ready to pull this in. I will leave the PR for a couple of days for testing and if anyone wishes to review. If no comments or feedback, I intend to pull this in and work on adding run0 and extra testing followed by documentation. The plan from there would be a v0.9.0 release if all goes well.

I have a feeling there is a future refactor hiding here, but I think that is a future me problem.

@martintc martintc merged commit ad44946 into comtrya:main Oct 4, 2024
6 checks passed
@martintc martintc mentioned this pull request Oct 4, 2024
Merged
3 tasks
@martintc martintc deleted the privilege-provider branch October 10, 2024 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@martintc @yonas @codecov-commenter
0