config: process.user.username is implementation-defined on Windows

[wking]

On POSIX (currently Linux and Solaris), uid and gid are required. My preferred approach here is to make those optional and use platform defaults:

If unset, the runtime will not attempt to manipulate the user ID (e.g. not calling setuid(2) or similar).

But the maintainer consensus is that they want those to be explicitly required properties.

The Windows username, on the other hand, is optional, although the default behavior is unclear. I see no discussion in #565 to suggest whether this was intentionally approved or not. And in #618 (where I asked about the inconsistency), @crosbymichael said:

No, both should be made explicit unless there is something on windows that prohibits this.

So this commit is making that happen.

Pinging some Windows folks for review of the “unless there is something on windows that prohibits this” condition: @jhowardmsft, @RobDolinMS, @jstarks.

Note that there is also a JSON Schema PR for username in flight with #703, but that is orthogonal to this change (the JSON Schema cannot require username even if the field is REQUIRED on Windows, because it is not required, or even specified, on other OSes).

Fixes #618.

[lowenna]

Does NOT LGTM. This absolutely IS an optional field on Windows.

[wking]

On Thu, Apr 06, 2017 at 10:43:58PM -0700, John Howard wrote: This absolutely IS an optional field on Windows.

uid/gid are technically optional on Linux too (just don't call setuid, and you inherit the runtime caller uid/gid, modulo namespace mapping [1]). The spec has a policy (which I don't agree with, but I'm not a maintainer) that the uid and gid values are required anyway (on Linux). See links in my original post for maintainers on this point. If ‘username’ stays optional, then I think the spec should be updated to clarify what happens when it is not specified. For example, is there a default username (e.g. is it inherited from the runtime caller)? [1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.0-rc5/config-linux.md#user-namespace-mappings

[lowenna]

And with an explicitly added user

Feel free to clarify. But this PR does not LGTM. And no, it's not inherited at all.

[wking]

And no, it's not inherited at all.

So which of the following would make more sense in the spec.

If unset, username defaults to ContainerAdministrator.

or

The default username is implementation-defined.

?

[lowenna]

I would prefer The default username is implementation-defined.

[wking]

On Mon, Apr 24, 2017 at 09:31:32AM -0700, John Howard wrote: I would prefer `The default username is implementation-defined.`

Done with 4e3945f → a3ef036. I've also added JSON Schema for this, and forbidden the empty-string value. If anyone with Windows experience feels that empty-string usernames should be allowed, please let me know.

[crosbymichael]

Closing based on feedback from the windows team

[wking]

Closing based on feedback from the windows team

What feedback from the Windows team? The current commit (a3ef036) has been endorsed by @jhowardmsft, who's the only Windows member involved in this PR. Without this PR, the property remains:

• Undefined (as in nasal demons) when someone takes advantage of the OPTIONAL-ness and leaves the property unset. With this PR that use-case would be implementation-defined.
• Unchecked in the JSON Schema. With this PR, we'd validate that the value was a string.

And as I said earlier, I'm fine dropping the new “but not the empty string” requirement if anyone has issues with it.

[wking]

Since the pivot from REQUIRED to OPTIONAL, the JSON Schema change in this PR mostly matches that which just landed in #703. So the only remaining features of this PR (which I think we still want) are:

• Making the default username implementation-defined (it is currently undefined).
• Forbidding empty-string usernames (although I'm fine dropping this if Windows somehow supports empty-string usernames).