feat: container runtime expose runAs into task specs

scc-digitalhub · Dec 10, 2024 · ad0a6d6 · ad0a6d6
1 parent ae97821
commit ad0a6d6
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 0 deletions.
diff --git a/...c/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerDeployRunner.java b/...c/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerDeployRunner.java
@@ -114,6 +114,8 @@ public K8sDeploymentRunnable produce(Run run) {
             .template(taskSpec.getProfile())
             //securityContext
             .fsGroup(taskSpec.getFsGroup())
+            .runAsGroup(taskSpec.getRunAsGroup())
+            .runAsUser(taskSpec.getRunAsUser())
             //specific
             .contextRefs(contextRefs)
             .contextSources(contextSources)

diff --git a/.../src/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerJobRunner.java b/.../src/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerJobRunner.java
@@ -113,6 +113,8 @@ public K8sRunnable produce(Run run) {
             .template(taskSpec.getProfile())
             //securityContext
             .fsGroup(taskSpec.getFsGroup())
+            .runAsGroup(taskSpec.getRunAsGroup())
+            .runAsUser(taskSpec.getRunAsUser())
             //specific
             .contextRefs(contextRefs)
             .contextSources(contextSources)
@@ -143,6 +145,8 @@ public K8sRunnable produce(Run run) {
                     .template(taskSpec.getProfile())
                     //securityContext
                     .fsGroup(taskSpec.getFsGroup())
+                    .runAsGroup(taskSpec.getRunAsGroup())
+                    .runAsUser(taskSpec.getRunAsUser())
                     //specific
                     .contextRefs(contextRefs)
                     .contextSources(contextSources)

diff --git a/...rc/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerServeRunner.java b/...rc/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerServeRunner.java
@@ -111,6 +111,8 @@ public K8sServeRunnable produce(Run run) {
             .template(taskSpec.getProfile())
             //securityContext
             .fsGroup(taskSpec.getFsGroup())
+            .runAsGroup(taskSpec.getRunAsGroup())
+            .runAsUser(taskSpec.getRunAsUser())
             //specific
             .contextRefs(contextRefs)
             .contextSources(contextSources)

diff --git a/...c/main/java/it/smartcommunitylabdhub/runtime/container/specs/ContainerDeployTaskSpec.java b/...c/main/java/it/smartcommunitylabdhub/runtime/container/specs/ContainerDeployTaskSpec.java
@@ -1,5 +1,6 @@
 package it.smartcommunitylabdhub.runtime.container.specs;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
 import it.smartcommunitylabdhub.commons.annotations.common.SpecType;
 import it.smartcommunitylabdhub.commons.models.entities.EntityName;
 import it.smartcommunitylabdhub.framework.k8s.base.K8sFunctionTaskBaseSpec;
@@ -22,9 +23,18 @@ public class ContainerDeployTaskSpec extends K8sFunctionTaskBaseSpec {
     @Min(1)
     private Integer replicas;
 
+    @JsonProperty("fs_group")
     @Min(1)
     private Integer fsGroup;
 
+    @JsonProperty("run_as_user")
+    @Min(1)
+    private Integer runAsUser;
+
+    @JsonProperty("run_as_group")
+    @Min(1)
+    private Integer runAsGroup;
+
     public ContainerDeployTaskSpec(Map<String, Serializable> data) {
         configure(data);
     }
@@ -35,5 +45,8 @@ public void configure(Map<String, Serializable> data) {
 
         ContainerDeployTaskSpec spec = mapper.convertValue(data, ContainerDeployTaskSpec.class);
         this.replicas = spec.getReplicas();
+        this.fsGroup = spec.getFsGroup();
+        this.runAsGroup = spec.getRunAsUser();
+        this.runAsGroup = spec.getRunAsGroup();
     }
 }
diff --git a/.../src/main/java/it/smartcommunitylabdhub/runtime/container/specs/ContainerJobTaskSpec.java b/.../src/main/java/it/smartcommunitylabdhub/runtime/container/specs/ContainerJobTaskSpec.java
@@ -35,6 +35,14 @@ public class ContainerJobTaskSpec extends K8sFunctionTaskBaseSpec {
     @Min(1)
     private Integer fsGroup;
 
+    @JsonProperty("run_as_user")
+    @Min(1)
+    private Integer runAsUser;
+
+    @JsonProperty("run_as_group")
+    @Min(1)
+    private Integer runAsGroup;
+
     public ContainerJobTaskSpec(Map<String, Serializable> data) {
         configure(data);
     }
@@ -47,5 +55,7 @@ public void configure(Map<String, Serializable> data) {
         this.backoffLimit = spec.getBackoffLimit();
         this.schedule = spec.getSchedule();
         this.fsGroup = spec.getFsGroup();
+        this.runAsGroup = spec.getRunAsUser();
+        this.runAsGroup = spec.getRunAsGroup();
     }
 }