Added --current-user flag

Signed-off-by: Konrad Ponichtera <konpon96@gmail.com>
docker · Mar 27, 2022 · f023b2d · f023b2d
1 parent e1d4324
commit f023b2d
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 1 deletion.
diff --git a/cli/command/container/opts.go b/cli/command/container/opts.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"os/user"
 	"path"
 	"path/filepath"
 	"reflect"
@@ -86,6 +87,7 @@ type containerOptions struct {
 	memorySwap         opts.MemSwapBytes
 	kernelMemory       opts.MemBytes
 	user               string
+	currentUser        bool
 	workingDir         string
 	cpuCount           int64
 	cpuShares          int64
@@ -191,6 +193,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 	flags.BoolVarP(&copts.tty, "tty", "t", false, "Allocate a pseudo-TTY")
 	flags.Var(copts.ulimits, "ulimit", "Ulimit options")
 	flags.StringVarP(&copts.user, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
+	flags.BoolVarP(&copts.currentUser, "current-user", "", false, "Run as the user that called the CLI")
 	flags.StringVarP(&copts.workingDir, "workdir", "w", "", "Working directory inside the container")
 	flags.BoolVar(&copts.autoRemove, "rm", false, "Automatically remove the container when it exits")
 
@@ -519,6 +522,13 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		return nil, err
 	}
 
+	currentUser, err := user.Current()
+	if err != nil {
+		return nil, err
+	}
+
+	parsedUser := parseUser(currentUser, copts.currentUser, copts.user)
+
 	// Healthcheck
 	var healthConfig *container.HealthConfig
 	haveHealthSettings := copts.healthCmd != "" ||
@@ -597,7 +607,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		Hostname:     copts.hostname,
 		Domainname:   copts.domainname,
 		ExposedPorts: ports,
-		User:         copts.user,
+		User:         parsedUser,
 		Tty:          copts.tty,
 		// TODO: deprecated, it comes from -n, --networking
 		// it's still needed internally to set the network to disabled
@@ -842,6 +852,20 @@ func convertToStandardNotation(ports []string) ([]string, error) {
 	return optsList, nil
 }
 
+// parseUser determines the user that will run the commands inside the container
+func parseUser(currentUser *user.User, currentUserFlag bool, userFlag string) string {
+	// The --user flag takes precedence
+	if userFlag != "" {
+		return userFlag
+	}
+	if !currentUserFlag {
+		return ""
+	}
+
+	parsedUser := fmt.Sprintf("%s:%s", currentUser.Uid, currentUser.Gid)
+	return parsedUser
+}
+
 func parseLoggingOpts(loggingDriver string, loggingOpts []string) (map[string]string, error) {
 	loggingOptsMap := opts.ConvertKVStringsToMap(loggingOpts)
 	if loggingDriver == "none" && len(loggingOpts) > 0 {

diff --git a/cli/command/container/opts_test.go b/cli/command/container/opts_test.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/user"
 	"runtime"
 	"strings"
 	"testing"
@@ -969,3 +970,47 @@ func TestConvertToStandardNotation(t *testing.T) {
 		}
 	}
 }
+
+func TestParseUser(t *testing.T) {
+	testUser := user.User{
+		Uid: "1234",
+		Gid: "1234",
+	}
+
+	testCases := []struct {
+		currentUser        *user.User
+		currentUserFlag    bool
+		userFlag           string
+		expectedParsedUser string
+	}{
+		{
+			currentUser:        &testUser,
+			currentUserFlag:    false,
+			userFlag:           "",
+			expectedParsedUser: "",
+		},
+		{
+			currentUser:        &testUser,
+			currentUserFlag:    false,
+			userFlag:           "1000",
+			expectedParsedUser: "1000",
+		},
+		{
+			currentUser:        &testUser,
+			currentUserFlag:    true,
+			userFlag:           "",
+			expectedParsedUser: "1234:1234",
+		},
+		{
+			currentUser:        &testUser,
+			currentUserFlag:    true,
+			userFlag:           "1000",
+			expectedParsedUser: "1000",
+		},
+	}
+
+	for _, tc := range testCases {
+		parsedUser := parseUser(tc.currentUser, tc.currentUserFlag, tc.userFlag)
+		assert.DeepEqual(t, parsedUser, tc.expectedParsedUser)
+	}
+}
diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker
@@ -2007,6 +2007,7 @@ _docker_container_run_and_create() {
 			--detach -d
 			--rm
 			--sig-proxy=false
+			--current-user
 		"
 		__docker_complete_detach_keys && return
 	fi

diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker
@@ -659,6 +659,7 @@ __docker_container_subcommand() {
         "($help)*--sysctl=-[sysctl options]:sysctl: "
         "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]"
         "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users"
+        "($help)--current-user[Run as the user that called the CLI]"
         "($help)*--ulimit=[ulimit options]:ulimit: "
         "($help)--userns=[Container user namespace]:user namespace:(host)"
         "($help)--tmpfs[mount tmpfs]"

diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md
@@ -40,6 +40,7 @@ Options:
       --cpu-rt-runtime int            Limit the CPU real-time runtime in microseconds
       --cpuset-cpus string            CPUs in which to allow execution (0-3, 0,1)
       --cpuset-mems string            MEMs in which to allow execution (0-3, 0,1)
+      --current-user                  Run as the user that called the CLI
   -d, --detach                        Run container in background and print container ID
       --detach-keys string            Override the key sequence for detaching a container
       --device value                  Add a host device to the container (default [])