manager: run update wrappers always with the operator user (#1620)

Signed-off-by: Christian Berendt <[email protected]>
osism · Sep 25, 2024 · 4842b79 · 4842b79
1 parent ca1d521
commit 4842b79
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/roles/manager/templates/wrapper/osism-update-docker.j2 b/roles/manager/templates/wrapper/osism-update-docker.j2
@@ -13,6 +13,11 @@ INSTALL_ANSIBLE_ROLES=${INSTALL_ANSIBLE_ROLES:-true}
 VENV_PATH=${VENV_PATH:-.venv}
 VENV_PYTHON_BIN=${VENV_PYTHON_BIN:-python3}
 
+if [[ $(whoami) != "{{ operator_user }}" ]]; then
+    echo "This script must be executed directly with the OSISM operator user {{ operator_user }}."
+    exit 1
+fi
+
 pushd $CONFIGURATION_DIRECTORY/environments/manager > /dev/null
 
 # If the versions for the Ansible collections are available in the manager environment,

diff --git a/roles/manager/templates/wrapper/osism-update-manager.j2 b/roles/manager/templates/wrapper/osism-update-manager.j2
@@ -22,6 +22,11 @@ CONTAINER_IMAGE=${CONTAINER_IMAGE:-osism/seed}
 CONTAINER_REGISTRY=${CONTAINER_REGISTRY:-quay.io}
 CONTAINER_TAG=${CONTAINER_TAG:-latest}
 
+if [[ $(whoami) != "{{ operator_user }}" ]]; then
+    echo "This script must be executed directly with the OSISM operator user {{ operator_user }}."
+    exit 1
+fi
+
 if [[ $CONTAINER == "true" ]]; then
     docker run --rm -v $CONFIGURATION_DIRECTORY:/opt/configuration:ro -it $CONTAINER_REGISTRY/$CONTAINER_IMAGE:$CONTAINER_TAG $PLAYBOOK
     exit 0