google-cloud-sdk: kubeconfig: don't store absolute path to gcloud binary (#63037)

google-cloud-sdk: kubeconfig: don't store absolute path to gcloud binary
This commit is contained in:
Florian Klink 2019-06-19 10:22:30 +02:00 committed by GitHub
commit fbfcc15985
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 57 additions and 8 deletions

View File

@ -36,16 +36,18 @@ in stdenv.mkDerivation rec {
buildInputs = [ python makeWrapper ];
phases = [ "installPhase" "fixupPhase" ];
doBuild = false;
patches = [
./gcloud-path.patch
];
installPhase = ''
mkdir -p "$out"
tar -xzf "$src" -C "$out" google-cloud-sdk
mkdir -p $out/google-cloud-sdk
cp -R * .install $out/google-cloud-sdk/
mkdir $out/google-cloud-sdk/lib/surface/alpha
mkdir -p $out/google-cloud-sdk/lib/surface/{alpha,beta}
cp ${./alpha__init__.py} $out/google-cloud-sdk/lib/surface/alpha/__init__.py
mkdir $out/google-cloud-sdk/lib/surface/beta
cp ${./beta__init__.py} $out/google-cloud-sdk/lib/surface/beta/__init__.py
# create wrappers with correct env
@ -68,8 +70,8 @@ in stdenv.mkDerivation rec {
disable_update_check = true" >> $out/google-cloud-sdk/properties
# setup bash completion
mkdir -p "$out/etc/bash_completion.d/"
mv "$out/google-cloud-sdk/completion.bash.inc" "$out/etc/bash_completion.d/gcloud.inc"
mkdir -p $out/etc/bash_completion.d
mv $out/google-cloud-sdk/completion.bash.inc $out/etc/bash_completion.d/gcloud.inc
# This directory contains compiled mac binaries. We used crcmod from
# nixpkgs instead.

View File

@ -0,0 +1,47 @@
From b69fee70154a861637c82e98e18be01bbb96423b Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Wed, 12 Jun 2019 17:03:09 +0200
Subject: [PATCH] kubeconfig: don't store absolute path to gcloud binary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The `gcloud beta container clusters get-credentials $cluster \
--region $region --project $project`
command can be used to write kubectl config files.
In that file, normally the absolute path to the `gcloud` binary is
stored.
This is a bad idea in NixOS. We might eventually garbage-collect that
specific gcloud binary - and in general, would expect a nix-shell
provided gcloud to be used.
In its current state, token renewal would just start to break with the
following error message:
Unable to connect to the server: error executing access token command "/nix/store/…/gcloud config config-helper --format=json": err=fork/exec /nix/store/…/gcloud: no such file or directory output= stderr=
Avoid this by storing just `gcloud` inside `cmd-path`, which causes
kubectl to lookup the gcloud command from $PATH, which is more likely to
keep working.
---
lib/googlecloudsdk/api_lib/container/kubeconfig.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/googlecloudsdk/api_lib/container/kubeconfig.py b/lib/googlecloudsdk/api_lib/container/kubeconfig.py
index 4330988d6..37424b841 100644
--- a/lib/googlecloudsdk/api_lib/container/kubeconfig.py
+++ b/lib/googlecloudsdk/api_lib/container/kubeconfig.py
@@ -255,7 +255,7 @@ def _AuthProvider(name='gcp'):
raise Error(SDK_BIN_PATH_NOT_FOUND)
cfg = {
# Command for gcloud credential helper
- 'cmd-path': os.path.join(sdk_bin_path, bin_name),
+ 'cmd-path': bin_name,
# Args for gcloud credential helper
'cmd-args': 'config config-helper --format=json',
# JSONpath to the field that is the raw access token
--
2.21.0