From c7e9f09574e04a29c00f93b99c3d2445db27602e Mon Sep 17 00:00:00 2001
From: Jacob Floyd <cognifloyd@gmail.com>
Date: Thu, 11 Apr 2024 19:38:10 -0500
Subject: [PATCH 1/3] Use rsync to copy pack contents

---
 CHANGELOG.md           |  1 +
 templates/_helpers.tpl | 30 ++++++++++++++++++++++--------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e9d3a215..459676bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 * Stop generating the DataStore Secret (#385) and checksum labels (#391) when existing secret provided or disabled (by @bmarick)
 * Stop generating the checksum labels for Auth Secret (#392) when existing secret provided or disabled (by @bmarick)
 * Use `image.pullPolicy` for all containers including init containers that use `image.utilityImage`. (#397) (by @jk464)
+* Use `rsync` to copy pack contents when available, falling back to `cp`. (#414) (by @cognifloyd)
 
 ## v1.0.0
 * Bump to latest CircleCI orb versions (kubernetes@1.3.1 and helm@3.0.0 by @ZoeLeah)
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 964618d7..ef8b4dd9 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -343,9 +343,14 @@ Merge packs and virtualenvs from st2 with those from st2packs images
   command:
     - 'sh'
     - '-ec'
-    - |
-      /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-      /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared
+    - >
+      if command rsync; then
+        rsync -a /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        rsync -a /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
+      else
+        /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
+      fi
   {{- with .securityContext | default $.Values.st2actionrunner.securityContext | default $.Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}
   securityContext: {{- toYaml . | nindent 8 }}
@@ -365,9 +370,14 @@ Merge packs and virtualenvs from st2 with those from st2packs images
   command:
     - 'sh'
     - '-ec'
-    - |
-      /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-      /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared
+    - >
+      if command rsync; then
+        rsync -a /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        rsync -a /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
+      else
+        /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared
+      fi
   {{- with .Values.st2actionrunner.securityContext | default .Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}
   securityContext: {{- toYaml . | nindent 8 }}
@@ -386,8 +396,12 @@ Merge packs and virtualenvs from st2 with those from st2packs images
   command:
     - 'sh'
     - '-ec'
-    - |
-      /bin/cp -aR /opt/stackstorm/configs/. /opt/stackstorm/configs-shared
+    - >
+      if command rsync; then
+        rsync -a /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
+      else
+        /bin/cp -aR /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
+      fi
   {{- with .Values.st2actionrunner.securityContext | default .Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}
   securityContext: {{- toYaml . | nindent 8 }}

From c87f49fa6f2729d9401d99aa26d59238c8fe2e2d Mon Sep 17 00:00:00 2001
From: Jacob Floyd <cognifloyd@gmail.com>
Date: Thu, 9 May 2024 16:39:24 -0500
Subject: [PATCH 2/3] Don't preserve ownership when copying pack contents
 (#418)

This change aims to preserve file attributes when copying via rsync or
cp, without ownership to enable environments where containers are ran
without root privileges.

Co-authored-by: Daniel Porter <dporter@proofpoint.com>
---
 CHANGELOG.md           |  1 +
 templates/_helpers.tpl | 26 +++++++++++++-------------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 459676bc..491227c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 * Stop generating the checksum labels for Auth Secret (#392) when existing secret provided or disabled (by @bmarick)
 * Use `image.pullPolicy` for all containers including init containers that use `image.utilityImage`. (#397) (by @jk464)
 * Use `rsync` to copy pack contents when available, falling back to `cp`. (#414) (by @cognifloyd)
+* Support non-root container environments when copying pack contents (#414) (by @Stealthii)
 
 ## v1.0.0
 * Bump to latest CircleCI orb versions (kubernetes@1.3.1 and helm@3.0.0 by @ZoeLeah)
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index ef8b4dd9..96a9d28c 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -344,12 +344,12 @@ Merge packs and virtualenvs from st2 with those from st2packs images
     - 'sh'
     - '-ec'
     - >
-      if command rsync; then
-        rsync -a /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-        rsync -a /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
+      if hash rsync 2>/dev/null; then
+        rsync -rlptD /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        rsync -rlptD /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
       else
-        /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-        /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
+        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
       fi
   {{- with .securityContext | default $.Values.st2actionrunner.securityContext | default $.Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}
@@ -371,12 +371,12 @@ Merge packs and virtualenvs from st2 with those from st2packs images
     - 'sh'
     - '-ec'
     - >
-      if command rsync; then
-        rsync -a /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-        rsync -a /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
+      if hash rsync 2>/dev/null; then
+        rsync -rlptD /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        rsync -rlptD /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
       else
-        /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-        /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared
+        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared
       fi
   {{- with .Values.st2actionrunner.securityContext | default .Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}
@@ -397,10 +397,10 @@ Merge packs and virtualenvs from st2 with those from st2packs images
     - 'sh'
     - '-ec'
     - >
-      if command rsync; then
-        rsync -a /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
+      if hash rsync 2>/dev/null; then
+        rsync -rlptD /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
       else
-        /bin/cp -aR /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
+        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
       fi
   {{- with .Values.st2actionrunner.securityContext | default .Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}

From c0774d6614d9b4d75cdbb1e3c7b6c10a9543d963 Mon Sep 17 00:00:00 2001
From: Jacob Floyd <cognifloyd@gmail.com>
Date: Thu, 9 May 2024 16:45:42 -0500
Subject: [PATCH 3/3] More rsync/cp cleanups

---
 templates/_helpers.tpl | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 96a9d28c..a5b7df80 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -344,12 +344,12 @@ Merge packs and virtualenvs from st2 with those from st2packs images
     - 'sh'
     - '-ec'
     - >
-      if hash rsync 2>/dev/null; then
+      if command rsync; then
         rsync -rlptD /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
         rsync -rlptD /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
       else
-        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
+        cp -RP --preserve=mode,timestamps,links,xattr /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        cp -RP --preserve=mode,timestamps,links,xattr /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
       fi
   {{- with .securityContext | default $.Values.st2actionrunner.securityContext | default $.Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}
@@ -371,12 +371,12 @@ Merge packs and virtualenvs from st2 with those from st2packs images
     - 'sh'
     - '-ec'
     - >
-      if hash rsync 2>/dev/null; then
+      if command rsync; then
         rsync -rlptD /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
         rsync -rlptD /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared;
       else
-        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
-        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared
+        cp -RP --preserve=mode,timestamps,links,xattr /opt/stackstorm/packs/. /opt/stackstorm/packs-shared &&
+        cp -RP --preserve=mode,timestamps,links,xattr /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared
       fi
   {{- with .Values.st2actionrunner.securityContext | default .Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}
@@ -397,10 +397,10 @@ Merge packs and virtualenvs from st2 with those from st2packs images
     - 'sh'
     - '-ec'
     - >
-      if hash rsync 2>/dev/null; then
+      if command rsync; then
         rsync -rlptD /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
       else
-        cp -P --preserve=mode,timestamps,links,xattr /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
+        cp -RP --preserve=mode,timestamps,links,xattr /opt/stackstorm/configs/. /opt/stackstorm/configs-shared;
       fi
   {{- with .Values.st2actionrunner.securityContext | default .Values.securityContext }}
   {{/* st2actionrunner is likely the most permissive so use that if defined. */}}