fix(cli): fix starting local session as user without uid 1000 (#3341)

SwissDataScienceCenter · Mar 13, 2023 · a345346 · a345346
1 parent 717a780
commit a345346
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/renku/core/session/docker.py b/renku/core/session/docker.py
@@ -16,6 +16,8 @@
 # limitations under the License.
 """Docker based interactive session provider."""
 
+import os
+import platform
 import webbrowser
 from pathlib import Path
 from typing import TYPE_CHECKING, Any, Dict, Iterable, List, Optional, Tuple, cast
@@ -159,6 +161,7 @@ def session_start(
         Returns:
             Tuple[str, str]: Provider message and a possible warning message.
         """
+        show_non_standard_user_warning = True
 
         def session_start_helper(consider_disk_request: bool):
             try:
@@ -212,12 +215,32 @@ def session_start_helper(consider_disk_request: bool):
                     "EMAIL": user.email,
                 }
 
+                additional_options: Dict[str, Any] = {}
+
+                if platform.system() == "Linux" and os.getuid() != 1000:
+                    # NOTE: Current user id is not 1000 like jovyan, need to run docker under that user.
+                    nonlocal show_non_standard_user_warning
+                    if show_non_standard_user_warning:
+                        communication.confirm(
+                            "Your user id is not 1000 and for Jupyter to work the session must be started as root.\n"
+                            "Jupyter itself will run as your user.\n"
+                            "Starting as root has security implications, make sure you trust this Dockerfile.\n"
+                            "Proceed?",
+                            abort=True,
+                        )
+                        show_non_standard_user_warning = False
+
+                    additional_options["user"] = "root"
+                    environment["NB_UID"] = str(os.getuid())
+                    environment["CHOWN_HOME"] = "yes"
+                    environment["CHOWN_HOME_OPTS"] = "-R"
+
                 container = self.docker_client().containers.run(
                     image_name,
                     'jupyter notebook --NotebookApp.ip="0.0.0.0"'
                     f" --NotebookApp.port={DockerSessionProvider.JUPYTER_PORT}"
                     f' --NotebookApp.token="{auth_token}" --NotebookApp.default_url="{default_url}"'
-                    f" --NotebookApp.notebook_dir={work_dir}",
+                    f" --NotebookApp.notebook_dir={work_dir}" + (" --allow-root" if os.getuid() != 1000 else ""),
                     detach=True,
                     labels={"renku_project": project_name, "jupyter_token": auth_token},
                     ports={f"{DockerSessionProvider.JUPYTER_PORT}/tcp": None},
@@ -226,6 +249,7 @@ def session_start_helper(consider_disk_request: bool):
                     volumes=volumes,
                     working_dir=str(work_dir),
                     **resource_requests,
+                    **additional_options,
                 )
 
                 if not container.ports:

diff --git a/tests/cli/test_session.py b/tests/cli/test_session.py
@@ -77,7 +77,7 @@ def test_session_start_config_requests(runner, project, dummy_session_provider,
         docker_mock = MagicMock()
         docker_mock.api.inspect_image.return_value = {}
         monkey.setattr(docker, "from_env", lambda: docker_mock)
-        result = runner.invoke(cli, ["session", "start", "-p", "docker"])
+        result = runner.invoke(cli, ["session", "start", "-p", "docker"], input="y\n")
         assert 0 == result.exit_code, format_result_exception(result)
         assert "successfully started" in result.output