google-cloud-sdk: kubeconfig: don't store absolute path to gcloud binary (#63037)

google-cloud-sdk: kubeconfig: don't store absolute path to gcloud binary

2 files changed, 57 insertions, 8 deletions

diff --git a/pkgs/tools/admin/google-cloud-sdk/default.nix b/pkgs/tools/admin/google-cloud-sdk/default.nix
index 3abd189d0f97..0b3b5d287271 100644
--- a/pkgs/tools/admin/google-cloud-sdk/default.nix
+++ b/pkgs/tools/admin/google-cloud-sdk/default.nix
@@ -36,16 +36,18 @@ in stdenv.mkDerivation rec {
 
   buildInputs = [ python makeWrapper ];
 
-  phases = [ "installPhase" "fixupPhase" ];
+  doBuild = false;
+
+  patches = [
+    ./gcloud-path.patch
+  ];
 
   installPhase = ''
-    mkdir -p "$out"
-    tar -xzf "$src" -C "$out" google-cloud-sdk
+    mkdir -p $out/google-cloud-sdk
+    cp -R * .install $out/google-cloud-sdk/
 
-    mkdir $out/google-cloud-sdk/lib/surface/alpha
+    mkdir -p $out/google-cloud-sdk/lib/surface/{alpha,beta}
     cp ${./alpha__init__.py} $out/google-cloud-sdk/lib/surface/alpha/__init__.py
-
-    mkdir $out/google-cloud-sdk/lib/surface/beta
     cp ${./beta__init__.py} $out/google-cloud-sdk/lib/surface/beta/__init__.py
 
     # create wrappers with correct env
@@ -68,8 +70,8 @@ in stdenv.mkDerivation rec {
     disable_update_check = true" >> $out/google-cloud-sdk/properties
 
     # setup bash completion
-    mkdir -p "$out/etc/bash_completion.d/"
-    mv "$out/google-cloud-sdk/completion.bash.inc" "$out/etc/bash_completion.d/gcloud.inc"
+    mkdir -p $out/etc/bash_completion.d
+    mv $out/google-cloud-sdk/completion.bash.inc $out/etc/bash_completion.d/gcloud.inc
 
     # This directory contains compiled mac binaries. We used crcmod from
     # nixpkgs instead.
diff --git a/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch b/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch
new file mode 100644
index 000000000000..64ec6cdb1b65
--- /dev/null
+++ b/pkgs/tools/admin/google-cloud-sdk/gcloud-path.patch
@@ -0,0 +1,47 @@
+From b69fee70154a861637c82e98e18be01bbb96423b Mon Sep 17 00:00:00 2001
+From: Florian Klink <flokli@flokli.de>
+Date: Wed, 12 Jun 2019 17:03:09 +0200
+Subject: [PATCH] kubeconfig: don't store absolute path to gcloud binary
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The `gcloud beta container clusters get-credentials $cluster \
+--region $region --project $project`
+command can be used to write kubectl config files.
+
+In that file, normally the absolute path to the `gcloud` binary is
+stored.
+
+This is a bad idea in NixOS. We might eventually garbage-collect that
+specific gcloud binary - and in general, would expect a nix-shell
+provided gcloud to be used.
+
+In its current state, token renewal would just start to break with the
+following error message:
+
+Unable to connect to the server: error executing access token command "/nix/store/…/gcloud config config-helper --format=json": err=fork/exec /nix/store/…/gcloud: no such file or directory output= stderr=
+
+Avoid this by storing just `gcloud` inside `cmd-path`, which causes
+kubectl to lookup the gcloud command from $PATH, which is more likely to
+keep working.
+---
+ lib/googlecloudsdk/api_lib/container/kubeconfig.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/googlecloudsdk/api_lib/container/kubeconfig.py b/lib/googlecloudsdk/api_lib/container/kubeconfig.py
+index 4330988d6..37424b841 100644
+--- a/lib/googlecloudsdk/api_lib/container/kubeconfig.py
++++ b/lib/googlecloudsdk/api_lib/container/kubeconfig.py
+@@ -255,7 +255,7 @@ def _AuthProvider(name='gcp'):
+       raise Error(SDK_BIN_PATH_NOT_FOUND)
+     cfg = {
+         # Command for gcloud credential helper
+-        'cmd-path': os.path.join(sdk_bin_path, bin_name),
++        'cmd-path': bin_name,
+         # Args for gcloud credential helper
+         'cmd-args': 'config config-helper --format=json',
+         # JSONpath to the field that is the raw access token
+-- 
+2.21.0
+