Add Atmos auth integration to Geodesic (#979)

Co-authored-by: Claude <[email protected]>
Co-authored-by: Dan Miller <[email protected]>

Author: 3 people

rootfs/etc/profile.d/atmos.sh

@@ -1,5 +1,46 @@
 #!/bin/bash
 
+# Configure Atmos XDG paths to use container's home directory
+# This is required for Atmos auth to work correctly with mounted volumes
+export ATMOS_XDG_CONFIG_HOME="${ATMOS_XDG_CONFIG_HOME:-${HOME}/.config}"
+export ATMOS_XDG_DATA_HOME="${ATMOS_XDG_DATA_HOME:-${HOME}/.local/share}"
+export ATMOS_XDG_CACHE_HOME="${ATMOS_XDG_CACHE_HOME:-${HOME}/.cache}"
+
+# Helper function for Atmos auth integration
+# Usage: use-identity [identity-name] [other atmos auth env flags]
+# This uses Atmos auth to authenticate and set credentials in the environment
+# If called with no arguments, it brings up the identity selector
+function use-identity() {
+	if ! command -v atmos >/dev/null 2>&1; then
+		echo "Error: atmos command not found. Please install atmos first." >&2
+		return 1
+	fi
+
+	# Run atmos auth env and evaluate the output to set credentials
+	local auth_output
+	if [ $# -eq 0 ]; then
+		# No arguments: bring up the selector by passing --identity with no value
+		if ! auth_output=$(atmos auth env --identity 2>&1); then
+			echo "Error running atmos auth: $auth_output" >&2
+			return 1
+		fi
+	else
+		# Arguments provided: pass --identity=<value> with the first argument, then any additional flags
+		if ! auth_output=$(atmos auth env --identity="$1" "${@:2}" 2>&1); then
+			echo "Error running atmos auth: $auth_output" >&2
+			return 1
+		fi
+	fi
+
+	# Evaluate the output to set environment variables
+	eval "$auth_output"
+
+	# If export_current_aws_role function exists (from aws.sh), refresh the AWS role display
+	if declare -f export_current_aws_role >/dev/null 2>&1; then
+		export_current_aws_role
+	fi
+}
+
 function atmos_configure_base_path() {
 	# Leave $ATMOS_BASE_PATH alone if it is already set
 	if [[ -n $ATMOS_BASE_PATH ]]; then

rootfs/templates/wrapper-body.sh

@@ -531,6 +531,15 @@ function use() {
 		fi
 	done
 
+	# Mount Atmos-specific directories for auth support (if they exist)
+	# These are small directories specific to Atmos auth and won't impact performance
+	for dir in ".cache/atmos" ".local/share/atmos"; do
+		if [ -d "${local_home}/${dir}" ] || [ -f "${local_home}/${dir}" ]; then
+			DOCKER_LAUNCH_ARGS+=(--volume="${local_home}/${dir}:${mount_dir}${local_home}/${dir}")
+			debug "Mounting '${local_home}/${dir}' into container for Atmos auth"
+		fi
+	done
+
 	# WORKSPACE_MOUNT is the directory in the container that is to be the mount point for the host filesystem
 	WORKSPACE_MOUNT="${WORKSPACE_MOUNT:-/workspace}"
 	# WORKSPACE_HOST_DIR is the directory on the host that is to be the working directory