executor: set the container exec user in every step
This commit is contained in:
Simone Gotti
parent
bbd287845f
commit
6ee76274d7
@ -65,16 +65,26 @@ func (e *Executor) getAllPods(ctx context.Context, all bool) ([]driver.Pod, erro
|
|||||||
return e.driver.GetPods(ctx, all)
|
return e.driver.GetPods(ctx, all)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func stepUser(t *types.ExecutorTask) string {
|
||||||
|
// use the container specified user and override with task user if defined
|
||||||
|
user := t.Containers[0].User
|
||||||
|
if t.User != "" {
|
||||||
|
user = t.User
|
||||||
|
}
|
||||||
|
|
||||||
|
return user
|
||||||
|
}
|
||||||
|
|
||||||
func (e *Executor) createFile(ctx context.Context, pod driver.Pod, command, user string, outf io.Writer) (string, error) {
|
func (e *Executor) createFile(ctx context.Context, pod driver.Pod, command, user string, outf io.Writer) (string, error) {
|
||||||
cmd := []string{toolboxContainerPath, "createfile"}
|
cmd := []string{toolboxContainerPath, "createfile"}
|
||||||
|
|
||||||
var buf bytes.Buffer
|
var buf bytes.Buffer
|
||||||
execConfig := &driver.ExecConfig{
|
execConfig := &driver.ExecConfig{
|
||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
|
User: user,
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: &buf,
|
Stdout: &buf,
|
||||||
Stderr: outf,
|
Stderr: outf,
|
||||||
User: user,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ce, err := pod.Exec(ctx, execConfig)
|
ce, err := pod.Exec(ctx, execConfig)
|
||||||
@ -119,15 +129,9 @@ func (e *Executor) doRunStep(ctx context.Context, s *types.RunStep, t *types.Exe
|
|||||||
shell = s.Shell
|
shell = s.Shell
|
||||||
}
|
}
|
||||||
|
|
||||||
// use the container specified user and override with task user if defined
|
|
||||||
user := t.Containers[0].User
|
|
||||||
if t.User != "" {
|
|
||||||
user = t.User
|
|
||||||
}
|
|
||||||
|
|
||||||
var cmd []string
|
var cmd []string
|
||||||
if s.Command != "" {
|
if s.Command != "" {
|
||||||
filename, err := e.createFile(ctx, pod, s.Command, user, outf)
|
filename, err := e.createFile(ctx, pod, s.Command, stepUser(t), outf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return -1, errors.Errorf("create file err: %v", err)
|
return -1, errors.Errorf("create file err: %v", err)
|
||||||
}
|
}
|
||||||
@ -163,7 +167,7 @@ func (e *Executor) doRunStep(ctx context.Context, s *types.RunStep, t *types.Exe
|
|||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
Env: environment,
|
Env: environment,
|
||||||
WorkingDir: workingDir,
|
WorkingDir: workingDir,
|
||||||
User: user,
|
User: stepUser(t),
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: outf,
|
Stdout: outf,
|
||||||
Stderr: outf,
|
Stderr: outf,
|
||||||
@ -214,6 +218,7 @@ func (e *Executor) doSaveToWorkspaceStep(ctx context.Context, s *types.SaveToWor
|
|||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
Env: t.Environment,
|
Env: t.Environment,
|
||||||
WorkingDir: workingDir,
|
WorkingDir: workingDir,
|
||||||
|
User: stepUser(t),
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: archivef,
|
Stdout: archivef,
|
||||||
Stderr: logf,
|
Stderr: logf,
|
||||||
@ -274,6 +279,7 @@ func (e *Executor) expandDir(ctx context.Context, t *types.ExecutorTask, pod dri
|
|||||||
execConfig := &driver.ExecConfig{
|
execConfig := &driver.ExecConfig{
|
||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
Env: t.Environment,
|
Env: t.Environment,
|
||||||
|
User: stepUser(t),
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: stdout,
|
Stdout: stdout,
|
||||||
Stderr: logf,
|
Stderr: logf,
|
||||||
@ -302,6 +308,7 @@ func (e *Executor) mkdir(ctx context.Context, t *types.ExecutorTask, pod driver.
|
|||||||
execConfig := &driver.ExecConfig{
|
execConfig := &driver.ExecConfig{
|
||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
Env: t.Environment,
|
Env: t.Environment,
|
||||||
|
User: stepUser(t),
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: logf,
|
Stdout: logf,
|
||||||
Stderr: logf,
|
Stderr: logf,
|
||||||
@ -339,6 +346,7 @@ func (e *Executor) template(ctx context.Context, t *types.ExecutorTask, pod driv
|
|||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
Env: t.Environment,
|
Env: t.Environment,
|
||||||
WorkingDir: workingDir,
|
WorkingDir: workingDir,
|
||||||
|
User: stepUser(t),
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: stdout,
|
Stdout: stdout,
|
||||||
Stderr: logf,
|
Stderr: logf,
|
||||||
@ -386,6 +394,7 @@ func (e *Executor) unarchive(ctx context.Context, t *types.ExecutorTask, source
|
|||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
Env: t.Environment,
|
Env: t.Environment,
|
||||||
WorkingDir: workingDir,
|
WorkingDir: workingDir,
|
||||||
|
User: stepUser(t),
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: logf,
|
Stdout: logf,
|
||||||
Stderr: logf,
|
Stderr: logf,
|
||||||
@ -504,6 +513,7 @@ func (e *Executor) doSaveCacheStep(ctx context.Context, s *types.SaveCacheStep,
|
|||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
Env: t.Environment,
|
Env: t.Environment,
|
||||||
WorkingDir: workingDir,
|
WorkingDir: workingDir,
|
||||||
|
User: stepUser(t),
|
||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
Stdout: archivef,
|
Stdout: archivef,
|
||||||
Stderr: logf,
|
Stderr: logf,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user