Do not overwrite AWS config when sync fails (#569)

* Do not overwrite AWS config when sync fails Fix issue #386 * Add WriteOnSyncFailure option to repo sync
common-fate · Dec 14, 2023 · dfa6ad4 · dfa6ad4
1 parent 81dac1f
commit dfa6ad4
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 9 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -71,6 +71,7 @@ type Registry struct {
 	Priority                *int    `toml:"priority, omitempty"`
 	PrefixDuplicateProfiles bool    `toml:"prefixDuplicateProfiles,omitempty"`
 	PrefixAllProfiles       bool    `toml:"prefixAllProfiles,omitempty"`
+	WriteOnSyncFailure      bool    `toml:"writeOnSyncFailure,omitempty"`
 }
 
 // NewDefaultConfig returns a config with OS specific defaults populated

diff --git a/pkg/granted/registry/add.go b/pkg/granted/registry/add.go
@@ -29,6 +29,7 @@ var AddCommand = cli.Command{
 		&cli.StringFlag{Name: "ref", Hidden: true},
 		&cli.BoolFlag{Name: "prefix-all-profiles", Aliases: []string{"pap"}, Usage: "provide this flag if you want to append registry name to all profiles"},
 		&cli.BoolFlag{Name: "prefix-duplicate-profiles", Aliases: []string{"pdp"}, Usage: "provide this flag if you want to append registry name to duplicate profiles"},
+		&cli.BoolFlag{Name: "write-on-sync-failure", Aliases: []string{"wosf"}, Usage: "always overwrite AWS config, even if sync fails"},
 		&cli.StringSliceFlag{Name: "required-key", Aliases: []string{"r", "requiredKey"}, Usage: "used to bypass the prompt or override user specific values"}},
 	ArgsUsage: "--name <registry_name> --url <repository_url>",
 	Action: func(c *cli.Context) error {
@@ -44,6 +45,7 @@ var AddCommand = cli.Command{
 		ref := c.String("ref")
 		prefixAllProfiles := c.Bool("prefix-all-profiles")
 		prefixDuplicateProfiles := c.Bool("prefix-duplicate-profiles")
+		writeOnSyncFailure := c.Bool("write-on-sync-failure")
 		requiredKey := c.StringSlice("required-key")
 		priority := c.Int("priority")
 
@@ -64,6 +66,7 @@ var AddCommand = cli.Command{
 			priority:                priority,
 			prefixAllProfiles:       prefixAllProfiles,
 			prefixDuplicateProfiles: prefixDuplicateProfiles,
+			writeOnSyncFailure:      writeOnSyncFailure,
 		})
 
 		repoDirPath, err := getRegistryLocation(registry.Config)

diff --git a/pkg/granted/registry/ini.go b/pkg/granted/registry/ini.go
@@ -26,16 +26,24 @@ func loadAWSConfigFile() (*ini.File, string, error) {
 		return nil, "", err
 	}
 
+	awsConfig, err := loadAWSConfigFileFromPath(filepath)
+	if err != nil {
+		return nil, "", err
+	}
+	return awsConfig, filepath, nil
+}
+
+func loadAWSConfigFileFromPath(filepath string) (*ini.File, error) {
 	awsConfig, err := ini.LoadSources(ini.LoadOptions{
 		SkipUnrecognizableLines: true,
 		AllowNonUniqueSections:  true,
 		AllowNestedValues:       true,
 	}, filepath)
 	if err != nil {
-		return nil, "", err
+		return nil, err
 	}
 
-	return awsConfig, filepath, nil
+	return awsConfig, nil
 }
 
 // load all cloned configs of a single repo into one ini object.

diff --git a/pkg/granted/registry/registry.go b/pkg/granted/registry/registry.go
@@ -70,6 +70,7 @@ type registryOptions struct {
 	priority                int
 	prefixAllProfiles       bool
 	prefixDuplicateProfiles bool
+	writeOnSyncFailure      bool
 }
 
 func NewProfileRegistry(rOpts registryOptions) Registry {
@@ -79,6 +80,7 @@ func NewProfileRegistry(rOpts registryOptions) Registry {
 			URL:                     rOpts.url,
 			PrefixAllProfiles:       rOpts.prefixAllProfiles,
 			PrefixDuplicateProfiles: rOpts.prefixDuplicateProfiles,
+			WriteOnSyncFailure:      rOpts.writeOnSyncFailure,
 		},
 	}
 

diff --git a/pkg/granted/registry/sync.go b/pkg/granted/registry/sync.go
@@ -2,14 +2,20 @@ package registry
 
 import (
 	"fmt"
+	"io"
 	"os"
+	"path"
 
 	"github.com/common-fate/clio"
 	grantedConfig "github.com/common-fate/granted/pkg/config"
 	"github.com/urfave/cli/v2"
 	"gopkg.in/ini.v1"
 )
 
+const (
+	SyncTempDirPrefix = "granted-registry-sync"
+)
+
 var SyncCommand = cli.Command{
 	Name:        "sync",
 	Usage:       "Pull the latest change from remote origin and sync aws profiles in aws config files",
@@ -43,13 +49,32 @@ func SyncProfileRegistries(shouldSilentLog bool, promptUserIfProfileDuplication
 		clio.Warn("granted registry not configured. Try adding a git repository with 'granted registry add <https://github.com/your-org/your-registry.git>'")
 	}
 
-	configFile, awsConfigPath, err := loadAWSConfigFile()
+	awsConfigPath, err := getDefaultAWSConfigLocation()
+	if err != nil {
+		return err
+	}
+
+	tmpDir, err := os.MkdirTemp("", SyncTempDirPrefix)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+	if err := os.Chmod(tmpDir, 0755); err != nil {
+		return err
+	}
+
+	tmpConfigPath := path.Join(tmpDir, "aws-config")
+	if err := copyFile(awsConfigPath, tmpConfigPath); err != nil {
+		return fmt.Errorf("failed to copy aws config to tempfile for update")
+	}
+
+	configFile, err := loadAWSConfigFileFromPath(tmpConfigPath)
 	if err != nil {
 		return err
 	}
 
 	// if the config file contains granted generated content then remove it
-	if err := removeAutogeneratedProfiles(configFile, awsConfigPath); err != nil {
+	if err := removeAutogeneratedProfiles(configFile, tmpConfigPath); err != nil {
 		return err
 	}
 
@@ -59,7 +84,7 @@ func SyncProfileRegistries(shouldSilentLog bool, promptUserIfProfileDuplication
 			isFirstSection = true
 		}
 
-		err = runSync(&r, configFile, awsConfigPath, syncOpts{
+		err = runSync(&r, configFile, tmpConfigPath, syncOpts{
 			isFirstSection:                 isFirstSection,
 			shouldSilentLog:                shouldSilentLog,
 			promptUserIfProfileDuplication: promptUserIfProfileDuplication,
@@ -69,16 +94,23 @@ func SyncProfileRegistries(shouldSilentLog bool, promptUserIfProfileDuplication
 		if err != nil {
 			se, ok := err.(*SyncError)
 			if ok {
-				clio.Warnf("Sync failed for registry %s", r.Config.Name)
-				clio.Debug(se.Error())
+				clio.Errorf("Sync failed for registry %s: %s", r.Config.Name, se.Error())
 
-				// skip syncing for this registry but continue syncing for other registries.
-				continue
+				if r.Config.WriteOnSyncFailure {
+					clio.Warnf("%s is configured to write on sync failure; continuing.", r.Config.Name)
+					continue
+				}
 			}
 			return err
 		}
 	}
 
+	// Run only if all syncs have succeeded
+	clio.Debugf("sync successful; moving %s to %s", tmpConfigPath, awsConfigPath)
+	if err := os.Rename(tmpConfigPath, awsConfigPath); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -175,3 +207,19 @@ type SyncError struct {
 func (m *SyncError) Error() string {
 	return fmt.Sprintf("Failed to sync for registry %s with error: %s", m.RegistryName, m.Err.Error())
 }
+
+func copyFile(from, to string) error {
+	copyFrom, err := os.Open(from)
+	if err != nil {
+		return err
+	}
+	defer copyFrom.Close()
+	copyTo, err := os.Create(to)
+	if err != nil {
+		return err
+	}
+	defer copyTo.Close()
+
+	_, err = io.Copy(copyFrom, copyTo)
+	return err
+}