added a mechanism to verify that debops controller doesn't use other controller's files

this should prevent problems such as https://bugzilla.ipr.univ-rennes.fr/show_bug.cgi?id=3719 work related to https://bugzilla.ipr.univ-rennes.fr/show_bug.cgi?id=3719
2023-12-13 11:24:57 +01:00 · 2023-12-13 11:24:57 +01:00 · b3e9fec9a2
parent 20bac19c84
commit b3e9fec9a2
1 changed files with 87 additions and 0 deletions
--- a/home/bin/deboco
+++ b/home/bin/deboco
@ -161,6 +161,57 @@ controller__get_debops_env_path()
 	echo "${local_repos_path}/.env"  # see the allowed locations in man debops-config
 }

+
+path__as_regular_path()
+{
+	local path="$1"
+	echo $path | sed "s|~|$home_dir|g"
+}
+
+# checks the validity of the given debops controller
+
+controller__check_integrity()
+{
+	local debops_controller_path="$1"
+
+	local local_repos_path=$(controller__get_local_repos_path "$debops_controller_path")
+	local virtual_env_path=$(controller__get_virtualenv_path "$debops_controller_path")
+	local debops_exit_code=''
+
+	# (debops.venv) debopsupdater@mazinger:~/debops/controllers/alambix/ansible.debops.git$ debops env
+	# DEBOPS_ANSIBLE_COLLECTIONS_PATH=~/debops/controllers/alambix/debops.venv/lib/python3.11/site-packages/debops/_data/ansible/collections
+	# DEBOPS_VENV=/home/debopsupdater/debops/controllers/alambix/debops.venv
+	# DEBOPS_VENV_PLAYBOOKS=/home/debopsupdater/debops/controllers/alambix/debops.venv/lib/python3.11/site-packages/debops/_data/ansible/collections/ansible_collections/debops/debops/playbooks
+	# DEBOPS_VENV_ROLES=/home/debopsupdater/debops/controllers/alambix/debops.venv/lib/python3.11/site-packages/debops/_data/ansible/collections/ansible_collections/debops/debops/roles
+	# DEBOPS_PROJECT_PATH=~/debops/controllers/alambix/ansible.debops.git
+	# DEBOPS_ANSIBLE_INVENTORY=~/debops/controllers/alambix/ansible.debops.git/ansible/inventory
+	# ANSIBLE_CONFIG=~/debops/controllers/alambix/ansible.debops.git/ansible.cfg
+	pushd "$local_repos_path"
+		source "$virtual_env_path/bin/activate"
+		eval "$(debops env)"
+		local home_dir=$(echo ~)
+		local var_name=''
+		for var_name in DEBOPS_ANSIBLE_COLLECTIONS_PATH DEBOPS_VENV DEBOPS_VENV_PLAYBOOKS DEBOPS_VENV_ROLES DEBOPS_PROJECT_PATH DEBOPS_ANSIBLE_INVENTORY ANSIBLE_CONFIG
+		do
+			local var_value=''
+			var_value=${!var_name}
+			var_value=$(path__as_regular_path $var_value)
+			if [ $? != 0 ]
+			then
+				log 'error' "failed to get the regular path from $var_value"
+				return "$RETURNCODE_ERROR"
+			fi
+			echo $var_value | grep -q "^$debops_controller_path"
+			if [ $? != 0 ]
+			then
+				log 'error' "the path for $var_name ($var_value) is expected to start with the path of the debops controller $debops_controller_path"
+				return "$RETURNCODE_ERROR"
+			fi
+		done
+		deactivate
+	popd
+}
+
 deboco__init()
 {
 	local debops_controller_path="$1"
@ -241,6 +292,12 @@ deboco__init()
 	local virtual_env_path=$(controller__get_virtualenv_path "$debops_controller_path")
 	# no need to call update-debops.sh since update-dev.sh does it
 	DEBOPS_VENV="$virtual_env_path" "$local_repos_path/bin/update-dev.sh"
+
+	controller__check_integrity "$debops_controller_path"
+	if [ $? != "$RETURNCODE_SUCCESS" ]
+	then
+		return $RETURNCODE_ERROR
+	fi
 }

 deboco__update()
@ -248,6 +305,13 @@ deboco__update()
 	local debops_controller_path="$1"
 	log 'info' "updating debobs controller in $debops_controller_path"

+	controller__check_integrity "$debops_controller_path"
+	if [ $? != "$RETURNCODE_SUCCESS" ]
+	then
+		return $RETURNCODE_ERROR
+	fi
+
+
 	reports_path="$(controller__get_reports_path "$debops_controller_path")"
 	mkdir -p "${reports_path}"
 	report_file_path=${reports_path}/$(date --iso=seconds)-init-${target_host_fqdn}
@ -262,6 +326,13 @@ deboco__update()

 	log info "updating debops itself in $virtual_env_path"
 	DEBOPS_VENV="$virtual_env_path" "$local_repos_path/bin/update-dev.sh" | tee --append ${report_file_path}
+
+	controller__check_integrity "$debops_controller_path"
+	if [ $? != "$RETURNCODE_SUCCESS" ]
+	then
+		return $RETURNCODE_ERROR
+	fi
+
 }

 deboco__configure_machine()
@ -296,6 +367,14 @@ deboco__init_machine()
 	local target_host_fqdn="$2"  # the machine on which we want to install debops bootstrap, eg alambix-108.ipr.univ-rennes.fr
 	log 'info' "installing debops bootstrap on $target_host_fqdn using debobs controller $debops_controller_path"

+
+	controller__check_integrity "$debops_controller_path"
+	if [ $? != "$RETURNCODE_SUCCESS" ]
+	then
+		return $RETURNCODE_ERROR
+	fi
+
+
 	local error_code=$RETURNCODE_SUCCESS

 	reports_path="$(controller__get_reports_path "$debops_controller_path")"
@ -330,6 +409,14 @@ deboco__update_machine()
 	local target_host_fqdn="$2"  # eg alambix-108.ipr.univ-rennes.fr
 	log 'info' "updating $target_host_fqdn using debobs controller $debops_controller_path"

+
+	controller__check_integrity "$debops_controller_path"
+	if [ $? != "$RETURNCODE_SUCCESS" ]
+	then
+		return $RETURNCODE_ERROR
+	fi
+
+
 	local error_code=$RETURNCODE_SUCCESS

 	reports_path="$(controller__get_reports_path "$debops_controller_path")"