Use UserNamespace in ContainerUserPrincipalLookupService

author: Valerij Fredriksen <valerijf@yahooinc.com> 2021-10-15 13:50:11 +0200
committer: Valerij Fredriksen <valerijf@yahooinc.com> 2021-10-15 13:50:11 +0200
commit: 95ee45325f25117fcda801ce0066cf66d6167a5a (patch)
tree: 89bee2daa9de4c3911378782c80da785dfbf9ae1
parent: 03a710a40926a3ea80072cc8676f4edd18662f84 (diff)
9 files changed, 137 insertions, 92 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
index 3b1235d1ccf..9bcf5d58d6e 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
@@ -61,7 +61,7 @@ public class NodeAgentContextImpl implements NodeAgentContext {
         this.identity = Objects.requireNonNull(identity);
         this.containerNetworkMode = Objects.requireNonNull(containerNetworkMode);
         this.zone = Objects.requireNonNull(zone);
-        this.containerFs = ContainerFileSystem.create(pathToContainerStorage.resolve(containerName.asString()), userNamespace.rootUserIdOnHost(), userNamespace.rootGroupIdOnHost());
+        this.containerFs = ContainerFileSystem.create(pathToContainerStorage.resolve(containerName.asString()), userNamespace);
         this.pathToVespaHome = containerFs.getPath(pathToVespaHome);
         this.logPrefix = containerName.asString() + ": ";
         this.userNamespace = Objects.requireNonNull(userNamespace);
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java
index 2baa27ce70e..1a25b5c3c5e 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java
@@ -1,28 +1,58 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.nodeagent;
 
+import java.util.Objects;
+
 /**
  * @author valerijf
  */
 public class UserNamespace {
 
+    /** Total number of UID/GID that are mapped for each container */
+    private static final int ID_RANGE = 65_536; // 2^16
+
+    /**
+     * IDs outside the ID range are translated to the overflow ID before being written to disk:
+     * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */
+    private static final int OVERFLOW_ID = 65_534;
+
     private final int uidOffset;
     private final int gidOffset;
     private final String vespaUser;
     private final String vespaGroup;
+    private final int vespaUserId;
+    private final int vespaGroupId;
 
     public UserNamespace(int uidOffset, int gidOffset, String vespaUser, String vespaGroup, int vespaUserId, int vespaGroupId) {
         this.uidOffset = uidOffset;
         this.gidOffset = gidOffset;
-        this.vespaUser = vespaUser;
-        this.vespaGroup = vespaGroup;
+        this.vespaUser = Objects.requireNonNull(vespaUser);
+        this.vespaGroup = Objects.requireNonNull(vespaGroup);
+        this.vespaUserId = vespaUserId;
+        this.vespaGroupId = vespaGroupId;
     }
 
-    public int rootUserIdOnHost() { return uidOffset; }
-    public int rootGroupIdOnHost() { return gidOffset; }
+    public int userIdOnHost(int containerUid) { return toHostId(containerUid, uidOffset); }
+    public int groupIdOnHost(int containerGid) { return toHostId(containerGid, gidOffset); }
+    public int userIdInContainer(int hostUid) { return toContainerId(hostUid, uidOffset); }
+    public int groupIdInContainer(int hostGid) { return toContainerId(hostGid, gidOffset); }
 
-    /** Returns name of the user that runs vespa inside the container */
     public String vespaUser() { return vespaUser; }
-    /** Returns name of the group of the user that runs vespa inside the container */
     public String vespaGroup() { return vespaGroup; }
+    public int vespaUserId() { return vespaUserId; }
+    public int vespaGroupId() { return vespaGroupId; }
+
+    public int idRange() { return ID_RANGE; }
+    public int overflowId() { return OVERFLOW_ID; }
+
+    private static int toHostId(int containerId, int idOffset) {
+        if (containerId < 0 || containerId > ID_RANGE)
+            throw new IllegalArgumentException("Invalid container id: " + containerId);
+        return idOffset + containerId;
+    }
+
+    private static int toContainerId(int hostId, int idOffset) {
+        hostId = hostId - idOffset;
+        return hostId < 0 || hostId >= ID_RANGE ? OVERFLOW_ID : hostId;
+    }
 }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java
index 36edfa1c1ee..078a60ba7a5 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java
@@ -1,6 +1,8 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
+
 import java.io.IOException;
 import java.nio.file.FileStore;
 import java.nio.file.FileSystem;
@@ -84,8 +86,8 @@ public class ContainerFileSystem extends FileSystem {
         throw new UnsupportedOperationException();
     }
 
-    public static ContainerFileSystem create(Path containerStorageRoot, int uidOffset, int gidOffset) {
+    public static ContainerFileSystem create(Path containerStorageRoot, UserNamespace userNamespace) {
         uncheck(() -> Files.createDirectories(containerStorageRoot));
-        return new ContainerFileSystemProvider(containerStorageRoot, uidOffset, gidOffset).getFileSystem(null);
+        return new ContainerFileSystemProvider(containerStorageRoot, userNamespace).getFileSystem(null);
     }
 }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
index cf1985eff58..a44f90b164b 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
@@ -1,6 +1,8 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
+
 import java.io.IOException;
 import java.net.URI;
 import java.nio.channels.SeekableByteChannel;
@@ -43,10 +45,10 @@ class ContainerFileSystemProvider extends FileSystemProvider {
     private final ContainerUserPrincipalLookupService userPrincipalLookupService;
     private final Path containerRootOnHost;
 
-    ContainerFileSystemProvider(Path containerRootOnHost, int uidOffset, int gidOffset) {
+    ContainerFileSystemProvider(Path containerRootOnHost, UserNamespace userNamespace) {
         this.containerFs = new ContainerFileSystem(this);
         this.userPrincipalLookupService = new ContainerUserPrincipalLookupService(
-                containerRootOnHost.getFileSystem().getUserPrincipalLookupService(), uidOffset, gidOffset);
+                containerRootOnHost.getFileSystem().getUserPrincipalLookupService(), userNamespace);
         this.containerRootOnHost = containerRootOnHost;
     }
 
@@ -197,12 +199,12 @@ class ContainerFileSystemProvider extends FileSystemProvider {
             return provider(pathOnHost).readAttributes(pathOnHost, attributes, options);
 
         Map<String, Object> attrs = new HashMap<>(provider(pathOnHost).readAttributes(pathOnHost, "unix:*", options));
-        int uid = userPrincipalLookupService.hostUidToContainerUid((int) attrs.get("uid"));
-        int gid = userPrincipalLookupService.hostGidToContainerGid((int) attrs.get("gid"));
+        int uid = userPrincipalLookupService.userIdInContainer((int) attrs.get("uid"));
+        int gid = userPrincipalLookupService.groupIdInContainer((int) attrs.get("gid"));
         attrs.put("uid", uid);
         attrs.put("gid", gid);
-        attrs.put("owner", new ContainerUserPrincipal(uid, (UserPrincipal) attrs.get("owner")));
-        attrs.put("group", new ContainerGroupPrincipal(gid, (GroupPrincipal) attrs.get("group")));
+        attrs.put("owner", userPrincipalLookupService.userPrincipal(uid, (UserPrincipal) attrs.get("owner")));
+        attrs.put("group", userPrincipalLookupService.groupPrincipal(gid, (GroupPrincipal) attrs.get("group")));
         return attrs;
     }
 
@@ -218,8 +220,8 @@ class ContainerFileSystemProvider extends FileSystemProvider {
             switch (attribute.substring(index + 1)) {
                 case "owner": return cast(value, ContainerUserPrincipal.class).baseFsPrincipal();
                 case "group": return cast(value, ContainerGroupPrincipal.class).baseFsPrincipal();
-                case "uid": return userPrincipalLookupService.containerUidToHostUid(cast(value, Integer.class));
-                case "gid": return userPrincipalLookupService.containerGidToHostGid(cast(value, Integer.class));
+                case "uid": return userPrincipalLookupService.userIdOnHost(cast(value, Integer.class));
+                case "gid": return userPrincipalLookupService.groupIdOnHost(cast(value, Integer.class));
             }
         } // else basic file attribute
         return value;
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
index 893e86ca239..ae65f6a7f7f 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
@@ -1,7 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
-import com.google.common.collect.ImmutableBiMap;
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
 
 import java.io.IOException;
 import java.nio.file.attribute.GroupPrincipal;
@@ -9,58 +9,60 @@ import java.nio.file.attribute.UserPrincipal;
 import java.nio.file.attribute.UserPrincipalLookupService;
 import java.nio.file.attribute.UserPrincipalNotFoundException;
 import java.util.Objects;
-import java.util.Optional;
 
 /**
  * @author valerijf
  */
 class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
 
-    /** Total number of UID/GID that are mapped for each container */
-    private static final int ID_RANGE = 1 << 16;
-
-    /**
-     * IDs outside the ID range are translated to the overflow ID before being written to disk:
-     * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */
-    static final int OVERFLOW_ID = 65_534;
-
-    private static final ImmutableBiMap<String, Integer> CONTAINER_IDS_BY_NAME = ImmutableBiMap.<String, Integer>builder()
-            .put("root", 0)
-            .put("vespa", 1000)
-            .build();
-
     private final UserPrincipalLookupService baseFsUserPrincipalLookupService;
-    private final int uidOffset;
-    private final int gidOffset;
+    private final UserNamespace userNamespace;
 
-    ContainerUserPrincipalLookupService(UserPrincipalLookupService baseFsUserPrincipalLookupService, int uidOffset, int gidOffset) {
-        this.baseFsUserPrincipalLookupService = baseFsUserPrincipalLookupService;
-        this.uidOffset = uidOffset;
-        this.gidOffset = gidOffset;
+    ContainerUserPrincipalLookupService(UserPrincipalLookupService baseFsUserPrincipalLookupService, UserNamespace userNamespace) {
+        this.baseFsUserPrincipalLookupService = Objects.requireNonNull(baseFsUserPrincipalLookupService);
+        this.userNamespace = Objects.requireNonNull(userNamespace);
     }
 
-    public int containerUidToHostUid(int containerUid) { return containerIdToHostId(containerUid, uidOffset); }
-    public int containerGidToHostGid(int containerGid) { return containerIdToHostId(containerGid, gidOffset); }
-    public int hostUidToContainerUid(int hostUid) { return hostIdToContainerId(hostUid, uidOffset); }
-    public int hostGidToContainerGid(int hostGid) { return hostIdToContainerId(hostGid, gidOffset); }
+    public int userIdOnHost(int containerUid)  { return userNamespace.userIdOnHost(containerUid); }
+    public int groupIdOnHost(int containerGid) { return userNamespace.groupIdOnHost(containerGid); }
+    public int userIdInContainer(int hostUid)  { return userNamespace.userIdInContainer(hostUid); }
+    public int groupIdInContainer(int hostGid) { return userNamespace.groupIdInContainer(hostGid); }
 
     @Override
     public ContainerUserPrincipal lookupPrincipalByName(String name) throws IOException {
-        int containerUid = resolve(name);
-        String hostUid = String.valueOf(containerUidToHostUid(containerUid));
-        return new ContainerUserPrincipal(containerUid, baseFsUserPrincipalLookupService.lookupPrincipalByName(hostUid));
+        int containerUid = resolveName(name, userNamespace.vespaUser(), userNamespace.vespaUserId());
+        String user = resolveId(containerUid, userNamespace.vespaUser(), userNamespace.vespaUserId());
+        String hostUid = String.valueOf(userIdOnHost(containerUid));
+        return new ContainerUserPrincipal(containerUid, user, baseFsUserPrincipalLookupService.lookupPrincipalByName(hostUid));
     }
 
     @Override
     public ContainerGroupPrincipal lookupPrincipalByGroupName(String group) throws IOException {
-        int containerGid = resolve(group);
-        String hostGid = String.valueOf(containerGidToHostGid(containerGid));
-        return new ContainerGroupPrincipal(containerGid, baseFsUserPrincipalLookupService.lookupPrincipalByGroupName(hostGid));
+        int containerGid = resolveName(group, userNamespace.vespaGroup(), userNamespace.vespaGroupId());
+        String name = resolveId(containerGid, userNamespace.vespaGroup(), userNamespace.vespaGroupId());
+        String hostGid = String.valueOf(groupIdOnHost(containerGid));
+        return new ContainerGroupPrincipal(containerGid, name, baseFsUserPrincipalLookupService.lookupPrincipalByGroupName(hostGid));
+    }
+
+    public ContainerUserPrincipal userPrincipal(int uid, UserPrincipal baseFsPrincipal) {
+        String name = resolveId(uid, userNamespace.vespaUser(), userNamespace.vespaUserId());
+        return new ContainerUserPrincipal(uid, name, baseFsPrincipal);
+    }
+    
+    public ContainerGroupPrincipal groupPrincipal(int gid, GroupPrincipal baseFsPrincipal) {
+        String name = resolveId(gid, userNamespace.vespaGroup(), userNamespace.vespaGroupId());
+        return new ContainerGroupPrincipal(gid, name, baseFsPrincipal);
     }
 
-    private static int resolve(String name) throws UserPrincipalNotFoundException {
-        Integer id = CONTAINER_IDS_BY_NAME.get(name);
-        if (id != null) return id;
+    private String resolveId(int id, String vespaName, int vespaId) {
+        if (id == 0) return "root";
+        if (id == vespaId) return vespaName;
+        return String.valueOf(id);
+    }
+
+    private int resolveName(String name, String vespaName, int vespaId) throws UserPrincipalNotFoundException {
+        if (name.equals("root")) return 0;
+        if (name.equals(vespaName)) return vespaId;
 
         try {
             return Integer.parseInt(name);
@@ -74,9 +76,9 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
         private final String name;
         private final UserPrincipal baseFsPrincipal;
 
-        private NamedPrincipal(int id, UserPrincipal baseFsPrincipal) {
+        private NamedPrincipal(int id, String name, UserPrincipal baseFsPrincipal) {
             this.id = id;
-            this.name = Optional.ofNullable(CONTAINER_IDS_BY_NAME.inverse().get(id)).orElseGet(() -> Integer.toString(id));
+            this.name = Objects.requireNonNull(name);
             this.baseFsPrincipal = Objects.requireNonNull(baseFsPrincipal);
         }
 
@@ -113,23 +115,12 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
     }
 
     static final class ContainerUserPrincipal extends NamedPrincipal {
-        ContainerUserPrincipal(int id, UserPrincipal baseFsPrincipal) { super(id, baseFsPrincipal); }
+        private ContainerUserPrincipal(int id, String name, UserPrincipal baseFsPrincipal) { super(id, name, baseFsPrincipal); }
     }
 
     static final class ContainerGroupPrincipal extends NamedPrincipal implements GroupPrincipal {
-        ContainerGroupPrincipal(int id, GroupPrincipal baseFsPrincipal) { super(id, baseFsPrincipal); }
+        private ContainerGroupPrincipal(int id, String name, GroupPrincipal baseFsPrincipal) { super(id, name, baseFsPrincipal); }
 
         @Override public GroupPrincipal baseFsPrincipal() { return (GroupPrincipal) super.baseFsPrincipal(); }
     }
-
-    private static int containerIdToHostId(int id, int idOffset) {
-        if (id < 0 || id > ID_RANGE)
-            throw new IllegalArgumentException("Invalid container id: " + id);
-        return idOffset + id;
-    }
-
-    private static int hostIdToContainerId(int id, int idOffset) {
-        id = id - idOffset;
-        return id < 0 || id >= ID_RANGE ? OVERFLOW_ID : id;
-    }
 }
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java
new file mode 100644
index 00000000000..73b59a17c37
--- /dev/null
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java
@@ -0,0 +1,29 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.node.admin.nodeagent;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+/**
+ * @author valerijf
+ */
+class UserNamespaceTest {
+
+    private final UserNamespace userNamespace = new UserNamespace(1000, 2000, "vespa", "users", 1000, 100);
+
+    @Test
+    public void translates_between_ids() {
+        assertEquals(1001, userNamespace.userIdOnHost(1));
+        assertEquals(2001, userNamespace.groupIdOnHost(1));
+        assertEquals(1, userNamespace.userIdInContainer(1001));
+        assertEquals(1, userNamespace.groupIdInContainer(2001));
+
+        assertEquals(userNamespace.overflowId(), userNamespace.userIdInContainer(1));
+        assertEquals(userNamespace.overflowId(), userNamespace.userIdInContainer(999999));
+
+        assertThrows(IllegalArgumentException.class, () -> userNamespace.userIdOnHost(-1));
+        assertThrows(IllegalArgumentException.class, () -> userNamespace.userIdOnHost(70_000));
+    }
+}
+\ No newline at end of file
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
index 970a264d0df..a5fc6a1373f 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
 import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixPath;
 import com.yahoo.vespa.test.file.TestFileSystem;
 import org.junit.jupiter.api.Test;
@@ -14,7 +15,6 @@ import java.nio.file.StandardCopyOption;
 import java.nio.file.StandardOpenOption;
 import java.util.Map;
 
-import static com.yahoo.vespa.hosted.node.admin.task.util.fs.ContainerUserPrincipalLookupService.OVERFLOW_ID;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
@@ -24,7 +24,8 @@ class ContainerFileSystemTest {
 
     private final FileSystem fileSystem = TestFileSystem.create();
     private final UnixPath containerRootOnHost = new UnixPath(fileSystem.getPath("/data/storage/ctr1"));
-    private final ContainerFileSystem containerFs = ContainerFileSystem.create(containerRootOnHost.createDirectories().toPath(), 10_000, 11_000);
+    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, "vespa", "users", 1000, 100);
+    private final ContainerFileSystem containerFs = ContainerFileSystem.create(containerRootOnHost.createDirectories().toPath(), userNamespace);
 
     @Test
     public void creates_files_and_directories_with_container_root_as_owner() throws IOException {
@@ -65,7 +66,7 @@ class ContainerFileSystemTest {
 
         // If file is copied to JimFS path, the UID/GIDs are not fixed
         Files.copy(hostFile.toPath(), destination.pathOnHost());
-        assertEquals(String.valueOf(OVERFLOW_ID), Files.getOwner(destination).getName());
+        assertEquals(String.valueOf(userNamespace.overflowId()), Files.getOwner(destination).getName());
         Files.delete(destination);
 
         Files.copy(hostFile.toPath(), destination);
@@ -94,7 +95,7 @@ class ContainerFileSystemTest {
 
         // If file is moved to JimFS path, the UID/GIDs are not fixed
         Files.move(hostFile.toPath(), destination.pathOnHost());
-        assertEquals(String.valueOf(OVERFLOW_ID), Files.getOwner(destination).getName());
+        assertEquals(String.valueOf(userNamespace.overflowId()), Files.getOwner(destination).getName());
         Files.delete(destination);
 
         hostFile.createNewFile();
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java
index ebbbaf3b525..6bca8c2f0b1 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
 import com.yahoo.vespa.test.file.TestFileSystem;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
@@ -12,6 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.mock;
 
 import java.io.IOException;
 import java.nio.file.FileSystem;
@@ -25,7 +27,7 @@ import java.nio.file.Path;
 class ContainerPathTest {
 
     private final FileSystem baseFs = TestFileSystem.create();
-    private final ContainerFileSystem containerFs = ContainerFileSystem.create(baseFs.getPath("/data/storage/ctr1"), 0, 0);
+    private final ContainerFileSystem containerFs = ContainerFileSystem.create(baseFs.getPath("/data/storage/ctr1"), mock(UserNamespace.class));
 
     @Test
     public void create_new_container_path() {
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
index a459c24049e..bc26cfa73f3 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
 import com.yahoo.vespa.test.file.TestFileSystem;
 import org.junit.jupiter.api.Test;
 
@@ -17,35 +18,22 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
  */
 class ContainerUserPrincipalLookupServiceTest {
 
+    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, "vespa", "users", 1000, 100);
     private final ContainerUserPrincipalLookupService userPrincipalLookupService =
-            new ContainerUserPrincipalLookupService(TestFileSystem.create().getUserPrincipalLookupService(), 1000, 2000);
+            new ContainerUserPrincipalLookupService(TestFileSystem.create().getUserPrincipalLookupService(), userNamespace);
 
     @Test
     public void correctly_resolves_ids() throws IOException {
         ContainerUserPrincipal user = userPrincipalLookupService.lookupPrincipalByName("1000");
         assertEquals("vespa", user.getName());
-        assertEquals("2000", user.baseFsPrincipal().getName());
+        assertEquals("11000", user.baseFsPrincipal().getName());
         assertEquals(user, userPrincipalLookupService.lookupPrincipalByName("vespa"));
 
-        ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("1000");
-        assertEquals("vespa", group.getName());
-        assertEquals("3000", group.baseFsPrincipal().getName());
-        assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("vespa"));
+        ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("100");
+        assertEquals("users", group.getName());
+        assertEquals("11100", group.baseFsPrincipal().getName());
+        assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("users"));
 
         assertThrows(UserPrincipalNotFoundException.class, () -> userPrincipalLookupService.lookupPrincipalByName("test"));
     }
-
-    @Test
-    public void translates_between_ids() {
-        assertEquals(1001, userPrincipalLookupService.containerUidToHostUid(1));
-        assertEquals(2001, userPrincipalLookupService.containerGidToHostGid(1));
-        assertEquals(1, userPrincipalLookupService.hostUidToContainerUid(1001));
-        assertEquals(1, userPrincipalLookupService.hostGidToContainerGid(2001));
-
-        assertEquals(65_534, userPrincipalLookupService.hostUidToContainerUid(1));
-        assertEquals(65_534, userPrincipalLookupService.hostUidToContainerUid(999999));
-
-        assertThrows(IllegalArgumentException.class, () -> userPrincipalLookupService.containerUidToHostUid(-1));
-        assertThrows(IllegalArgumentException.class, () -> userPrincipalLookupService.containerUidToHostUid(70_000));
-    }
-}
-\ No newline at end of file
+}
author	Valerij Fredriksen <valerijf@yahooinc.com>	2021-10-15 13:50:11 +0200
committer	Valerij Fredriksen <valerijf@yahooinc.com>	2021-10-15 13:50:11 +0200
commit	95ee45325f25117fcda801ce0066cf66d6167a5a (patch)
tree	89bee2daa9de4c3911378782c80da785dfbf9ae1
parent	03a710a40926a3ea80072cc8676f4edd18662f84 (diff)