From 2db996f7f3e03ebad84419d96deb21c07379f79a Mon Sep 17 00:00:00 2001 From: Travis Huddleston Date: Mon, 4 Oct 2021 13:46:43 -0400 Subject: [PATCH 1/2] support uid:gid specification --- container.go | 1 + docker.go | 1 + 2 files changed, 2 insertions(+) diff --git a/container.go b/container.go index 64ee0f2c08..9b7e024509 100644 --- a/container.go +++ b/container.go @@ -93,6 +93,7 @@ type ContainerRequest struct { Privileged bool // for starting privileged container Networks []string // for specifying network names NetworkAliases map[string][]string // for specifying network aliases + User string // for specifying uid:gid SkipReaper bool // indicates whether we skip setting up a reaper for this ReaperImage string // alternative reaper image AutoRemove bool // if set to true, the container will be removed from the host when stopped diff --git a/docker.go b/docker.go index efb324aa54..7d089cca2e 100644 --- a/docker.go +++ b/docker.go @@ -675,6 +675,7 @@ func (p *DockerProvider) CreateContainer(ctx context.Context, req ContainerReque Labels: req.Labels, Cmd: req.Cmd, Hostname: req.Hostname, + User: req.User, } // prepare mounts From d69086e679b3fd54bb594b644e2106859e6c88b5 Mon Sep 17 00:00:00 2001 From: Travis Huddleston Date: Tue, 5 Oct 2021 11:21:26 -0400 Subject: [PATCH 2/2] uid tests --- docker_test.go | 63 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/docker_test.go b/docker_test.go index 9349c4fedc..ed0a026b95 100644 --- a/docker_test.go +++ b/docker_test.go @@ -5,17 +5,19 @@ import ( "encoding/json" "errors" "fmt" - "github.com/stretchr/testify/assert" "io/ioutil" "math/rand" "net/http" "os" "os/exec" "path/filepath" + "regexp" "strings" "testing" "time" + "github.com/stretchr/testify/assert" + "github.com/docker/docker/errdefs" "github.com/docker/docker/api/types/volume" @@ -1580,6 +1582,65 @@ func TestContainerWithReaperNetwork(t *testing.T) { assert.NotNil(t, cnt.NetworkSettings.Networks[networks[1]]) } +func TestContainerWithUserID(t *testing.T) { + ctx := context.Background() + req := ContainerRequest{ + Image: "alpine:latest", + User: "60125", + Cmd: []string{"sh", "-c", "id -u"}, + WaitingFor: wait.ForExit(), + } + container, err := GenericContainer(ctx, GenericContainerRequest{ + ContainerRequest: req, + Started: true, + }) + if err != nil { + t.Fatal(err) + } + defer container.Terminate(ctx) + + r, err := container.Logs(ctx) + if err != nil { + t.Fatal(err) + } + defer r.Close() + b, err := ioutil.ReadAll(r) + if err != nil { + t.Fatal(err) + } + actual := regexp.MustCompile(`\D+`).ReplaceAllString(string(b), "") + assert.Equal(t, req.User, actual) +} + +func TestContainerWithNoUserID(t *testing.T) { + ctx := context.Background() + req := ContainerRequest{ + Image: "alpine:latest", + Cmd: []string{"sh", "-c", "id -u"}, + WaitingFor: wait.ForExit(), + } + container, err := GenericContainer(ctx, GenericContainerRequest{ + ContainerRequest: req, + Started: true, + }) + if err != nil { + t.Fatal(err) + } + defer container.Terminate(ctx) + + r, err := container.Logs(ctx) + if err != nil { + t.Fatal(err) + } + defer r.Close() + b, err := ioutil.ReadAll(r) + if err != nil { + t.Fatal(err) + } + actual := regexp.MustCompile(`\D+`).ReplaceAllString(string(b), "") + assert.Equal(t, "0", actual) +} + func TestGetGatewayIP(t *testing.T) { // When using docker-compose with DinD mode, and using host port or http wait strategy // It's need to invoke GetGatewayIP for get the host