chore: Specify uid for consistent uids over images #4304
Conversation
kvanzuijlen
requested review from
jamengual,
nitrocode and
X-Guardian
and removed request for
a team
jamengual
added
the
needs discussion
| @@ -143,7 +148,7 @@ HEALTHCHECK --interval=5m --timeout=3s \ | |||
|
|
|||
| # Set up the 'atlantis' user and adjust permissions | |||
| RUN addgroup atlantis && \ | |||
| adduser -S -G atlantis atlantis && \ | |||
| adduser -u 100 -S -G atlantis atlantis && \ | |||
There was a problem hiding this comment.
We need to discuss this.
We need to keep backward compatibility or make the breaking change.
A lot of people is already using this and if we change it it could bring some deployments down
There was a problem hiding this comment.
There was a problem hiding this comment.
The atlantis user does not need a shell to start, so a system user was used.
the problem is that in Alpine we have a different UUID
There was a problem hiding this comment.
I see what you mean. But not making it equal makes it harder to make the helm chart work for both. The helm chart defaults to 100 so that was what we were trying to ensure here.
There was a problem hiding this comment.
I'm not saying this is wrong but changing it will break backwards compatibility
There was a problem hiding this comment.
A possible option is to add both users (100 and 1000) on debian. This way the helm chart will be correct and existing users won't have issues. Otherwise we will need to do a breaking change release indeed. Thoughts?
There was a problem hiding this comment.
Looks like two maintainers agreed, so I'd say let's go with this. @kvanzuijlen can you please update it?
There was a problem hiding this comment.
Sounds good! I'll have a look
There was a problem hiding this comment.
This is for alpine and should stay on 100, as it already was the default
Dockerfile
Outdated
| # Set up the 'atlantis' user and adjust permissions. User with uid 1000 is for backwards compatibility | ||
| RUN useradd --uid 100 --system --create-home --user-group --shell /bin/bash atlantis && \ | ||
| useradd --uid 1000 --system --home=/home/atlantis/ --groups atlantis --shell /bin/bash atlantis2 && \ | ||
| chown atlantis:atlantis /home/atlantis/ && \ | ||
| chmod ug+rwx /home/atlantis/ |
There was a problem hiding this comment.
The whole Atlantis group has the same access as the Atlantis user. I added an atlantis2 user with uid 1000 for backward compatibility. The root group is no longer included in the chown, but that shouldn't matter too much as the group had the same permissions as other. Only in cases where end-users configured a user that is part of the root group and changed the permissions on this folder would this be a breaking change, which I think is an acceptable scenario.
| @@ -143,7 +148,7 @@ HEALTHCHECK --interval=5m --timeout=3s \ | |||
|
|
|||
| # Set up the 'atlantis' user and adjust permissions | |||
| RUN addgroup atlantis && \ | |||
| adduser -S -G atlantis atlantis && \ | |||
| adduser -u 100 -S -G atlantis atlantis && \ | |||
There was a problem hiding this comment.
This is for alpine and should stay on 100, as it already was the default
|
@GMartinez-Sisti can you take a look? |
| RUN addgroup --gid 1000 atlantis && \ | ||
| adduser -u 100 -S -G atlantis atlantis && \ | ||
| chown atlantis:root /home/atlantis/ && \ | ||
| chmod u+rwx /home/atlantis/ |
|
@lukemassa @chenrui333 are either of you able to review this? |
|
LGTM! |
what
This PR specifies the uid the atlantis user should be created with.
why
Together with runatlantis/helm-charts#359 this would fix runatlantis/helm-charts#305.
tests
references