Accept User as new Docker argument to set UID/GID (#905)

mocsharp · web-flow · commit 1545a8451827 · 2023-11-01T10:44:52.000-07:00
Signed-off-by: Victor Chang &lt;vicchang@nvidia.com&gt;
diff --git a/src/TaskManager/Plug-ins/Docker/DockerPlugin.cs b/src/TaskManager/Plug-ins/Docker/DockerPlugin.cs
@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
+using System.Diagnostics;
 using System.Globalization;
-using Amazon.Runtime.Internal.Transform;
 using Ardalis.GuardClauses;
 using Docker.DotNet;
 using Docker.DotNet.Models;
@@ -364,9 +364,14 @@ private CreateContainerParameters BuildContainerSpecification(IList<ContainerVol
                 {
                     Runtime = Strings.RuntimeNvidia,
                     Mounts = volumeMounts,
-                }
+                },
             };
 
+            if (Event.TaskPluginArguments.ContainsKey(Keys.User))
+            {
+                parameters.User = Event.TaskPluginArguments[Keys.User];
+            }
+
             return parameters;
         }
 
@@ -406,6 +411,7 @@ private async Task<List<ContainerVolumeMount>> SetupInputs(CancellationToken can
                 // eg: /monai/input
                 var volumeMount = new ContainerVolumeMount(input, Event.TaskPluginArguments[input.Name], inputHostDirRoot, inputContainerDirRoot);
                 volumeMounts.Add(volumeMount);
+                _logger.InputVolumeMountAdded(inputHostDirRoot, inputContainerDirRoot);
 
                 // For each file, download from bucket and store in Task Manager Container.
                 foreach (var obj in objects)
@@ -424,6 +430,8 @@ private async Task<List<ContainerVolumeMount>> SetupInputs(CancellationToken can
                 }
             }
 
+            SetPermission(containerPath);
+
             return volumeMounts;
         }
 
@@ -436,7 +444,10 @@ private ContainerVolumeMount SetupIntermediateVolume()
 
                 Directory.CreateDirectory(containerPath);
 
-                return new ContainerVolumeMount(Event.IntermediateStorage, Event.TaskPluginArguments[Keys.WorkingDirectory], hostPath, containerPath);
+                var volumeMount = new ContainerVolumeMount(Event.IntermediateStorage, Event.TaskPluginArguments[Keys.WorkingDirectory], hostPath, containerPath);
+                _logger.IntermediateVolumeMountAdded(hostPath, containerPath);
+                SetPermission(containerPath);
+                return volumeMount;
             }
 
             return default!;
@@ -465,11 +476,32 @@ private List<ContainerVolumeMount> SetupOutputs()
                 Directory.CreateDirectory(containerPath);
 
                 volumeMounts.Add(new ContainerVolumeMount(output, Event.TaskPluginArguments[output.Name], hostPath, containerPath));
+                _logger.OutputVolumeMountAdded(hostPath, containerPath);
             }
 
+            SetPermission(containerRootPath);
+
             return volumeMounts;
         }
 
+        private void SetPermission(string path)
+        {
+            if (Event.TaskPluginArguments.ContainsKey(Keys.User))
+            {
+                if (!System.OperatingSystem.IsWindows())
+                {
+                    var process = Process.Start("chown", $"-R {Event.TaskPluginArguments[Keys.User]} {path}");
+                    process.WaitForExit();
+
+                    if (process.ExitCode != 0)
+                    {
+                        _logger.ErrorSettingDirectoryPermission(path, Event.TaskPluginArguments[Keys.User]);
+                        throw new SetPermissionException($"chown command exited with code {process.ExitCode}");
+                    }
+                }
+            }
+        }
+
         protected override void Dispose(bool disposing)
         {
             if (!DisposedValue && disposing)
diff --git a/src/TaskManager/Plug-ins/Docker/Keys.cs b/src/TaskManager/Plug-ins/Docker/Keys.cs
@@ -33,6 +33,11 @@ internal static class Keys
         /// </summary>
         public static readonly string EntryPoint = "entrypoint";
 
+        /// <summary>
+        /// Key for specifying the user to the container. Same as -u argument for docker run.
+        /// </summary>
+        public static readonly string User = "user";
+
         /// <summary>
         /// Key for the command to execute by the container.
         /// </summary>
diff --git a/src/TaskManager/Plug-ins/Docker/Logging/Log.cs b/src/TaskManager/Plug-ins/Docker/Logging/Log.cs
@@ -103,5 +103,17 @@ public static partial class Log
 
         [LoggerMessage(EventId = 1027, Level = LogLevel.Information, Message = "Image does not exist '{image}' locally, attempting to pull.")]
         public static partial void ImageDoesNotExist(this ILogger logger, string image);
+
+        [LoggerMessage(EventId = 1028, Level = LogLevel.Information, Message = "Input volume added {hostPath} = {containerPath}.")]
+        public static partial void InputVolumeMountAdded(this ILogger logger, string hostPath, string containerPath);
+
+        [LoggerMessage(EventId = 1029, Level = LogLevel.Information, Message = "Output volume added {hostPath} = {containerPath}.")]
+        public static partial void OutputVolumeMountAdded(this ILogger logger, string hostPath, string containerPath);
+
+        [LoggerMessage(EventId = 1030, Level = LogLevel.Information, Message = "Intermediate volume added {hostPath} = {containerPath}.")]
+        public static partial void IntermediateVolumeMountAdded(this ILogger logger, string hostPath, string containerPath);
+
+        [LoggerMessage(EventId = 1031, Level = LogLevel.Error, Message = "Error setting directory {path} with permission {user}.")]
+        public static partial void ErrorSettingDirectoryPermission(this ILogger logger, string path, string user);
     }
 }
diff --git a/src/TaskManager/Plug-ins/Docker/SetPermissionException.cs b/src/TaskManager/Plug-ins/Docker/SetPermissionException.cs
@@ -0,0 +1,40 @@
+﻿/*
+ * Copyright 2022 MONAI Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+
+namespace Monai.Deploy.WorkflowManager.TaskManager.Docker
+{
+    [Serializable]
+    internal class SetPermissionException : Exception
+    {
+        public SetPermissionException()
+        {
+        }
+
+        public SetPermissionException(string? message) : base(message)
+        {
+        }
+
+        public SetPermissionException(string? message, Exception? innerException) : base(message, innerException)
+        {
+        }
+
+        protected SetPermissionException(SerializationInfo info, StreamingContext context) : base(info, context)
+        {
+        }
+    }
+}
