google-cloud-sdk: apply kubeconfig: don't store absolute path to gcloud binary

author: Florian Klink <flokli@flokli.de> 2019-06-12 17:35:04 +0200
committer: Florian Klink <flokli@flokli.de> 2019-06-14 23:41:43 +0200
commit: 6a166b2bfce28d54f9e45b190ec1153754b5da4b (patch)
tree: bc9b848019b72e47edb0604d8b4e7ee2279774a1 /pkgs/tools/admin
parent: ff647cab19dce77f7433ec7919424ff68b80de9b (diff)
2 files changed, 50 insertions, 0 deletions
diff --git a/pkgs/tools/admin/google-cloud-sdk/default.nix b/pkgs/tools/admin/google-cloud-sdk/default.nix
index 9099bfb242f4..0b3b5d287271 100644
--- a/pkgs/tools/admin/google-cloud-sdk/default.nix
+++ b/pkgs/tools/admin/google-cloud-sdk/default.nix
@@ -38,6 +38,9 @@ in stdenv.mkDerivation rec {
 
   doBuild = false;
 
+  patches = [
+    ./gcloud-path.patch
+  ];
 
   installPhase = ''
     mkdir -p $out/google-cloud-sdk
diff --git a/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch b/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch
new file mode 100644
index 000000000000..64ec6cdb1b65
--- /dev/null
+++ b/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch
@@ -0,0 +1,47 @@
+From b69fee70154a861637c82e98e18be01bbb96423b Mon Sep 17 00:00:00 2001
+From: Florian Klink <flokli@flokli.de>
+Date: Wed, 12 Jun 2019 17:03:09 +0200
+Subject: [PATCH] kubeconfig: don't store absolute path to gcloud binary
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The `gcloud beta container clusters get-credentials $cluster \
+--region $region --project $project`
+command can be used to write kubectl config files.
+
+In that file, normally the absolute path to the `gcloud` binary is
+stored.
+
+This is a bad idea in NixOS. We might eventually garbage-collect that
+specific gcloud binary - and in general, would expect a nix-shell
+provided gcloud to be used.
+
+In its current state, token renewal would just start to break with the
+following error message:
+
+Unable to connect to the server: error executing access token command "/nix/store/…/gcloud config config-helper --format=json": err=fork/exec /nix/store/…/gcloud: no such file or directory output= stderr=
+
+Avoid this by storing just `gcloud` inside `cmd-path`, which causes
+kubectl to lookup the gcloud command from $PATH, which is more likely to
+keep working.
+---
+ lib/googlecloudsdk/api_lib/container/kubeconfig.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/googlecloudsdk/api_lib/container/kubeconfig.py b/lib/googlecloudsdk/api_lib/container/kubeconfig.py
+index 4330988d6..37424b841 100644
+--- a/lib/googlecloudsdk/api_lib/container/kubeconfig.py
++++ b/lib/googlecloudsdk/api_lib/container/kubeconfig.py
+@@ -255,7 +255,7 @@ def _AuthProvider(name='gcp'):
+       raise Error(SDK_BIN_PATH_NOT_FOUND)
+     cfg = {
+         # Command for gcloud credential helper
+-        'cmd-path': os.path.join(sdk_bin_path, bin_name),
++        'cmd-path': bin_name,
+         # Args for gcloud credential helper
+         'cmd-args': 'config config-helper --format=json',
+         # JSONpath to the field that is the raw access token
+-- 
+2.21.0
+
author	Florian Klink <flokli@flokli.de>	2019-06-12 17:35:04 +0200
committer	Florian Klink <flokli@flokli.de>	2019-06-14 23:41:43 +0200
commit	6a166b2bfce28d54f9e45b190ec1153754b5da4b (patch)
tree	bc9b848019b72e47edb0604d8b4e7ee2279774a1 /pkgs/tools/admin
parent	ff647cab19dce77f7433ec7919424ff68b80de9b (diff)