Use UserNamespace in ContainerUserPrincipalLookupService

3 files changed, 17 insertions, 26 deletions

diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
index 970a264d0df..a5fc6a1373f 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
 import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixPath;
 import com.yahoo.vespa.test.file.TestFileSystem;
 import org.junit.jupiter.api.Test;
@@ -14,7 +15,6 @@ import java.nio.file.StandardCopyOption;
 import java.nio.file.StandardOpenOption;
 import java.util.Map;
 
-import static com.yahoo.vespa.hosted.node.admin.task.util.fs.ContainerUserPrincipalLookupService.OVERFLOW_ID;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
@@ -24,7 +24,8 @@ class ContainerFileSystemTest {
 
     private final FileSystem fileSystem = TestFileSystem.create();
     private final UnixPath containerRootOnHost = new UnixPath(fileSystem.getPath("/data/storage/ctr1"));
-    private final ContainerFileSystem containerFs = ContainerFileSystem.create(containerRootOnHost.createDirectories().toPath(), 10_000, 11_000);
+    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, "vespa", "users", 1000, 100);
+    private final ContainerFileSystem containerFs = ContainerFileSystem.create(containerRootOnHost.createDirectories().toPath(), userNamespace);
 
     @Test
     public void creates_files_and_directories_with_container_root_as_owner() throws IOException {
@@ -65,7 +66,7 @@ class ContainerFileSystemTest {
 
         // If file is copied to JimFS path, the UID/GIDs are not fixed
         Files.copy(hostFile.toPath(), destination.pathOnHost());
-        assertEquals(String.valueOf(OVERFLOW_ID), Files.getOwner(destination).getName());
+        assertEquals(String.valueOf(userNamespace.overflowId()), Files.getOwner(destination).getName());
         Files.delete(destination);
 
         Files.copy(hostFile.toPath(), destination);
@@ -94,7 +95,7 @@ class ContainerFileSystemTest {
 
         // If file is moved to JimFS path, the UID/GIDs are not fixed
         Files.move(hostFile.toPath(), destination.pathOnHost());
-        assertEquals(String.valueOf(OVERFLOW_ID), Files.getOwner(destination).getName());
+        assertEquals(String.valueOf(userNamespace.overflowId()), Files.getOwner(destination).getName());
         Files.delete(destination);
 
         hostFile.createNewFile();
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java
index ebbbaf3b525..6bca8c2f0b1 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPathTest.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
 import com.yahoo.vespa.test.file.TestFileSystem;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
@@ -12,6 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.mock;
 
 import java.io.IOException;
 import java.nio.file.FileSystem;
@@ -25,7 +27,7 @@ import java.nio.file.Path;
 class ContainerPathTest {
 
     private final FileSystem baseFs = TestFileSystem.create();
-    private final ContainerFileSystem containerFs = ContainerFileSystem.create(baseFs.getPath("/data/storage/ctr1"), 0, 0);
+    private final ContainerFileSystem containerFs = ContainerFileSystem.create(baseFs.getPath("/data/storage/ctr1"), mock(UserNamespace.class));
 
     @Test
     public void create_new_container_path() {
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
index a459c24049e..bc26cfa73f3 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerUserPrincipalLookupServiceTest.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.nodeagent.UserNamespace;
 import com.yahoo.vespa.test.file.TestFileSystem;
 import org.junit.jupiter.api.Test;
 
@@ -17,35 +18,22 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
  */
 class ContainerUserPrincipalLookupServiceTest {
 
+    private final UserNamespace userNamespace = new UserNamespace(10_000, 11_000, "vespa", "users", 1000, 100);
     private final ContainerUserPrincipalLookupService userPrincipalLookupService =
-            new ContainerUserPrincipalLookupService(TestFileSystem.create().getUserPrincipalLookupService(), 1000, 2000);
+            new ContainerUserPrincipalLookupService(TestFileSystem.create().getUserPrincipalLookupService(), userNamespace);
 
     @Test
     public void correctly_resolves_ids() throws IOException {
         ContainerUserPrincipal user = userPrincipalLookupService.lookupPrincipalByName("1000");
         assertEquals("vespa", user.getName());
-        assertEquals("2000", user.baseFsPrincipal().getName());
+        assertEquals("11000", user.baseFsPrincipal().getName());
         assertEquals(user, userPrincipalLookupService.lookupPrincipalByName("vespa"));
 
-        ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("1000");
-        assertEquals("vespa", group.getName());
-        assertEquals("3000", group.baseFsPrincipal().getName());
-        assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("vespa"));
+        ContainerGroupPrincipal group = userPrincipalLookupService.lookupPrincipalByGroupName("100");
+        assertEquals("users", group.getName());
+        assertEquals("11100", group.baseFsPrincipal().getName());
+        assertEquals(group, userPrincipalLookupService.lookupPrincipalByGroupName("users"));
 
         assertThrows(UserPrincipalNotFoundException.class, () -> userPrincipalLookupService.lookupPrincipalByName("test"));
     }
-
-    @Test
-    public void translates_between_ids() {
-        assertEquals(1001, userPrincipalLookupService.containerUidToHostUid(1));
-        assertEquals(2001, userPrincipalLookupService.containerGidToHostGid(1));
-        assertEquals(1, userPrincipalLookupService.hostUidToContainerUid(1001));
-        assertEquals(1, userPrincipalLookupService.hostGidToContainerGid(2001));
-
-        assertEquals(65_534, userPrincipalLookupService.hostUidToContainerUid(1));
-        assertEquals(65_534, userPrincipalLookupService.hostUidToContainerUid(999999));
-
-        assertThrows(IllegalArgumentException.class, () -> userPrincipalLookupService.containerUidToHostUid(-1));
-        assertThrows(IllegalArgumentException.class, () -> userPrincipalLookupService.containerUidToHostUid(70_000));
-    }
-}
\ No newline at end of file
+}