Make zap's and browserker's uid configurable at build time
What are the relevant issue numbers?
What does this MR do?
allows zap
and browserker
user's uid
to be configured at image build time.
Why?
when you mount a volume with docker
, the uid
of the files and directories remain the same as those on the host. as a result, you may not be able to to write to those files or directories when you mount them. this issue is manifest on my local development environment which uses docker-machine
and virtualbox and i've also been able to reproduce it on a fresh debian installation on a vm.
How to test
$ ZAP_UID=1000 BROWSERKER_UID=1001 invoke dast.build --set-zap-and-browserker-uid
Demo
running on fresh debian vm.
Before
pcunningham@pcunningham-ubuntu-docker-test-env:~/dast$ id -u
1048
pcunningham@pcunningham-ubuntu-docker-test-env:~/dast$ docker run -it --rm -v "${PWD}":/zap/wrk dast /bin/bash
zap@5e050ed1425c:/output$ id -u
1001
zap@5e050ed1425c:/output$ ls -la /zap/wrk/
total 144
drwxr-xr-x 12 1048 1049 4096 Nov 26 03:51 .
drwxrwxrwx 1 zap zap 4096 Nov 26 03:52 ..
-rw-r--r-- 1 1048 1049 206 Nov 26 03:48 .editorconfig
-rw-r--r-- 1 1048 1049 97 Nov 26 03:48 .flake8
drwxr-xr-x 8 1048 1049 4096 Nov 26 03:51 .git
-rw-r--r-- 1 1048 1049 1378 Nov 26 03:48 .gitignore
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 .gitlab
-rw-r--r-- 1 1048 1049 7245 Nov 26 03:48 .gitlab-ci.yml
-rw-r--r-- 1 1048 1049 2310 Nov 26 03:48 .markdownlint.json
-rw-r--r-- 1 1048 1049 6 Nov 26 03:48 .python-version
-rw-r--r-- 1 1048 1049 14382 Nov 26 03:51 CHANGELOG.md
-rw-r--r-- 1 1048 1049 1514 Nov 26 03:48 CONTRIBUTING.md
-rw-r--r-- 1 1048 1049 9271 Nov 26 03:51 Dockerfile
-rw-r--r-- 1 1048 1049 2210 Nov 26 03:48 LICENSE
-rw-r--r-- 1 1048 1049 4488 Nov 26 03:48 README.md
-rwxr-xr-x 1 1048 1049 547 Nov 26 03:48 analyze
-rwxr-xr-x 1 1048 1049 182 Nov 26 03:48 analyze.py
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 artifacts
drwxr-xr-x 3 1048 1049 4096 Nov 26 03:51 doc
-rw-r--r-- 1 1048 1049 0 Nov 26 03:50 hello-world
drwxr-xr-x 7 1048 1049 4096 Nov 26 03:48 lib
-rw-r--r-- 1 1048 1049 159 Nov 26 03:48 mypy.ini
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 profiling
-rw-r--r-- 1 1048 1049 300 Nov 26 03:48 requirements-test.txt
-rw-r--r-- 1 1048 1049 200 Nov 26 03:48 requirements.txt
drwxr-xr-x 4 1048 1049 4096 Nov 26 03:48 resources
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 scripts
drwxr-xr-x 7 1048 1049 4096 Nov 26 03:48 src
-rwxr-xr-x 1 1048 1049 305 Nov 26 03:48 tasks.py
drwxr-xr-x 6 1048 1049 4096 Nov 26 03:48 test
zap@5e050ed1425c:/output$ ls -ln /zap/wrk/
total 100
-rw-r--r-- 1 1048 1049 14382 Nov 26 03:51 CHANGELOG.md
-rw-r--r-- 1 1048 1049 1514 Nov 26 03:48 CONTRIBUTING.md
-rw-r--r-- 1 1048 1049 9271 Nov 26 03:51 Dockerfile
-rw-r--r-- 1 1048 1049 2210 Nov 26 03:48 LICENSE
-rw-r--r-- 1 1048 1049 4488 Nov 26 03:48 README.md
-rwxr-xr-x 1 1048 1049 547 Nov 26 03:48 analyze
-rwxr-xr-x 1 1048 1049 182 Nov 26 03:48 analyze.py
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 artifacts
drwxr-xr-x 3 1048 1049 4096 Nov 26 03:51 doc
-rw-r--r-- 1 1048 1049 0 Nov 26 03:50 hello-world
drwxr-xr-x 7 1048 1049 4096 Nov 26 03:48 lib
-rw-r--r-- 1 1048 1049 159 Nov 26 03:48 mypy.ini
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 profiling
-rw-r--r-- 1 1048 1049 300 Nov 26 03:48 requirements-test.txt
-rw-r--r-- 1 1048 1049 200 Nov 26 03:48 requirements.txt
drwxr-xr-x 4 1048 1049 4096 Nov 26 03:48 resources
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 scripts
drwxr-xr-x 7 1048 1049 4096 Nov 26 03:48 src
-rwxr-xr-x 1 1048 1049 305 Nov 26 03:48 tasks.py
drwxr-xr-x 6 1048 1049 4096 Nov 26 03:48 test
zap@5e050ed1425c:/output$ touch /zap/wrk/hello-world
touch: cannot touch '/zap/wrk/hello-world': Permission denied
After
zap@ab0f41e007ca:/output$ id -u
1048
zap@ab0f41e007ca:/output$ ls -la /zap/wrk/
total 164
drwxr-xr-x 12 zap 1049 4096 Nov 30 06:06 .
drwxrwxrwx 1 zap zap 4096 Nov 30 06:13 ..
-rw-r--r-- 1 zap 1049 206 Nov 26 03:48 .editorconfig
-rw-r--r-- 1 zap 1049 97 Nov 26 03:48 .flake8
drwxr-xr-x 8 zap 1049 4096 Nov 30 06:06 .git
-rw-r--r-- 1 zap 1049 1378 Nov 26 03:48 .gitignore
drwxr-xr-x 2 zap 1049 4096 Nov 26 03:48 .gitlab
-rw-r--r-- 1 zap 1049 7245 Nov 26 03:48 .gitlab-ci.yml
-rw-r--r-- 1 zap 1049 2310 Nov 26 03:48 .markdownlint.json
-rw-r--r-- 1 zap 1049 6 Nov 26 03:48 .python-version
-rw-r--r-- 1 zap 1049 14442 Nov 30 06:06 CHANGELOG.md
-rw-r--r-- 1 zap 1049 1514 Nov 26 03:48 CONTRIBUTING.md
-rw-r--r-- 1 zap 1049 9441 Nov 30 06:06 Dockerfile
-rw-r--r-- 1 zap 1049 2210 Nov 26 03:48 LICENSE
-rw-r--r-- 1 zap 1049 4488 Nov 26 03:48 README.md
-rw-r--r-- 1 zap 1049 4137 Nov 26 05:01 addons.json
-rwxr-xr-x 1 zap 1049 547 Nov 26 03:48 analyze
-rwxr-xr-x 1 zap 1049 182 Nov 26 03:48 analyze.py
drwxr-xr-x 2 zap 1049 4096 Nov 26 03:48 artifacts
-rwxr-xr-x 1 zap 1049 8382 Nov 27 04:43 bash_unit
drwxr-xr-x 3 zap 1049 4096 Nov 30 06:06 doc
-rw-r--r-- 1 zap 1049 0 Nov 26 04:46 hello
-rw-r--r-- 1 zap 1049 0 Nov 26 03:50 hello-world
drwxr-xr-x 7 zap 1049 4096 Nov 26 03:48 lib
-rw-r--r-- 1 zap 1049 159 Nov 26 03:48 mypy.ini
drwxr-xr-x 2 zap 1049 4096 Nov 30 03:49 profiling
-rw-r--r-- 1 zap 1049 300 Nov 26 03:48 requirements-test.txt
-rw-r--r-- 1 zap 1049 200 Nov 26 03:48 requirements.txt
drwxr-xr-x 4 zap 1049 4096 Nov 26 03:48 resources
drwxr-xr-x 2 zap 1049 4096 Nov 30 05:54 scripts
drwxr-xr-x 7 zap 1049 4096 Nov 26 03:48 src
-rwxr-xr-x 1 zap 1049 305 Nov 26 03:48 tasks.py
drwxr-xr-x 6 zap 1049 4096 Nov 26 03:48 test
zap@ab0f41e007ca:/output$ ls -ln /zap/wrk/
total 120
-rw-r--r-- 1 1048 1049 14442 Nov 30 06:06 CHANGELOG.md
-rw-r--r-- 1 1048 1049 1514 Nov 26 03:48 CONTRIBUTING.md
-rw-r--r-- 1 1048 1049 9441 Nov 30 06:06 Dockerfile
-rw-r--r-- 1 1048 1049 2210 Nov 26 03:48 LICENSE
-rw-r--r-- 1 1048 1049 4488 Nov 26 03:48 README.md
-rw-r--r-- 1 1048 1049 4137 Nov 26 05:01 addons.json
-rwxr-xr-x 1 1048 1049 547 Nov 26 03:48 analyze
-rwxr-xr-x 1 1048 1049 182 Nov 26 03:48 analyze.py
drwxr-xr-x 2 1048 1049 4096 Nov 26 03:48 artifacts
-rwxr-xr-x 1 1048 1049 8382 Nov 27 04:43 bash_unit
drwxr-xr-x 3 1048 1049 4096 Nov 30 06:06 doc
-rw-r--r-- 1 1048 1049 0 Nov 26 04:46 hello
-rw-r--r-- 1 1048 1049 0 Nov 26 03:50 hello-world
drwxr-xr-x 7 1048 1049 4096 Nov 26 03:48 lib
-rw-r--r-- 1 1048 1049 159 Nov 26 03:48 mypy.ini
drwxr-xr-x 2 1048 1049 4096 Nov 30 03:49 profiling
-rw-r--r-- 1 1048 1049 300 Nov 26 03:48 requirements-test.txt
-rw-r--r-- 1 1048 1049 200 Nov 26 03:48 requirements.txt
drwxr-xr-x 4 1048 1049 4096 Nov 26 03:48 resources
drwxr-xr-x 2 1048 1049 4096 Nov 30 05:54 scripts
drwxr-xr-x 7 1048 1049 4096 Nov 26 03:48 src
-rwxr-xr-x 1 1048 1049 305 Nov 26 03:48 tasks.py
drwxr-xr-x 6 1048 1049 4096 Nov 26 03:48 test
zap@ab0f41e007ca:/output$ touch /zap/wrk/hello-world
zap@ab0f41e007ca:/output$ ls -la /zap/wrk/hello-world
-rw-r--r-- 1 zap 1049 0 Nov 30 06:14 /zap/wrk/hello-world
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Philip Cunningham