use 65534 user in dockerfile and fix unmarshal error

Signed-off-by: sayedppqq <sayed@appscode.com>
stashed · Feb 19, 2025 · 2f6c500 · 2f6c500
1 parent 3564b74
commit 2f6c500
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 29 deletions.
diff --git a/Dockerfile.in b/Dockerfile.in
@@ -35,7 +35,6 @@ LABEL org.opencontainers.image.source https://github.com/stashed/mongodb
 COPY --from=0 /restic /bin/restic
 COPY bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN}
 
-# https://github.com/docker-library/mongo/blob/master/6.0/Dockerfile#L12
-USER 999
+USER 65534
 
 ENTRYPOINT ["/{ARG_BIN}"]
diff --git a/pkg/backup.go b/pkg/backup.go
@@ -848,41 +848,41 @@ func enableBalancer(mongosHost string) error {
 }
 
 func checkRoleExists(mongoDSN string) (bool, error) {
-	v := make(map[string]interface{})
 	args := append([]interface{}{
 		"admin",
 		"--host", mongoDSN,
 		"--quiet",
 		"--eval", `JSON.stringify(db.getRole("` + StashRoleName + `"))`,
 	}, mongoCreds...)
-	if err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").UnmarshalJSON(&v); err != nil {
+	output, err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
+	if err != nil {
 		return false, err
 	}
 
-	if val, ok := v["role"].(string); ok && string(val) == StashRoleName {
-		return true, nil
+	if strings.Contains(string(output), "null") {
+		return false, nil
 	}
 
-	return false, nil
+	return true, nil
 }
 
 func checkUserExists(mongoDSN string) (bool, error) {
-	v := make(map[string]interface{})
 	args := append([]interface{}{
 		"admin",
 		"--host", mongoDSN,
 		"--quiet",
 		"--eval", `JSON.stringify(db.getUser("` + StashUserName + `"))`,
 	}, mongoCreds...)
-	if err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").UnmarshalJSON(&v); err != nil {
+	output, err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
+	if err != nil {
 		return false, err
 	}
 
-	if val, ok := v["user"].(string); ok && string(val) == StashUserName {
-		return true, nil
+	if strings.Contains(string(output), "null") {
+		return false, nil
 	}
 
-	return false, nil
+	return true, nil
 }
 
 func createStashRoleAndUser(mongoDSN string, pass string) error {
@@ -910,7 +910,18 @@ func createStashBackupRole(mongoDSN string) error {
 			"--eval", `JSON.stringify(db.runCommand({createRole: "` + StashRoleName + `",privileges:[{resource:{db:"config",collection:"system.preimages"},actions:["find"]},{resource:{db:"config",collection:"system.sharding_ddl_coordinators"},actions:["find"]},{resource:{db:"config",collection:"system.*"},actions:["find"]}],roles: []}))`,
 		}, mongoCreds...)
 
-		if err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").UnmarshalJSON(&v); err != nil {
+		output, err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
+		if err != nil {
+			return err
+		}
+
+		output, err = extractJSON(string(output))
+		if err != nil {
+			return err
+		}
+
+		err = json.Unmarshal(output, &v)
+		if err != nil {
 			return err
 		}
 
@@ -937,7 +948,18 @@ func createStashBackupUser(mongoDSN string, pass string) error {
 			"--quiet",
 			"--eval", `JSON.stringify(db.runCommand({createUser: "` + StashUserName + `" ,pwd: "` + pass + `", roles:[{role:"backup", db:"admin"}, {role: "` + StashRoleName + `",db:"admin"}]}))`,
 		}, mongoCreds...)
-		if err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").UnmarshalJSON(&v); err != nil {
+		output, err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
+		if err != nil {
+			return err
+		}
+
+		output, err = extractJSON(string(output))
+		if err != nil {
+			return err
+		}
+
+		err = json.Unmarshal(output, &v)
+		if err != nil {
 			return err
 		}
 
@@ -949,24 +971,18 @@ func createStashBackupUser(mongoDSN string, pass string) error {
 }
 
 func handleReshard(configsvrDSN string) (bool, error) {
-	v := make([]interface{}, 0)
 	args := append([]interface{}{
 		"config",
 		"--host", configsvrDSN,
 		"--quiet",
 		"--eval", `JSON.stringify(db.getCollectionNames())`,
 	}, mongoCreds...)
-	if err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").UnmarshalJSON(&v); err != nil {
+	output, err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
+	if err != nil {
+		klog.Errorf("Error while calling getCollectionNames : %s ; output : %s \n", err.Error(), output)
 		return false, err
 	}
-
-	exists := false
-	for _, name := range v {
-		if name.(string) == "reshardingOperations" {
-			exists = true
-			break
-		}
-	}
+	exists := strings.Contains(string(output), "reshardingOperations")
 	if !exists {
 		return false, nil
 	}
@@ -997,7 +1013,16 @@ func handleReshard(configsvrDSN string) (bool, error) {
 		"--quiet",
 		"--eval", `JSON.stringify(db.adminCommand( { renameCollection: "config.reshardingOperations", to: "config.reshardingOperations_temp", dropTarget: true}))`,
 	}, mongoCreds...)
-	if err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").UnmarshalJSON(&res); err != nil {
+	output, err = sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
+	if err != nil {
+		return false, err
+	}
+	output, err = extractJSON(string(output))
+	if err != nil {
+		return false, err
+	}
+	err = json.Unmarshal(output, &res)
+	if err != nil {
 		return false, err
 	}
 	if val, ok := res["ok"].(float64); !ok || int(val) != 1 {
@@ -1015,7 +1040,16 @@ func renameTempReshardCollection(configsvrDSN string) error {
 		"--quiet",
 		"--eval", `JSON.stringify(db.adminCommand( { renameCollection: "config.reshardingOperations_temp", to: "config.reshardingOperations" } ))`,
 	}, mongoCreds...)
-	if err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").UnmarshalJSON(&res); err != nil {
+	output, err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
+	if err != nil {
+		return err
+	}
+	output, err = extractJSON(string(output))
+	if err != nil {
+		return err
+	}
+	err = json.Unmarshal(output, &res)
+	if err != nil {
 		return err
 	}
 	if val, ok := res["ok"].(float64); !ok || int(val) != 1 {

diff --git a/pkg/lock.go b/pkg/lock.go
@@ -41,7 +41,7 @@ func setupConfigServer(configSVRDSN, secondaryHost string) error {
 		"--eval", `JSON.stringify(db.BackupControl.findAndModify({query: { _id: 'BackupControlDocument' }, update:  { $inc: { counter : 1 } } , new: true, upsert: true, writeConcern: { w: 'majority', wtimeout: 15000 }}));`,
 	}, mongoCreds...)
 
-	output, err := sh.Command(MongoCMD, args...).Output()
+	output, err := sh.Command(MongoCMD, args...).Command("/usr/bin/tail", "-1").Output()
 	if err != nil {
 		klog.Errorf("Error while running findAndModify to setup configServer : %s ; output : %s \n", err.Error(), output)
 		return err
@@ -64,7 +64,7 @@ func setupConfigServer(configSVRDSN, secondaryHost string) error {
 	}
 	val2 := float64(0)
 	timer := 0 // wait approximately 5 minutes.
-	v2 := make([]map[string]interface{}, 0)
+	v2 := make(map[string]interface{}, 0)
 	for timer < 60 && (int(val2) == 0 || int(val) != int(val2)) {
 		timer++
 		// find backupDocument from secondary configServer
@@ -90,7 +90,7 @@ func setupConfigServer(configSVRDSN, secondaryHost string) error {
 		}
 
 		if len(v2) > 0 {
-			val2, ok = v2[0]["counter"].(float64)
+			val2, ok = v2["counter"].(float64)
 			if !ok {
 				return fmt.Errorf("unable to get BackupControlDocument. got response: %v", x)
 			}