From 4f202659c3de1968450131756e9f6cf6456c2d74 Mon Sep 17 00:00:00 2001 From: "razvan.agape" Date: Mon, 15 Apr 2024 17:51:18 +0300 Subject: [PATCH 1/2] Add new flag to enable interactive mode Bind stdin during interactive mode --- main.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 5f961b5..8641e9f 100644 --- a/main.go +++ b/main.go @@ -58,6 +58,11 @@ func main() { Name: "google-project", Usage: "the google cloud project for secrets without a project prefix", }, + &cli.BoolFlag{ + Name: "interactive", + Aliases: []string{"i"}, + Usage: "use this flag if the command expects some input from the stdin", + }, }, Commands: []*cli.Command{ { @@ -149,7 +154,7 @@ func mainCmd(c *cli.Context) error { // Launch main command var childPid int - childPid, err = run(ctx, provider, c.Bool("exit-early"), c.Args().Slice()) + childPid, err = run(ctx, provider, c.Bool("exit-early"), c.Bool("interactive"), c.Args().Slice()) if err != nil { log.WithError(err).Error("failed to run") os.Exit(1) @@ -188,7 +193,7 @@ func removeZombies(childPid int) { } // run passed command -func run(ctx context.Context, provider secrets.Provider, exitEarly bool, commandSlice []string) (childPid int, err error) { +func run(ctx context.Context, provider secrets.Provider, exitEarly, interactive bool, commandSlice []string) (childPid int, err error) { var commandStr string var argsSlice []string @@ -212,8 +217,13 @@ func run(ctx context.Context, provider secrets.Provider, exitEarly bool, command cmd := exec.Command(commandStr, argsSlice...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr - // create a dedicated pidgroup used to forward signals to the main process and its children - cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} + // rebind stdin if -i flag is set + if interactive { + cmd.Stdin = os.Stdin + } else { + // create a dedicated pidgroup used to forward signals to the main process and its children + cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} + } // set environment variables if provider != nil { From e858599c5aa907aac57662196fc3b52d8a8d5089 Mon Sep 17 00:00:00 2001 From: "razvan.agape" Date: Fri, 26 Apr 2024 17:32:38 +0300 Subject: [PATCH 2/2] Set child process as 'foreground' in interactive mode to correctly bind stdin Configure user in Dockerfile --- Dockerfile | 3 +++ main.go | 9 ++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e4499d9..d461b64 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,5 +26,8 @@ FROM busybox:1.36 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ # copy the binary to the production image from the builder stage. COPY --from=builder /go/src/app/.bin/secrets-init /secrets-init +RUN adduser -D -u 1000 secrets-init +USER 1000 + ENTRYPOINT ["/secrets-init"] CMD ["--version"] diff --git a/main.go b/main.go index 8641e9f..22ad944 100644 --- a/main.go +++ b/main.go @@ -217,13 +217,16 @@ func run(ctx context.Context, provider secrets.Provider, exitEarly, interactive cmd := exec.Command(commandStr, argsSlice...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr + // create a dedicated pidgroup used to forward signals to the main process and its children + procAttrs := &syscall.SysProcAttr{Setpgid: true} // rebind stdin if -i flag is set if interactive { cmd.Stdin = os.Stdin - } else { - // create a dedicated pidgroup used to forward signals to the main process and its children - cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} + // setting 'Foreground' to true will bind current TTY to the child process + procAttrs = &syscall.SysProcAttr{Setpgid: true, Foreground: true} } + // set child process attributes + cmd.SysProcAttr = procAttrs // set environment variables if provider != nil {