public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1017 from tejal29/correct_user_grp_str 

fix group string being always set to uid in case a user has a gid set
This commit is contained in:
Tejal Desai 2020-02-03 11:30:51 -08:00 committed by GitHub
parent c0c26bdcf2 18fec3ba38
commit 140f45f1b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 63 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/commands/user.go
View File

@ -17,15 +17,22 @@ limitations under the License.
package commands package commands
import ( import (
"fmt"
"strings" "strings"
"github.com/GoogleContainerTools/kaniko/pkg/dockerfile" "github.com/GoogleContainerTools/kaniko/pkg/dockerfile"
"github.com/GoogleContainerTools/kaniko/pkg/util" "github.com/GoogleContainerTools/kaniko/pkg/util"
v1 "github.com/google/go-containerregistry/pkg/v1" v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/moby/buildkit/frontend/dockerfile/instructions" "github.com/moby/buildkit/frontend/dockerfile/instructions"
"github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
// for testing
var (
Lookup = util.Lookup
)
type UserCommand struct { type UserCommand struct {
BaseCommand BaseCommand
cmd *instructions.UserCommand cmd *instructions.UserCommand
@ -38,13 +45,13 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu
replacementEnvs := buildArgs.ReplacementEnvs(config.Env) replacementEnvs := buildArgs.ReplacementEnvs(config.Env)
userStr, err := util.ResolveEnvironmentReplacement(userAndGroup[0], replacementEnvs, false) userStr, err := util.ResolveEnvironmentReplacement(userAndGroup[0], replacementEnvs, false)
if err != nil { if err != nil {
return err return errors.Wrap(err, fmt.Sprintf("resolving user %s", userAndGroup[0]))
} }
groupStr := userStr var groupStr = setGroupDefault(userStr)
if len(userAndGroup) > 1 { if len(userAndGroup) > 1 {
groupStr, err = util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false) groupStr, err = util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false)
if err != nil { if err != nil {
return err return errors.Wrap(err, fmt.Sprintf("resolving group %s", userAndGroup[1]))
} }
} }
@ -57,3 +64,12 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu
func (r *UserCommand) String() string { func (r *UserCommand) String() string {
return r.cmd.String() return r.cmd.String()
} }
func setGroupDefault(userStr string) string {
userObj, err := Lookup(userStr)
if err != nil {
logrus.Debugf("could not lookup user %s. Setting group empty", userStr)
return ""
}
return userObj.Gid
}

28
pkg/commands/user_test.go
View File

@ -16,9 +16,12 @@ limitations under the License.
package commands package commands
import ( import (
"fmt"
"os/user"
"testing" "testing"
"github.com/GoogleContainerTools/kaniko/pkg/dockerfile" "github.com/GoogleContainerTools/kaniko/pkg/dockerfile"
"github.com/GoogleContainerTools/kaniko/pkg/util"
"github.com/GoogleContainerTools/kaniko/testutil" "github.com/GoogleContainerTools/kaniko/testutil"
v1 "github.com/google/go-containerregistry/pkg/v1" v1 "github.com/google/go-containerregistry/pkg/v1"
@ -27,54 +30,70 @@ import (
var userTests = []struct { var userTests = []struct {
user string user string
userObj *user.User
expectedUID string expectedUID string
expectedGID string expectedGID string
}{ }{
{ {
user: "root", user: "root",
userObj: &user.User{Uid: "root", Gid: "root"},
expectedUID: "root:root", expectedUID: "root:root",
}, },
{ {
user: "root-add", user: "root-add",
expectedUID: "root-add:root-add", userObj: &user.User{Uid: "root-add", Gid: "root"},
expectedUID: "root-add:root",
}, },
{ {
user: "0", user: "0",
userObj: &user.User{Uid: "0", Gid: "0"},
expectedUID: "0:0", expectedUID: "0:0",
}, },
{ {
user: "fakeUser", user: "fakeUser",
userObj: &user.User{Uid: "fakeUser", Gid: "fakeUser"},
expectedUID: "fakeUser:fakeUser", expectedUID: "fakeUser:fakeUser",
}, },
{ {
user: "root:root", user: "root:root",
userObj: &user.User{Uid: "root", Gid: "some"},
expectedUID: "root:root", expectedUID: "root:root",
}, },
{ {
user: "0:root", user: "0:root",
userObj: &user.User{Uid: "0"},
expectedUID: "0:root", expectedUID: "0:root",
}, },
{ {
user: "root:0", user: "root:0",
userObj: &user.User{Uid: "root"},
expectedUID: "root:0", expectedUID: "root:0",
expectedGID: "f0", expectedGID: "f0",
}, },
{ {
user: "0:0", user: "0:0",
userObj: &user.User{Uid: "0"},
expectedUID: "0:0", expectedUID: "0:0",
}, },
{ {
user: "$envuser", user: "$envuser",
userObj: &user.User{Uid: "root", Gid: "root"},
expectedUID: "root:root", expectedUID: "root:root",
}, },
{ {
user: "root:$envgroup", user: "root:$envgroup",
userObj: &user.User{Uid: "root"},
expectedUID: "root:grp", expectedUID: "root:grp",
}, },
{ {
user: "some:grp", user: "some:grp",
userObj: &user.User{Uid: "some"},
expectedUID: "some:grp", expectedUID: "some:grp",
}, },
{
user: "some",
expectedUID: "some:",
},
} }
func TestUpdateUser(t *testing.T) { func TestUpdateUser(t *testing.T) {
@ -90,6 +109,13 @@ func TestUpdateUser(t *testing.T) {
User: test.user, User: test.user,
}, },
} }
Lookup = func(_ string) (*user.User, error) {
if test.userObj != nil {
return test.userObj, nil
}
return nil, fmt.Errorf("error while looking up user")
}
defer func() { Lookup = util.Lookup }()
buildArgs := dockerfile.NewBuildArgs([]string{}) buildArgs := dockerfile.NewBuildArgs([]string{})
err := cmd.ExecuteCommand(cfg, buildArgs) err := cmd.ExecuteCommand(cfg, buildArgs)
testutil.CheckErrorAndDeepEqual(t, false, err, test.expectedUID, cfg.User) testutil.CheckErrorAndDeepEqual(t, false, err, test.expectedUID, cfg.User)

24
pkg/util/command_util.go
View File

@ -328,17 +328,10 @@ Loop:
func GetUserFromUsername(userStr string, groupStr string) (string, string, error) { func GetUserFromUsername(userStr string, groupStr string) (string, string, error) {
// Lookup by username // Lookup by username
userObj, err := user.Lookup(userStr) userObj, err := Lookup(userStr)
if err != nil {
if _, ok := err.(user.UnknownUserError); !ok {
return "", "", err
}
// Lookup by id
userObj, err = user.LookupId(userStr)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
}
// Same dance with groups // Same dance with groups
var group *user.Group var group *user.Group
@ -363,3 +356,18 @@ func GetUserFromUsername(userStr string, groupStr string) (string, string, error
return uid, gid, nil return uid, gid, nil
} }
func Lookup(userStr string) (*user.User, error) {
userObj, err := user.Lookup(userStr)
if err != nil {
if _, ok := err.(user.UnknownUserError); !ok {
return nil, err
}
// Lookup by id
userObj, err = user.LookupId(userStr)
if err != nil {
return nil, err
}
}
return userObj, nil
}