buildah add/copy --chmod dockerfile implementation

Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
containers · Feb 24, 2021 · d0917fa · d0917fa
1 parent e271555
commit d0917fa
Show file tree

Hide file tree

Showing 10 changed files with 104 additions and 8 deletions.
diff --git a/imagebuildah/stage_executor.go b/imagebuildah/stage_executor.go
@@ -322,6 +322,7 @@ func (s *StageExecutor) Copy(excludes []string, copies ...imagebuilder.Copy) err
 			}
 		}
 		options := buildah.AddAndCopyOptions{
+			Chmod:             copy.Chmod,
 			Chown:             copy.Chown,
 			PreserveOwnership: preserveOwnership,
 			ContextDir:        contextDir,
@@ -723,15 +724,15 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 		}
 
 		// Check if there's a --from if the step command is COPY.
-		// Also check the chown flag for validity.
+		// Also check the chmod and the chown flags for validity.
 		for _, flag := range step.Flags {
 			command := strings.ToUpper(step.Command)
-			// chown and from flags should have an '=' sign, '--chown=' or '--from='
-			if command == "COPY" && (flag == "--chown" || flag == "--from") {
-				return "", nil, errors.Errorf("COPY only supports the --chown=<uid:gid> and the --from=<image|stage> flags")
+			// chmod, chown and from flags should have an '=' sign, '--chmod=', '--chown=' or '--from='
+			if command == "COPY" && (flag == "--chmod" || flag == "--chown" || flag == "--from") {
+				return "", nil, errors.Errorf("COPY only supports the --chmod=<permissions> --chown=<uid:gid> and the --from=<image|stage> flags")
 			}
-			if command == "ADD" && flag == "--chown" {
-				return "", nil, errors.Errorf("ADD only supports the --chown=<uid:gid> flag")
+			if command == "ADD" && (flag == "--chmod" || flag == "--chown") {
+				return "", nil, errors.Errorf("ADD only supports the --chmod=<permissions> and the --chown=<uid:gid> flags")
 			}
 			if strings.Contains(flag, "--from") && command == "COPY" {
 				arr := strings.Split(flag, "=")

diff --git a/tests/bud.bats b/tests/bud.bats
@@ -1131,12 +1131,60 @@ function _test_http() {
   expect_output --substring "3267"
 }
 
+@test "bud with combined chown and chmod copy" {
+  _prefetch alpine
+  imgName=alpine-image
+  ctrName=alpine-chmod
+  run_buildah bud --signature-policy ${TESTSDIR}/policy.json  -t ${imgName} -f ${TESTSDIR}/bud/copy-chmod/Dockerfile.combined ${TESTSDIR}/bud/copy-chmod
+  expect_output --substring "chmod:777 user:2367 group:3267"
+}
+
+@test "bud with combined chown and chmod add" {
+  _prefetch alpine
+  imgName=alpine-image
+  ctrName=alpine-chmod
+  run_buildah bud --signature-policy ${TESTSDIR}/policy.json  -t ${imgName} -f ${TESTSDIR}/bud/add-chmod/Dockerfile.combined ${TESTSDIR}/bud/add-chmod
+  expect_output --substring "chmod:777 user:2367 group:3267"
+}
+
 @test "bud with chown copy with bad chown flag in Dockerfile with --layers" {
   _prefetch alpine
   imgName=alpine-image
   ctrName=alpine-chown
   run_buildah 125 bud --signature-policy ${TESTSDIR}/policy.json --layers -t ${imgName} -f ${TESTSDIR}/bud/copy-chown/Dockerfile.bad ${TESTSDIR}/bud/copy-chown
-  expect_output --substring "COPY only supports the --chown=<uid:gid> and the --from=<image|stage> flags"
+  expect_output --substring "COPY only supports the --chmod=<permissions> --chown=<uid:gid> and the --from=<image|stage> flags"
+}
+
+@test "bud with chmod copy" {
+  _prefetch alpine
+  imgName=alpine-image
+  ctrName=alpine-chmod
+  run_buildah bud --signature-policy ${TESTSDIR}/policy.json -t ${imgName} ${TESTSDIR}/bud/copy-chmod
+  expect_output --substring "rwxrwxrwx"
+  run_buildah from --name ${ctrName} ${imgName}
+  run_buildah run alpine-chmod ls -l /tmp/copychmod.txt
+  # Validate that output starts with 777 == "rwxrwxrwx"
+  expect_output --substring "rwxrwxrwx"
+}
+
+@test "bud with chmod copy with bad chmod flag in Dockerfile with --layers" {
+  _prefetch alpine
+  imgName=alpine-image
+  ctrName=alpine-chmod
+  run_buildah 125 bud --signature-policy ${TESTSDIR}/policy.json --layers -t ${imgName} -f ${TESTSDIR}/bud/copy-chmod/Dockerfile.bad ${TESTSDIR}/bud/copy-chmod
+  expect_output --substring "COPY only supports the --chmod=<permissions> --chown=<uid:gid> and the --from=<image|stage> flags"
+}
+
+@test "bud with chmod add" {
+  _prefetch alpine
+  imgName=alpine-image
+  ctrName=alpine-chmod
+  run_buildah bud --signature-policy ${TESTSDIR}/policy.json -t ${imgName} ${TESTSDIR}/bud/add-chmod
+  expect_output --substring "rwxrwxrwx"
+  run_buildah from --name ${ctrName} ${imgName}
+  run_buildah run alpine-chmod ls -l /tmp/addchmod.txt
+  # Validate that rights equal 777 == "rwxrwxrwx"
+  expect_output --substring "rwxrwxrwx"
 }
 
 @test "bud with chown add" {
@@ -1160,7 +1208,15 @@ function _test_http() {
   imgName=alpine-image
   ctrName=alpine-chown
   run_buildah 125 bud --signature-policy ${TESTSDIR}/policy.json --layers -t ${imgName} -f ${TESTSDIR}/bud/add-chown/Dockerfile.bad ${TESTSDIR}/bud/add-chown
-  expect_output --substring "ADD only supports the --chown=<uid:gid> flag"
+  expect_output --substring "ADD only supports the --chmod=<permissions> and the --chown=<uid:gid> flags"
+}
+
+@test "bud with chmod add with bad chmod flag in Dockerfile with --layers" {
+  _prefetch alpine
+  imgName=alpine-image
+  ctrName=alpine-chmod
+  run_buildah 125 bud --signature-policy ${TESTSDIR}/policy.json --layers -t ${imgName} -f ${TESTSDIR}/bud/add-chmod/Dockerfile.bad ${TESTSDIR}/bud/add-chmod
+  expect_output --substring "ADD only supports the --chmod=<permissions> and the --chown=<uid:gid> flags"
 }
 
 @test "bud with ADD file construct" {

diff --git a/tests/bud/add-chmod/Dockerfile b/tests/bud/add-chmod/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine
+
+ADD --chmod=777 addchmod.txt /tmp 
+RUN ls -l /tmp/addchmod.txt 
+CMD /bin/sh
+
diff --git a/tests/bud/add-chmod/Dockerfile.bad b/tests/bud/add-chmod/Dockerfile.bad
@@ -0,0 +1,6 @@
+FROM alpine
+
+ADD --chmod 777 addchmod.txt /tmp 
+RUN ls -l /tmp/addchmod.txt 
+CMD /bin/sh
+
diff --git a/tests/bud/add-chmod/Dockerfile.combined b/tests/bud/add-chmod/Dockerfile.combined
@@ -0,0 +1,6 @@
+FROM alpine
+
+ADD --chmod=777 --chown=2367:3267 addchmod.txt /tmp 
+RUN stat -c "chmod:%a user:%u group:%g"  /tmp/addchmod.txt 
+CMD /bin/sh
+
diff --git a/tests/bud/add-chmod/addchmod.txt b/tests/bud/add-chmod/addchmod.txt
@@ -0,0 +1 @@
+File for testing ADD with chmod in a Dockerfile.
diff --git a/tests/bud/copy-chmod/Dockerfile b/tests/bud/copy-chmod/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine
+
+COPY --chmod=777 copychmod.txt /tmp 
+RUN ls -l /tmp/copychmod.txt 
+CMD /bin/sh
+
diff --git a/tests/bud/copy-chmod/Dockerfile.bad b/tests/bud/copy-chmod/Dockerfile.bad
@@ -0,0 +1,7 @@
+FROM alpine
+
+COPY --chmod 777 copychmod.txt /tmp 
+RUN ls -l /tmp/copychmod.txt 
+CMD /bin/sh
+
+
diff --git a/tests/bud/copy-chmod/Dockerfile.combined b/tests/bud/copy-chmod/Dockerfile.combined
@@ -0,0 +1,6 @@
+FROM alpine
+
+COPY --chmod=777 --chown=2367:3267 copychmod.txt /tmp 
+RUN stat -c "chmod:%a user:%u group:%g"  /tmp/copychmod.txt 
+CMD /bin/sh
+
diff --git a/tests/bud/copy-chmod/copychmod.txt b/tests/bud/copy-chmod/copychmod.txt
@@ -0,0 +1 @@
+File for testing COPY with chmod in a Dockerfile.