Skip to content

Commit 0c52c07

Browse files
committed
chore: added no logging option for remote commands on compute
previously the remote command on compute would write on std the command being executed remotely, under some circustances we want to prevent this to happen, as example when getting sensitive information from remote as the kubeconfig. Fix #504 Signed-off-by: Adrian Riobo <ariobolo@redhat.com>
1 parent 203bc54 commit 0c52c07

3 files changed

Lines changed: 32 additions & 10 deletions

File tree

pkg/provider/aws/action/kind/kind.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -278,14 +278,19 @@ func kubeconfig(ctx *pulumi.Context,
278278
// the resulting kubeconfig file can be used to access the cluster
279279

280280
// Check cluster is ready
281-
kindReadyCmd, err := c.RunCommand(ctx, command.CommandCloudInitWait, fmt.Sprintf("%s-kind-readiness", *prefix), awsKindID,
281+
kindReadyCmd, err := c.RunCommand(ctx,
282+
command.CommandCloudInitWait,
283+
compute.LoggingCmdStd,
284+
fmt.Sprintf("%s-kind-readiness", *prefix), awsKindID,
282285
mk, amiUserDefault, nil, nil)
283286
if err != nil {
284287
return pulumi.StringOutput{}, err
285288
}
286289
// Get content for /opt/kubeconfig
287290
getKCCmd := ("cat /home/fedora/kubeconfig")
288-
getKC, err := c.RunCommand(ctx, getKCCmd,
291+
getKC, err := c.RunCommand(ctx,
292+
getKCCmd,
293+
compute.NoLoggingCmdStd,
289294
fmt.Sprintf("%s-kubeconfig", *prefix), awsKindID, mk, amiUserDefault,
290295
nil, []pulumi.Resource{kindReadyCmd})
291296
if err != nil {

pkg/provider/aws/action/openshift-snc/openshift-snc.go

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -389,21 +389,29 @@ func kubeconfig(ctx *pulumi.Context,
389389
// the resulting kubeconfig file can be used to access the cluster
390390

391391
// Check cluster is ready
392-
ocpReadyCmd, err := c.RunCommand(ctx, commandReadiness, fmt.Sprintf("%s-ocp-readiness", *prefix), awsOCPSNCID,
392+
ocpReadyCmd, err := c.RunCommand(ctx,
393+
commandReadiness,
394+
compute.LoggingCmdStd,
395+
fmt.Sprintf("%s-ocp-readiness", *prefix), awsOCPSNCID,
393396
mk, amiUserDefault, nil, nil)
394397
if err != nil {
395398
return pulumi.StringOutput{}, err
396399
}
397400
// Check ocp-cluster-ca.service succeeds
398-
ocpCaRotatedCmd, err := c.RunCommand(ctx, commandCaServiceRan, fmt.Sprintf("%s-ocp-ca-rotated", *prefix), awsOCPSNCID,
401+
ocpCaRotatedCmd, err := c.RunCommand(ctx,
402+
commandCaServiceRan,
403+
compute.LoggingCmdStd,
404+
fmt.Sprintf("%s-ocp-ca-rotated", *prefix), awsOCPSNCID,
399405
mk, amiUserDefault, nil, []pulumi.Resource{ocpReadyCmd})
400406
if err != nil {
401407
return pulumi.StringOutput{}, err
402408
}
403409

404410
// Get content for /opt/kubeconfig
405411
getKCCmd := ("cat /opt/kubeconfig")
406-
getKC, err := c.RunCommand(ctx, getKCCmd,
412+
getKC, err := c.RunCommand(ctx,
413+
getKCCmd,
414+
compute.NoLoggingCmdStd,
407415
fmt.Sprintf("%s-kubeconfig", *prefix), awsOCPSNCID, mk, amiUserDefault,
408416
nil, []pulumi.Resource{ocpCaRotatedCmd})
409417
if err != nil {

pkg/provider/aws/modules/ec2/compute/compute.go

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,9 @@ const (
2626
// Delay health check due to baremetal + userdata otherwise it will kill hosts consntantly
2727
// Probably move this to compute asset as each can have different value depending on userdata
2828
defaultHealthCheckGracePeriod int = 1200
29+
30+
LoggingCmdStd = true
31+
NoLoggingCmdStd = false
2932
)
3033

3134
type ComputeRequest struct {
@@ -245,17 +248,23 @@ func (compute *Compute) Readiness(ctx *pulumi.Context,
245248
// Check if compute is healthy based on running a remote cmd
246249
func (compute *Compute) RunCommand(ctx *pulumi.Context,
247250
cmd string,
251+
loggingCmdStd bool,
248252
prefix, id string,
249253
mk *tls.PrivateKey, username string,
250254
b *bastion.Bastion,
251255
dependecies []pulumi.Resource) (*remote.Command, error) {
256+
ca := &remote.CommandArgs{
257+
Connection: remoteCommandArgs(compute, mk, username, b),
258+
Create: pulumi.String(cmd),
259+
Update: pulumi.String(cmd),
260+
}
261+
if !loggingCmdStd {
262+
ca.Logging = remote.LoggingNone
263+
}
252264
return remote.NewCommand(ctx,
253265
resourcesUtil.GetResourceName(prefix, id, "cmd"),
254-
&remote.CommandArgs{
255-
Connection: remoteCommandArgs(compute, mk, username, b),
256-
Create: pulumi.String(cmd),
257-
Update: pulumi.String(cmd),
258-
}, pulumi.Timeouts(
266+
ca,
267+
pulumi.Timeouts(
259268
&pulumi.CustomTimeouts{
260269
Create: command.RemoteTimeout,
261270
Update: command.RemoteTimeout}),

0 commit comments

Comments
 (0)