Merge pull request #53 from ccloes-intuit/add_sudo_support

Add sudo support
aws · Mar 23, 2016 · 2a24130 · 2a24130
2 parents 5c4fe53 + bd38c04
commit 2a24130
Show file tree

Hide file tree

Showing 7 changed files with 97 additions and 14 deletions.
diff --git a/init.d/codedeploy-agent b/init.d/codedeploy-agent
@@ -22,34 +22,53 @@ RETVAL=0
 [ -f /etc/profile ] && [ "`stat --format '%U %G' /etc/profile`" == "root root" ] && source /etc/profile
 
 prog="codedeploy-agent"
+# Modify the following USER variable to run the codedeploy process as a non-root user
+# Note: You also need to chown /opt/codedeploy /var/log/aws 
+USER=""
 AGENT_ROOT="/opt/codedeploy-agent/"
 INSTALLER="/opt/codedeploy-agent/bin/install"
 BIN="/opt/codedeploy-agent/bin/codedeploy-agent"
 
 start() {
         echo -n $"Starting $prog:"
         cd $AGENT_ROOT
-        nohup $BIN start >/dev/null </dev/null 2>&1  # Try to start the server
+        if [ $USER ]; then
+          nohup sudo -i -u $USER $BIN start >/dev/null </dev/null 2>&1 # Try to start the server
+        else
+          nohup $BIN start >/dev/null </dev/null 2>&1  # Try to start the server
+        fi
         exit $?
 }
 
 stop() {
         echo -n $"Stopping $prog:"
         cd $AGENT_ROOT
-        nohup $BIN stop >/dev/null </dev/null 2>&1  # Try to stop the server
+        if [ $USER ]; then
+          nohup sudo -i -u $USER $BIN stop >/dev/null </dev/null 2>&1  # Try to stop the server
+        else
+          nohup $BIN stop >/dev/null </dev/null 2>&1  # Try to stop the server
+        fi
         exit $?
 }
 
 restart() {
         echo -n $"Restarting $prog:"
         cd $AGENT_ROOT
-        nohup $BIN restart >/dev/null </dev/null 2>&1  # Try to restart the server
+        if [ $USER ]; then
+          nohup sudo -i -u $USER $BIN restart >/dev/null </dev/null 2>&1  # Try to restart the server
+        else
+          nohup $BIN restart >/dev/null </dev/null 2>&1  # Try to restart the server
+        fi
         exit $?
 }
 
 status() {
         cd $AGENT_ROOT
-        $BIN status # Status of the server
+        if [ $USER ]; then
+          sudo -i -u $USER $BIN status # Status of the server
+        else
+          $BIN status # Status of the server
+        fi
         exit $?
 }
 

diff --git a/init.d/codedeploy-agent.service b/init.d/codedeploy-agent.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=AWS CodeDeploy Host Agent
+
+[Service]
+Type=forking
+ExecStart=/opt/codedeploy-agent/bin/codedeploy-agent start
+ExecStop=/opt/codedeploy-agent/bin/codedeploy-agent stop
+RemainAfterExit=no
+# Comment out the following line to run the agent as the codedeploy user
+# Note: The user must first exist on the system
+#User=codedeploy
+
+[Install]
+WantedBy=multi-user.target
diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb
@@ -8,14 +8,27 @@ def self.supported_oses()
       ['linux']
     end
 
-    def self.prepare_script_command(script, absolute_path)
-      script_command = absolute_path
-      if(!script.runas.nil?)
-        script_command = 'su ' + script.runas + ' -c ' + absolute_path
+    def self.prepare_script_command(script, absolute_cmd_path)
+      runas = !!script.runas
+      sudo = !!script.sudo
+
+      if runas && sudo
+        return 'sudo su ' + script.runas + ' -c ' + absolute_cmd_path
+      end
+
+      if runas && !sudo
+        return 'su ' + script.runas + ' -c ' + absolute_cmd_path
+      end
+
+      if !runas && sudo
+        return 'sudo ' + absolute_cmd_path
       end
-      script_command
+
+      # If neither sudo or runas is specified, execute the
+      # command as the code deploy agent user 
+      absolute_cmd_path
     end
-    
+
     def self.quit()
       # Send kill signal to parent and exit
       Process.kill('TERM', Process.ppid)
@@ -46,6 +59,7 @@ def self.codedeploy_version_file
     def self.fallback_version_file
       "/opt/codedeploy-agent"
     end
+
     private
     def self.execute_tar_command(cmd)
       log(:debug, "Executing #{cmd}")

diff --git a/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb b/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb
@@ -60,6 +60,7 @@ def parse_hooks(hooks_hash)
                   current_hook_scripts << InstanceAgent::Plugins::CodeDeployPlugin::ApplicationSpecification::ScriptInfo.new(script['location'].to_s.strip,
                   {
                     :runas => script.has_key?('runas') && !script['runas'].nil? ? script['runas'].to_s.strip : nil,
+                    :sudo => script['sudo'],
                     :timeout => script['timeout']
                   })
                 else
@@ -140,4 +141,4 @@ def parse_context(context)
       end
     end
   end
-end
+end
diff --git a/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb b/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb
@@ -5,14 +5,15 @@ module ApplicationSpecification
         #Helper Class for storing data parsed from hook script maps
         class ScriptInfo
 
-          attr_reader :location, :runas, :timeout
+          attr_reader :location, :runas, :sudo, :timeout
           def initialize(location, opts = {})
             location = location.to_s
             if(location.empty?)
               raise AppSpecValidationException, 'Scripts need a location value'
             end
             @location = location
             @runas = opts[:runas]
+            @sudo = opts[:sudo]
             @timeout = opts[:timeout] || 3600
             @timeout = @timeout.to_i
             if(@timeout <= 0)
@@ -24,4 +25,4 @@ def initialize(location, opts = {})
       end
     end
   end
-end
+end
diff --git a/lib/instance_agent/plugins/codedeploy/command_executor.rb b/lib/instance_agent/plugins/codedeploy/command_executor.rb
@@ -11,7 +11,6 @@ module InstanceAgent
   module Plugins
     module CodeDeployPlugin
       ARCHIVES_TO_RETAIN = 5
-
       class CommandExecutor
         class << self
           attr_reader :command_methods

diff --git a/test/instance_agent/platform/linux_util_test.rb b/test/instance_agent/platform/linux_util_test.rb
@@ -0,0 +1,35 @@
+require 'test_helper'
+
+class LinuxUtilTest < InstanceAgentTestCase
+  context 'Testing building command with sudo' do
+    setup do
+      @script_mock = Struct.new :sudo, :runas
+    end
+
+    should 'return command with sudo with runas user deploy' do
+      mock = @script_mock.new true, "deploy"
+      assert_equal 'sudo su deploy -c my_script.sh',
+                   InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh")
+    end
+
+    should 'return command without sudo with runas user deploy' do
+      mock = @script_mock.new nil, "deploy"
+      assert_equal 'su deploy -c my_script.sh',
+                   InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh")
+    end
+
+    should 'return command without sudo or runas user' do
+      mock = @script_mock.new nil, nil
+      assert_equal 'my_script.sh',
+                   InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh")
+    end
+
+    should 'return command with sudo' do
+      mock = @script_mock.new true, nil
+      assert_equal 'sudo my_script.sh',
+                   InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh")
+    end
+
+  end
+end
+