Added ability to for plugins to request elevated sudo privileges

Author: kevinwang5658

package.json

@@ -11,7 +11,7 @@
     "ajv": "^8.12.0",
     "ajv-formats": "^3.0.1",
     "chalk": "^5.3.0",
-    "codify-schemas": "1.0.32",
+    "codify-schemas": "1.0.37",
     "debug": "^4.3.4",
     "ink": "^4.4.1",
     "parse-json": "^8.1.0",

src/common/base-command.ts

@@ -1,20 +1,23 @@
 import { Command, Flags } from '@oclif/core';
-import { Reporter, ReporterFactory, ReporterType } from '../ui/reporters/reporter.js';
 import { FlagOutput } from '@oclif/core/lib/interfaces/parser.js';
-import createDebug from 'debug';
 import chalk from 'chalk';
+import createDebug from 'debug';
+
+import { ctx, Event } from '../events/context.js';
+import { Reporter, ReporterFactory, ReporterType } from '../ui/reporters/reporter.js';
 
 export abstract class BaseCommand extends Command {
 
   static enableJsonFlag = true;
   static baseFlags = {
+    'debug': Flags.boolean(),
     'output': Flags.option({
-      default: 'default',
       char: 'o',
+      default: 'default',
       options: ['plain', 'default', 'debug', 'json'],
-    })(),
-    'debug': Flags.boolean()
+    })()
   }
+
   protected reporter!: Reporter;
 
   public async init(): Promise<void> {
@@ -27,6 +30,11 @@ export abstract class BaseCommand extends Command {
 
     const reporterType = this.getReporterType(flags);
     this.reporter = ReporterFactory.create(reporterType)
+
+    ctx.on(Event.SUDO_REQUEST, async (pluginName: string, command: string) => {
+      await this.reporter.promptSudo(pluginName, command);
+      ctx.sudoRequestGranted(pluginName);
+    });
   }
 
   protected async catch(err: Error): Promise<void> {
@@ -48,14 +56,21 @@ export abstract class BaseCommand extends Command {
 
     if (flags.output) {
       switch (flags.output) {
-        case 'debug':
+        case 'debug': {
           return ReporterType.DEBUG;
-        case 'json':
+        }
+
+        case 'json': {
           return ReporterType.JSON;
-        case 'plain':
+        }
+
+        case 'plain': {
           return ReporterType.PLAIN;
-        case 'default':
+        }
+
+        case 'default': {
           return ReporterType.DEFAULT;
+        }
       }
     }
 

src/entities/project-config.test.ts

@@ -1,4 +1,4 @@
-import { ProjectConfig } from './project-config';
+import { ProjectConfig } from './project-config.js';
 import { describe, expect, it } from 'vitest';
 
 describe('Parser: project entity tests', () => {

src/events/context.ts

@@ -11,6 +11,8 @@ export enum Event {
   PROCESS_FINISH = 'process_finish',
   SUB_PROCESS_START = 'sub_process_start',
   SUB_PROCESS_FINISH = 'sub_process_finish',
+  SUDO_REQUEST = 'sudo_request',
+  SUDO_REQUEST_GRANTED = 'sudo_request_granted',
 }
 
 export enum ProcessName {
@@ -77,6 +79,14 @@ export const ctx = new class {
     this.emitter.emit(Event.SUB_PROCESS_FINISH, name, additionalName);
   }
 
+  sudoRequested(pluginName: string, command: string) {
+    this.emitter.emit(Event.SUDO_REQUEST, pluginName, command);
+  }
+
+  sudoRequestGranted(pluginName: string) {
+    this.emitter.emit(Event.SUDO_REQUEST_GRANTED, pluginName);
+  }
+
   async subprocess<T>(name: string, run: () => Promise<T>): Promise<T> {
     this.emitter.emit(Event.SUB_PROCESS_START, name);
     const result = await run();

src/plugins/plugin-process.ts

@@ -1,12 +1,14 @@
-import { IpcMessage, IpcMessageSchema } from 'codify-schemas';
+import { IpcMessage, IpcMessageSchema, MessageCmd, SudoRequestData, SudoRequestDataSchema } from 'codify-schemas';
 import { ChildProcess, fork } from 'node:child_process';
 import { createRequire } from 'node:module';
 
-import { ctx } from '../events/context.js';
+import { ctx, Event } from '../events/context.js';
 import { ajv } from '../utils/ajv.js';
 import { PluginMessage } from './message.js';
 
 const ipcMessageValidator = ajv.compile(IpcMessageSchema);
+const sudoRequestValidator = ajv.compile(SudoRequestDataSchema);
+
 
 type Resolve<T> = (value: T) => void;
 type Reject = (reason?: Error) => void;
@@ -30,7 +32,7 @@ export class PluginProcess {
       pluginPath,
       [],
       {
-        env: { ...process.env, FORCE_COLOR: '1', DEBUG_COLORS: '1' },
+        env: { ...process.env, DEBUG_COLORS: '1', FORCE_COLOR: '1' },
         silent: true,
         ...(isTypescript && { execArgv: ['--import', 'tsx'] }),
       },
@@ -41,6 +43,7 @@ export class PluginProcess {
     _process.on('exit', (code) => {
       throw new Error(`Plugin ${this.name} exited with code ${code}`);
     })
+    this.handleSudoRequests(_process);
 
     return new PluginProcess(_process);
   }
@@ -67,12 +70,37 @@ export class PluginProcess {
     try {
       const require = createRequire(import.meta.url);
       require.resolve('tsx');
-    } catch (e) {
+    } catch {
       return false;
     }
 
     return true;
   }
+
+  private static handleSudoRequests(process: ChildProcess) {
+    process.on('message', (message) => {
+      if (!ipcMessageValidator(message)) {
+        throw new Error(`Invalid message from plugin. ${JSON.stringify(message, null, 2)}`);
+      }
+
+      if (message.cmd === MessageCmd.SUDO_REQUEST) {
+        const { data } = message;
+        if (!sudoRequestValidator(data)) {
+          throw new Error(`Invalid sudo request from plugin ${this.name}. ${JSON.stringify(sudoRequestValidator.errors, null, 2)}`);
+        }
+
+        ctx.sudoRequested(this.name, (data as unknown as SudoRequestData).command);
+      }
+    })
+    ctx.on(Event.SUDO_REQUEST_GRANTED, (pluginName) => {
+      if (pluginName === this.name) {
+        process.send({
+          cmd: resultFunctionName(MessageCmd.SUDO_REQUEST),
+          data: {}
+        })
+      }
+    })
+  }
 }
 
 class SendMessageForResultHandler {

src/ui/components/default-component.tsx

@@ -17,6 +17,7 @@ export function DefaultComponent(props: {
   const [state, setState] = useState(RenderState.GENERATING_PLAN);
   const [progressState, setProgressState] = useState(null as ProgressState | null);
   const [plan, setPlan] = useState(null as PlanResponseData[] | null);
+  const [isCleared, setIsCleared] = useState(false);
 
   // Use layoutEffect runs before the first render, whereas useEffect runs after
   useLayoutEffect(() => {
@@ -39,11 +40,21 @@ export function DefaultComponent(props: {
     emitter.on(RenderEvent.PROGRESS_UPDATE, (state: ProgressState) => {
       setProgressState(structuredClone(state));
     });
+
+    emitter.on(RenderEvent.CLEAR, () => {
+      setIsCleared(true);
+    });
+
+    emitter.on(RenderEvent.UNCLEAR, () => {
+      console.log('set unclear')
+      setIsCleared(false);
+    });
+
   }, []);
 
   return <Box flexDirection="column">
     {
-      ([RenderState.APPLYING, RenderState.GENERATING_PLAN].includes(state)) && progressState && (
+      ([RenderState.APPLYING, RenderState.GENERATING_PLAN].includes(state)) && progressState && !isCleared && (
         <ProgressDisplay progress={progressState}/>
       )
     }
@@ -63,5 +74,13 @@ export function DefaultComponent(props: {
         </Box>
       )
     }
+    {/* { */}
+    {/*   showSudoPrompt && ( */}
+    {/*     <Box flexDirection='column'> */}
+    {/*       <Text>Password:</Text> */}
+    {/*       <PasswordInput onSubmit={(value) => emitter.emit(RenderEvent.PROMPT_SUDO_RESULT, value)}/> */}
+    {/*     </Box> */}
+    {/*   ) */}
+    {/* } */}
   </Box>
 }

src/ui/reporters/debug-reporter.ts

@@ -1,6 +1,8 @@
+import chalk from 'chalk';
 import { PlanResponseData } from 'codify-schemas';
-import readline from 'node:readline';
 import createDebug, { Debugger } from 'debug';
+import { execSync } from 'node:child_process';
+import readline from 'node:readline';
 
 import { ctx, Event } from '../../events/context.js';
 import { Reporter } from './reporter.js';
@@ -23,6 +25,11 @@ export class DebugReporter implements Reporter {
     ctx.on(Event.SUB_PROCESS_FINISH, (name) => debug(name))
   }
 
+  async promptSudo(pluginName: string, command: string): Promise<void> {
+    console.log(chalk.blue(`Plugin: ${pluginName} requires root access to run command: '${command}'`));
+    execSync('sudo -v');
+  }
+
   async promptApplyConfirmation(): Promise<boolean> {
     const response = await new Promise((resolve) => {
       this.rl.question('Is this okay?\n', (answer) => resolve(answer));

src/ui/reporters/default-reporter.tsx

@@ -1,5 +1,7 @@
+import chalk from 'chalk';
 import { PlanResponseData } from 'codify-schemas';
 import { render } from 'ink';
+import { execSync } from 'node:child_process';
 import { EventEmitter } from 'node:events';
 import React from 'react';
 
@@ -10,8 +12,8 @@ import { DisplayPlanStateTransition, RenderEvent, RenderState, Reporter } from '
 
 const ProgressLabelMapping = {
   [ProcessName.APPLY]: 'Codify apply',
-  [ProcessName.UNINSTALL]: 'Codify uninstall',
   [ProcessName.PLAN]: 'Codify plan',
+  [ProcessName.UNINSTALL]: 'Codify uninstall',
   [SubProcessName.APPLYING_RESOURCE]: 'Applying resource',
   [SubProcessName.GENERATE_PLAN]: 'Refresh states and generating plan',
   [SubProcessName.INITIALIZE_PLUGINS]: 'Initializing plugins',
@@ -25,7 +27,7 @@ export class DefaultReporter implements Reporter {
   private progressState: ProgressState | null = null
 
   constructor() {
-    render(<DefaultComponent emitter={this.renderEmitter}/>)
+    render(<DefaultComponent emitter={this.renderEmitter}/>);
 
     ctx.on(Event.OUTPUT, (args) => this.log(args));
     ctx.on(Event.PROCESS_START, (name) => this.onProcessStartEvent(name))
@@ -34,6 +36,21 @@ export class DefaultReporter implements Reporter {
     ctx.on(Event.SUB_PROCESS_FINISH, (name, additionalName) => this.onSubprocessFinishEvent(name, additionalName))
   }
 
+  async promptSudo(pluginName: string, command: string): Promise<void> {
+    console.log(chalk.blue(`Plugin: ${pluginName} requires root access to run command: '${command}'`));
+
+    // The sudo prompt and the inkjs renderer like to conflict when rendered together.
+    // Clear the process bar while showing sudo.
+    this.renderEmitter.emit(RenderEvent.CLEAR);
+
+    // We need to sleep for 200ms here to wait for ink.js to un-render the progress bar.
+    // Ink renders asynchronously so the output is not cleared right away
+    await new Promise((resolve) => setTimeout(resolve, 200));
+
+    execSync('sudo -v')
+    this.renderEmitter.emit(RenderEvent.UNCLEAR);
+  }
+
   displayPlan(plan: PlanResponseData[]): void {
     this.progressState = null;
 

src/ui/reporters/plain-reporter.ts

@@ -1,4 +1,6 @@
+import chalk from 'chalk';
 import { PlanResponseData } from 'codify-schemas';
+import { execSync } from 'node:child_process';
 import readline from 'node:readline';
 
 import { ctx, Event } from '../../events/context.js';
@@ -15,6 +17,11 @@ export class PlainReporter implements Reporter {
     ctx.on(Event.SUB_PROCESS_FINISH, (name) => console.log(name))
   }
 
+  async promptSudo(pluginName: string, command: string): Promise<void> {
+    console.log(chalk.blue(`Plugin: ${pluginName} requires root access to run command: '${command}'`));
+    execSync('sudo -v');
+  }
+
   async promptApplyConfirmation(): Promise<boolean> {
     const response = await new Promise((resolve) => {
       this.rl.question('Is this okay?\n', (answer) => resolve(answer));

src/ui/reporters/reporter.ts

@@ -1,13 +1,16 @@
 import { PlanResponseData } from 'codify-schemas';
+
 import { DebugReporter } from './debug-reporter.js';
-import { PlainReporter } from './plain-reporter.js';
 import { DefaultReporter } from './default-reporter.js';
+import { PlainReporter } from './plain-reporter.js';
 
 export enum RenderEvent {
   LOG = 'log',
   PROGRESS_UPDATE = 'progressUpdate',
   PROMPT_RESULT = 'promptResult',
-  STATE_TRANSITION = 'stateTransition'
+  CLEAR = 'promptSudo',
+  UNCLEAR = 'promptSudoResult',
+  STATE_TRANSITION = 'stateTransition',
 }
 
 /**
@@ -32,6 +35,8 @@ export interface Reporter {
   displayPlan(plan: PlanResponseData[]): void
 
   promptApplyConfirmation(): Promise<boolean>
+
+  promptSudo(pluginName: string, command: string): Promise<void>;
 }
 
 export enum ReporterType {
@@ -41,17 +46,24 @@ export enum ReporterType {
   JSON
 }
 
-export class ReporterFactory {
-  static create(type: ReporterType): Reporter {
+export const ReporterFactory = {
+  create(type: ReporterType): Reporter {
     switch (type) {
-      case ReporterType.DEBUG:
+      case ReporterType.DEBUG: {
         return new DebugReporter();
-      case ReporterType.PLAIN:
+      }
+
+      case ReporterType.PLAIN: {
         return new PlainReporter();
-      case ReporterType.JSON:
+      }
+
+      case ReporterType.JSON: {
         return new DefaultReporter();
-      default:
+      }
+
+      default: {
         return new DefaultReporter();
+      }
     }
-  }
-}
+  },
+};