docker/executor: support running commands as user

tsuru · Mar 29, 2018 · 0d0848b · 0d0848b
1 parent 2efd9a6
commit 0d0848b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/internal/docker/executor.go b/internal/docker/executor.go
@@ -16,13 +16,15 @@ import (
 type Executor struct {
 	ContainerID string
 	Client      *Client
+	DefaultUser string
 }
 
 func (d *Executor) Execute(opts exec.ExecuteOptions) error {
+	return d.ExecuteAsUser(d.DefaultUser, opts)
+}
+
+func (d *Executor) ExecuteAsUser(user string, opts exec.ExecuteOptions) error {
 	cmd := append([]string{opts.Cmd}, opts.Args...)
-	if cmd[0] != "/bin/sh" && (opts.Dir != "" || len(opts.Envs) > 0) {
-		cmd = append([]string{"/bin/sh", "-c"}, strings.Join(cmd, " "))
-	}
 	if opts.Dir != "" {
 		cmd = append(cmd[:2], fmt.Sprintf("cd %s && %s", opts.Dir, strings.Join(cmd[2:], " ")))
 	}
@@ -35,6 +37,7 @@ func (d *Executor) Execute(opts exec.ExecuteOptions) error {
 		AttachStdin:  opts.Stdin != nil,
 		AttachStdout: opts.Stdout != nil,
 		AttachStderr: opts.Stderr != nil,
+		User:         user,
 	})
 	if err != nil {
 		return err

diff --git a/internal/user/user.go b/internal/user/user.go
@@ -93,6 +93,11 @@ type userExecutor struct {
 }
 
 func (e *userExecutor) Execute(opts exec.ExecuteOptions) error {
+	if ue, ok := e.baseExecutor.(interface {
+		ExecuteAsUser(string, exec.ExecuteOptions) error
+	}); ok {
+		return ue.ExecuteAsUser(strconv.Itoa(e.uid), opts)
+	}
 	args := []string{
 		"-u", fmt.Sprintf("#%d", e.uid), "--", opts.Cmd,
 	}

diff --git a/main.go b/main.go
@@ -34,6 +34,7 @@ type Config struct {
 	RegistryAuthPass    string `split_words:"true"`
 	RegistryAuthUser    string `split_words:"true"`
 	RegistryAddress     string `split_words:"true"`
+	RunAsUser           string `split_words:"true"`
 }
 
 func main() {
@@ -76,7 +77,11 @@ func main() {
 		if err != nil {
 			fatal("failed to get main container: %v", err)
 		}
-		executor = &docker.Executor{Client: dockerClient, ContainerID: mainContainer.ID}
+		executor = &docker.Executor{
+			Client:      dockerClient,
+			ContainerID: mainContainer.ID,
+			DefaultUser: config.RunAsUser,
+		}
 		filesystem = &executorFS{executor: executor}
 		err = uploadFile(context.Background(), dockerClient, mainContainer.ID, config.InputFile)
 		if err != nil {