Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Allow disabling exec only for the entrypoint #1973

Merged
merged 5 commits into from
Aug 3, 2021
Merged

Allow disabling exec only for the entrypoint #1973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
63da073
internal/server: entrypoint can advertise exec is disabled
mitchellh Aug 2, 2021
c07fdbb
internal/ceb: WAYPOINT_CEB_DISABLE_EXEC
mitchellh Aug 2, 2021
26414ec
website: document disabling exec
mitchellh Aug 2, 2021
dbca721
changelog
mitchellh Aug 2, 2021
186db12
website: show example
mitchellh Aug 3, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .changelog/1973.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
```release-note:improvement
entrypoint: Can disable `waypoint exec` only by setting the
`WAYPOINT_CEB_DISABLE_EXEC` environment variable to a truthy value.
```
7 changes: 7 additions & 0 deletions internal/ceb/ceb.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ const (
envServerTls = "WAYPOINT_SERVER_TLS"
envServerTlsSkipVerify = "WAYPOINT_SERVER_TLS_SKIP_VERIFY"
envCEBDisable = "WAYPOINT_CEB_DISABLE"
envCEBDisableExec = "WAYPOINT_CEB_DISABLE_EXEC"
envCEBServerRequired = "WAYPOINT_CEB_SERVER_REQUIRED"
envCEBToken = "WAYPOINT_CEB_INVITE_TOKEN"

Expand All @@ -49,6 +50,7 @@ type CEB struct {
deploymentId string
context context.Context
execIdx int64
execDisable bool

// stateCond and its associated locker are used to protect all the
// state-prefixed fields. These state fields can be watched using this
Expand Down Expand Up @@ -326,6 +328,11 @@ func WithEnvDefaults() Option {

ceb.deploymentId = os.Getenv(envDeploymentId)

ceb.execDisable, err = env.GetBool(envCEBDisableExec, false)
if err != nil {
return err
}

return nil
}
}
Expand Down
1 change: 1 addition & 0 deletions internal/ceb/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ func (ceb *CEB) initConfigStreamReceiver(
client, err := serverClient.EntrypointConfig(ctx, &pb.EntrypointConfigRequest{
DeploymentId: ceb.deploymentId,
InstanceId: ceb.id,
DisableExec: ceb.execDisable,
}, grpc.WaitForReady(isRetry || cfg.ServerRequired))
if err != nil {
// If the server is unavailable and this is our first time, then
Expand Down
9 changes: 9 additions & 0 deletions internal/ceb/exec.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,15 @@ import (
)

func (ceb *CEB) startExecGroup(es []*pb.EntrypointConfig_Exec, env []string) {
// If exec is disabled, log. This should never happen because we advertise
// disabled exec to the server, and the server should not assign us any
// exec sessions. However, we don't want to explicitly trust the server
// so we also safeguard here that we do not exec if we've disabled it.
if ceb.execDisable {
ceb.logger.Warn("startExecGroup called but disableExec is true. This should not happen.")
return
}

idx := ceb.execIdx
for _, exec := range es {
// Ignore exec sessions we already have
Expand Down
30 changes: 0 additions & 30 deletions internal/server/gen/mocks/waypoint_client.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

23 changes: 0 additions & 23 deletions internal/server/gen/mocks/waypoint_server.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading