func()

in cmd/core_plugin/oslogin/oslogin_linux.go [279:378]

• 66 lines of code
• 16 McCabe index (conditional complexity)

func (mod *osloginModule) osloginSetup(ctx context.Context, desc *metadata.Descriptor) bool {
	defer func() { mod.prevMetadata = desc }()

	// If the metadata has not changed, we return early.
	// We don't need to clean up the files here because the textconfig library
	// rolls back its previous changes before applying new ones.
	if !mod.metadataChanged(desc) && !mod.failedConfiguration.Load() {
		return true
	}

	evManager := events.FetchManager()

	// If the module is disabled make sure the configuration is disabled and
	// return early.
	if !desc.OSLoginEnabled() {
		defer func() { mod.enabled.Store(false) }()

		// If the module is disabled now but was previously enabled do the
		// run the disabling path.
		if mod.enabled.Load() {
			if err := mod.disableOSLogin(ctx, evManager); err != nil {
				// Failed to restart the necessary services.
				galog.Errorf("Failed to disable OS Login: %v", err)
				mod.failedConfiguration.Store(true)
				return true
			}
			mod.failedConfiguration.Store(false)
		}

		mod.enabled.Store(false)
		return true
	}

	// Enable/start the ssh trusted ca pipe event handler.
	if mod.pipeEventHandler == nil {
		mod.pipeEventHandler = newPipeEventHandler(pipeWatcherSubscriberID, metadata.New())
	}

	// Enable/start the ssh trusted ca pipe event watcher.
	if mod.pipeEventWatcher == nil {
		mod.pipeEventWatcher = pipewatcher.New(sshcaEventWatcherID, sshcaPipeWatcherOpts)
		evManager.AddWatcher(ctx, mod.pipeEventWatcher)
	}

	var failed bool

	// Write SSH config.
	if err := mod.setupOpenSSH(desc); err != nil {
		galog.Errorf("Failed to setup openssh: %v", err)
		failed = true
	}

	// Write NSSwitch config.
	if err := mod.setupNSSwitch(false); err != nil {
		galog.Errorf("Failed to setup nsswitch: %v", err)
		failed = true
	}

	// Write PAM config.
	if err := mod.setupPAM(); err != nil {
		galog.Errorf("Failed to setup pam: %v", err)
		failed = true
	}

	// Write Group config.
	if err := mod.setupGroup(); err != nil {
		galog.Errorf("Failed to setup group: %v", err)
		failed = true
	}

	// Restart services. This is not a blocker.
	if err := mod.restartServices(ctx); err != nil {
		galog.Errorf("Failed to restart services: %v", err)
		failed = true
	}

	// Create the necessary OSLogin directories and other files.
	if err := mod.setupOSLoginDirs(ctx); err != nil {
		galog.Errorf("Failed to setup OSLogin directories: %v", err)
		failed = true
	}

	if err := mod.setupOSLoginSudoers(); err != nil {
		galog.Errorf("Failed to create OSLogin sudoers file: %v", err)
		failed = true
	}

	// Fill NSS cache.
	if _, err := run.WithContext(ctx, run.Options{
		Name:       "google_oslogin_nss_cache",
		OutputType: run.OutputNone,
	}); err != nil {
		galog.Errorf("Failed to fill NSS cache: %v", err)
		failed = true
	}

	mod.enabled.Store(!failed)
	mod.failedConfiguration.Store(failed)
	return true
}