azure-init: Accept providing user groups via the CLI

jeremycline · jeremycline · commit 24a7e9f40311 · 2024-07-19T20:55:21.000Z
Debian uses "sudo" as the group for having do-anything sudo permissions, where-as Fedora uses "wheel". Otherwise the same binary works fine for both. I don't see an advantage to baking the groups into the binary, so this is a take on runtime configuration. Accept a list of supplementary groups to use when provisioning the user so the same binary can be used for both. Values can be provided using the "-g" or "--groups" argument, or by setting the "AZURE_INIT_USER_GROUPS" environment variable. If no groups are provided, the default remains "wheel". I found this helpful when testing Azure#105. We could expand this to allow more runtime tweaks to, for example, the backend in use if folks like this.
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,6 +14,8 @@ anyhow = "1.0.81"
 tokio = { version = "1", features = ["full"] }
 tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 tracing = "0.1.40"
+# We work fine with any version of 4, but 4.5 bumped MSRV to 1.74
+clap = { version = "<=4.4", features = ["derive", "cargo", "env"] }
 
 [dependencies.libazureinit]
 path = "libazureinit"
diff --git a/src/main.rs b/src/main.rs
@@ -4,6 +4,7 @@
 use std::process::ExitCode;
 
 use anyhow::Context;
+use clap::Parser;
 use libazureinit::imds::InstanceMetadata;
 use libazureinit::User;
 use libazureinit::{
@@ -20,6 +21,24 @@ use tracing_subscriber::EnvFilter;
 
 const VERSION: &str = env!("CARGO_PKG_VERSION");
 
+/// Minimal provisioning agent for Azure
+///
+/// Create a user, add SSH public keys, and set the hostname.
+#[derive(Parser, Debug)]
+struct Cli {
+    /// List of supplementary groups of the provisioned user account.
+    ///
+    /// Values can be comma-separated and the argument can be provided multiple times.
+    #[arg(
+        long,
+        short,
+        env = "AZURE_INIT_USER_GROUPS",
+        value_delimiter = ',',
+        default_value = "wheel"
+    )]
+    groups: Vec<String>,
+}
+
 #[instrument]
 fn get_environment() -> Result<Environment, anyhow::Error> {
     let ovf_devices = get_mount_device(None)?;
@@ -96,6 +115,8 @@ async fn main() -> ExitCode {
 
 #[instrument]
 async fn provision() -> Result<(), anyhow::Error> {
+    let opts = Cli::parse();
+
     let mut default_headers = header::HeaderMap::new();
     let user_agent = header::HeaderValue::from_str(
         format!("azure-init v{VERSION}").as_str(),
@@ -124,7 +145,8 @@ async fn provision() -> Result<(), anyhow::Error> {
         .clone()
         .ok_or::<LibError>(LibError::InstanceMetadataFailure)?;
 
-    let user = User::new(username, im.compute.public_keys);
+    let user =
+        User::new(username, im.compute.public_keys).with_groups(opts.groups);
 
     Provision::new(im.compute.os_profile.computer_name, user)
         .hostname_provisioners([
