cc-backend/internal/runtimeEnv/setup.go

// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg.
// All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package runtimeEnv

import (
	"bufio"
	"errors"
	"fmt"
	"os"
	"os/exec"
	"os/user"
	"strconv"
	"strings"
	"syscall"

	"github.com/ClusterCockpit/cc-backend/pkg/log"
)

// Very simple and limited .env file reader.
// All variable definitions found are directly
// added to the processes environment.
func LoadEnv(file string) error {
	f, err := os.Open(file)
	if err != nil {
		log.Error("Error while opening file")
		return err
	}

	defer f.Close()
	s := bufio.NewScanner(bufio.NewReader(f))
	for s.Scan() {
		line := s.Text()
		if strings.HasPrefix(line, "#") || len(line) == 0 {
			continue
		}

		if strings.Contains(line, "#") {
			return errors.New("'#' are only supported at the start of a line")
		}

		line = strings.TrimPrefix(line, "export ")
		parts := strings.SplitN(line, "=", 2)
		if len(parts) != 2 {
			return fmt.Errorf("RUNTIME/SETUP > unsupported line: %#v", line)
		}

		key := strings.TrimSpace(parts[0])
		val := strings.TrimSpace(parts[1])
		if strings.HasPrefix(val, "\"") {
			if !strings.HasSuffix(val, "\"") {
				return fmt.Errorf("RUNTIME/SETUP > unsupported line: %#v", line)
			}

			runes := []rune(val[1 : len(val)-1])
			sb := strings.Builder{}
			for i := 0; i < len(runes); i++ {
				if runes[i] == '\\' {
					i++
					switch runes[i] {
					case 'n':
						sb.WriteRune('\n')
					case 'r':
						sb.WriteRune('\r')
					case 't':
						sb.WriteRune('\t')
					case '"':
						sb.WriteRune('"')
					default:
						return fmt.Errorf("RUNTIME/SETUP > unsupported escape sequence in quoted string: backslash %#v", runes[i])
					}
					continue
				}
				sb.WriteRune(runes[i])
			}

			val = sb.String()
		}

		os.Setenv(key, val)
	}

	return s.Err()
}

// Changes the processes user and group to that
// specified in the config.json. The go runtime
// takes care of all threads (and not only the calling one)
// executing the underlying systemcall.
func DropPrivileges(username string, group string) error {
	if group != "" {
		g, err := user.LookupGroup(group)
		if err != nil {
			log.Warn("Error while looking up group")
			return err
		}

		gid, _ := strconv.Atoi(g.Gid)
		if err := syscall.Setgid(gid); err != nil {
			log.Warn("Error while setting gid")
			return err
		}
	}

	if username != "" {
		u, err := user.Lookup(username)
		if err != nil {
			log.Warn("Error while looking up user")
			return err
		}

		uid, _ := strconv.Atoi(u.Uid)
		if err := syscall.Setuid(uid); err != nil {
			log.Warn("Error while setting uid")
			return err
		}
	}

	return nil
}

// If started via systemd, inform systemd that we are running:
// https://www.freedesktop.org/software/systemd/man/sd_notify.html
func SystemdNotifiy(ready bool, status string) {
	if os.Getenv("NOTIFY_SOCKET") == "" {
		// Not started using systemd
		return
	}

	args := []string{fmt.Sprintf("--pid=%d", os.Getpid())}
	if ready {
		args = append(args, "--ready")
	}

	if status != "" {
		args = append(args, fmt.Sprintf("--status=%s", status))
	}

	cmd := exec.Command("systemd-notify", args...)
	cmd.Run() // errors ignored on purpose, there is not much to do anyways.
}
Add copyright and license header. Update license year 2022-07-29 06:29:21 +02:00			`// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg.`
			`// All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`
Refactor directory structure 2022-06-21 17:52:36 +02:00			`package runtimeEnv`
Cleanup and restructure 2022-02-03 11:35:42 +01:00
			`import (`
			`"bufio"`
			`"errors"`
			`"fmt"`
			`"os"`
			`"os/exec"`
			`"os/user"`
			`"strconv"`
			`"strings"`
			`"syscall"`
Add log messages to error events w/o log message, primaryly error level - "log spam" to be controlled via loglevel flag on startup 2023-01-31 18:28:44 +01:00
			`"github.com/ClusterCockpit/cc-backend/pkg/log"`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`)`

cleanup and comments 2022-03-15 08:29:29 +01:00			`// Very simple and limited .env file reader.`
			`// All variable definitions found are directly`
			`// added to the processes environment.`
Refactor directory structure 2022-06-21 17:52:36 +02:00			`func LoadEnv(file string) error {`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`f, err := os.Open(file)`
			`if err != nil {`
Add log messages to error events w/o log message, primaryly error level - "log spam" to be controlled via loglevel flag on startup 2023-01-31 18:28:44 +01:00			`log.Error("Error while opening file")`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`return err`
			`}`

			`defer f.Close()`
			`s := bufio.NewScanner(bufio.NewReader(f))`
			`for s.Scan() {`
			`line := s.Text()`
			`if strings.HasPrefix(line, "#") \|\| len(line) == 0 {`
			`continue`
			`}`

			`if strings.Contains(line, "#") {`
			`return errors.New("'#' are only supported at the start of a line")`
			`}`

			`line = strings.TrimPrefix(line, "export ")`
			`parts := strings.SplitN(line, "=", 2)`
			`if len(parts) != 2 {`
add more information to existing errors logs and panics - '$ROOT/$FILE' for better localization in the code - add text where none was given - fix unnecessary sprintf nesting in influxv2 and prometheus metricrepo logging 2023-01-19 16:59:14 +01:00			`return fmt.Errorf("RUNTIME/SETUP > unsupported line: %#v", line)`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`}`

			`key := strings.TrimSpace(parts[0])`
			`val := strings.TrimSpace(parts[1])`
			`if strings.HasPrefix(val, "\"") {`
			`if !strings.HasSuffix(val, "\"") {`
add more information to existing errors logs and panics - '$ROOT/$FILE' for better localization in the code - add text where none was given - fix unnecessary sprintf nesting in influxv2 and prometheus metricrepo logging 2023-01-19 16:59:14 +01:00			`return fmt.Errorf("RUNTIME/SETUP > unsupported line: %#v", line)`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`}`

			`runes := []rune(val[1 : len(val)-1])`
			`sb := strings.Builder{}`
			`for i := 0; i < len(runes); i++ {`
			`if runes[i] == '\\' {`
			`i++`
			`switch runes[i] {`
			`case 'n':`
			`sb.WriteRune('\n')`
			`case 'r':`
			`sb.WriteRune('\r')`
			`case 't':`
			`sb.WriteRune('\t')`
			`case '"':`
			`sb.WriteRune('"')`
			`default:`
Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline - removes some previously added manual location strings: now handled by pkg/log depending on loglevel - kept manual string locations on fmt print functions - add 'notice' and 'critical' loglevels - add 'Panic' and 'Panicf' functions to log panics - adresses issue #26 2023-01-23 18:48:06 +01:00			`return fmt.Errorf("RUNTIME/SETUP > unsupported escape sequence in quoted string: backslash %#v", runes[i])`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`}`
			`continue`
			`}`
			`sb.WriteRune(runes[i])`
			`}`

			`val = sb.String()`
			`}`

			`os.Setenv(key, val)`
			`}`

			`return s.Err()`
			`}`

cleanup and comments 2022-03-15 08:29:29 +01:00			`// Changes the processes user and group to that`
			`// specified in the config.json. The go runtime`
			`// takes care of all threads (and not only the calling one)`
			`// executing the underlying systemcall.`
Refactor directory structure 2022-06-21 17:52:36 +02:00			`func DropPrivileges(username string, group string) error {`
			`if group != "" {`
			`g, err := user.LookupGroup(group)`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`if err != nil {`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("Error while looking up group")`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`return err`
			`}`

			`gid, _ := strconv.Atoi(g.Gid)`
			`if err := syscall.Setgid(gid); err != nil {`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("Error while setting gid")`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`return err`
			`}`
			`}`

Refactor directory structure 2022-06-21 17:52:36 +02:00			`if username != "" {`
			`u, err := user.Lookup(username)`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`if err != nil {`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("Error while looking up user")`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`return err`
			`}`

			`uid, _ := strconv.Atoi(u.Uid)`
			`if err := syscall.Setuid(uid); err != nil {`
Adapt loglevel for logs, shorten strings, fix formats, streamline - Switched to Warn for most errors, reduces bloat, improves log control 2023-02-01 11:58:27 +01:00			`log.Warn("Error while setting uid")`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`return err`
			`}`
			`}`

			`return nil`
			`}`

			`// If started via systemd, inform systemd that we are running:`
			`// https://www.freedesktop.org/software/systemd/man/sd_notify.html`
Refactor directory structure 2022-06-21 17:52:36 +02:00			`func SystemdNotifiy(ready bool, status string) {`
Cleanup and restructure 2022-02-03 11:35:42 +01:00			`if os.Getenv("NOTIFY_SOCKET") == "" {`
			`// Not started using systemd`
			`return`
			`}`

			`args := []string{fmt.Sprintf("--pid=%d", os.Getpid())}`
			`if ready {`
			`args = append(args, "--ready")`
			`}`

			`if status != "" {`
			`args = append(args, fmt.Sprintf("--status=%s", status))`
			`}`

			`cmd := exec.Command("systemd-notify", args...)`
			`cmd.Run() // errors ignored on purpose, there is not much to do anyways.`
			`}`