From 16e73f560b75aee8617673b51021b7225aa7cc11 Mon Sep 17 00:00:00 2001
From: Tom Wieczorek <twieczorek@mirantis.com>
Date: Wed, 10 Apr 2024 12:51:15 +0200
Subject: [PATCH] Introduce users.ErrNotFound

Makes the errors.Is() checks nicer. On the contrary, the error message
won't contain the user name anymore. Wrap the error accordingly on the
caller side instead.

Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
---
 cmd/controller/certificates.go                | 3 +++
 internal/pkg/users/users.go                   | 8 ++++++--
 internal/pkg/users/users_test.go              | 3 +--
 pkg/component/controller/apiserver.go         | 1 +
 pkg/component/controller/controllermanager.go | 2 ++
 pkg/component/controller/cplb_unix.go         | 1 +
 pkg/component/controller/etcd.go              | 2 ++
 pkg/component/controller/kine.go              | 1 +
 pkg/component/controller/konnectivity.go      | 1 +
 pkg/component/controller/scheduler.go         | 2 ++
 pkg/install/users.go                          | 3 +--
 11 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/cmd/controller/certificates.go b/cmd/controller/certificates.go
index efb61d225b01..57402a00dba9 100644
--- a/cmd/controller/certificates.go
+++ b/cmd/controller/certificates.go
@@ -69,6 +69,7 @@ func (c *Certificates) Init(ctx context.Context) error {
 
 	apiServerUID, err := users.LookupUID(constant.ApiserverUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
 		apiServerUID = users.RootUID
 		logrus.WithError(err).Warn("Files with key material for kube-apiserver user will be owned by root")
 	}
@@ -126,6 +127,7 @@ func (c *Certificates) Init(ctx context.Context) error {
 
 		uid, err := users.LookupUID(constant.KonnectivityServerUser)
 		if err != nil {
+			err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KonnectivityServerUser, err)
 			uid = users.RootUID
 			logrus.WithError(err).Warn("Files with key material for konnectivity-server user will be owned by root")
 		}
@@ -165,6 +167,7 @@ func (c *Certificates) Init(ctx context.Context) error {
 
 		uid, err := users.LookupUID(constant.SchedulerUser)
 		if err != nil {
+			err = fmt.Errorf("failed to lookup UID for %q: %w", constant.SchedulerUser, err)
 			uid = users.RootUID
 			logrus.WithError(err).Warn("Files with key material for kube-scheduler user will be owned by root")
 		}
diff --git a/internal/pkg/users/users.go b/internal/pkg/users/users.go
index 05a5ec24c874..077b24c85b2a 100644
--- a/internal/pkg/users/users.go
+++ b/internal/pkg/users/users.go
@@ -38,9 +38,11 @@ const (
 	RootUID = 0 // User ID of the root user
 )
 
+var ErrNotExist = errors.New("user does not exist")
+
 // Lookup looks up a user's UID by username. If the user cannot be found, the
-// returned error is of type [user.UnknownUserError]. If an error is returned,
-// the returned UID will be [UnknownUID].
+// returned error is [ErrNotExist]. If an error is returned, the returned UID
+// will be [UnknownUID].
 func LookupUID(name string) (int, error) {
 	var uid string
 
@@ -49,6 +51,8 @@ func LookupUID(name string) (int, error) {
 			return UnknownUID, err
 		}
 
+		err = ErrNotExist
+
 		// fallback to call external `id` in case NSS is used
 		out, idErr := exec.Command("id", "-u", name).Output()
 		if idErr != nil {
diff --git a/internal/pkg/users/users_test.go b/internal/pkg/users/users_test.go
index 29a730e017f8..befd9c6d84b8 100644
--- a/internal/pkg/users/users_test.go
+++ b/internal/pkg/users/users_test.go
@@ -18,7 +18,6 @@ package users
 
 import (
 	"os/exec"
-	"os/user"
 	"runtime"
 	"testing"
 
@@ -37,7 +36,7 @@ func TestGetUID(t *testing.T) {
 
 	uid, err = LookupUID("some-non-existing-user")
 	if assert.Error(t, err, "Got a UID for some-non-existing-user?") {
-		assert.ErrorIs(t, err, user.UnknownUserError("some-non-existing-user"))
+		assert.ErrorIs(t, err, ErrNotExist)
 		var exitErr *exec.ExitError
 		assert.ErrorAs(t, err, &exitErr, "expected external `id` to return an error")
 		assert.Equal(t, UnknownUID, uid)
diff --git a/pkg/component/controller/apiserver.go b/pkg/component/controller/apiserver.go
index 07b22dfbbfa1..4c2c635b9351 100644
--- a/pkg/component/controller/apiserver.go
+++ b/pkg/component/controller/apiserver.go
@@ -90,6 +90,7 @@ func (a *APIServer) Init(_ context.Context) error {
 	var err error
 	a.uid, err = users.LookupUID(constant.ApiserverUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
 		a.uid = users.RootUID
 		logrus.WithError(err).Warn("Running Kubernetes API server as root")
 	}
diff --git a/pkg/component/controller/controllermanager.go b/pkg/component/controller/controllermanager.go
index 67b68112043c..24cdbb1683a9 100644
--- a/pkg/component/controller/controllermanager.go
+++ b/pkg/component/controller/controllermanager.go
@@ -18,6 +18,7 @@ package controller
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"path"
 	"path/filepath"
@@ -69,6 +70,7 @@ func (a *Manager) Init(_ context.Context) error {
 	// controller manager running as api-server user as they both need access to same sa.key
 	a.uid, err = users.LookupUID(constant.ApiserverUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
 		a.uid = users.RootUID
 		logrus.WithError(err).Warn("Running Kubernetes controller manager as root")
 	}
diff --git a/pkg/component/controller/cplb_unix.go b/pkg/component/controller/cplb_unix.go
index 7017e432cc20..a43ea2525890 100644
--- a/pkg/component/controller/cplb_unix.go
+++ b/pkg/component/controller/cplb_unix.go
@@ -71,6 +71,7 @@ func (k *Keepalived) Init(_ context.Context) error {
 	var err error
 	k.uid, err = users.LookupUID(constant.KeepalivedUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KeepalivedUser, err)
 		k.uid = users.RootUID
 		k.log.WithError(err).Warn("Running keepalived as root")
 	}
diff --git a/pkg/component/controller/etcd.go b/pkg/component/controller/etcd.go
index d038fca2c574..530e940d9cd0 100644
--- a/pkg/component/controller/etcd.go
+++ b/pkg/component/controller/etcd.go
@@ -71,6 +71,7 @@ func (e *Etcd) Init(_ context.Context) error {
 
 	e.uid, err = users.LookupUID(constant.EtcdUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.EtcdUser, err)
 		e.uid = users.RootUID
 		logrus.WithError(err).Warn("Running etcd as root, files with key material for etcd user will be owned by root")
 	}
@@ -264,6 +265,7 @@ func (e *Etcd) setupCerts(ctx context.Context) error {
 
 		uid, err := users.LookupUID(constant.ApiserverUser)
 		if err != nil {
+			err = fmt.Errorf("failed to lookup UID for %q: %w", constant.ApiserverUser, err)
 			uid = users.RootUID
 			logrus.WithError(err).Warn("Files with key material for kube-apiserver user will be owned by root")
 		}
diff --git a/pkg/component/controller/kine.go b/pkg/component/controller/kine.go
index 2d74032ba7dc..5e2c36dd8bb3 100644
--- a/pkg/component/controller/kine.go
+++ b/pkg/component/controller/kine.go
@@ -59,6 +59,7 @@ func (k *Kine) Init(_ context.Context) error {
 	var err error
 	k.uid, err = users.LookupUID(constant.KineUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KineUser, err)
 		k.uid = users.RootUID
 		logrus.WithError(err).Warn("Running kine as root")
 	}
diff --git a/pkg/component/controller/konnectivity.go b/pkg/component/controller/konnectivity.go
index e49f933168cd..72eb76b7a77b 100644
--- a/pkg/component/controller/konnectivity.go
+++ b/pkg/component/controller/konnectivity.go
@@ -67,6 +67,7 @@ func (k *Konnectivity) Init(ctx context.Context) error {
 	var err error
 	k.uid, err = users.LookupUID(constant.KonnectivityServerUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.KonnectivityServerUser, err)
 		k.uid = users.RootUID
 		k.EmitWithPayload("error getting UID for", err)
 		logrus.WithError(err).Warn("Running konnectivity as root")
diff --git a/pkg/component/controller/scheduler.go b/pkg/component/controller/scheduler.go
index c5aa7c8bdba4..88a7490417ef 100644
--- a/pkg/component/controller/scheduler.go
+++ b/pkg/component/controller/scheduler.go
@@ -18,6 +18,7 @@ package controller
 
 import (
 	"context"
+	"fmt"
 	"path/filepath"
 
 	"github.com/sirupsen/logrus"
@@ -53,6 +54,7 @@ func (a *Scheduler) Init(_ context.Context) error {
 	var err error
 	a.uid, err = users.LookupUID(constant.SchedulerUser)
 	if err != nil {
+		err = fmt.Errorf("failed to lookup UID for %q: %w", constant.SchedulerUser, err)
 		a.uid = users.RootUID
 		logrus.WithError(err).Warn("Running kube-scheduler as root")
 	}
diff --git a/pkg/install/users.go b/pkg/install/users.go
index 0586ab3ab8d9..9a85ec83aeaf 100644
--- a/pkg/install/users.go
+++ b/pkg/install/users.go
@@ -19,7 +19,6 @@ package install
 import (
 	"errors"
 	"os/exec"
-	"os/user"
 	"slices"
 
 	"github.com/sirupsen/logrus"
@@ -35,7 +34,7 @@ func EnsureControllerUsers(systemUsers *v1beta1.SystemUser, homeDir string) erro
 	var errs []error
 	for _, userName := range getControllerUserNames(systemUsers) {
 		_, err := users.LookupUID(userName)
-		if errors.Is(err, user.UnknownUserError(userName)) {
+		if errors.Is(err, users.ErrNotExist) {
 			if shell == "" {
 				shell, err = nologinShell()
 				if err != nil {