Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pulumi cli available only for root #80

Closed
p2004a opened this issue Nov 25, 2022 · 5 comments
Closed

pulumi cli available only for root #80

p2004a opened this issue Nov 25, 2022 · 5 comments

Comments

@p2004a
Copy link

p2004a commented Nov 25, 2022
edited
Loading

Using a very basic config:

{
    "name": "devcontainer",
    "image": "mcr.microsoft.com/devcontainers/base:bullseye",
    "features": {
        "ghcr.io/devcontainers-contrib/features/pulumi:1": {}
    }
}

pulumi cli will be only available for the root user, not the default UID=1000 user that is logged in by default.
@jcbhmr
Copy link
Contributor

jcbhmr commented Nov 25, 2022

This seems related too #74 which also has a similar root/non-root issue.

The solution seems to be to run the actuall installation part of the script as the $_REMOTE_USER user

Docs about $_REMOTE_USER: https://github.com/devcontainers/spec/blob/main/proposals/features-user-env-variables.md

sudo -iu "$_REMOTE_USER" <<EOF
  # User-specific shell instructions here
  curl ... | sh
  cat ~/.bashrc
EOF

Pulumi download/install instructions (click the "Linux" tab): https://www.pulumi.com/docs/get-started/install/

Looks like it's:

curl -fsSL https://get.pulumi.com | sh

So, the script can be changed from:

if [ "${VERSION}" == "latest" ]; then
  curl -fsSL https://get.pulumi.com | $SHELL
else
  curl -fsSL https://get.pulumi.com | $SHELL -s -- --version $VERSION
fi

To

sudo -iu "$_REMOTE_USER" <<EOF
  curl -fsSL https://get.pulumi.com | /bin/sh -s -- --version $VERSION
EOF

And that MIGHT fix it?

TODO for @jcbhmr: Start a PR to address this issue

@danielbraun89 danielbraun89 mentioned this issue Nov 26, 2022
Merged
@danielbraun89
Copy link
Member

Im little torn between using _REMOTE_USER and using a manual script to determine username as beeing used in many official features such as here https://github.com/devcontainers/features/blob/17580ee22f38b3a16e6531a8139629fd2fd8234a/src/common-utils/install.sh#L35

On one hand the _REMOTE_USER is official and guaranteed to work on codespaces, on the other hand the manual method will keep the script more agnostic and decoupled from codespaces/devcontainers in particular (can be used as docker container layer with RUN commands as the old devcontainer library scripts were (https://github.com/microsoft/vscode-dev-containers/tree/main/script-library#arguments)

@jcbhmr
Copy link
Contributor

jcbhmr commented Nov 26, 2022

@danielbraun89 I think that is a valid concern, but I also think that the $_REMOTE_USER thing is where even the official container features are headed. There are some issues and PRs open right now that aim to replace some of that code with $_REMOTE_USER.

Since there is such strong use even in the official ones, and it seems to be a proposal that is going to be merged, I think it's OK. But that's my opinion based on the current state. Who knows? Maybe we shouldn't use it.

@danielbraun89
Copy link
Member

closed as fixed by #86

@p2004a
Copy link
Author

p2004a commented Nov 28, 2022

Thank you for super fast resolution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@p2004a @danielbraun89 @jcbhmr