fix(worker): cmd key install with absolute file (#4911)

engine/worker/internal/action/builtin_artifact_download_test.go

@@ -16,7 +16,7 @@ import (
 func TestRunArtifactDownload(t *testing.T) {
 	defer gock.Off()
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	as := []sdk.WorkflowNodeRunArtifact{
 		sdk.WorkflowNodeRunArtifact{
@@ -85,7 +85,7 @@ func TestRunArtifactDownload(t *testing.T) {
 func TestRunArtifactDownloadOutsideWorkspace(t *testing.T) {
 	defer gock.Off()
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	fileName := sdk.RandomString(10)
 

engine/worker/internal/action/builtin_artifact_upload_test.go

@@ -18,7 +18,7 @@ import (
 )
 
 func TestRunArtifactUpload_Absolute(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	wk.Params = []sdk.Parameter{
 		{Name: "cds.project", Value: "project"},
 	}
@@ -87,7 +87,7 @@ func TestRunArtifactUpload_Absolute(t *testing.T) {
 }
 
 func TestRunArtifactUpload_Relative(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	wk.Params = []sdk.Parameter{
 		{Name: "cds.project", Value: "project"},
 	}

engine/worker/internal/action/builtin_checkout_application_test.go

@@ -10,7 +10,7 @@ import (
 )
 
 func TestRunCheckoutApplication(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	wk.Params = append(wk.Params, []sdk.Parameter{
 		{
 			Name:  "git.connection.type",

engine/worker/internal/action/builtin_coverage_test.go

@@ -21,7 +21,7 @@ import (
 )
 
 func TestRunCoverageWrongFormat(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	res, err := RunParseCoverageResultAction(ctx, wk,
 		sdk.Action{
 			Parameters: []sdk.Parameter{
@@ -47,7 +47,7 @@ func TestRunCoverageWrongFormat(t *testing.T) {
 func TestRunCoverage_Absolute(t *testing.T) {
 	defer gock.Off()
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	assert.NoError(t, ioutil.WriteFile("results.xml", []byte(cobertura_result), os.ModePerm))
 
 	fi, err := os.Open("results.xml")
@@ -105,7 +105,7 @@ func TestRunCoverage_Absolute(t *testing.T) {
 func TestRunCoverage_Relative(t *testing.T) {
 	defer gock.Off()
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	fname := filepath.Join(wk.workingDirectory.Name(), "results.xml")
 	require.NoError(t, afero.WriteFile(wk.BaseDir(), fname, []byte(cobertura_result), os.ModePerm))
 
@@ -159,7 +159,7 @@ func TestRunCoverage_Relative(t *testing.T) {
 func TestRunCoverageMinimumFail(t *testing.T) {
 	defer gock.Off()
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	assert.NoError(t, ioutil.WriteFile("results.xml", []byte(cobertura_result), os.ModePerm))
 
 	fi, err := os.Open("results.xml")

engine/worker/internal/action/builtin_gitclone.go

@@ -47,7 +47,7 @@ func RunGitClone(ctx context.Context, wk workerruntime.Runtime, a sdk.Action, se
 			Name:  privateKeyContent.Name,
 			Value: privateKeyContent.Value,
 			Type:  sdk.KeyTypeSSH,
-		}, "")
+		})
 		if err != nil {
 			return sdk.Result{}, err
 		}

engine/worker/internal/action/builtin_gitclone_test.go

@@ -10,7 +10,7 @@ import (
 )
 
 func TestRunGitCloneInSSHWithoutVCSStrategyShouldRaiseError(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	res, err := RunGitClone(ctx, wk,
 		sdk.Action{}, nil)
@@ -19,7 +19,7 @@ func TestRunGitCloneInSSHWithoutVCSStrategyShouldRaiseError(t *testing.T) {
 }
 
 func TestRunGitCloneInSSHWithoutKeyShouldRaiseError(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	res, err := RunGitClone(ctx, wk,
 		sdk.Action{
@@ -39,7 +39,7 @@ func TestRunGitCloneInSSHWithoutKeyShouldRaiseError(t *testing.T) {
 }
 
 func TestRunGitCloneInSSHWithPrivateKey(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	res, err := RunGitClone(ctx, wk,
 		sdk.Action{
@@ -67,7 +67,7 @@ func TestRunGitCloneInSSHWithPrivateKey(t *testing.T) {
 }
 
 func TestRunGitCloneInSSHWithTheWrongPrivateKeyShouldFail(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	res, err := RunGitClone(ctx, wk,
 		sdk.Action{
@@ -92,7 +92,7 @@ func TestRunGitCloneInSSHWithTheWrongPrivateKeyShouldFail(t *testing.T) {
 }
 
 func TestRunGitCloneInSSHWithPrivateKeyWithTargetDirectory(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	res, err := RunGitClone(ctx, wk,
 		sdk.Action{
@@ -124,7 +124,7 @@ func TestRunGitCloneInSSHWithPrivateKeyWithTargetDirectory(t *testing.T) {
 }
 
 func TestRunGitCloneInSSHWithPrivateKeyAndExtractInfo(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	wk.Params = append(wk.Params, []sdk.Parameter{
 		{
 			Name:  "git.url",
@@ -165,7 +165,7 @@ func TestRunGitCloneInSSHWithPrivateKeyAndExtractInfo(t *testing.T) {
 }
 
 func TestRunGitCloneInSSHWithApplicationVCSStrategy(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	wk.Params = append(wk.Params, []sdk.Parameter{
 		{
 			Name:  "git.connection.type",
@@ -207,7 +207,7 @@ func TestRunGitCloneInSSHWithApplicationVCSStrategy(t *testing.T) {
 
 func TestRunGitCloneInHTTPSWithoutAuth(t *testing.T) {
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 
 	res, err := RunGitClone(ctx, wk,
 		sdk.Action{
@@ -257,7 +257,7 @@ func TestRunGitCloneInHTTPSWithoutAuth(t *testing.T) {
 }
 
 func TestRunGitCloneWithSecret(t *testing.T) {
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	res, err := RunGitClone(ctx, wk,
 		sdk.Action{
 			Parameters: []sdk.Parameter{

engine/worker/internal/action/builtin_junit_test.go

@@ -42,7 +42,7 @@ func TestRunParseJunitTestResultAction_Absolute(t *testing.T) {
 
 	defer gock.Off()
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	assert.NoError(t, ioutil.WriteFile("results.xml", []byte(fileContent), os.ModePerm))
 
 	fi, err := os.Open("results.xml")
@@ -111,7 +111,7 @@ func TestRunParseJunitTestResultAction_Relative(t *testing.T) {
 
 	defer gock.Off()
 
-	wk, ctx := setupTest(t)
+	wk, ctx := SetupTest(t)
 	fname := filepath.Join(wk.workingDirectory.Name(), "results.xml")
 	require.NoError(t, afero.WriteFile(wk.BaseDir(), fname, []byte(fileContent), os.ModePerm))
 

engine/worker/internal/action/builtin_key_install.go

@@ -4,8 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"runtime"
-	"strings"
+	"path/filepath"
 
 	"github.com/spf13/afero"
 
@@ -17,10 +16,15 @@ import (
 func RunInstallKey(ctx context.Context, wk workerruntime.Runtime, a sdk.Action, secrets []sdk.Variable) (sdk.Result, error) {
 	var res sdk.Result
 	keyName := sdk.ParameterFind(a.Parameters, "key")
-	if keyName.Value == "" {
+	if keyName == nil || keyName.Value == "" {
 		return res, fmt.Errorf("Error: cannot have empty name for key parameter")
 	}
 
+	filename := sdk.ParameterFind(a.Parameters, "file")
+	if filename == nil || filename.Value == "" {
+		return res, fmt.Errorf("Error: cannot have empty name for file parameter")
+	}
+
 	if secrets == nil {
 		return res, fmt.Errorf("Cannot find any keys for your job")
 	}
@@ -37,17 +41,29 @@ func RunInstallKey(ctx context.Context, wk workerruntime.Runtime, a sdk.Action,
 		return res, fmt.Errorf("Key %s not found", keyName.Value)
 	}
 
-	var filename string
-	basePath, isBasePathFS := wk.BaseDir().(*afero.BasePathFs)
-	if isBasePathFS {
-		realPath, _ := basePath.RealPath("/")
-		filename = strings.TrimPrefix(filename, realPath)
-		if runtime.GOOS == "darwin" {
-			filename = strings.TrimPrefix(filename, "/private"+realPath)
-		}
+	workdir, err := workerruntime.WorkingDirectory(ctx)
+	if err != nil {
+		return res, err
+	}
+
+	var fpath string
+	var abs string
+	if x, ok := wk.BaseDir().(*afero.BasePathFs); ok {
+		abs, _ = x.RealPath(workdir.Name())
+		abs, _ = filepath.Abs(abs)
+	} else {
+		abs = workdir.Name()
+	}
+
+	log.Debug("worker.RunInstallKeyW> absolute path is %s", abs)
+
+	if !sdk.PathIsAbs(filename.Value) {
+		fpath = filepath.Join(abs, filename.Value)
+	} else {
+		fpath = filename.Value
 	}
 
-	response, err := wk.InstallKey(*key, filename)
+	response, err := wk.InstallKeyTo(*key, fpath)
 	if err != nil {
 		log.Error(ctx, "Unable to install key %s: %v", key.Name, err)
 		if sdkerr, ok := err.(*sdk.Error); ok {

engine/worker/internal/action/builtin_key_install_test.go

@@ -1,21 +1,110 @@
-package action
+package action_test
 
 import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
 	"testing"
+	"time"
 
+	"github.com/ovh/cds/engine/api/test"
+	"github.com/ovh/cds/engine/worker/internal"
+	"github.com/ovh/cds/engine/worker/internal/action"
+	"github.com/ovh/cds/engine/worker/pkg/workerruntime"
 	"github.com/ovh/cds/sdk"
+	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
-func TestRunInstallKeyAction(t *testing.T) {
-	wk, ctx := setupTest(t)
+func TestRunInstallKeyAction_Relative(t *testing.T) {
+	// Init a real worker, not the mocking one
+	var w = new(internal.CurrentWorker)
+	fs := afero.NewOsFs()
+	basedir := "test-" + test.GetTestName(t) + "-" + sdk.RandomString(10) + "-" + fmt.Sprintf("%d", time.Now().Unix())
+	require.NoError(t, fs.MkdirAll(basedir, os.FileMode(0755)))
+
+	if err := w.Init("test-worker", "test-hatchery", "http://lolcat.host", "xxx-my-token", "", true, afero.NewBasePathFs(fs, basedir)); err != nil {
+		t.Fatalf("worker init failed: %v", err)
+	}
+	require.NoError(t, w.BaseDir().Mkdir("keys", os.FileMode(0700)))
+	keyDir, err := w.BaseDir().Open("keys")
+	require.NoError(t, err)
+	w.SetContext(context.Background())
+	ctx := workerruntime.SetKeysDirectory(w.GetContext(), keyDir)
+
+	require.NoError(t, w.BaseDir().Mkdir("workingdir", os.FileMode(0700)))
+	workingdir, err := w.BaseDir().Open("workingdir")
+	require.NoError(t, err)
+	w.SetContext(workerruntime.SetWorkingDirectory(ctx, workingdir))
+	// End worker init
 
 	keyInstallAction := sdk.Action{
 		Parameters: []sdk.Parameter{
 			{
 				Name:  "key",
 				Type:  sdk.KeyParameter,
 				Value: "proj-mykey",
+			}, {
+				Name:  "file",
+				Type:  sdk.KeyParameter,
+				Value: "my-key",
+			},
+		},
+	}
+	secrets := []sdk.Variable{
+		sdk.Variable{
+			ID:    1,
+			Name:  "cds.key.proj-mykey.priv",
+			Value: "test",
+			Type:  sdk.KeyTypeSSH,
+		},
+	}
+	res, err := action.RunInstallKey(w.GetContext(), w, keyInstallAction, secrets)
+	assert.NoError(t, err)
+	assert.Equal(t, sdk.StatusSuccess, res.Status)
+
+	wkd, err := workerruntime.WorkingDirectory(w.GetContext())
+	require.NoError(t, err)
+
+	absBasedir, _ := filepath.Abs(basedir)
+	assert.FileExists(t, filepath.Join(absBasedir, wkd.Name(), "my-key"))
+
+}
+
+func TestRunInstallKeyAction_Absolute(t *testing.T) {
+	// Init a real worker, not the mocking one
+	var w = new(internal.CurrentWorker)
+	fs := afero.NewOsFs()
+	basedir := "test-" + test.GetTestName(t) + "-" + sdk.RandomString(10) + "-" + fmt.Sprintf("%d", time.Now().Unix())
+	require.NoError(t, fs.MkdirAll(basedir, os.FileMode(0755)))
+
+	if err := w.Init("test-worker", "test-hatchery", "http://lolcat.host", "xxx-my-token", "", true, afero.NewBasePathFs(fs, basedir)); err != nil {
+		t.Fatalf("worker init failed: %v", err)
+	}
+	require.NoError(t, w.BaseDir().Mkdir("keys", os.FileMode(0700)))
+	keyDir, err := w.BaseDir().Open("keys")
+	require.NoError(t, err)
+	w.SetContext(context.Background())
+	ctx := workerruntime.SetKeysDirectory(w.GetContext(), keyDir)
+
+	require.NoError(t, w.BaseDir().Mkdir("workingdir", os.FileMode(0700)))
+	workingdir, err := w.BaseDir().Open("workingdir")
+	require.NoError(t, err)
+	w.SetContext(workerruntime.SetWorkingDirectory(ctx, workingdir))
+	// End worker init
+
+	keyInstallAction := sdk.Action{
+		Parameters: []sdk.Parameter{
+			{
+				Name:  "key",
+				Type:  sdk.KeyParameter,
+				Value: "proj-mykey",
+			}, {
+				Name:  "file",
+				Type:  sdk.KeyParameter,
+				Value: "/tmp/my-key",
 			},
 		},
 	}
@@ -27,7 +116,9 @@ func TestRunInstallKeyAction(t *testing.T) {
 			Type:  sdk.KeyTypeSSH,
 		},
 	}
-	res, err := RunInstallKey(ctx, wk, keyInstallAction, secrets)
+	res, err := action.RunInstallKey(w.GetContext(), w, keyInstallAction, secrets)
 	assert.NoError(t, err)
 	assert.Equal(t, sdk.StatusSuccess, res.Status)
+	assert.FileExists(t, "/tmp/my-key")
+	os.RemoveAll("/tmp/my-key")
 }