diff options
| author | Dan Duvall <dduvall@wikimedia.org> | 2018-03-09 15:46:19 -0800 |
|---|---|---|
| committer | Dan Duvall <dduvall@wikimedia.org> | 2018-03-22 10:57:11 -0700 |
| commit | 50c5793952a725b5629c5dcd82f26b92716e628a (patch) | |
| tree | e401fd1e65e9618dd6ad153e8ef29c4d3a30bd37 /build/instructions_test.go | |
| parent | eb9b69dd3d710cb7afa1dfb6e23a5987842b21cc (diff) | |
| download | blubber-50c5793952a725b5629c5dcd82f26b92716e628a.tar.gz | |
Fix ownership on artifact copies
Summary:
The implementation of D984 did not include enforcing ownership for
`build.CopyFrom` instruction and so artifacts copied from one image to
another via `copies:` were problematically owned as root.
In order to fix this behavior:
1. `config.ArtifactConfig` `build.CopyFrom` instructions are now
injected duration `build.PhaseInstall`
2. `config.VariantConfig` calls `build.ApplyUser` for these artifact
instructions as well using the `runs.as` user
3. `build.CopyAs` was refactored to wrap any `build.Instruction` which
should only really be used with `build.Copy` or `build.CopyFrom`.
Test Plan:
Run `go test ./...`. Run `blubber` against configuration with a variant that
uses `copies` and verify that the `COPY --from` instructions also include a
`--chown` flag.
Reviewers: thcipriani, mmodell, hashar, #release-engineering-team, demon
Reviewed By: thcipriani, #release-engineering-team
Tags: #release-engineering-team
Differential Revision: https://phabricator.wikimedia.org/D1002
Diffstat (limited to 'build/instructions_test.go')
| -rw-r--r-- | build/instructions_test.go | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/build/instructions_test.go b/build/instructions_test.go index 29508e2..77938dd 100644 --- a/build/instructions_test.go +++ b/build/instructions_test.go @@ -37,9 +37,25 @@ func TestCopy(t *testing.T) { } func TestCopyAs(t *testing.T) { - i := build.CopyAs{123, 124, build.Copy{[]string{"source1", "source2"}, "dest"}} - - assert.Equal(t, []string{"123:124", `"source1"`, `"source2"`, `"dest"`}, i.Compile()) + t.Run("wrapping Copy", func(t *testing.T) { + i := build.CopyAs{ + 123, + 124, + build.Copy{[]string{"source1", "source2"}, "dest"}, + } + + assert.Equal(t, []string{"123:124", `"source1"`, `"source2"`, `"dest"`}, i.Compile()) + }) + + t.Run("wrapping CopyFrom", func(t *testing.T) { + i := build.CopyAs{ + 123, + 124, + build.CopyFrom{"foo", build.Copy{[]string{"source1", "source2"}, "dest"}}, + } + + assert.Equal(t, []string{"123:124", "foo", `"source1"`, `"source2"`, `"dest"`}, i.Compile()) + }) } func TestCopyFrom(t *testing.T) { |