Expand env variables for cmds/entrypoint with format $(ENV)

[rhatdan]

Kubernetes supports expanding $(FOOBAR) as environment variables within
the kube.YAML. When using podman kube play, we need to do the same, for
supporting these YAML files.

Fixes: #15983

Does this PR introduce a user-facing change?

Commands and entrypoints can use environment variables.

[rhatdan]

Replaces: #18881
@ygalblum PTAL

[ygalblum]

LGTM

[umohnani8]

changes LGTM

[edsantiago]

Suggestions:

• check container logs, confirm that output == "BAR BAR \$\(FOO\) FOOBARBAZ"
• add more args, like $(BAZ) ${BAZ}, without a corresponding env yaml, but with Putenv() in the test.

[TomSweeneyRedHat]

nothing over @edsantiago 's comments. Tests are very red.

[flouthoc]

Comment /~https://github.com/containers/podman/pull/19630/files#r1299644346 needs to be ackd by maintainers.

[vrothberg]

Please add a commit message.

[rhatdan]

I agree that adding k8s.io/kubernetes potentially opens us to Bloat, but for now this is only using the expansion subdir, so no bloat.

[vrothberg]

I think @ygalblum brought up another issue though

BTW if we do add the dependency back, why are we taking such an old version?

Is this package not available in newer K8s versions?

[rhatdan]

@vrothberg yup, that is what happens when you grab someone else's original work and don't pay attention to versions.

[vrothberg]

LGTM

[ygalblum]

LGTM

[edsantiago]

I think something is wrong. I took the liberty of adding the test I requested:

		logs := podmanTest.Podman([]string{"logs", "echo_pod-foobar"})
		logs.WaitWithDefaultTimeout()
		Expect(logs).Should(Exit(0))

		Expect(logs.OutputToString()).To(Equal("BAR BAR BAR FOOBARBAZ"))

...and it's failing:

[FAILED] Expected                                                                                                                                             
      <string>: BAR BAR BAR BAR BAR BAR BAR BAR                                                                                                                 
  to equal                                                                                                                                                      
      <string>: BAR BAR BAR FOOBARBAZ

It's impossible to know which BAR corresponds to what, but I really don't like that failure. So, sorry, placing hold until someone explains it or fixes it.

[edsantiago]

suggestion (also available as download):

	var testYAMLForEnvExpand = `
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2021-08-05T17:55:51Z"
  labels:
    app: foobar
  name: echo_pod
spec:
  containers:
  - command:
    - /bin/sh
    - -c
    - 'echo paren$(FOO) brace${FOO} dollardollarparen$$(FOO) interp$(FOO)olate'
    env:
    - name: PATH
      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - name: TERM
      value: xterm
    - name: container
      value: podman
    - name: FOO
      value: BAR
    image: foobar
    name: foobar
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    tty: true
    workingDir: /
  restartPolicy: Never
  dnsConfig: {}
status: {}
`
	It("Check that command is expanded", func() {
		// Setup
		yamlDir := filepath.Join(tempdir, RandomString(12))
		err := os.Mkdir(yamlDir, 0755)
		Expect(err).ToNot(HaveOccurred(), "mkdir "+yamlDir)
		err = writeYaml(testYAMLForEnvExpand, filepath.Join(yamlDir, "echo.yaml"))
		Expect(err).ToNot(HaveOccurred())
		app1Dir := filepath.Join(yamlDir, "foobar")
		err = os.Mkdir(app1Dir, 0755)
		Expect(err).ToNot(HaveOccurred())
		err = writeYaml(playBuildFile + `ENV FOO foo-from-buildfile
COPY FOO /bin/FOO
`, filepath.Join(app1Dir, "Containerfile"))
		Expect(err).ToNot(HaveOccurred())
		// Write a file to be copied
		err = writeYaml(copyFile, filepath.Join(app1Dir, "copyfile"))
		Expect(err).ToNot(HaveOccurred())

		// Shell expansion of $(FOO) in container needs executable FOO
		err = writeYaml(`#!/bin/sh
echo GOT-HERE
`, filepath.Join(app1Dir, "FOO"))
		Expect(err).ToNot(HaveOccurred())
		err = os.Chmod(filepath.Join(app1Dir, "FOO"), 0555)
		Expect(err).ToNot(HaveOccurred(), "chmod FOO")

		os.Setenv("FOO", "make sure we use FOO from kube file, not env")
		defer os.Unsetenv("FOO")

		// Switch to temp dir and restore it afterwards
		cwd, err := os.Getwd()
		Expect(err).ToNot(HaveOccurred())
		Expect(os.Chdir(yamlDir)).To(Succeed())
		defer func() { (Expect(os.Chdir(cwd)).To(BeNil())) }()

		session := podmanTest.Podman([]string{"play", "kube", "echo.yaml"})
		session.WaitWithDefaultTimeout()
		Expect(session).Should(Exit(0))

		logs := podmanTest.Podman([]string{"logs", "echo_pod-foobar"})
		logs.WaitWithDefaultTimeout()
		Expect(logs).Should(Exit(0))
		Expect(logs.OutputToString()).To(Equal("parenBAR braceBAR dollardollarparenGOT-HERE interpBARolate"))

		inspect := podmanTest.Podman([]string{"container", "inspect", "echo_pod-foobar"})
		inspect.WaitWithDefaultTimeout()
		Expect(inspect).Should(Exit(0))
		inspectData := inspect.InspectContainerToJSON()
		Expect(inspectData).ToNot(BeEmpty())

		// dollar-paren are expanded by podman, never seen by container
		Expect(inspectData[0].Args).To(HaveLen(2))
		Expect(inspectData[0].Args[1]).To(Equal("echo parenBAR brace${FOO} dollardollarparen$(FOO) interpBARolate"))
	})

[edsantiago]

Tests LGTM, thank you for accepting my suggestion.

[Luap99]

LGTM

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, rhatdan, vrothberg, ygalblum

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Luap99,rhatdan,vrothberg,ygalblum]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Luap99]

/lgtm