public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix USER handling. There were two issues: (#600) 

- We were validating usernames/groupnames existed in etc/passwd. Docker does not do this
- We were incorrectly caching USER commands. This was fixed automatically by fixing the first part.
This commit is contained in:
dlorenc 2019-03-07 07:05:24 -08:00 committed by GitHub
parent 969321521e
commit 9912ccbf8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
integration/dockerfiles/Dockerfile_test_user Normal file
View File

@ -0,0 +1,17 @@
# Copyright 2018 Google, Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM gcr.io/google-appengine/debian9@sha256:1d6a9a6d106bd795098f60f4abb7083626354fa6735e81743c7f8cfca11259f0
USER testuser:testgroup

9
pkg/commands/user.go
View File

@ -31,10 +31,6 @@ type UserCommand struct {
cmd *instructions.UserCommand cmd *instructions.UserCommand
} }
func (r *UserCommand) RequiresUnpackedFS() bool {
return true
}
func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.BuildArgs) error { func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.BuildArgs) error {
logrus.Info("cmd: USER") logrus.Info("cmd: USER")
u := r.cmd.User u := r.cmd.User
@ -52,11 +48,6 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu
} }
} }
_, _, err = util.GetUserFromUsername(userStr, groupStr)
if err != nil {
return err
}
if groupStr != "" { if groupStr != "" {
userStr = userStr + ":" + groupStr userStr = userStr + ":" + groupStr
} }

19
pkg/commands/user_test.go
View File

@ -28,57 +28,42 @@ import (
var userTests = []struct { var userTests = []struct {
user string user string
expectedUID string expectedUID string
shouldError bool
}{ }{
{ {
user: "root", user: "root",
expectedUID: "root", expectedUID: "root",
shouldError: false,
}, },
{ {
user: "0", user: "0",
expectedUID: "0", expectedUID: "0",
shouldError: false,
}, },
{ {
user: "fakeUser", user: "fakeUser",
expectedUID: "", expectedUID: "fakeUser",
shouldError: true,
}, },
{ {
user: "root:root", user: "root:root",
expectedUID: "root:root", expectedUID: "root:root",
shouldError: false,
}, },
{ {
user: "0:root", user: "0:root",
expectedUID: "0:root", expectedUID: "0:root",
shouldError: false,
}, },
{ {
user: "root:0", user: "root:0",
expectedUID: "root:0", expectedUID: "root:0",
shouldError: false,
}, },
{ {
user: "0:0", user: "0:0",
expectedUID: "0:0", expectedUID: "0:0",
shouldError: false,
},
{
user: "root:fakeGroup",
expectedUID: "",
shouldError: true,
}, },
{ {
user: "$envuser", user: "$envuser",
expectedUID: "root", expectedUID: "root",
shouldError: false,
}, },
{ {
user: "root:$envgroup", user: "root:$envgroup",
expectedUID: "root:root", expectedUID: "root:root",
shouldError: false,
}, },
} }
@ -97,6 +82,6 @@ func TestUpdateUser(t *testing.T) {
} }
buildArgs := dockerfile.NewBuildArgs([]string{}) buildArgs := dockerfile.NewBuildArgs([]string{})
err := cmd.ExecuteCommand(cfg, buildArgs) err := cmd.ExecuteCommand(cfg, buildArgs)
testutil.CheckErrorAndDeepEqual(t, test.shouldError, err, test.expectedUID, cfg.User) testutil.CheckErrorAndDeepEqual(t, false, err, test.expectedUID, cfg.User)
} }
} }