Skip to content

feature: namespace options and supplemental groups for cri manager #753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 13, 2018
Merged

feature: namespace options and supplemental groups for cri manager #753

merged 1 commit into from
Mar 13, 2018

Conversation

@YaoZengzeng
Copy link
Contributor

@YaoZengzeng YaoZengzeng commented Feb 24, 2018

Signed-off-by: YaoZengzeng [email protected]

Ⅰ. Describe what this PR did

Ⅱ. Does this pull request fix one issue?

fixes part of #635

Ⅲ. Describe how you did it

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

We skip the test of "HostNetworkMode", because CRI manager doesn't support logging now.

@YaoZengzeng YaoZengzeng force-pushed the security-context branch 2 times, most recently from 0f5cd78 to 379696e Compare February 26, 2018 01:55
@codecov-io
Copy link

codecov-io commented Feb 26, 2018
edited
Loading

Codecov Report

Merging #753 into master will decrease coverage by 0.04%.
The diff coverage is 7.89%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #753      +/-   ##
==========================================
- Coverage   14.62%   14.58%   -0.05%     
==========================================
  Files         115      115              
  Lines        6940     7001      +61     
==========================================
+ Hits         1015     1021       +6     
- Misses       5839     5893      +54     
- Partials       86       87       +1
Impacted Files Coverage Δ
daemon/mgr/cri.go 0% <ø> (ø) ⬆️
cli/container.go 40.85% <0%> (-0.18%) ⬇️
daemon/mgr/spec_process.go 0% <0%> (ø) ⬆️
daemon/mgr/cri_utils.go 34.12% <0%> (-5.21%) ⬇️
cli/common_flags.go 0% <0%> (ø) ⬆️
pkg/user/user.go 15.55% <75%> (+5.79%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d3c2f20...a456ad0. Read the comment docs.

@YaoZengzeng
Copy link
Contributor Author

YaoZengzeng commented Feb 26, 2018

@allencloud PTAL.

@Letty5411
Copy link
Contributor

Letty5411 commented Mar 1, 2018

@YaoZengzeng could you also add a test for group-add flag?

@YaoZengzeng
Copy link
Contributor Author

YaoZengzeng commented Mar 5, 2018

@allencloud @Letty5411 PTAL.

allencloud
allencloud reviewed Mar 6, 2018
View reviewed changes
daemon/mgr/spec_process.go Outdated
}

func setupProcessUser(ctx context.Context, c *ContainerMeta, spec *SpecWrapper) (err error) {
user := specs.User{}
Copy link
Collaborator

@allencloud allencloud Mar 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would invite @Ace-Tang to take a look at the implementation in setupProcessUser.

Ace-Tang
Ace-Tang reviewed Mar 6, 2018
View reviewed changes
daemon/mgr/spec_process.go Outdated
logrus.Errorf("failed to parse supplemental group id %s: %v", group, err)
continue
}
user.AdditionalGids = append(user.AdditionalGids, uint32(gid))
Copy link
Contributor

@Ace-Tang Ace-Tang Mar 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better to take AdditionalGids implement to package pkg/user/

@YaoZengzeng YaoZengzeng force-pushed the security-context branch 2 times, most recently from 9e774b1 to 379696e Compare March 7, 2018 06:35
@pouchrobot pouchrobot added size/L and removed size/XL labels Mar 7, 2018
@YaoZengzeng YaoZengzeng force-pushed the security-context branch 3 times, most recently from d71ae89 to 7ec47b9 Compare March 7, 2018 07:52
@YaoZengzeng
Copy link
Contributor Author

YaoZengzeng commented Mar 7, 2018

@allencloud Updated

allencloud
allencloud reviewed Mar 9, 2018
View reviewed changes
pkg/user/user.go
return uint32(uid), uint32(gid)
}

// GetAdditionalGids parse supplementary gids from slice groups.
Copy link
Collaborator

@allencloud allencloud Mar 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a unit test case for this func GetAdditionalGids?

@allencloud
Copy link
Collaborator

allencloud commented Mar 9, 2018

Do you have any further thoughts on this? @Ace-Tang

@YaoZengzeng YaoZengzeng force-pushed the security-context branch 3 times, most recently from 1b59dc8 to 3a26193 Compare March 13, 2018 02:55
@allencloud
Copy link
Collaborator

allencloud commented Mar 13, 2018

LGTM

@pouchrobot pouchrobot added the LGTM one maintainer or community participant agrees to merge the pull reuqest. label Mar 13, 2018
@allencloud allencloud merged commit aac63a3 into AliyunContainerService:master Mar 13, 2018
@YaoZengzeng YaoZengzeng mentioned this pull request Mar 15, 2018
Closed
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@allencloud allencloud allencloud left review comments

+1 more reviewer

@Ace-Tang Ace-Tang Ace-Tang left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Ace-Tang Ace-Tang

Labels

kind/feature LGTM one maintainer or community participant agrees to merge the pull reuqest. size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@YaoZengzeng @codecov-io @Letty5411 @allencloud @Ace-Tang @pouchrobot