diff --git a/CHANGELOG.md b/CHANGELOG.md index 49cf30441ec..68e3b03519a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ IMPROVEMENTS: * driver/docker: Adds support for `ulimit` and `sysctl` options [GH-3568] * driver/docker: Adds support for StopTimeout (set to the same value as kill_timeout [GH-3601] + * driver/rkt: Add support for passing through user [GH-3612] * driver/qemu: Support graceful shutdowns on unix platforms [GH-3411] * template: Updated to consul template 0.19.4 [GH-3543] * core/enterprise: Return 501 status code in Nomad Pro for Premium end points diff --git a/client/driver/rkt.go b/client/driver/rkt.go index 75b6c074c09..52c7c91f0a5 100644 --- a/client/driver/rkt.go +++ b/client/driver/rkt.go @@ -572,6 +572,11 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, } + // If a user has been specified for the task, pass it through to the user + if task.User != "" { + prepareArgs = append(prepareArgs, fmt.Sprintf("--user=%s", task.User)) + } + // Add user passed arguments. if len(driverConfig.Args) != 0 { parsed := ctx.TaskEnv.ParseAndReplace(driverConfig.Args) @@ -635,7 +640,6 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, execCmd := &executor.ExecCommand{ Cmd: absPath, Args: runArgs, - User: task.User, } ps, err := execIntf.LaunchCmd(execCmd) if err != nil { diff --git a/client/driver/rkt_test.go b/client/driver/rkt_test.go index 5f167c2f692..3b4646dbfb3 100644 --- a/client/driver/rkt_test.go +++ b/client/driver/rkt_test.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/nomad/client/config" "github.com/hashicorp/nomad/nomad/structs" "github.com/hashicorp/nomad/testutil" + "github.com/stretchr/testify/assert" ctestutils "github.com/hashicorp/nomad/client/testutil" ) @@ -334,6 +335,7 @@ func TestRktDriver_Start_Wait_AllocDir(t *testing.T) { } func TestRktDriverUser(t *testing.T) { + assert := assert.New(t) if !testutil.IsTravis() { t.Parallel() } @@ -366,18 +368,19 @@ func TestRktDriverUser(t *testing.T) { defer ctx.AllocDir.Destroy() d := NewRktDriver(ctx.DriverCtx) - if _, err := d.Prestart(ctx.ExecCtx, task); err != nil { - t.Fatalf("error in prestart: %v", err) - } + _, err := d.Prestart(ctx.ExecCtx, task) + assert.Nil(err) resp, err := d.Start(ctx.ExecCtx, task) - if err == nil { - resp.Handle.Kill() - t.Fatalf("Should've failed") - } - msg := "unknown user alice" - if !strings.Contains(err.Error(), msg) { - t.Fatalf("Expecting '%v' in '%v'", msg, err) + assert.Nil(err) + defer resp.Handle.Kill() + + select { + case res := <-resp.Handle.WaitCh(): + assert.False(res.Successful()) + case <-time.After(time.Duration(testutil.TestMultiplier()*15) * time.Second): + t.Fatalf("timeout") } + } func TestRktTrustPrefix(t *testing.T) {