Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not fail on path resolution for default config #2202

Closed
wants to merge 1 commit into from

Conversation

nabokihms
Copy link

There is now an error after upgrading to the latest template with the config file support.

Error: fsys for path .gomplate.yaml: resolve local path ".gomplate.yaml": getwd: stat .: permission denied

It seems like the error happens during the local path resolution, which calls various os package methods, including getcwd.
If the config was not requested intentionally, I believe it is ok to skip these errors.

Context dexidp/dex#3675

@nabokihms
Copy link
Author

Haven't managed to find a good workaround yet. Can we release a version with the fix anytime soon? Rolling back to previous gomplate version is always an option, but there are several security issues in v3.* with dependencies.

nabokihms added a commit to deckhouse/3p-dex that referenced this pull request Aug 7, 2024
Workaround to run gomplate from a non-root directory in distroless images, because gomplate tries to access CWD on start.
See: hairyhenderson/gomplate#2202

Signed-off-by: m.nabokikh <[email protected]>
nabokihms added a commit to dexidp/dex that referenced this pull request Aug 7, 2024
Workaround to run gomplate from a non-root directory in distroless images, because gomplate tries to access CWD on start.
See: hairyhenderson/gomplate#2202

Signed-off-by: m.nabokikh <[email protected]>
nabokihms added a commit to dexidp/dex that referenced this pull request Aug 7, 2024
Workaround to run gomplate from a non-root directory in distroless images, because gomplate tries to access CWD on start.
See: hairyhenderson/gomplate#2202

Signed-off-by: m.nabokikh <[email protected]>
@hairyhenderson
Copy link
Owner

Hi @nabokihms, thanks for this.

upgrading to the latest template with the config file support.

hrm... I see you upgraded from 3.11.8 - it had config file support previously - is the issue just that it didn't fail previously?

From the original issue it seems like the actual problem was that gomplate was running from a directory it had no read permission for?

If that's the case, the error makes sense, but I'm not sure about the fix. What if the error is legitimate? i.e. what if the user has a config present but are running as the wrong user with no read permissions, or is in the incorrect directory?

I suppose what we need here is some way to signal to gomplate that it shouldn't attempt to read a config file at all. Perhaps setting --config="" to override the default of .gomplate.yaml?

@nabokihms
Copy link
Author

is the issue just that it didn't fail previously?
Issue appeared straight after upgrade.

From the original issue it seems like the actual problem was that gomplate was running from a directory it had no read permission for?

Yeah, I managed to figure it out after reading the code. My home dir was the root of a distroless image, which was not accessible.

I'm totally ok with the empty config flag, for me it solves the problem.

@hairyhenderson
Copy link
Owner

I've merged #2227 just now, which should solve the underlying issue here. Closing now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants