Make linux work as normal user that escalates to root

- Run servicew commands with sudo access
- Retrieve dynamic IP address with sudo access
- SudoShell -> Sudo

Author: Anthony Emengo

driver/hyperkit/driver.go

@@ -18,7 +18,7 @@ type Hyperkit struct {
 	Config       config.Config
 	DaemonRunner driver.DaemonRunner
 	CFDevD       *client.Client
-	SudoShell    *runner.SudoShell
+	SudoShell    *runner.Sudo
 }
 
 func New(
@@ -32,7 +32,7 @@ func New(
 		Config:       cfg,
 		DaemonRunner: daemonRunner,
 		CFDevD:       cfdevdClient,
-		SudoShell:    &runner.SudoShell{},
+		SudoShell:    &runner.Sudo{},
 	}
 }
 

driver/ip_linux.go

@@ -5,21 +5,33 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"os/exec"
 	"path/filepath"
 )
 
 func IP(cfg config.Config) (string, error) {
 	var (
+		ipPath          = filepath.Join(cfg.StateLinuxkit, "ip")
 		macAddrPath     = filepath.Join(cfg.StateLinuxkit, "mac-addr")
-		vBridgeInfoPath = filepath.Join("/var/lib/libvirt/dnsmasq/virbr0.status")
+		vBridgeInfoPath = "/var/lib/libvirt/dnsmasq/virbr0.status"
 	)
 
-	macAddr, err := ioutil.ReadFile(macAddrPath)
+	// The logic below is a bit of a hack.
+	// Since the services will get started as root, the qemu files containing the ip address will be written as root.
+	// We don't want to escalate to root every time we need the ip throughout the lifecycle of the program, so we write
+	// the ip address as a normal file when we first get it. This logic is making an assumption that root privileges
+	// has been retrieved as part of a prior step and has not yet timed out.
+	data, err := ioutil.ReadFile(ipPath)
+	if err == nil {
+		return string(data), nil
+	}
+
+	macAddr, err := readAsSudo(macAddrPath)
 	if err != nil {
 		return "", err
 	}
 
-	vBridgeInfo, err := ioutil.ReadFile(vBridgeInfoPath)
+	vBridgeInfo, err := readAsSudo(vBridgeInfoPath)
 	if err != nil {
 		return "", err
 	}
@@ -36,10 +48,15 @@ func IP(cfg config.Config) (string, error) {
 
 	for _, result := range results {
 		if result.MacAddr == string(macAddr) {
+			ioutil.WriteFile(ipPath, []byte(result.IPAddr), 0600)
+
 			return result.IPAddr, nil
 		}
 	}
 
 	return "", fmt.Errorf("unable to find VM IP address from '%s'", vBridgeInfoPath)
 }
 
+func readAsSudo(path string) ([]byte, error) {
+	return exec.Command("sudo", "-S", "cat", path).Output()
+}

driver/kvm/driver.go

@@ -20,7 +20,7 @@ type KVM struct {
 	UI           driver.UI
 	Config       config.Config
 	DaemonRunner driver.DaemonRunner
-	SudoShell    *runner.SudoShell
+	SudoShell    *runner.Sudo
 }
 
 func New(
@@ -32,7 +32,7 @@ func New(
 		UI:           ui,
 		Config:       cfg,
 		DaemonRunner: daemonRunner,
-		SudoShell:    &runner.SudoShell{},
+		SudoShell:    &runner.Sudo{},
 	}
 }
 

pkg/servicew/integration/fixtures/simple-darwin.yml pkg/servicew/acceptance/fixtures/simple-darwin.yml

@@ -1,4 +1,4 @@
-package integration_test
+package acceptance_test
 
 import (
 	"github.com/onsi/gomega/gexec"

pkg/servicew/integration/fixtures/simple-linux.yml pkg/servicew/acceptance/fixtures/simple-linux.yml

@@ -1,4 +1,4 @@
-package integration_test
+package acceptance_test
 
 import (
 	"code.cloudfoundry.org/cfdev/pkg/servicew/client"

pkg/servicew/integration/integration_suite_test.go pkg/servicew/acceptance/integration_suite_test.go

@@ -3,6 +3,7 @@ package client
 import (
 	"code.cloudfoundry.org/cfdev/pkg/servicew/config"
 	"code.cloudfoundry.org/cfdev/pkg/servicew/program"
+	"code.cloudfoundry.org/cfdev/runner"
 	"fmt"
 	"gopkg.in/yaml.v2"
 	"io"
@@ -15,12 +16,14 @@ import (
 type ServiceWrapper struct {
 	binaryPath string
 	workdir    string
+	runner     *runner.Sudo
 }
 
 func New(binaryPath string, workdir string) *ServiceWrapper {
 	return &ServiceWrapper{
 		binaryPath: binaryPath,
 		workdir:    workdir,
+		runner:     &runner.Sudo{},
 	}
 }
 
@@ -46,13 +49,7 @@ func (s *ServiceWrapper) Install(cfg config.Config) error {
 		return err
 	}
 
-	command := exec.Command(swrapperPath, "install")
-	output, err := command.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("failed to install '%s': %s: %s", cfg.Label, err, output)
-	}
-
-	return nil
+	return s.runner.Run(swrapperPath, "install")
 }
 
 func (s *ServiceWrapper) Uninstall(label string) error {
@@ -65,10 +62,9 @@ func (s *ServiceWrapper) Uninstall(label string) error {
 		return nil
 	}
 
-	command := exec.Command(swrapperPath, "uninstall")
-	output, err := command.CombinedOutput()
+	err := s.runner.Run(swrapperPath, "uninstall")
 	if err != nil {
-		return fmt.Errorf("failed to uninstall '%s': %s: %s", label, err, output)
+		return fmt.Errorf("failed to uninstall '%s': %s", label, err)
 	}
 
 	err = os.RemoveAll(swrapperPath)
@@ -80,27 +76,15 @@ func (s *ServiceWrapper) Uninstall(label string) error {
 }
 
 func (s *ServiceWrapper) Start(label string) error {
-	command := exec.Command(s.swrapperPath(label), "start")
-	output, err := command.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("failed to start '%s': %s: %s", label, err, output)
-	}
-
-	return nil
+	return s.runner.Run(s.swrapperPath(label), "start")
 }
 
 func (s *ServiceWrapper) Stop(label string) error {
 	if s.swrapperNotExist(label) {
 		return nil
 	}
 
-	command := exec.Command(s.swrapperPath(label), "stop")
-	output, err := command.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("failed to stop '%s': %s: %s", label, err, output)
-	}
-
-	return nil
+	return s.runner.Run(s.swrapperPath(label), "stop")
 }
 
 func (s *ServiceWrapper) IsRunning(label string) (bool, error) {

pkg/servicew/integration/integration_test.go pkg/servicew/acceptance/integration_test.go

@@ -5,9 +5,9 @@ import (
 	"os/exec"
 )
 
-type SudoShell struct{}
+type Sudo struct{}
 
-func (s *SudoShell) Run(args ...string) error {
+func (s *Sudo) Run(args ...string) error {
 	var (
 		invocation = append([]string{"-S"}, args...)
 		cmd        = exec.Command("sudo", invocation...)