Set owner and group for known IDs inside container NS

author: Valerij Fredriksen <valerijf@yahooinc.com> 2021-10-13 17:15:14 +0200
committer: Valerij Fredriksen <valerijf@yahooinc.com> 2021-10-13 17:15:14 +0200
commit: 8af3bc3d5dd5a81683cb5c5f82d1738190203801 (patch)
tree: b37ca9c46488b495aa334c55145ea7e9ce3e96e6
parent: d1028019641d396f35fcc81115bd7452e757ad7a (diff)
3 files changed, 13 insertions, 8 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
index d52d9c75661..893e86ca239 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
@@ -1,12 +1,15 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.google.common.collect.ImmutableBiMap;
+
 import java.io.IOException;
 import java.nio.file.attribute.GroupPrincipal;
 import java.nio.file.attribute.UserPrincipal;
 import java.nio.file.attribute.UserPrincipalLookupService;
 import java.nio.file.attribute.UserPrincipalNotFoundException;
 import java.util.Objects;
+import java.util.Optional;
 
 /**
  * @author valerijf
@@ -21,6 +24,11 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
      * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */
     static final int OVERFLOW_ID = 65_534;
 
+    private static final ImmutableBiMap<String, Integer> CONTAINER_IDS_BY_NAME = ImmutableBiMap.<String, Integer>builder()
+            .put("root", 0)
+            .put("vespa", 1000)
+            .build();
+
     private final UserPrincipalLookupService baseFsUserPrincipalLookupService;
     private final int uidOffset;
     private final int gidOffset;
@@ -51,8 +59,8 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
     }
 
     private static int resolve(String name) throws UserPrincipalNotFoundException {
-        if (name.equals("root")) return 0;
-        if (name.equals("vespa")) return 1000;
+        Integer id = CONTAINER_IDS_BY_NAME.get(name);
+        if (id != null) return id;
 
         try {
             return Integer.parseInt(name);
@@ -68,7 +76,7 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
 
         private NamedPrincipal(int id, UserPrincipal baseFsPrincipal) {
             this.id = id;
-            this.name = Integer.toString(id);
+            this.name = Optional.ofNullable(CONTAINER_IDS_BY_NAME.inverse().get(id)).orElseGet(() -> Integer.toString(id));
             this.baseFsPrincipal = Objects.requireNonNull(baseFsPrincipal);
         }
 
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
index e71ba59ce39..38c1e2720c3 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
@@ -9,7 +9,6 @@ import java.io.IOException;
 import java.nio.file.FileSystem;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.attribute.UserPrincipal;
 import java.util.Map;
 
 import static com.yahoo.vespa.hosted.node.admin.task.util.fs.ContainerUserPrincipalLookupService.OVERFLOW_ID;
@@ -79,7 +78,5 @@ class ContainerFileSystemTest {
         Map<String, Object> attrs = Files.readAttributes(path, "unix:*");
         assertEquals(uid, attrs.get("uid"));
         assertEquals(gid, attrs.get("gid"));
-        assertEquals(String.valueOf(uid), ((UserPrincipal) attrs.get("owner")).getName());
-        assertEquals(String.valueOf(gid), ((UserPrincipal) attrs.get("group")).getName());
     }
 }
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
index 27e0beceb37..a459c24049e 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
@@ -23,12 +23,12 @@ class ContainerUserPrincipalLookupServiceTest {
     @Test
     public void correctly_resolves_ids() throws IOException {
         ContainerUserPrincipal user = userPrincipalLookupService.lookupPrincipalByName("1000");
-        assertEquals("1000", user.getName());
+        assertEquals("vespa", user.getName());
         assertEquals("2000", user.baseFsPrincipal().getName());
         assertEquals(user, userPrincipalLookupService.lookupPrincipalByName("vespa"));
 
         ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("1000");
-        assertEquals("1000", group.getName());
+        assertEquals("vespa", group.getName());
         assertEquals("3000", group.baseFsPrincipal().getName());
         assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("vespa"));
author	Valerij Fredriksen <valerijf@yahooinc.com>	2021-10-13 17:15:14 +0200
committer	Valerij Fredriksen <valerijf@yahooinc.com>	2021-10-13 17:15:14 +0200
commit	8af3bc3d5dd5a81683cb5c5f82d1738190203801 (patch)
tree	b37ca9c46488b495aa334c55145ea7e9ce3e96e6
parent	d1028019641d396f35fcc81115bd7452e757ad7a (diff)