diff options
| -rwxr-xr-x | tools/build_defs/docker/build_test.sh | 13 | ||||
| -rw-r--r-- | tools/build_defs/docker/docker.bzl | 4 | ||||
| -rw-r--r-- | tools/build_defs/docker/rewrite_json.py | 11 |
3 files changed, 26 insertions, 2 deletions
diff --git a/tools/build_defs/docker/build_test.sh b/tools/build_defs/docker/build_test.sh index 046705bd7b..785b39925c 100755 --- a/tools/build_defs/docker/build_test.sh +++ b/tools/build_defs/docker/build_test.sh @@ -124,6 +124,13 @@ function check_workdir() { check_property WorkingDir "notop_${input}" "${@}" } +function check_user() { + input="$1" + shift + check_property User "${input}" "${@}" + check_property User "notop_${input}" "${@}" +} + function check_layers_aux() { local input=${1} shift 1 @@ -369,6 +376,12 @@ function test_with_double_label() { '["com.example.bar={\"name\": \"blah\"}", "com.example.baz=qux", "com.example.foo={\"name\": \"blah\"}", "com.example.qux={\"name\": \"blah-blah\"}"]' } +function test_with_user() { + check_user "with_user" \ + "65664d4d78ff321684e2a8bf165792ce562c5990c9ba992e6288dcb1ec7f675c" \ + "\"nobody\"" +} + function get_layer_listing() { local input=$1 local layer=$2 diff --git a/tools/build_defs/docker/docker.bzl b/tools/build_defs/docker/docker.bzl index 4d971f5b3c..5fcedd5007 100644 --- a/tools/build_defs/docker/docker.bzl +++ b/tools/build_defs/docker/docker.bzl @@ -175,6 +175,8 @@ def _metadata_action(ctx, layer, name, output): if base: args += ["--base=%s" % base.path] inputs += [base] + if ctx.attr.user: + args += ["--user=" + ctx.attr.user] ctx.action( executable = rewrite_tool, @@ -322,6 +324,7 @@ docker_build_ = rule( "symlinks": attr.string_dict(), "entrypoint": attr.string_list(), "cmd": attr.string_list(), + "user": attr.string(), "env": attr.string_dict(), "labels": attr.string_dict(), "ports": attr.string_list(), # Skylark doesn't support int_list... @@ -421,7 +424,6 @@ docker_build_ = rule( # # https://docs.docker.com/reference/builder/#maintainer # maintainer="...", # -# # TODO(mattmoor): NYI # # https://docs.docker.com/reference/builder/#user # # NOTE: the normal directive affects subsequent RUN, CMD, # # and ENTRYPOINT diff --git a/tools/build_defs/docker/rewrite_json.py b/tools/build_defs/docker/rewrite_json.py index 11933e5d51..933a640d2e 100644 --- a/tools/build_defs/docker/rewrite_json.py +++ b/tools/build_defs/docker/rewrite_json.py @@ -42,6 +42,9 @@ gflags.DEFINE_list( 'command', None, 'Override the "Cmd" of the previous layer') +gflags.DEFINE_string( + 'user', None, 'The username to run commands under') + gflags.DEFINE_list('labels', None, 'Augment the "Label" of the previous layer') gflags.DEFINE_list( @@ -64,7 +67,8 @@ FLAGS = gflags.FLAGS _MetadataOptionsT = namedtuple('MetadataOptionsT', ['name', 'parent', 'size', 'entrypoint', 'cmd', - 'env', 'labels', 'ports', 'volumes', 'workdir']) + 'env', 'labels', 'ports', 'volumes', 'workdir', + 'user']) class MetadataOptions(_MetadataOptionsT): @@ -76,6 +80,7 @@ class MetadataOptions(_MetadataOptionsT): size=None, entrypoint=None, cmd=None, + user=None, labels=None, env=None, ports=None, @@ -88,6 +93,7 @@ class MetadataOptions(_MetadataOptionsT): size=size, entrypoint=entrypoint, cmd=cmd, + user=user, labels=labels, env=env, ports=ports, @@ -167,6 +173,8 @@ def RewriteMetadata(data, options): output['config']['Entrypoint'] = options.entrypoint if options.cmd: output['config']['Cmd'] = options.cmd + if options.user: + output['config']['User'] = options.user output['docker_version'] = _DOCKER_VERSION output['architecture'] = _PROCESSOR_ARCHITECTURE @@ -303,6 +311,7 @@ def main(unused_argv): size=os.path.getsize(FLAGS.layer), entrypoint=FLAGS.entrypoint, cmd=FLAGS.command, + user=FLAGS.user, labels=labels, env=KeyValueToDict(FLAGS.env), ports=FLAGS.ports, |