package config
|
|
|
|
import (
|
|
"gerrit.wikimedia.org/r/blubber/build"
|
|
)
|
|
|
|
// RunsConfig holds configuration fields related to the application's
|
|
// runtime environment.
|
|
//
|
|
type RunsConfig struct {
|
|
UserConfig `json:",inline"`
|
|
Insecurely Flag `json:"insecurely"` // runs user owns application files
|
|
Environment map[string]string `json:"environment" validate:"envvars"` // environment variables
|
|
}
|
|
|
|
// Merge takes another RunsConfig and overwrites this struct's fields. All
|
|
// fields except Environment are overwritten if set. The latter is an additive
|
|
// merge.
|
|
//
|
|
func (run *RunsConfig) Merge(run2 RunsConfig) {
|
|
run.UserConfig.Merge(run2.UserConfig)
|
|
run.Insecurely.Merge(run2.Insecurely)
|
|
|
|
if run.Environment == nil {
|
|
run.Environment = make(map[string]string)
|
|
}
|
|
|
|
for name, value := range run2.Environment {
|
|
run.Environment[name] = value
|
|
}
|
|
}
|
|
|
|
// InstructionsForPhase injects build instructions related to the runtime
|
|
// configuration.
|
|
//
|
|
// PhasePrivileged
|
|
//
|
|
// Creates LocalLibPrefix directory and unprivileged user home directory,
|
|
// creates the unprivileged user and its group, and sets up directory
|
|
// permissions.
|
|
//
|
|
// PhasePrivilegeDropped
|
|
//
|
|
// Injects build.Env instructions for all names/values defined by
|
|
// RunsConfig.Environment.
|
|
//
|
|
func (run RunsConfig) InstructionsForPhase(phase build.Phase) []build.Instruction {
|
|
switch phase {
|
|
case build.PhasePrivileged:
|
|
return []build.Instruction{build.RunAll{
|
|
build.CreateUser(run.As, run.UID, run.GID),
|
|
}}
|
|
case build.PhasePrivilegeDropped:
|
|
if len(run.Environment) > 0 {
|
|
return []build.Instruction{
|
|
build.Env{run.Environment},
|
|
}
|
|
}
|
|
}
|
|
|
|
return []build.Instruction{}
|
|
}
|