Revert "Reapply "Use ContainerPath""

author: Valerij Fredriksen <freva@users.noreply.github.com> 2021-10-18 11:37:39 +0200
committer: GitHub <noreply@github.com> 2021-10-18 11:37:39 +0200
commit: 723f37c12807edd819ef6b5d94bcd0a3c9ddda1d (patch)
tree: 8d4863d4b984e0c235278726a9ddfb043bb991e4 /node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
parent: 5865b9bb80b540f6d252312fa6002300b2f1c9ee (diff)
1 files changed, 49 insertions, 40 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
index ae65f6a7f7f..893e86ca239 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
@@ -1,7 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
-import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
+import com.google.common.collect.ImmutableBiMap;
 
 import java.io.IOException;
 import java.nio.file.attribute.GroupPrincipal;
@@ -9,60 +9,58 @@ import java.nio.file.attribute.UserPrincipal;
 import java.nio.file.attribute.UserPrincipalLookupService;
 import java.nio.file.attribute.UserPrincipalNotFoundException;
 import java.util.Objects;
+import java.util.Optional;
 
 /**
  * @author valerijf
  */
 class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
 
+    /** Total number of UID/GID that are mapped for each container */
+    private static final int ID_RANGE = 1 << 16;
+
+    /**
+     * IDs outside the ID range are translated to the overflow ID before being written to disk:
+     * https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/Documentation/admin-guide/sysctl/fs.rst#overflowgid--overflowuid */
+    static final int OVERFLOW_ID = 65_534;
+
+    private static final ImmutableBiMap<String, Integer> CONTAINER_IDS_BY_NAME = ImmutableBiMap.<String, Integer>builder()
+            .put("root", 0)
+            .put("vespa", 1000)
+            .build();
+
     private final UserPrincipalLookupService baseFsUserPrincipalLookupService;
-    private final UserNamespace userNamespace;
+    private final int uidOffset;
+    private final int gidOffset;
 
-    ContainerUserPrincipalLookupService(UserPrincipalLookupService baseFsUserPrincipalLookupService, UserNamespace userNamespace) {
-        this.baseFsUserPrincipalLookupService = Objects.requireNonNull(baseFsUserPrincipalLookupService);
-        this.userNamespace = Objects.requireNonNull(userNamespace);
+    ContainerUserPrincipalLookupService(UserPrincipalLookupService baseFsUserPrincipalLookupService, int uidOffset, int gidOffset) {
+        this.baseFsUserPrincipalLookupService = baseFsUserPrincipalLookupService;
+        this.uidOffset = uidOffset;
+        this.gidOffset = gidOffset;
     }
 
-    public int userIdOnHost(int containerUid)  { return userNamespace.userIdOnHost(containerUid); }
-    public int groupIdOnHost(int containerGid) { return userNamespace.groupIdOnHost(containerGid); }
-    public int userIdInContainer(int hostUid)  { return userNamespace.userIdInContainer(hostUid); }
-    public int groupIdInContainer(int hostGid) { return userNamespace.groupIdInContainer(hostGid); }
+    public int containerUidToHostUid(int containerUid) { return containerIdToHostId(containerUid, uidOffset); }
+    public int containerGidToHostGid(int containerGid) { return containerIdToHostId(containerGid, gidOffset); }
+    public int hostUidToContainerUid(int hostUid) { return hostIdToContainerId(hostUid, uidOffset); }
+    public int hostGidToContainerGid(int hostGid) { return hostIdToContainerId(hostGid, gidOffset); }
 
     @Override
     public ContainerUserPrincipal lookupPrincipalByName(String name) throws IOException {
-        int containerUid = resolveName(name, userNamespace.vespaUser(), userNamespace.vespaUserId());
-        String user = resolveId(containerUid, userNamespace.vespaUser(), userNamespace.vespaUserId());
-        String hostUid = String.valueOf(userIdOnHost(containerUid));
-        return new ContainerUserPrincipal(containerUid, user, baseFsUserPrincipalLookupService.lookupPrincipalByName(hostUid));
+        int containerUid = resolve(name);
+        String hostUid = String.valueOf(containerUidToHostUid(containerUid));
+        return new ContainerUserPrincipal(containerUid, baseFsUserPrincipalLookupService.lookupPrincipalByName(hostUid));
     }
 
     @Override
     public ContainerGroupPrincipal lookupPrincipalByGroupName(String group) throws IOException {
-        int containerGid = resolveName(group, userNamespace.vespaGroup(), userNamespace.vespaGroupId());
-        String name = resolveId(containerGid, userNamespace.vespaGroup(), userNamespace.vespaGroupId());
-        String hostGid = String.valueOf(groupIdOnHost(containerGid));
-        return new ContainerGroupPrincipal(containerGid, name, baseFsUserPrincipalLookupService.lookupPrincipalByGroupName(hostGid));
-    }
-
-    public ContainerUserPrincipal userPrincipal(int uid, UserPrincipal baseFsPrincipal) {
-        String name = resolveId(uid, userNamespace.vespaUser(), userNamespace.vespaUserId());
-        return new ContainerUserPrincipal(uid, name, baseFsPrincipal);
-    }
-    
-    public ContainerGroupPrincipal groupPrincipal(int gid, GroupPrincipal baseFsPrincipal) {
-        String name = resolveId(gid, userNamespace.vespaGroup(), userNamespace.vespaGroupId());
-        return new ContainerGroupPrincipal(gid, name, baseFsPrincipal);
+        int containerGid = resolve(group);
+        String hostGid = String.valueOf(containerGidToHostGid(containerGid));
+        return new ContainerGroupPrincipal(containerGid, baseFsUserPrincipalLookupService.lookupPrincipalByGroupName(hostGid));
     }
 
-    private String resolveId(int id, String vespaName, int vespaId) {
-        if (id == 0) return "root";
-        if (id == vespaId) return vespaName;
-        return String.valueOf(id);
-    }
-
-    private int resolveName(String name, String vespaName, int vespaId) throws UserPrincipalNotFoundException {
-        if (name.equals("root")) return 0;
-        if (name.equals(vespaName)) return vespaId;
+    private static int resolve(String name) throws UserPrincipalNotFoundException {
+        Integer id = CONTAINER_IDS_BY_NAME.get(name);
+        if (id != null) return id;
 
         try {
             return Integer.parseInt(name);
@@ -76,9 +74,9 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
         private final String name;
         private final UserPrincipal baseFsPrincipal;
 
-        private NamedPrincipal(int id, String name, UserPrincipal baseFsPrincipal) {
+        private NamedPrincipal(int id, UserPrincipal baseFsPrincipal) {
             this.id = id;
-            this.name = Objects.requireNonNull(name);
+            this.name = Optional.ofNullable(CONTAINER_IDS_BY_NAME.inverse().get(id)).orElseGet(() -> Integer.toString(id));
             this.baseFsPrincipal = Objects.requireNonNull(baseFsPrincipal);
         }
 
@@ -115,12 +113,23 @@ class ContainerUserPrincipalLookupService extends UserPrincipalLookupService {
     }
 
     static final class ContainerUserPrincipal extends NamedPrincipal {
-        private ContainerUserPrincipal(int id, String name, UserPrincipal baseFsPrincipal) { super(id, name, baseFsPrincipal); }
+        ContainerUserPrincipal(int id, UserPrincipal baseFsPrincipal) { super(id, baseFsPrincipal); }
     }
 
     static final class ContainerGroupPrincipal extends NamedPrincipal implements GroupPrincipal {
-        private ContainerGroupPrincipal(int id, String name, GroupPrincipal baseFsPrincipal) { super(id, name, baseFsPrincipal); }
+        ContainerGroupPrincipal(int id, GroupPrincipal baseFsPrincipal) { super(id, baseFsPrincipal); }
 
         @Override public GroupPrincipal baseFsPrincipal() { return (GroupPrincipal) super.baseFsPrincipal(); }
     }
+
+    private static int containerIdToHostId(int id, int idOffset) {
+        if (id < 0 || id > ID_RANGE)
+            throw new IllegalArgumentException("Invalid container id: " + id);
+        return idOffset + id;
+    }
+
+    private static int hostIdToContainerId(int id, int idOffset) {
+        id = id - idOffset;
+        return id < 0 || id >= ID_RANGE ? OVERFLOW_ID : id;
+    }
 }
author	Valerij Fredriksen <freva@users.noreply.github.com>	2021-10-18 11:37:39 +0200
committer	GitHub <noreply@github.com>	2021-10-18 11:37:39 +0200
commit	723f37c12807edd819ef6b5d94bcd0a3c9ddda1d (patch)
tree	8d4863d4b984e0c235278726a9ddfb043bb991e4 /node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupService.java
parent	5865b9bb80b540f6d252312fa6002300b2f1c9ee (diff)