Add size to UserNamespace

6 files changed, 49 insertions, 18 deletions

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java
index 23a81458134..d26a1fa6019 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java
@@ -45,6 +45,8 @@ public interface NodeAgentContext extends TaskContext {
     /** @return information about the Vespa user inside the container */
     VespaUser vespaUser();
 
+    UserNamespace userNamespace();
+
     default boolean isDisabled(NodeAgentTask task) {
         return false;
     };
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
index 0b1f7f24ced..037bbc56d1d 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
@@ -104,6 +104,11 @@ public class NodeAgentContextImpl implements NodeAgentContext {
     }
 
     @Override
+    public UserNamespace userNamespace() {
+        return containerFs.getUserPrincipalLookupService().userNamespace();
+    }
+
+    @Override
     public boolean isDisabled(NodeAgentTask task) {
         return disabledNodeAgentTasks.contains(task);
     }
@@ -263,7 +268,7 @@ public class NodeAgentContextImpl implements NodeAgentContext {
             Objects.requireNonNull(containerStorage, "Must set one of containerStorage or fileSystem");
 
             UserNamespace userNamespace = Optional.ofNullable(this.userNamespace)
-                    .orElseGet(() -> new UserNamespace(100000, 100000));
+                    .orElseGet(() -> new UserNamespace(100000, 100000, 100000));
             VespaUser vespaUser = Optional.ofNullable(this.vespaUser)
                     .orElseGet(() -> new VespaUser("vespa", "vespa", 1000, 100));
             ContainerFileSystem containerFs = ContainerFileSystem.create(containerStorage
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java
index 005452411bd..99529b83374 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespace.java
@@ -1,33 +1,35 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.nodeagent;
 
+import java.util.Objects;
+
 /**
  * @author valerijf
  */
 public class UserNamespace {
 
-    /** Total number of UID/GID that are mapped for each container */
-    private static final int ID_RANGE = 65_536; // 2^16
-
     /**
      * IDs outside the ID range are translated to the overflow ID before being written to disk:
-     * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */
+     * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid
+     * Real value in /proc/sys/fs/overflowuid or overflowgid, hardcode default value*/
     private static final int OVERFLOW_ID = 65_534;
 
     private volatile int uidOffset;
     private volatile int gidOffset;
+    private final int idRangeSize;
 
-    public UserNamespace(int uidOffset, int gidOffset) {
+    public UserNamespace(int uidOffset, int gidOffset, int idRangeSize) {
         this.uidOffset = uidOffset;
         this.gidOffset = gidOffset;
+        this.idRangeSize = idRangeSize;
     }
 
-    public int userIdOnHost(int containerUid) { return toHostId(containerUid, uidOffset); }
-    public int groupIdOnHost(int containerGid) { return toHostId(containerGid, gidOffset); }
-    public int userIdInContainer(int hostUid) { return toContainerId(hostUid, uidOffset); }
-    public int groupIdInContainer(int hostGid) { return toContainerId(hostGid, gidOffset); }
+    public int userIdOnHost(int containerUid) { return toHostId(containerUid, uidOffset, idRangeSize); }
+    public int groupIdOnHost(int containerGid) { return toHostId(containerGid, gidOffset, idRangeSize); }
+    public int userIdInContainer(int hostUid) { return toContainerId(hostUid, uidOffset, idRangeSize); }
+    public int groupIdInContainer(int hostGid) { return toContainerId(hostGid, gidOffset, idRangeSize); }
 
-    public int idRange() { return ID_RANGE; }
+    public int idRangeSize() { return idRangeSize; }
     public int overflowId() { return OVERFLOW_ID; }
 
     // Remove after migration to mapped namespaces is complete, make fields final
@@ -36,14 +38,36 @@ public class UserNamespace {
         this.gidOffset = idOffset;
     }
 
-    private static int toHostId(int containerId, int idOffset) {
-        if (containerId < 0 || containerId > ID_RANGE)
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        UserNamespace that = (UserNamespace) o;
+        return uidOffset == that.uidOffset && gidOffset == that.gidOffset && idRangeSize == that.idRangeSize;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(uidOffset, gidOffset, idRangeSize);
+    }
+
+    @Override
+    public String toString() {
+        return "UserNamespace{" +
+                "uidOffset=" + uidOffset +
+                ", gidOffset=" + gidOffset +
+                ", idRangeSize=" + idRangeSize +
+                '}';
+    }
+
+    private static int toHostId(int containerId, int idOffset, int idRangeSize) {
+        if (containerId < 0 || containerId > idRangeSize)
             throw new IllegalArgumentException("Invalid container id: " + containerId);
         return idOffset + containerId;
     }
 
-    private static int toContainerId(int hostId, int idOffset) {
+    private static int toContainerId(int hostId, int idOffset, int idRangeSize) {
         hostId = hostId - idOffset;
-        return hostId < 0 || hostId >= ID_RANGE ? OVERFLOW_ID : hostId;
+        return hostId < 0 || hostId >= idRangeSize ? OVERFLOW_ID : hostId;
     }
 }
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java
index bb02667a550..20e4bad8c31 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/UserNamespaceTest.java
@@ -11,7 +11,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
  */
 class UserNamespaceTest {
 
-    private final UserNamespace userNamespace = new UserNamespace(1000, 2000);
+    private final UserNamespace userNamespace = new UserNamespace(1000, 2000, 10000);
 
     @Test
     public void translates_between_ids() {
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
index 242a2458f07..932f56f3a60 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
@@ -25,7 +25,7 @@ class ContainerFileSystemTest {
 
     private final FileSystem fileSystem = TestFileSystem.create();
     private final UnixPath containerRootOnHost = new UnixPath(fileSystem.getPath("/data/storage/ctr1"));
-    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000);
+    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, 10000);
     private final VespaUser vespaUser = new VespaUser("vespa", "users", 1000, 100);
     private final ContainerFileSystem containerFs = ContainerFileSystem.create(
             containerRootOnHost.createDirectories().toPath(), userNamespace, vespaUser);
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
index 9a6e69ce27c..f201f2667cd 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
@@ -19,7 +19,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
  */
 class ContainerUserPrincipalLookupServiceTest {
 
-    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000);
+    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, 10000);
     private final VespaUser vespaUser = new VespaUser("vespa", "users", 1000, 100);
     private final ContainerUserPrincipalLookupService userPrincipalLookupService =
             new ContainerUserPrincipalLookupService(TestFileSystem.create().getUserPrincipalLookupService(), userNamespace, vespaUser);