44 lines
1.3 KiB
Python
44 lines
1.3 KiB
Python
"""Provision non-secret provider auth markers into a Docker bottle."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
import subprocess
|
|
|
|
from ..bottle_plan import DockerBottlePlan
|
|
|
|
|
|
def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
|
|
"""Copy a dummy Codex auth marker when host credentials are
|
|
forwarded through egress.
|
|
|
|
The file contains no real access or refresh token values; it only
|
|
nudges Codex into the same user/device auth branch as the host.
|
|
"""
|
|
if not plan.codex_auth_file:
|
|
return
|
|
container_home = os.environ.get("BOT_BOTTLE_CONTAINER_HOME", "/home/node")
|
|
auth_dir = f"{container_home}/.codex"
|
|
auth_path = f"{auth_dir}/auth.json"
|
|
|
|
subprocess.run(
|
|
["docker", "exec", "-u", "0", target, "mkdir", "-p", auth_dir],
|
|
stdout=subprocess.DEVNULL,
|
|
check=True,
|
|
)
|
|
subprocess.run(
|
|
["docker", "cp", str(plan.codex_auth_file), f"{target}:{auth_path}"],
|
|
stdout=subprocess.DEVNULL,
|
|
check=True,
|
|
)
|
|
subprocess.run(
|
|
["docker", "exec", "-u", "0", target, "chown", "node:node", auth_path],
|
|
stdout=subprocess.DEVNULL,
|
|
check=True,
|
|
)
|
|
subprocess.run(
|
|
["docker", "exec", "-u", "0", target, "chmod", "600", auth_path],
|
|
stdout=subprocess.DEVNULL,
|
|
check=True,
|
|
)
|