From 6a166b2bfce28d54f9e45b190ec1153754b5da4b Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 12 Jun 2019 17:35:04 +0200 Subject: [PATCH] google-cloud-sdk: apply kubeconfig: don't store absolute path to gcloud binary --- pkgs/tools/admin/google-cloud-sdk/default.nix | 3 ++ .../admin/google-cloud-sdk/gcloud-path.patch | 47 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch diff --git a/pkgs/tools/admin/google-cloud-sdk/default.nix b/pkgs/tools/admin/google-cloud-sdk/default.nix index 9099bfb242f4..0b3b5d287271 100644 --- a/pkgs/tools/admin/google-cloud-sdk/default.nix +++ b/pkgs/tools/admin/google-cloud-sdk/default.nix @@ -38,6 +38,9 @@ in stdenv.mkDerivation rec { doBuild = false; + patches = [ + ./gcloud-path.patch + ]; installPhase = '' mkdir -p $out/google-cloud-sdk diff --git a/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch b/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch new file mode 100644 index 000000000000..64ec6cdb1b65 --- /dev/null +++ b/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch @@ -0,0 +1,47 @@ +From b69fee70154a861637c82e98e18be01bbb96423b Mon Sep 17 00:00:00 2001 +From: Florian Klink +Date: Wed, 12 Jun 2019 17:03:09 +0200 +Subject: [PATCH] kubeconfig: don't store absolute path to gcloud binary +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The `gcloud beta container clusters get-credentials $cluster \ +--region $region --project $project` +command can be used to write kubectl config files. + +In that file, normally the absolute path to the `gcloud` binary is +stored. + +This is a bad idea in NixOS. We might eventually garbage-collect that +specific gcloud binary - and in general, would expect a nix-shell +provided gcloud to be used. + +In its current state, token renewal would just start to break with the +following error message: + +Unable to connect to the server: error executing access token command "/nix/store/…/gcloud config config-helper --format=json": err=fork/exec /nix/store/…/gcloud: no such file or directory output= stderr= + +Avoid this by storing just `gcloud` inside `cmd-path`, which causes +kubectl to lookup the gcloud command from $PATH, which is more likely to +keep working. +--- + lib/googlecloudsdk/api_lib/container/kubeconfig.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/googlecloudsdk/api_lib/container/kubeconfig.py b/lib/googlecloudsdk/api_lib/container/kubeconfig.py +index 4330988d6..37424b841 100644 +--- a/lib/googlecloudsdk/api_lib/container/kubeconfig.py ++++ b/lib/googlecloudsdk/api_lib/container/kubeconfig.py +@@ -255,7 +255,7 @@ def _AuthProvider(name='gcp'): + raise Error(SDK_BIN_PATH_NOT_FOUND) + cfg = { + # Command for gcloud credential helper +- 'cmd-path': os.path.join(sdk_bin_path, bin_name), ++ 'cmd-path': bin_name, + # Args for gcloud credential helper + 'cmd-args': 'config config-helper --format=json', + # JSONpath to the field that is the raw access token +-- +2.21.0 +