buildah/connection add support of specific user (#42)

Add possibility to use a specific user, either defined by --user argument on command line, or ansible_user, to connect to containers. It is inspired from https://github.com/containers/ansible-podman-collections/pull/19 the equivalent for podman connection. It was laso required to change the method to put file, from a mount mechanism, to the buildah copy function, to allow to set correctly the permissions of pushed files. Fixes: containers/ansible-podman-collections#25 Co-authored-by: Simon Brée <simon.bree@intersec.com>
2026-02-04 07:11:49 +00:00 · 2020-05-15 22:36:24 +02:00 · 2020-05-15 22:36:24 +02:00 · 1c3d2456b7
commit 1c3d2456b7
parent 804b60e4fd
2 changed files with 28 additions and 5 deletions
--- a/plugins/connection/buildah.py
+++ b/plugins/connection/buildah.py
@ -88,10 +88,28 @@ class Connection(ConnectionBase):
        :param outfile_stdout: file for writing STDOUT to
        :return: return code, stdout, stderr
        """
-        local_cmd = ['buildah', cmd, '--', self._container_id]
+        buildah_exec = 'buildah'
+        local_cmd = [buildah_exec]
+
+        if isinstance(cmd, str):
+            local_cmd.append(cmd)
+        else:
+            local_cmd.extend(cmd)
+        if self.user and self.user != 'root':
+            if cmd == 'run':
+                local_cmd.extend(("--user", self.user))
+            elif cmd == 'copy':
+                local_cmd.extend(("--chown", self.user))
+        local_cmd.append(self._container_id)
+
        if cmd_args:
-            local_cmd += cmd_args
-        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
+            if isinstance(cmd_args, str):
+                local_cmd.append(cmd_args)
+            else:
+                local_cmd.extend(cmd_args)
+
+        local_cmd = [to_bytes(i, errors='surrogate_or_strict')
+                     for i in local_cmd]

        display.vvv("RUN %s" % (local_cmd,), host=self._container_id)
        if outfile_stdout:
@ -140,7 +158,7 @@ class Connection(ConnectionBase):
        """ Place a local file located in 'in_path' inside container at 'out_path' """
        super(Connection, self).put_file(in_path, out_path)
        display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._container_id)
-        if not self._mount_point:
+        if not self._mount_point or self.user:
            rc, stdout, stderr = self._buildah(
                "copy", [in_path, out_path])
            if rc != 0:
--- a/tests/integration/targets/connection_buildah/runme.sh
+++ b/tests/integration/targets/connection_buildah/runme.sh
@ -12,8 +12,13 @@ function run_ansible {

 }

+# First run as root
 run_ansible "$@"

-ANSIBLE_VERBOSITY=4 ANSIBLE_REMOTE_USER="1000" run_ansible "$@" | tee check_log
+# Create a normal user
+${SUDO:-} ansible all -i "test_connection.inventory" -m "user" -a 'name="testuser"'
+
+# Second run as normal user
+ANSIBLE_VERBOSITY=4 ANSIBLE_REMOTE_USER="testuser" run_ansible "$@" | tee check_log
 ${SUDO:-} grep -q "Using buildah connection from collection" check_log
 ${SUDO:-} rm -f check_log