diff options
author | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-10-15 13:50:11 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-10-15 13:50:11 +0200 |
commit | 95ee45325f25117fcda801ce0066cf66d6167a5a (patch) | |
tree | 89bee2daa9de4c3911378782c80da785dfbf9ae1 | |
parent | 03a710a40926a3ea80072cc8676f4edd18662f84 (diff) |
Use UserNamespace in ContainerUserPrincipalLookupService
9 files changed, 137 insertions, 92 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java index 3b1235d1ccf..9bcf5d58d6e 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java @@ -61,7 +61,7 @@ public class NodeAgentContextImpl implements NodeAgentContext { this.identity = Objects.requireNonNull(identity); this.containerNetworkMode = Objects.requireNonNull(containerNetworkMode); this.zone = Objects.requireNonNull(zone); - this.containerFs = ContainerFileSystem.create(pathToContainerStorage.resolve(containerName.asString()), userNamespace.rootUserIdOnHost(), userNamespace.rootGroupIdOnHost()); + this.containerFs = ContainerFileSystem.create(pathToContainerStorage.resolve(containerName.asString()), userNamespace); this.pathToVespaHome = containerFs.getPath(pathToVespaHome); this.logPrefix = containerName.asString() + ": "; this.userNamespace = Objects.requireNonNull(userNamespace); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java index 2baa27ce70e..1a25b5c3c5e 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java @@ -1,28 +1,58 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.nodeagent; +import java.util.Objects; + /** * @author valerijf */ public class UserNamespace { + /** Total number of UID/GID that are mapped for each container */ + private static final int ID_RANGE = 65_536; // 2^16 + + /** + * IDs outside the ID range are translated to the overflow ID before being written to disk: + * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */ + private static final int OVERFLOW_ID = 65_534; + private final int uidOffset; private final int gidOffset; private final String vespaUser; private final String vespaGroup; + private final int vespaUserId; + private final int vespaGroupId; public UserNamespace(int uidOffset, int gidOffset, String vespaUser, String vespaGroup, int vespaUserId, int vespaGroupId) { this.uidOffset = uidOffset; this.gidOffset = gidOffset; - this.vespaUser = vespaUser; - this.vespaGroup = vespaGroup; + this.vespaUser = Objects.requireNonNull(vespaUser); + this.vespaGroup = Objects.requireNonNull(vespaGroup); + this.vespaUserId = vespaUserId; + this.vespaGroupId = vespaGroupId; } - public int rootUserIdOnHost() { return uidOffset; } - public int rootGroupIdOnHost() { return gidOffset; } + public int userIdOnHost(int containerUid) { return toHostId(containerUid, uidOffset); } + public int groupIdOnHost(int containerGid) { return toHostId(containerGid, gidOffset); } + public int userIdInContainer(int hostUid) { return toContainerId(hostUid, uidOffset); } + public int groupIdInContainer(int hostGid) { return toContainerId(hostGid, gidOffset); } - /** Returns name of the user that runs vespa inside the container */ public String vespaUser() { return vespaUser; } - /** Returns name of the group of the user that runs vespa inside the container */ public String vespaGroup() { return vespaGroup; } + public int vespaUserId() { return vespaUserId; } + public int vespaGroupId() { return vespaGroupId; } + + public int idRange() { return ID_RANGE; } + public int overflowId() { return OVERFLOW_ID; } + + private static int toHostId(int containerId, int idOffset) { + if (containerId < 0 || containerId > ID_RANGE) + throw new IllegalArgumentException("Invalid container id: " + containerId); + return idOffset + containerId; + } + + private static int toContainerId(int hostId, int idOffset) { + hostId = hostId - idOffset; + return hostId < 0 || hostId >= ID_RANGE ? OVERFLOW_ID : hostId; + } } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java index 36edfa1c1ee..078a60ba7a5 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java @@ -1,6 +1,8 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; +import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace; + import java.io.IOException; import java.nio.file.FileStore; import java.nio.file.FileSystem; @@ -84,8 +86,8 @@ public class ContainerFileSystem extends FileSystem { throw new UnsupportedOperationException(); } - public static ContainerFileSystem create(Path containerStorageRoot, int uidOffset, int gidOffset) { + public static ContainerFileSystem create(Path containerStorageRoot, UserNamespace userNamespace) { uncheck(() -> Files.createDirectories(containerStorageRoot)); - return new ContainerFileSystemProvider(containerStorageRoot, uidOffset, gidOffset).getFileSystem(null); + return new ContainerFileSystemProvider(containerStorageRoot, userNamespace).getFileSystem(null); } } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java index cf1985eff58..a44f90b164b 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java @@ -1,6 +1,8 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; +import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace; + import java.io.IOException; import java.net.URI; import java.nio.channels.SeekableByteChannel; @@ -43,10 +45,10 @@ class ContainerFileSystemProvider extends FileSystemProvider { private final ContainerUserPrincipalLookupService userPrincipalLookupService; private final Path containerRootOnHost; - ContainerFileSystemProvider(Path containerRootOnHost, int uidOffset, int gidOffset) { + ContainerFileSystemProvider(Path containerRootOnHost, UserNamespace userNamespace) { this.containerFs = new ContainerFileSystem(this); this.userPrincipalLookupService = new ContainerUserPrincipalLookupService( - containerRootOnHost.getFileSystem().getUserPrincipalLookupService(), uidOffset, gidOffset); + containerRootOnHost.getFileSystem().getUserPrincipalLookupService(), userNamespace); this.containerRootOnHost = containerRootOnHost; } @@ -197,12 +199,12 @@ class ContainerFileSystemProvider extends FileSystemProvider { return provider(pathOnHost).readAttributes(pathOnHost, attributes, options); Map<String, Object> attrs = new HashMap<>(provider(pathOnHost).readAttributes(pathOnHost, "unix:*", options)); - int uid = userPrincipalLookupService.hostUidToContainerUid((int) attrs.get("uid")); - int gid = userPrincipalLookupService.hostGidToContainerGid((int) attrs.get("gid")); + int uid = userPrincipalLookupService.userIdInContainer((int) attrs.get("uid")); + int gid = userPrincipalLookupService.groupIdInContainer((int) attrs.get("gid")); attrs.put("uid", uid); attrs.put("gid", gid); - attrs.put("owner", new ContainerUserPrincipal(uid, (UserPrincipal) attrs.get("owner"))); - attrs.put("group", new ContainerGroupPrincipal(gid, (GroupPrincipal) attrs.get("group"))); + attrs.put("owner", userPrincipalLookupService.userPrincipal(uid, (UserPrincipal) attrs.get("owner"))); + attrs.put("group", userPrincipalLookupService.groupPrincipal(gid, (GroupPrincipal) attrs.get("group"))); return attrs; } @@ -218,8 +220,8 @@ class ContainerFileSystemProvider extends FileSystemProvider { switch (attribute.substring(index + 1)) { case "owner": return cast(value, ContainerUserPrincipal.class).baseFsPrincipal(); case "group": return cast(value, ContainerGroupPrincipal.class).baseFsPrincipal(); - case "uid": return userPrincipalLookupService.containerUidToHostUid(cast(value, Integer.class)); - case "gid": return userPrincipalLookupService.containerGidToHostGid(cast(value, Integer.class)); + case "uid": return userPrincipalLookupService.userIdOnHost(cast(value, Integer.class)); + case "gid": return userPrincipalLookupService.groupIdOnHost(cast(value, Integer.class)); } } // else basic file attribute return value; diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java index 893e86ca239..ae65f6a7f7f 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java @@ -1,7 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; -import com.google.common.collect.ImmutableBiMap; +import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace; import java.io.IOException; import java.nio.file.attribute.GroupPrincipal; @@ -9,58 +9,60 @@ import java.nio.file.attribute.UserPrincipal; import java.nio.file.attribute.UserPrincipalLookupService; import java.nio.file.attribute.UserPrincipalNotFoundException; import java.util.Objects; -import java.util.Optional; /** * @author valerijf */ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService { - /** Total number of UID/GID that are mapped for each container */ - private static final int ID_RANGE = 1 << 16; - - /** - * IDs outside the ID range are translated to the overflow ID before being written to disk: - * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */ - static final int OVERFLOW_ID = 65_534; - - private static final ImmutableBiMap<String, Integer> CONTAINER_IDS_BY_NAME = ImmutableBiMap.<String, Integer>builder() - .put("root", 0) - .put("vespa", 1000) - .build(); - private final UserPrincipalLookupService baseFsUserPrincipalLookupService; - private final int uidOffset; - private final int gidOffset; + private final UserNamespace userNamespace; - ContainerUserPrincipalLookupService(UserPrincipalLookupService baseFsUserPrincipalLookupService, int uidOffset, int gidOffset) { - this.baseFsUserPrincipalLookupService = baseFsUserPrincipalLookupService; - this.uidOffset = uidOffset; - this.gidOffset = gidOffset; + ContainerUserPrincipalLookupService(UserPrincipalLookupService baseFsUserPrincipalLookupService, UserNamespace userNamespace) { + this.baseFsUserPrincipalLookupService = Objects.requireNonNull(baseFsUserPrincipalLookupService); + this.userNamespace = Objects.requireNonNull(userNamespace); } - public int containerUidToHostUid(int containerUid) { return containerIdToHostId(containerUid, uidOffset); } - public int containerGidToHostGid(int containerGid) { return containerIdToHostId(containerGid, gidOffset); } - public int hostUidToContainerUid(int hostUid) { return hostIdToContainerId(hostUid, uidOffset); } - public int hostGidToContainerGid(int hostGid) { return hostIdToContainerId(hostGid, gidOffset); } + public int userIdOnHost(int containerUid) { return userNamespace.userIdOnHost(containerUid); } + public int groupIdOnHost(int containerGid) { return userNamespace.groupIdOnHost(containerGid); } + public int userIdInContainer(int hostUid) { return userNamespace.userIdInContainer(hostUid); } + public int groupIdInContainer(int hostGid) { return userNamespace.groupIdInContainer(hostGid); } @Override public ContainerUserPrincipal lookupPrincipalByName(String name) throws IOException { - int containerUid = resolve(name); - String hostUid = String.valueOf(containerUidToHostUid(containerUid)); - return new ContainerUserPrincipal(containerUid, baseFsUserPrincipalLookupService.lookupPrincipalByName(hostUid)); + int containerUid = resolveName(name, userNamespace.vespaUser(), userNamespace.vespaUserId()); + String user = resolveId(containerUid, userNamespace.vespaUser(), userNamespace.vespaUserId()); + String hostUid = String.valueOf(userIdOnHost(containerUid)); + return new ContainerUserPrincipal(containerUid, user, baseFsUserPrincipalLookupService.lookupPrincipalByName(hostUid)); } @Override public ContainerGroupPrincipal lookupPrincipalByGroupName(String group) throws IOException { - int containerGid = resolve(group); - String hostGid = String.valueOf(containerGidToHostGid(containerGid)); - return new ContainerGroupPrincipal(containerGid, baseFsUserPrincipalLookupService.lookupPrincipalByGroupName(hostGid)); + int containerGid = resolveName(group, userNamespace.vespaGroup(), userNamespace.vespaGroupId()); + String name = resolveId(containerGid, userNamespace.vespaGroup(), userNamespace.vespaGroupId()); + String hostGid = String.valueOf(groupIdOnHost(containerGid)); + return new ContainerGroupPrincipal(containerGid, name, baseFsUserPrincipalLookupService.lookupPrincipalByGroupName(hostGid)); + } + + public ContainerUserPrincipal userPrincipal(int uid, UserPrincipal baseFsPrincipal) { + String name = resolveId(uid, userNamespace.vespaUser(), userNamespace.vespaUserId()); + return new ContainerUserPrincipal(uid, name, baseFsPrincipal); + } + + public ContainerGroupPrincipal groupPrincipal(int gid, GroupPrincipal baseFsPrincipal) { + String name = resolveId(gid, userNamespace.vespaGroup(), userNamespace.vespaGroupId()); + return new ContainerGroupPrincipal(gid, name, baseFsPrincipal); } - private static int resolve(String name) throws UserPrincipalNotFoundException { - Integer id = CONTAINER_IDS_BY_NAME.get(name); - if (id != null) return id; + private String resolveId(int id, String vespaName, int vespaId) { + if (id == 0) return "root"; + if (id == vespaId) return vespaName; + return String.valueOf(id); + } + + private int resolveName(String name, String vespaName, int vespaId) throws UserPrincipalNotFoundException { + if (name.equals("root")) return 0; + if (name.equals(vespaName)) return vespaId; try { return Integer.parseInt(name); @@ -74,9 +76,9 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService { private final String name; private final UserPrincipal baseFsPrincipal; - private NamedPrincipal(int id, UserPrincipal baseFsPrincipal) { + private NamedPrincipal(int id, String name, UserPrincipal baseFsPrincipal) { this.id = id; - this.name = Optional.ofNullable(CONTAINER_IDS_BY_NAME.inverse().get(id)).orElseGet(() -> Integer.toString(id)); + this.name = Objects.requireNonNull(name); this.baseFsPrincipal = Objects.requireNonNull(baseFsPrincipal); } @@ -113,23 +115,12 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService { } static final class ContainerUserPrincipal extends NamedPrincipal { - ContainerUserPrincipal(int id, UserPrincipal baseFsPrincipal) { super(id, baseFsPrincipal); } + private ContainerUserPrincipal(int id, String name, UserPrincipal baseFsPrincipal) { super(id, name, baseFsPrincipal); } } static final class ContainerGroupPrincipal extends NamedPrincipal implements GroupPrincipal { - ContainerGroupPrincipal(int id, GroupPrincipal baseFsPrincipal) { super(id, baseFsPrincipal); } + private ContainerGroupPrincipal(int id, String name, GroupPrincipal baseFsPrincipal) { super(id, name, baseFsPrincipal); } @Override public GroupPrincipal baseFsPrincipal() { return (GroupPrincipal) super.baseFsPrincipal(); } } - - private static int containerIdToHostId(int id, int idOffset) { - if (id < 0 || id > ID_RANGE) - throw new IllegalArgumentException("Invalid container id: " + id); - return idOffset + id; - } - - private static int hostIdToContainerId(int id, int idOffset) { - id = id - idOffset; - return id < 0 || id >= ID_RANGE ? OVERFLOW_ID : id; - } } diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java new file mode 100644 index 00000000000..73b59a17c37 --- /dev/null +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java @@ -0,0 +1,29 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.node.admin.nodeagent; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; + +/** + * @author valerijf + */ +class UserNamespaceTest { + + private final UserNamespace userNamespace = new UserNamespace(1000, 2000, "vespa", "users", 1000, 100); + + @Test + public void translates_between_ids() { + assertEquals(1001, userNamespace.userIdOnHost(1)); + assertEquals(2001, userNamespace.groupIdOnHost(1)); + assertEquals(1, userNamespace.userIdInContainer(1001)); + assertEquals(1, userNamespace.groupIdInContainer(2001)); + + assertEquals(userNamespace.overflowId(), userNamespace.userIdInContainer(1)); + assertEquals(userNamespace.overflowId(), userNamespace.userIdInContainer(999999)); + + assertThrows(IllegalArgumentException.class, () -> userNamespace.userIdOnHost(-1)); + assertThrows(IllegalArgumentException.class, () -> userNamespace.userIdOnHost(70_000)); + } +}
\ No newline at end of file diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java index 970a264d0df..a5fc6a1373f 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java @@ -1,6 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; +import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace; import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixPath; import com.yahoo.vespa.test.file.TestFileSystem; import org.junit.jupiter.api.Test; @@ -14,7 +15,6 @@ import java.nio.file.StandardCopyOption; import java.nio.file.StandardOpenOption; import java.util.Map; -import static com.yahoo.vespa.hosted.node.admin.task.util.fs.ContainerUserPrincipalLookupService.OVERFLOW_ID; import static org.junit.jupiter.api.Assertions.assertEquals; /** @@ -24,7 +24,8 @@ class ContainerFileSystemTest { private final FileSystem fileSystem = TestFileSystem.create(); private final UnixPath containerRootOnHost = new UnixPath(fileSystem.getPath("/data/storage/ctr1")); - private final ContainerFileSystem containerFs = ContainerFileSystem.create(containerRootOnHost.createDirectories().toPath(), 10_000, 11_000); + private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, "vespa", "users", 1000, 100); + private final ContainerFileSystem containerFs = ContainerFileSystem.create(containerRootOnHost.createDirectories().toPath(), userNamespace); @Test public void creates_files_and_directories_with_container_root_as_owner() throws IOException { @@ -65,7 +66,7 @@ class ContainerFileSystemTest { // If file is copied to JimFS path, the UID/GIDs are not fixed Files.copy(hostFile.toPath(), destination.pathOnHost()); - assertEquals(String.valueOf(OVERFLOW_ID), Files.getOwner(destination).getName()); + assertEquals(String.valueOf(userNamespace.overflowId()), Files.getOwner(destination).getName()); Files.delete(destination); Files.copy(hostFile.toPath(), destination); @@ -94,7 +95,7 @@ class ContainerFileSystemTest { // If file is moved to JimFS path, the UID/GIDs are not fixed Files.move(hostFile.toPath(), destination.pathOnHost()); - assertEquals(String.valueOf(OVERFLOW_ID), Files.getOwner(destination).getName()); + assertEquals(String.valueOf(userNamespace.overflowId()), Files.getOwner(destination).getName()); Files.delete(destination); hostFile.createNewFile(); diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java index ebbbaf3b525..6bca8c2f0b1 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java @@ -1,6 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; +import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace; import com.yahoo.vespa.test.file.TestFileSystem; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; @@ -12,6 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.Mockito.mock; import java.io.IOException; import java.nio.file.FileSystem; @@ -25,7 +27,7 @@ import java.nio.file.Path; class ContainerPathTest { private final FileSystem baseFs = TestFileSystem.create(); - private final ContainerFileSystem containerFs = ContainerFileSystem.create(baseFs.getPath("/data/storage/ctr1"), 0, 0); + private final ContainerFileSystem containerFs = ContainerFileSystem.create(baseFs.getPath("/data/storage/ctr1"), mock(UserNamespace.class)); @Test public void create_new_container_path() { diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java index a459c24049e..bc26cfa73f3 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java @@ -1,6 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; +import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace; import com.yahoo.vespa.test.file.TestFileSystem; import org.junit.jupiter.api.Test; @@ -17,35 +18,22 @@ import static org.junit.jupiter.api.Assertions.assertThrows; */ class ContainerUserPrincipalLookupServiceTest { + private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, "vespa", "users", 1000, 100); private final ContainerUserPrincipalLookupService userPrincipalLookupService = - new ContainerUserPrincipalLookupService(TestFileSystem.create().getUserPrincipalLookupService(), 1000, 2000); + new ContainerUserPrincipalLookupService(TestFileSystem.create().getUserPrincipalLookupService(), userNamespace); @Test public void correctly_resolves_ids() throws IOException { ContainerUserPrincipal user = userPrincipalLookupService.lookupPrincipalByName("1000"); assertEquals("vespa", user.getName()); - assertEquals("2000", user.baseFsPrincipal().getName()); + assertEquals("11000", user.baseFsPrincipal().getName()); assertEquals(user, userPrincipalLookupService.lookupPrincipalByName("vespa")); - ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("1000"); - assertEquals("vespa", group.getName()); - assertEquals("3000", group.baseFsPrincipal().getName()); - assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("vespa")); + ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("100"); + assertEquals("users", group.getName()); + assertEquals("11100", group.baseFsPrincipal().getName()); + assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("users")); assertThrows(UserPrincipalNotFoundException.class, () -> userPrincipalLookupService.lookupPrincipalByName("test")); } - - @Test - public void translates_between_ids() { - assertEquals(1001, userPrincipalLookupService.containerUidToHostUid(1)); - assertEquals(2001, userPrincipalLookupService.containerGidToHostGid(1)); - assertEquals(1, userPrincipalLookupService.hostUidToContainerUid(1001)); - assertEquals(1, userPrincipalLookupService.hostGidToContainerGid(2001)); - - assertEquals(65_534, userPrincipalLookupService.hostUidToContainerUid(1)); - assertEquals(65_534, userPrincipalLookupService.hostUidToContainerUid(999999)); - - assertThrows(IllegalArgumentException.class, () -> userPrincipalLookupService.containerUidToHostUid(-1)); - assertThrows(IllegalArgumentException.class, () -> userPrincipalLookupService.containerUidToHostUid(70_000)); - } -}
\ No newline at end of file +} |