search

turbot / powerpipe

Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
https://powerpipe.io/
GNU Affero General Public License v3.0
186 stars 11 forks source link

Powerpipe crashes when `USER` env var is unset #341

Open sfc-gh-dwilson opened 2 months ago

sfc-gh-dwilson commented 2 months ago

Describe the bug

Powerpipe unavoidably crashes when run in a container that doesn't define the USER environment variable. Setting POWERPIPE_INSALL_DIR doesn't resolve this issue. Setting USER does.

The error seems to be caused by these lines https://github.com/turbot/powerpipe/blob/e5824daddb202efb6e7469a9f294548595920d9c/internal/cmdconfig/app_specific.go#L29-L34

The exact error shows up in my k8s deploymet logs, but I'm unable to reproduce the same traces when running the same docker container locally:

Error: user: Current requires cgo or $USER set in environment
panic: user: unknown userid 1000
goroutine 1 [running]:
github.com/turbot/pipe-fittings/error_helpers.FailOnError({0x414c0a0, 0xc000b3da78})
    /root/go/pkg/mod/github.com/turbot/pipe-fittings@v1.2.0/error_helpers/utils.go:33 +0x51
github.com/turbot/powerpipe/internal/cmdconfig.SetAppSpecificConstants()
    /go/src/powerpipe/internal/cmdconfig/app_specific.go:30 +0xd2
main.main()
    /go/src/powerpipe/main.go:33 +0x39

Powerpipe version (powerpipe -v) Example: Powerpipe v0.1.3

To reproduce Dockerfile and sample shell script included under Additional Context section below.

Expected behavior

Defining POWERPIPE_INSALL_DIR as described in Powerpipe: Docs: POWERPIPE_INSALL_DIR and https://github.com/turbot/pipe-fittings/blob/main/app_specific/env.go#L33-L37 should prevent this error.

Additional context

server.sh

#!/bin/sh
steampipe service start
powerpipe server --port 80

Dockerfile

FROM cgr.dev/chainguard/glibc-dynamic:latest as installer

USER root

RUN wget --output-document=steampipe-install.sh https://raw.githubusercontent.com/turbot/steampipe/main/scripts/install.sh \
    && bash steampipe-install.sh

RUN wget --output-document=powerpipe-install.sh https://raw.githubusercontent.com/turbot/powerpipe/main/scripts/install.sh \
    && bash powerpipe-install.sh

FROM cgr.dev/chainguard/glibc-dynamic:latest

COPY --from=installer /usr/local/bin/steampipe /usr/local/bin/steampipe
COPY --from=installer /usr/local/bin/powerpipe /usr/local/bin/powerpipe

USER nonroot

RUN steampipe plugin install aws

COPY --chown=nonroot:nonroot test /test
COPY --chown=nonroot:nonroot server.sh /test/server.sh

WORKDIR /test 

# Initialize Steampipe runtime dependencies during build
RUN steampipe service start
RUN steampipe service stop

ENTRYPOINT /test/server.sh
github-actions[bot] commented 1 week ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.