diff options
author | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-11-03 15:22:35 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-11-04 09:51:31 +0100 |
commit | f0d166f3b3ae0cfb755784798647d22e508387c5 (patch) | |
tree | 1e8d6eb24f395183bc4d29aa3a5c06ebe687e707 /node-admin | |
parent | ca44ef52f1ea2d79cc7df35c643986a6541aecc6 (diff) |
Chown to user set in ContainerPath
Diffstat (limited to 'node-admin')
5 files changed, 33 insertions, 19 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java index 82e630a1629..9ffb12ac1f7 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java @@ -61,7 +61,7 @@ public class NodeAgentContextImpl implements NodeAgentContext { this.containerNetworkMode = Objects.requireNonNull(containerNetworkMode); this.zone = Objects.requireNonNull(zone); this.containerFs = Objects.requireNonNull(containerFs); - this.pathToVespaHome = containerFs.getPath(pathToVespaHome); + this.pathToVespaHome = containerFs.getPath(pathToVespaHome).withUser(users().vespa()); this.logPrefix = containerName.asString() + ": "; this.cpuSpeedup = cpuSpeedup; this.disabledNodeAgentTasks = NodeAgentTask.fromString( diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java index bbcb971b78e..4167ba2d76e 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java @@ -64,7 +64,7 @@ public class ContainerFileSystem extends FileSystem { @Override public ContainerPath getPath(String first, String... more) { - return ContainerPath.fromPathInContainer(this, Path.of(first, more)); + return ContainerPath.fromPathInContainer(this, Path.of(first, more), getUserPrincipalLookupService().userScope().root()); } @Override diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java index 0faa54f4487..5405a5acd61 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java @@ -87,7 +87,8 @@ class ContainerFileSystemProvider extends FileSystemProvider { @Override public DirectoryStream<Path> newDirectoryStream(Path dir, DirectoryStream.Filter<? super Path> filter) throws IOException { Path pathOnHost = pathOnHost(dir); - return new ContainerDirectoryStream(provider(pathOnHost).newDirectoryStream(pathOnHost, filter)); + return new ContainerDirectoryStream(provider(pathOnHost).newDirectoryStream(pathOnHost, filter), + toContainerPath(dir).user()); } @Override @@ -233,15 +234,17 @@ class ContainerFileSystemProvider extends FileSystemProvider { } private void fixOwnerToContainerRoot(ContainerPath path) throws IOException { - setAttribute(path, "unix:uid", 0, LinkOption.NOFOLLOW_LINKS); - setAttribute(path, "unix:gid", 0, LinkOption.NOFOLLOW_LINKS); + setAttribute(path, "unix:uid", path.user().uid(), LinkOption.NOFOLLOW_LINKS); + setAttribute(path, "unix:gid", path.user().gid(), LinkOption.NOFOLLOW_LINKS); } private class ContainerDirectoryStream implements DirectoryStream<Path> { private final DirectoryStream<Path> hostDirectoryStream; + private final UnixUser user; - private ContainerDirectoryStream(DirectoryStream<Path> hostDirectoryStream) { + private ContainerDirectoryStream(DirectoryStream<Path> hostDirectoryStream, UnixUser user) { this.hostDirectoryStream = hostDirectoryStream; + this.user = user; } @Override @@ -256,7 +259,7 @@ class ContainerFileSystemProvider extends FileSystemProvider { @Override public Path next() { Path pathOnHost = hostPathIterator.next(); - return ContainerPath.fromPathOnHost(containerFs, pathOnHost); + return ContainerPath.fromPathOnHost(containerFs, pathOnHost, user); } }; } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java index 9450c8d4612..4f12c9439f2 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java @@ -1,6 +1,8 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.task.util.fs; +import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixUser; + import java.io.IOException; import java.net.URI; import java.nio.file.LinkOption; @@ -24,11 +26,13 @@ public class ContainerPath implements Path { private final ContainerFileSystem containerFs; private final Path pathOnHost; private final String[] parts; + private final UnixUser user; - private ContainerPath(ContainerFileSystem containerFs, Path pathOnHost, String[] parts) { + private ContainerPath(ContainerFileSystem containerFs, Path pathOnHost, String[] parts, UnixUser user) { this.containerFs = Objects.requireNonNull(containerFs); this.pathOnHost = Objects.requireNonNull(pathOnHost); this.parts = Objects.requireNonNull(parts); + this.user = Objects.requireNonNull(user); if (!pathOnHost.isAbsolute()) throw new IllegalArgumentException("Path host must be absolute: " + pathOnHost); @@ -39,6 +43,8 @@ public class ContainerPath implements Path { public Path pathOnHost() { return pathOnHost; } public String pathInContainer() { return '/' + String.join("/", parts); } + public ContainerPath withUser(UnixUser user) { return new ContainerPath(containerFs, pathOnHost, parts, user); } + UnixUser user() { return user; } @Override public ContainerFileSystem getFileSystem() { @@ -47,7 +53,7 @@ public class ContainerPath implements Path { @Override public ContainerPath getRoot() { - return resolve(containerFs, new String[0], Path.of("/")); + return resolve(containerFs, new String[0], Path.of("/"), user); } @Override @@ -59,7 +65,7 @@ public class ContainerPath implements Path { @Override public ContainerPath getParent() { if (parts.length == 0) return null; - return new ContainerPath(containerFs, pathOnHost.getParent(), Arrays.copyOf(parts, parts.length-1)); + return new ContainerPath(containerFs, pathOnHost.getParent(), Arrays.copyOf(parts, parts.length-1), user); } @Override @@ -83,7 +89,7 @@ public class ContainerPath implements Path { return Path.of(parts[beginIndex], rest); } - @Override public ContainerPath resolve(Path other) { return resolve(containerFs, parts, other); } + @Override public ContainerPath resolve(Path other) { return resolve(containerFs, parts, other, user); } @Override public ContainerPath resolve(String other) { return resolve(Path.of(other)); } @Override public ContainerPath resolveSibling(String other) { return resolve(Path.of("..", other)); } @@ -133,7 +139,7 @@ public class ContainerPath implements Path { public ContainerPath toRealPath(LinkOption... options) throws IOException { Path realPathOnHost = pathOnHost.toRealPath(options); if (realPathOnHost.equals(pathOnHost)) return this; - return fromPathOnHost(containerFs, realPathOnHost); + return fromPathOnHost(containerFs, realPathOnHost, user); } @Override @@ -176,7 +182,7 @@ public class ContainerPath implements Path { return containerFs.containerRootOnHost().getFileName() + ":" + pathInContainer(); } - private static ContainerPath resolve(ContainerFileSystem containerFs, String[] currentParts, Path other) { + private static ContainerPath resolve(ContainerFileSystem containerFs, String[] currentParts, Path other, UnixUser user) { List<String> parts = other.isAbsolute() ? new ArrayList<>() : new ArrayList<>(Arrays.asList(currentParts)); for (int i = 0; i < other.getNameCount(); i++) { String part = other.getName(i).toString(); @@ -190,28 +196,29 @@ public class ContainerPath implements Path { return new ContainerPath(containerFs, containerFs.containerRootOnHost().resolve(String.join("/", parts)), - parts.toArray(String[]::new)); + parts.toArray(String[]::new), + user); } - public static ContainerPath fromPathInContainer(ContainerFileSystem containerFs, Path pathInContainer) { + public static ContainerPath fromPathInContainer(ContainerFileSystem containerFs, Path pathInContainer, UnixUser user) { if (!pathInContainer.isAbsolute()) throw new IllegalArgumentException("Path in container must be absolute: " + pathInContainer); - return resolve(containerFs, new String[0], pathInContainer); + return resolve(containerFs, new String[0], pathInContainer, user); } - public static ContainerPath fromPathOnHost(ContainerFileSystem containerFs, Path pathOnHost) { + public static ContainerPath fromPathOnHost(ContainerFileSystem containerFs, Path pathOnHost, UnixUser user) { pathOnHost = pathOnHost.normalize(); Path containerRootOnHost = containerFs.containerRootOnHost(); Path pathUnderContainerStorage = containerRootOnHost.relativize(pathOnHost); if (pathUnderContainerStorage.getNameCount() == 0 || pathUnderContainerStorage.getName(0).toString().isEmpty()) - return new ContainerPath(containerFs, pathOnHost, new String[0]); + return new ContainerPath(containerFs, pathOnHost, new String[0], user); if (pathUnderContainerStorage.getName(0).toString().equals("..")) throw new IllegalArgumentException("Path " + pathOnHost + " is not under container root " + containerRootOnHost); List<String> parts = new ArrayList<>(); for (int i = 0; i < pathUnderContainerStorage.getNameCount(); i++) parts.add(pathUnderContainerStorage.getName(i).toString()); - return new ContainerPath(containerFs, pathOnHost, parts.toArray(String[]::new)); + return new ContainerPath(containerFs, pathOnHost, parts.toArray(String[]::new), user); } } diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java index 393e1ac34b2..b5f2ef41a1a 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java @@ -60,6 +60,10 @@ class ContainerFileSystemTest { assertOwnership(containerPath, 500, 200, 10500, 11200); // Owner should not have been updated as the file already existed assertEquals("hello world", unixPath.readUtf8File()); + + unixPath.deleteIfExists(); + new UnixPath(containerPath.withUser(userScope.vespa())).writeUtf8File("test123"); + assertOwnership(containerPath, 1000, 100, 11000, 11100); } @Test |