From ac22328979cdb74b20efd8e7fd8d749d2794e1b0 Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Sat, 23 Mar 2024 12:58:03 -0700 Subject: [PATCH] feat: add image user option Signed-off-by: Maxime Brunet --- docs/reference/ko_apply.md | 1 + docs/reference/ko_build.md | 1 + docs/reference/ko_create.md | 1 + docs/reference/ko_resolve.md | 1 + docs/reference/ko_run.md | 1 + pkg/build/gobuild.go | 7 +++++++ pkg/build/gobuild_test.go | 14 ++++++++++++++ pkg/build/options.go | 8 ++++++++ pkg/commands/options/build.go | 3 +++ pkg/commands/resolver.go | 4 ++++ 10 files changed, 41 insertions(+) diff --git a/docs/reference/ko_apply.md b/docs/reference/ko_apply.md index 99322e496..1dbe2a242 100644 --- a/docs/reference/ko_apply.md +++ b/docs/reference/ko_apply.md @@ -54,6 +54,7 @@ ko apply -f FILENAME [flags] --image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest. --image-label strings Which labels (key=value[,key=value]) to add to the image. --image-refs string Path to file where a list of the published image references will be written. + --image-user string The default user the image should be run as. --insecure-registry Whether to skip TLS verification on the registry -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) -L, --local Load into images to local docker daemon. diff --git a/docs/reference/ko_build.md b/docs/reference/ko_build.md index b1df64cf4..c4b62f253 100644 --- a/docs/reference/ko_build.md +++ b/docs/reference/ko_build.md @@ -50,6 +50,7 @@ ko build IMPORTPATH... [flags] --image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest. --image-label strings Which labels (key=value[,key=value]) to add to the image. --image-refs string Path to file where a list of the published image references will be written. + --image-user string The default user the image should be run as. --insecure-registry Whether to skip TLS verification on the registry -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) -L, --local Load into images to local docker daemon. diff --git a/docs/reference/ko_create.md b/docs/reference/ko_create.md index 232f38a07..51e47cb7d 100644 --- a/docs/reference/ko_create.md +++ b/docs/reference/ko_create.md @@ -54,6 +54,7 @@ ko create -f FILENAME [flags] --image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest. --image-label strings Which labels (key=value[,key=value]) to add to the image. --image-refs string Path to file where a list of the published image references will be written. + --image-user string The default user the image should be run as. --insecure-registry Whether to skip TLS verification on the registry -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) -L, --local Load into images to local docker daemon. diff --git a/docs/reference/ko_resolve.md b/docs/reference/ko_resolve.md index 1f28e6365..cd51f4408 100644 --- a/docs/reference/ko_resolve.md +++ b/docs/reference/ko_resolve.md @@ -47,6 +47,7 @@ ko resolve -f FILENAME [flags] --image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest. --image-label strings Which labels (key=value[,key=value]) to add to the image. --image-refs string Path to file where a list of the published image references will be written. + --image-user string The default user the image should be run as. --insecure-registry Whether to skip TLS verification on the registry -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) -L, --local Load into images to local docker daemon. diff --git a/docs/reference/ko_run.md b/docs/reference/ko_run.md index 1ae8dcf46..e9ee80ffc 100644 --- a/docs/reference/ko_run.md +++ b/docs/reference/ko_run.md @@ -38,6 +38,7 @@ ko run IMPORTPATH [flags] --image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest. --image-label strings Which labels (key=value[,key=value]) to add to the image. --image-refs string Path to file where a list of the published image references will be written. + --image-user string The default user the image should be run as. --insecure-registry Whether to skip TLS verification on the registry -j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS) -L, --local Load into images to local docker daemon. diff --git a/pkg/build/gobuild.go b/pkg/build/gobuild.go index 05a7a81eb..5bb3ea5b7 100644 --- a/pkg/build/gobuild.go +++ b/pkg/build/gobuild.go @@ -103,6 +103,7 @@ type gobuild struct { dir string labels map[string]string annotations map[string]string + user string debug bool semaphore *semaphore.Weighted @@ -129,6 +130,7 @@ type gobuildOpener struct { platforms []string labels map[string]string annotations map[string]string + user string dir string jobs int debug bool @@ -151,6 +153,7 @@ func (gbo *gobuildOpener) Open() (Interface, error) { return &gobuild{ ctx: gbo.ctx, getBase: gbo.getBase, + user: gbo.user, creationTime: gbo.creationTime, kodataCreationTime: gbo.kodataCreationTime, build: gbo.build, @@ -1172,6 +1175,10 @@ func (g *gobuild) buildOne(ctx context.Context, refStr string, base v1.Image, pl cfg.Config.Labels[k] = v } + if g.user != "" { + cfg.Config.User = g.user + } + empty := v1.Time{} if g.creationTime != empty { cfg.Created = g.creationTime diff --git a/pkg/build/gobuild_test.go b/pkg/build/gobuild_test.go index 5de8ee0a1..cc5f8d5ab 100644 --- a/pkg/build/gobuild_test.go +++ b/pkg/build/gobuild_test.go @@ -846,6 +846,7 @@ func TestGoBuild(t *testing.T) { WithLabel("hello", "world"), WithAnnotation("fizz", "buzz"), WithAnnotation("goodbye", "world"), + WithUser("1234:1234"), WithPlatforms("all"), ) if err != nil { @@ -921,6 +922,19 @@ func TestGoBuild(t *testing.T) { t.Fatalf("Annotations diff (-got,+want): %s", d) } }) + + t.Run("check user", func(t *testing.T) { + cfg, err := img.ConfigFile() + if err != nil { + t.Fatalf("ConfigFile() = %v", err) + } + + want := "1234:1234" + got := cfg.Config.User + if got != want { + t.Fatalf("User: %s != %s", want, got) + } + }) } func TestGoBuild_Defaults(t *testing.T) { diff --git a/pkg/build/options.go b/pkg/build/options.go index 19601a8fd..75443a9b6 100644 --- a/pkg/build/options.go +++ b/pkg/build/options.go @@ -153,6 +153,14 @@ func WithAnnotation(k, v string) Option { } } +// WithUser is a functional option for overriding the user in the image config. +func WithUser(user string) Option { + return func(gbo *gobuildOpener) error { + gbo.user = user + return nil + } +} + // withBuilder is a functional option for overriding the way go binaries // are built. func withBuilder(b builder) Option { diff --git a/pkg/commands/options/build.go b/pkg/commands/options/build.go index 0ec633d41..fd69e2d69 100644 --- a/pkg/commands/options/build.go +++ b/pkg/commands/options/build.go @@ -66,6 +66,7 @@ type BuildOptions struct { Platforms []string Labels []string Annotations []string + User string Debug bool // UserAgent enables overriding the default value of the `User-Agent` HTTP // request header used when retrieving the base image. @@ -98,6 +99,8 @@ func AddBuildOptions(cmd *cobra.Command, bo *BuildOptions) { "Which labels (key=value[,key=value]) to add to the image.") cmd.Flags().StringSliceVar(&bo.Annotations, "image-annotation", []string{}, "Which annotations (key=value[,key=value]) to add to the OCI manifest.") + cmd.Flags().StringVar(&bo.User, "image-user", "", + "The default user the image should be run as.") cmd.Flags().BoolVar(&bo.Debug, "debug", bo.Debug, "Include Delve debugger into image and wrap around ko-app. This debugger will listen to port 40000.") bo.Trimpath = true diff --git a/pkg/commands/resolver.go b/pkg/commands/resolver.go index dcbf10008..829799ca2 100644 --- a/pkg/commands/resolver.go +++ b/pkg/commands/resolver.go @@ -127,6 +127,10 @@ func gobuildOptions(bo *options.BuildOptions) ([]build.Option, error) { opts = append(opts, build.WithAnnotation(k, v)) } + if bo.User != "" { + opts = append(opts, build.WithUser(bo.User)) + } + if bo.BuildConfigs != nil { opts = append(opts, build.WithConfig(bo.BuildConfigs)) }