Merge pull request #53 from ArchetypicalSoftware/hotfix/certs

ewassef · web-flow · commit 082a50ee54a0 · 2026-01-31T17:36:04.000-05:00
This pull request introduces several improvements to how the system handles Docker volume mounts, particularly addressing the issue where Docker may create directories instead of files when mounting non-existent paths. It adds robust validation and correction logic for mount sources, improves error handling and user guidance for certificate and config file issues, and enhances cross-platform compatibility (including WSL2). Additionally, it expands the set of allowed commands in the local settings.

Docker Volume Mount Validation and Correction:

Added EnsureVolumeMountSource logic to both LocalDockerClient and FallbackDockerEngine to validate and fix mount sources before container creation, preventing Docker from creating directories where files are expected. If a file is expected but a directory exists, it is removed and appropriate errors are thrown if the file is missing. Parent directories are ensured to exist. [1] [2] [3] [4]
Certificate and Config File Handling Improvements:

Enhanced logic in ReverseProxyClient and UpdateClustersCommand to handle cases where certificate paths are directories instead of files, including fallback to shell commands (with sudo if needed) for removal on systems like WSL2 or Mac. Improved error messages guide the user to resolve permission issues. [1] [2] [3] [4] [5]
In DockerHubClient, added logic to ensure the ConfigMounts directory exists, remove incorrectly created directories for config files, and create or copy a default config if missing.
User Guidance and Error Messaging:

Improved error messages for missing certificate files, including suggestions for copying certificates from .bin/Certs to the project root and clarifying expected file locations. [1] [2]
Cross-Platform and WSL2 Support:

Updated comments and logic to explicitly mention and support WSL2 environments, not just Mac, for Docker directory issues. [1] [2]
Local Settings Update:

Expanded the list of allowed commands in .claude/settings.local.json to include grep, dotnet build, dotnet test, and generic test commands, as well as web fetches from github.com.
diff --git a/.claude/settings.local.json b/.claude/settings.local.json
@@ -12,7 +12,12 @@
       "Bash(done)",
       "Bash(for node in idp-control-plane idp-worker idp-worker2)",
       "Bash(kubectl --context kind-idp get pods:*)",
-      "Bash(kubectl --context kind-idp delete pod:*)"
+      "Bash(kubectl --context kind-idp delete pod:*)",
+      "Bash(grep:*)",
+      "WebFetch(domain:github.com)",
+      "Bash(dotnet build:*)",
+      "Bash(dotnet test:*)",
+      "Bash(test:*)"
     ]
   }
 }
diff --git a/cli/src/Vdk/Commands/UpdateClustersCommand.cs b/cli/src/Vdk/Commands/UpdateClustersCommand.cs
@@ -420,7 +420,7 @@ private async Task RolloutRestartDeployment(IKubernetesClient client, V1Deployme
 
     /// <summary>
     /// Checks if a certificate path exists as a directory instead of a file
-    /// and removes it. On some systems (especially Mac), Docker may incorrectly
+    /// and removes it. On some systems (especially Mac and WSL2), Docker may incorrectly
     /// create directories when mounting paths that don't exist.
     /// </summary>
     private void FixCertificatePathIfDirectory(string path, bool verbose)
@@ -436,10 +436,73 @@ private void FixCertificatePathIfDirectory(string path, bool verbose)
                     _console.WriteLine($"[DEBUG] Successfully removed directory '{path}'");
                 }
             }
-            catch (Exception ex)
+            catch (Exception)
             {
-                _console.WriteError($"Failed to remove directory '{path}': {ex.Message}");
+                // On WSL2/Linux, directories created by Docker may have root ownership.
+                // Fall back to shell command with elevated permissions.
+                if (TryRemoveDirectoryWithShell(path, verbose))
+                {
+                    if (verbose)
+                    {
+                        _console.WriteLine($"[DEBUG] Successfully removed directory '{path}' using shell command");
+                    }
+                }
+                else
+                {
+                    _console.WriteError($"Failed to remove directory '{path}'. Try running: sudo rm -rf \"{path}\"");
+                }
             }
         }
     }
+
+    /// <summary>
+    /// Attempts to remove a directory using shell commands, which may succeed
+    /// when .NET Directory.Delete fails due to permission issues.
+    /// </summary>
+    private bool TryRemoveDirectoryWithShell(string path, bool verbose)
+    {
+        try
+        {
+            var isWindows = System.OperatingSystem.IsWindows();
+            var startInfo = new System.Diagnostics.ProcessStartInfo
+            {
+                FileName = isWindows ? "cmd.exe" : "/bin/sh",
+                Arguments = isWindows
+                    ? $"/c rmdir /s /q \"{path}\""
+                    : $"-c \"rm -rf '{path}'\"",
+                UseShellExecute = false,
+                RedirectStandardOutput = true,
+                RedirectStandardError = true,
+                CreateNoWindow = true
+            };
+
+            using var process = System.Diagnostics.Process.Start(startInfo);
+            process?.WaitForExit(5000);
+
+            // Check if directory was actually removed
+            if (!_fileSystem.Directory.Exists(path))
+            {
+                return true;
+            }
+
+            // If still exists, try with sudo on Linux/Mac
+            if (!isWindows)
+            {
+                if (verbose)
+                {
+                    _console.WriteLine($"[DEBUG] Attempting sudo rm -rf for '{path}'");
+                }
+                startInfo.Arguments = $"-c \"sudo rm -rf '{path}'\"";
+                using var sudoProcess = System.Diagnostics.Process.Start(startInfo);
+                sudoProcess?.WaitForExit(10000);
+                return !_fileSystem.Directory.Exists(path);
+            }
+
+            return false;
+        }
+        catch
+        {
+            return false;
+        }
+    }
 }
diff --git a/cli/src/Vdk/Services/DockerHubClient.cs b/cli/src/Vdk/Services/DockerHubClient.cs
@@ -15,6 +15,67 @@ public void CreateRegistry()
         var configFile = new FileInfo(Path.Combine("ConfigMounts", "zot-config.json"));
         var imagesDir = new DirectoryInfo("images");
 
+        // Ensure ConfigMounts directory exists
+        var configMountsDir = configFile.Directory;
+        if (configMountsDir != null && !configMountsDir.Exists)
+        {
+            configMountsDir.Create();
+        }
+
+        // Fix: Check if config file was incorrectly created as a directory by Docker
+        if (Directory.Exists(configFile.FullName))
+        {
+            console.WriteLine($"Config path '{configFile.FullName}' exists as a directory instead of a file. Removing...");
+            Directory.Delete(configFile.FullName, recursive: true);
+        }
+
+        // Ensure config file exists - try to copy from app directory or create default
+        if (!configFile.Exists)
+        {
+            // Try to find config in application base directory
+            var appBaseConfig = Path.Combine(AppContext.BaseDirectory, "ConfigMounts", "zot-config.json");
+            if (File.Exists(appBaseConfig))
+            {
+                console.WriteLine($"Copying zot config from {appBaseConfig}");
+                File.Copy(appBaseConfig, configFile.FullName);
+            }
+            else
+            {
+                // Create default config
+                console.WriteLine("Creating default zot-config.json");
+                var defaultConfig = """
+                    {
+                      "distSpecVersion": "1.1.0",
+                      "storage": {
+                        "rootDirectory": "/var/lib/registry",
+                        "gc": true,
+                        "gcDelay": "1h",
+                        "gcInterval": "24h"
+                      },
+                      "http": {
+                        "address": "0.0.0.0",
+                        "port": "5000"
+                      },
+                      "log": {
+                        "level": "info"
+                      },
+                      "extensions": {
+                        "ui": {
+                          "enable": true
+                        },
+                        "search": {
+                          "enable": true,
+                          "cve": {
+                            "updateInterval": "24h"
+                          }
+                        }
+                      }
+                    }
+                    """;
+                File.WriteAllText(configFile.FullName, defaultConfig);
+            }
+        }
+
         // Ensure images directory exists
         if (!imagesDir.Exists)
         {
diff --git a/cli/src/Vdk/Services/FallbackDockerEngine.cs b/cli/src/Vdk/Services/FallbackDockerEngine.cs
@@ -25,6 +25,16 @@ internal static bool RunProcess(string fileName, string arguments, out string st
 
         public bool Run(string image, string name, PortMapping[]? ports, Dictionary<string, string>? envs, FileMapping[]? volumes, string[]? commands, string? network = null)
         {
+            // Validate and fix volume mount sources before creating container
+            // This prevents Docker from creating directories when files are expected
+            if (volumes != null)
+            {
+                foreach (var volume in volumes)
+                {
+                    EnsureVolumeMountSource(volume.Source, volume.Destination);
+                }
+            }
+
             var args = $"run -d --name {name}";
             if (network != null)
                 args += $" --network {network}";
@@ -53,6 +63,54 @@ public bool Run(string image, string name, PortMapping[]? ports, Dictionary<stri
             return RunProcess("docker", args, out _, out _);
         }
 
+        /// <summary>
+        /// Ensures that a volume mount source path exists correctly.
+        /// Fixes the common Docker issue where mounting a non-existent file creates a directory instead.
+        /// </summary>
+        private void EnsureVolumeMountSource(string sourcePath, string destinationPath)
+        {
+            // Determine if destination looks like a file (has extension) or directory
+            bool isFilePath = Path.HasExtension(destinationPath) && !destinationPath.EndsWith('/') && !destinationPath.EndsWith('\\');
+
+            // Check if path was incorrectly created as a directory when it should be a file
+            if (isFilePath && Directory.Exists(sourcePath))
+            {
+                Console.WriteLine($"Mount path '{sourcePath}' exists as a directory instead of a file. Removing...");
+                try
+                {
+                    Directory.Delete(sourcePath, recursive: true);
+                }
+                catch (Exception ex)
+                {
+                    throw new InvalidOperationException(
+                        $"Failed to remove directory '{sourcePath}': {ex.Message}",
+                        ex);
+                }
+            }
+
+            // Ensure parent directory exists
+            var parentDir = Path.GetDirectoryName(sourcePath);
+            if (!string.IsNullOrEmpty(parentDir) && !Directory.Exists(parentDir))
+            {
+                Directory.CreateDirectory(parentDir);
+            }
+
+            // For file paths, ensure the file exists
+            if (isFilePath && !File.Exists(sourcePath))
+            {
+                throw new FileNotFoundException(
+                    $"Mount source file does not exist: '{sourcePath}'. " +
+                    $"Please ensure the required config file exists before running this command.",
+                    sourcePath);
+            }
+
+            // For directory paths, ensure directory exists
+            if (!isFilePath && !Directory.Exists(sourcePath))
+            {
+                Directory.CreateDirectory(sourcePath);
+            }
+        }
+
         public bool Exists(string name, bool checkRunning = true)
         {
             var filter = checkRunning ? "--filter \"status=running\"" : "";
diff --git a/cli/src/Vdk/Services/LocalDockerClient.cs b/cli/src/Vdk/Services/LocalDockerClient.cs
@@ -14,6 +14,16 @@ public LocalDockerClient(Docker.DotNet.IDockerClient dockerClient)
 
     public bool Run(string image, string name, PortMapping[]? ports, Dictionary<string, string>? envs, FileMapping[]? volumes, string[]? commands, string? network = null)
     {
+        // Validate and fix volume mount sources before creating container
+        // This prevents Docker from creating directories when files are expected
+        if (volumes != null)
+        {
+            foreach (var volume in volumes)
+            {
+                EnsureVolumeMountSource(volume.Source, volume.Destination);
+            }
+        }
+
         _dockerClient.Images.CreateImageAsync(
           new ImagesCreateParameters
           {
@@ -160,4 +170,52 @@ public bool CanConnect()
             return false;
         }
     }
+
+    /// <summary>
+    /// Ensures that a volume mount source path exists correctly.
+    /// Fixes the common Docker issue where mounting a non-existent file creates a directory instead.
+    /// </summary>
+    private void EnsureVolumeMountSource(string sourcePath, string destinationPath)
+    {
+        // Determine if destination looks like a file (has extension) or directory
+        bool isFilePath = Path.HasExtension(destinationPath) && !destinationPath.EndsWith('/') && !destinationPath.EndsWith('\\');
+
+        // Check if path was incorrectly created as a directory when it should be a file
+        if (isFilePath && Directory.Exists(sourcePath))
+        {
+            Console.WriteLine($"Certificate path '{sourcePath}' exists as a directory instead of a file. Removing...");
+            try
+            {
+                Directory.Delete(sourcePath, recursive: true);
+            }
+            catch (Exception ex)
+            {
+                throw new InvalidOperationException(
+                    $"Failed to remove directory '{sourcePath}': {ex.Message}",
+                    ex);
+            }
+        }
+
+        // Ensure parent directory exists
+        var parentDir = Path.GetDirectoryName(sourcePath);
+        if (!string.IsNullOrEmpty(parentDir) && !Directory.Exists(parentDir))
+        {
+            Directory.CreateDirectory(parentDir);
+        }
+
+        // For file paths, ensure the file exists
+        if (isFilePath && !File.Exists(sourcePath))
+        {
+            throw new FileNotFoundException(
+                $"Mount source file does not exist: '{sourcePath}'. " +
+                $"Please ensure the required config file exists before running this command.",
+                sourcePath);
+        }
+
+        // For directory paths, ensure directory exists
+        if (!isFilePath && !Directory.Exists(sourcePath))
+        {
+            Directory.CreateDirectory(sourcePath);
+        }
+    }
 }
diff --git a/cli/src/Vdk/Services/ReverseProxyClient.cs b/cli/src/Vdk/Services/ReverseProxyClient.cs
diff --git a/init.sh b/init.sh

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,12 @@`
`12`	`12`	`"Bash(done)",`
`13`	`13`	`"Bash(for node in idp-control-plane idp-worker idp-worker2)",`
`14`	`14`	`"Bash(kubectl --context kind-idp get pods:*)",`
`15`		`- "Bash(kubectl --context kind-idp delete pod:*)"`
	`15`	`+ "Bash(kubectl --context kind-idp delete pod:*)",`
	`16`	`+ "Bash(grep:*)",`
	`17`	`+ "WebFetch(domain:github.com)",`
	`18`	`+ "Bash(dotnet build:*)",`
	`19`	`+ "Bash(dotnet test:*)",`
	`20`	`+ "Bash(test:*)"`
`16`	`21`	`]`
`17`	`22`	`}`
`18`	`23`	`}`