Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not fail on path resolution for default config #2202

Closed
wants to merge 1 commit into from
Closed

Do not fail on path resolution for default config #2202

wants to merge 1 commit into from

Conversation

nabokihms
Copy link

There is now an error after upgrading to the latest template with the config file support.

Error: fsys for path .gomplate.yaml: resolve local path ".gomplate.yaml": getwd: stat .: permission denied

It seems like the error happens during the local path resolution, which calls various os package methods, including getcwd.
If the config was not requested intentionally, I believe it is ok to skip these errors.

Context dexidp/dex#3675

@nabokihms
Copy link
Author

Haven't managed to find a good workaround yet. Can we release a version with the fix anytime soon? Rolling back to previous gomplate version is always an option, but there are several security issues in v3.* with dependencies.

nabokihms added a commit to deckhouse/3p-dex that referenced this pull request Aug 7, 2024
@nabokihms
Change workdir for gomplate
cfeb726 
Workaround to run gomplate from a non-root directory in distroless images, because gomplate tries to access CWD on start.
See: hairyhenderson/gomplate#2202

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
@nabokihms nabokihms mentioned this pull request Aug 7, 2024
Merged
nabokihms added a commit to dexidp/dex that referenced this pull request Aug 7, 2024
@nabokihms
Change workdir for gomplate (#3684)
5c66c71 
Workaround to run gomplate from a non-root directory in distroless images, because gomplate tries to access CWD on start.
See: hairyhenderson/gomplate#2202

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
nabokihms added a commit to dexidp/dex that referenced this pull request Aug 7, 2024
@nabokihms
Change workdir for gomplate (#3684)
43956db 
Workaround to run gomplate from a non-root directory in distroless images, because gomplate tries to access CWD on start.
See: hairyhenderson/gomplate#2202

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
@hairyhenderson
Copy link
Owner

Hi @nabokihms, thanks for this.

upgrading to the latest template with the config file support.

hrm... I see you upgraded from 3.11.8 - it had config file support previously - is the issue just that it didn't fail previously?

From the original issue it seems like the actual problem was that gomplate was running from a directory it had no read permission for?

If that's the case, the error makes sense, but I'm not sure about the fix. What if the error is legitimate? i.e. what if the user has a config present but are running as the wrong user with no read permissions, or is in the incorrect directory?

I suppose what we need here is some way to signal to gomplate that it shouldn't attempt to read a config file at all. Perhaps setting --config="" to override the default of .gomplate.yaml?

@nabokihms
Copy link
Author

is the issue just that it didn't fail previously?
Issue appeared straight after upgrade.

From the original issue it seems like the actual problem was that gomplate was running from a directory it had no read permission for?

Yeah, I managed to figure it out after reading the code. My home dir was the root of a distroless image, which was not accessible.

I'm totally ok with the empty config flag, for me it solves the problem.

@hairyhenderson hairyhenderson mentioned this pull request Sep 28, 2024
Merged
@hairyhenderson
Copy link
Owner

I've merged #2227 just now, which should solve the underlying issue here. Closing now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hairyhenderson hairyhenderson Awaiting requested review from hairyhenderson hairyhenderson is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nabokihms @hairyhenderson