Skip to content

Commit

Permalink
Introduce users.ErrNotFound
Browse files Browse the repository at this point in the history
Makes the errors.Is() checks nicer. On the contrary, the error message
won't contain the user name anymore. Wrap the error accordingly on the
caller side instead.

Signed-off-by: Tom Wieczorek <[email protected]>
  • Loading branch information
twz123 committed May 22, 2024
1 parent e8877d4 commit 16e73f5
Show file tree
Hide file tree
Showing 11 changed files with 21 additions and 6 deletions.
3 changes: 3 additions & 0 deletions cmd/controller/certificates.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ func (c *Certificates) Init(ctx context.Context) error {

apiServerUID, err := users.LookupUID(constant.ApiserverUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
apiServerUID = users.RootUID
logrus.WithError(err).Warn("Files with key material for kube-apiserver user will be owned by root")
}
Expand Down Expand Up @@ -126,6 +127,7 @@ func (c *Certificates) Init(ctx context.Context) error {

uid, err := users.LookupUID(constant.KonnectivityServerUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KonnectivityServerUser, err)
uid = users.RootUID
logrus.WithError(err).Warn("Files with key material for konnectivity-server user will be owned by root")
}
Expand Down Expand Up @@ -165,6 +167,7 @@ func (c *Certificates) Init(ctx context.Context) error {

uid, err := users.LookupUID(constant.SchedulerUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.SchedulerUser, err)
uid = users.RootUID
logrus.WithError(err).Warn("Files with key material for kube-scheduler user will be owned by root")
}
Expand Down
8 changes: 6 additions & 2 deletions internal/pkg/users/users.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,11 @@ const (
RootUID = 0 // User ID of the root user
)

var ErrNotExist = errors.New("user does not exist")

// Lookup looks up a user's UID by username. If the user cannot be found, the
// returned error is of type [user.UnknownUserError]. If an error is returned,
// the returned UID will be [UnknownUID].
// returned error is [ErrNotExist]. If an error is returned, the returned UID
// will be [UnknownUID].
func LookupUID(name string) (int, error) {
var uid string

Expand All @@ -49,6 +51,8 @@ func LookupUID(name string) (int, error) {
return UnknownUID, err
}

err = ErrNotExist

// fallback to call external `id` in case NSS is used
out, idErr := exec.Command("id", "-u", name).Output()
if idErr != nil {
Expand Down
3 changes: 1 addition & 2 deletions internal/pkg/users/users_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ package users

import (
"os/exec"
"os/user"
"runtime"
"testing"

Expand All @@ -37,7 +36,7 @@ func TestGetUID(t *testing.T) {

uid, err = LookupUID("some-non-existing-user")
if assert.Error(t, err, "Got a UID for some-non-existing-user?") {
assert.ErrorIs(t, err, user.UnknownUserError("some-non-existing-user"))
assert.ErrorIs(t, err, ErrNotExist)
var exitErr *exec.ExitError
assert.ErrorAs(t, err, &exitErr, "expected external `id` to return an error")
assert.Equal(t, UnknownUID, uid)
Expand Down
1 change: 1 addition & 0 deletions pkg/component/controller/apiserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ func (a *APIServer) Init(_ context.Context) error {
var err error
a.uid, err = users.LookupUID(constant.ApiserverUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
a.uid = users.RootUID
logrus.WithError(err).Warn("Running Kubernetes API server as root")
}
Expand Down
2 changes: 2 additions & 0 deletions pkg/component/controller/controllermanager.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package controller

import (
"context"
"fmt"
"os"
"path"
"path/filepath"
Expand Down Expand Up @@ -69,6 +70,7 @@ func (a *Manager) Init(_ context.Context) error {
// controller manager running as api-server user as they both need access to same sa.key
a.uid, err = users.LookupUID(constant.ApiserverUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
a.uid = users.RootUID
logrus.WithError(err).Warn("Running Kubernetes controller manager as root")
}
Expand Down
1 change: 1 addition & 0 deletions pkg/component/controller/cplb_unix.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ func (k *Keepalived) Init(_ context.Context) error {
var err error
k.uid, err = users.LookupUID(constant.KeepalivedUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KeepalivedUser, err)
k.uid = users.RootUID
k.log.WithError(err).Warn("Running keepalived as root")
}
Expand Down
2 changes: 2 additions & 0 deletions pkg/component/controller/etcd.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ func (e *Etcd) Init(_ context.Context) error {

e.uid, err = users.LookupUID(constant.EtcdUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.EtcdUser, err)
e.uid = users.RootUID
logrus.WithError(err).Warn("Running etcd as root, files with key material for etcd user will be owned by root")
}
Expand Down Expand Up @@ -264,6 +265,7 @@ func (e *Etcd) setupCerts(ctx context.Context) error {

uid, err := users.LookupUID(constant.ApiserverUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
uid = users.RootUID
logrus.WithError(err).Warn("Files with key material for kube-apiserver user will be owned by root")
}
Expand Down
1 change: 1 addition & 0 deletions pkg/component/controller/kine.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ func (k *Kine) Init(_ context.Context) error {
var err error
k.uid, err = users.LookupUID(constant.KineUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KineUser, err)
k.uid = users.RootUID
logrus.WithError(err).Warn("Running kine as root")
}
Expand Down
1 change: 1 addition & 0 deletions pkg/component/controller/konnectivity.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ func (k *Konnectivity) Init(ctx context.Context) error {
var err error
k.uid, err = users.LookupUID(constant.KonnectivityServerUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KonnectivityServerUser, err)
k.uid = users.RootUID
k.EmitWithPayload("error getting UID for", err)
logrus.WithError(err).Warn("Running konnectivity as root")
Expand Down
2 changes: 2 additions & 0 deletions pkg/component/controller/scheduler.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package controller

import (
"context"
"fmt"
"path/filepath"

"github.com/sirupsen/logrus"
Expand Down Expand Up @@ -53,6 +54,7 @@ func (a *Scheduler) Init(_ context.Context) error {
var err error
a.uid, err = users.LookupUID(constant.SchedulerUser)
if err != nil {
err = fmt.Errorf("failed to lookup UID for %q: %w", constant.SchedulerUser, err)
a.uid = users.RootUID
logrus.WithError(err).Warn("Running kube-scheduler as root")
}
Expand Down
3 changes: 1 addition & 2 deletions pkg/install/users.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ package install
import (
"errors"
"os/exec"
"os/user"
"slices"

"github.com/sirupsen/logrus"
Expand All @@ -35,7 +34,7 @@ func EnsureControllerUsers(systemUsers *v1beta1.SystemUser, homeDir string) erro
var errs []error
for _, userName := range getControllerUserNames(systemUsers) {
_, err := users.LookupUID(userName)
if errors.Is(err, user.UnknownUserError(userName)) {
if errors.Is(err, users.ErrNotExist) {
if shell == "" {
shell, err = nologinShell()
if err != nil {
Expand Down

0 comments on commit 16e73f5

Please sign in to comment.