From 727e24f365ce9465138b7ba15f3390e056bf4b9a Mon Sep 17 00:00:00 2001 From: Khris Richardson Date: Tue, 15 Jun 2021 12:29:59 -0700 Subject: [PATCH 1/3] append AsCurrentUser to FnPluginLoadingOptions --- api/internal/plugins/fnplugin/fnplugin.go | 1 + api/types/pluginrestrictions.go | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/api/internal/plugins/fnplugin/fnplugin.go b/api/internal/plugins/fnplugin/fnplugin.go index ddd980d74..76be4b076 100644 --- a/api/internal/plugins/fnplugin/fnplugin.go +++ b/api/internal/plugins/fnplugin/fnplugin.go @@ -78,6 +78,7 @@ func NewFnPlugin(o *types.FnPluginLoadingOptions) *FnPlugin { EnableExec: o.EnableExec, StorageMounts: toStorageMounts(o.Mounts), Env: o.Env, + AsCurrentUser: o.AsCurrentUser, }, } } diff --git a/api/types/pluginrestrictions.go b/api/types/pluginrestrictions.go index 6dae63a97..b1ab2221f 100644 --- a/api/types/pluginrestrictions.go +++ b/api/types/pluginrestrictions.go @@ -42,7 +42,7 @@ const ( BploLoadFromFileSys ) -// FnPluginLoadingOptions set way functions-based pluing are restricted +// FnPluginLoadingOptions set way functions-based plugins are restricted type FnPluginLoadingOptions struct { // Allow to run executables EnableExec bool @@ -55,4 +55,6 @@ type FnPluginLoadingOptions struct { Mounts []string // list of env variables to pass to fn Env []string + // Run as uid and gid of the command executor + AsCurrentUser bool } From 2e674337b32e4faef594576d3360f11999238023 Mon Sep 17 00:00:00 2001 From: Khris Richardson Date: Tue, 15 Jun 2021 12:30:17 -0700 Subject: [PATCH 2/3] expose --as-current-user via GetRunFnRunner --- cmd/config/internal/commands/run-fns.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/config/internal/commands/run-fns.go b/cmd/config/internal/commands/run-fns.go index 3222a0e3b..a28e0b2b9 100644 --- a/cmd/config/internal/commands/run-fns.go +++ b/cmd/config/internal/commands/run-fns.go @@ -72,7 +72,7 @@ func GetRunFnRunner(name string) *RunFnRunner { &r.Env, "env", "e", []string{}, "a list of environment variables to be used by functions") r.Command.Flags().BoolVar( - &r.AsCurrentUser, "as-current-user", false, "use the uid and gid that kpt is running with to run the function in the container") + &r.AsCurrentUser, "as-current-user", false, "use the uid and gid of the command executor to run the function in the container") return r } From c19a972739627baea316f735fdf5a9dd8e1cef54 Mon Sep 17 00:00:00 2001 From: Khris Richardson Date: Tue, 15 Jun 2021 12:30:37 -0700 Subject: [PATCH 3/3] expose --as-current-user via AddFunctionBasicsFlags --- kustomize/commands/build/flagsforfunctions.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kustomize/commands/build/flagsforfunctions.go b/kustomize/commands/build/flagsforfunctions.go index 2ece5d392..8b22f5a20 100644 --- a/kustomize/commands/build/flagsforfunctions.go +++ b/kustomize/commands/build/flagsforfunctions.go @@ -20,6 +20,9 @@ func AddFunctionBasicsFlags(set *pflag.FlagSet) { set.StringArrayVarP( &theFlags.fnOptions.Env, "env", "e", []string{}, "a list of environment variables to be used by functions") + set.BoolVar( + &theFlags.fnOptions.AsCurrentUser, "as-current-user", false, + "use the uid and gid of the command executor to run the function in the container") } func AddFunctionAlphaEnablementFlags(set *pflag.FlagSet) {