diff options
author | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-10-13 17:15:14 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-10-13 17:15:14 +0200 |
commit | 8af3bc3d5dd5a81683cb5c5f82d1738190203801 (patch) | |
tree | b37ca9c46488b495aa334c55145ea7e9ce3e96e6 | |
parent | d1028019641d396f35fcc81115bd7452e757ad7a (diff) |
Set owner and group for known IDs inside container NS
3 files changed, 13 insertions, 8 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java index d52d9c75661..893e86ca239 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java @@ -1,12 +1,15 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; +import com.google.common.collect.ImmutableBiMap; + import java.io.IOException; import java.nio.file.attribute.GroupPrincipal; import java.nio.file.attribute.UserPrincipal; import java.nio.file.attribute.UserPrincipalLookupService; import java.nio.file.attribute.UserPrincipalNotFoundException; import java.util.Objects; +import java.util.Optional; /** * @author valerijf @@ -21,6 +24,11 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService { * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */ static final int OVERFLOW_ID = 65_534; + private static final ImmutableBiMap<String, Integer> CONTAINER_IDS_BY_NAME = ImmutableBiMap.<String, Integer>builder() + .put("root", 0) + .put("vespa", 1000) + .build(); + private final UserPrincipalLookupService baseFsUserPrincipalLookupService; private final int uidOffset; private final int gidOffset; @@ -51,8 +59,8 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService { } private static int resolve(String name) throws UserPrincipalNotFoundException { - if (name.equals("root")) return 0; - if (name.equals("vespa")) return 1000; + Integer id = CONTAINER_IDS_BY_NAME.get(name); + if (id != null) return id; try { return Integer.parseInt(name); @@ -68,7 +76,7 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService { private NamedPrincipal(int id, UserPrincipal baseFsPrincipal) { this.id = id; - this.name = Integer.toString(id); + this.name = Optional.ofNullable(CONTAINER_IDS_BY_NAME.inverse().get(id)).orElseGet(() -> Integer.toString(id)); this.baseFsPrincipal = Objects.requireNonNull(baseFsPrincipal); } diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java index e71ba59ce39..38c1e2720c3 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java @@ -9,7 +9,6 @@ import java.io.IOException; import java.nio.file.FileSystem; import java.nio.file.Files; import java.nio.file.Path; -import java.nio.file.attribute.UserPrincipal; import java.util.Map; import static com.yahoo.vespa.hosted.node.admin.task.util.fs.ContainerUserPrincipalLookupService.OVERFLOW_ID; @@ -79,7 +78,5 @@ class ContainerFileSystemTest { Map<String, Object> attrs = Files.readAttributes(path, "unix:*"); assertEquals(uid, attrs.get("uid")); assertEquals(gid, attrs.get("gid")); - assertEquals(String.valueOf(uid), ((UserPrincipal) attrs.get("owner")).getName()); - assertEquals(String.valueOf(gid), ((UserPrincipal) attrs.get("group")).getName()); } } diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java index 27e0beceb37..a459c24049e 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java @@ -23,12 +23,12 @@ class ContainerUserPrincipalLookupServiceTest { @Test public void correctly_resolves_ids() throws IOException { ContainerUserPrincipal user = userPrincipalLookupService.lookupPrincipalByName("1000"); - assertEquals("1000", user.getName()); + assertEquals("vespa", user.getName()); assertEquals("2000", user.baseFsPrincipal().getName()); assertEquals(user, userPrincipalLookupService.lookupPrincipalByName("vespa")); ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("1000"); - assertEquals("1000", group.getName()); + assertEquals("vespa", group.getName()); assertEquals("3000", group.baseFsPrincipal().getName()); assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("vespa")); |