image,manifest: add support for bootc groups customizations

When porting custoizations to the new `bootc install to-filesystem` world initially only users/kernel-options where added. This commit adds `org.osbuild.groups` now as well. Needs: #571 osbuild/osbuild#1726
osbuild · Apr 15, 2024 · 87e1bda · 87e1bda
1 parent f1ee00c
commit 87e1bda
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 12 deletions.
diff --git a/pkg/image/bootc_disk.go b/pkg/image/bootc_disk.go
@@ -28,7 +28,8 @@ type BootcDiskImage struct {
 
 	// The users to put into the image, note that /etc/paswd (and friends)
 	// will become unmanaged state by bootc when used
-	Users []users.User
+	Users  []users.User
+	Groups []users.Group
 
 	// SELinux policy, when set it enables the labeling of the tree with the
 	// selected profile
@@ -57,6 +58,7 @@ func (img *BootcDiskImage) InstantiateManifestFromContainers(m *manifest.Manifes
 	rawImage := manifest.NewRawBootcImage(buildPipeline, containers, img.Platform)
 	rawImage.PartitionTable = img.PartitionTable
 	rawImage.Users = img.Users
+	rawImage.Groups = img.Groups
 	rawImage.KernelOptionsAppend = img.KernelOptionsAppend
 	rawImage.SELinux = img.SELinux
 

diff --git a/pkg/image/bootc_disk_test.go b/pkg/image/bootc_disk_test.go
@@ -41,6 +41,7 @@ type bootcDiskImageTestOpts struct {
 	BIOS        bool
 	SELinux     string
 	Users       []users.User
+	Groups      []users.Group
 
 	KernelOptionsAppend []string
 }
@@ -74,6 +75,7 @@ func makeBootcDiskImageOsbuildManifest(t *testing.T, opts *bootcDiskImageTestOpt
 	img.PartitionTable = testdisk.MakeFakePartitionTable("/", "/boot", "/boot/efi")
 	img.KernelOptionsAppend = opts.KernelOptionsAppend
 	img.Users = opts.Users
+	img.Groups = opts.Groups
 	img.SELinux = opts.SELinux
 
 	m := &manifest.Manifest{}
@@ -226,3 +228,21 @@ func TestBootcDiskImageInstantiateSELinuxForUsers(t *testing.T) {
 		}
 	}
 }
+
+func TestBootcDiskImageInstantiateGroups(t *testing.T) {
+	for _, withGroup := range []bool{true, false} {
+		opts := &bootcDiskImageTestOpts{}
+		if withGroup {
+			opts.Groups = []users.Group{{Name: "foo-grp"}}
+		}
+		osbuildManifest := makeBootcDiskImageOsbuildManifest(t, opts)
+		imagePipeline := findPipelineFromOsbuildManifest(t, osbuildManifest, "image")
+		require.NotNil(t, imagePipeline)
+		groupsStage := findStageFromOsbuildPipeline(t, imagePipeline, "org.osbuild.groups")
+		if withGroup {
+			require.NotNil(t, groupsStage)
+		} else {
+			require.Nil(t, groupsStage)
+		}
+	}
+}
diff --git a/pkg/manifest/raw_bootc.go b/pkg/manifest/raw_bootc.go
@@ -35,7 +35,8 @@ type RawBootcImage struct {
 
 	// The users to put into the image, note that /etc/paswd (and friends)
 	// will become unmanaged state by bootc when used
-	Users []users.User
+	Users  []users.User
+	Groups []users.Group
 
 	// SELinux policy, when set it enables the labeling of the tree with the
 	// selected profile
@@ -119,16 +120,26 @@ func (p *RawBootcImage) serialize() osbuild.Pipeline {
 		pipeline.AddStage(stage)
 	}
 
+	// all our customizations work directly on the mounted deployment
+	// root from the image so generate the devices/mounts for all
+	devices, mounts, err = osbuild.GenBootupdDevicesMounts(p.filename, p.PartitionTable)
+	if err != nil {
+		panic(fmt.Sprintf("gen devices stage failed %v", err))
+	}
+	mounts = append(mounts, *osbuild.NewOSTreeDeploymentMountDefault("ostree.deployment", osbuild.OSTreeMountSourceMount))
+	mounts = append(mounts, *osbuild.NewBindMount("bind-ostree-deployment-to-tree", "mount://", "tree://"))
+
 	// customize the image
-	if len(p.Users) > 0 {
-		// build common devices/mounts first
-		devices, mounts, err := osbuild.GenBootupdDevicesMounts(p.filename, p.PartitionTable)
+	if len(p.Groups) > 0 {
+		groupsStage := osbuild.GenGroupsStage(p.Groups)
 		if err != nil {
-			panic(fmt.Sprintf("gen devices stage failed %v", err))
+			panic(fmt.Sprintf("group stage failed %v", err))
 		}
-		mounts = append(mounts, *osbuild.NewOSTreeDeploymentMountDefault("ostree.deployment", osbuild.OSTreeMountSourceMount))
-		mounts = append(mounts, *osbuild.NewBindMount("bind-ostree-deployment-to-tree", "mount://", "tree://"))
-
+		groupsStage.Mounts = mounts
+		groupsStage.Devices = devices
+		pipeline.AddStage(groupsStage)
+	}
+	if len(p.Users) > 0 {
 		// ensure /var/home is available
 		mkdirStage := osbuild.NewMkdirStage(&osbuild.MkdirStageOptions{
 			Paths: []osbuild.MkdirStagePath{

diff --git a/pkg/manifest/raw_bootc_test.go b/pkg/manifest/raw_bootc_test.go
@@ -125,6 +125,35 @@ func TestRawBootcImageSerializeCreateUsersOptions(t *testing.T) {
 	}
 }
 
+func TestRawBootcImageSerializeCreateGroupOptions(t *testing.T) {
+	rawBootcPipeline := makeFakeRawBootcPipeline()
+
+	for _, tc := range []struct {
+		groups              []users.Group
+		expectedGroupsStage bool
+	}{
+		{nil, false},
+		{[]users.Group{{Name: "root"}}, true},
+		{[]users.Group{{Name: "foo"}}, true},
+		{[]users.Group{{Name: "root"}, {Name: "foo"}}, true},
+	} {
+		rawBootcPipeline.Groups = tc.groups
+
+		pipeline := rawBootcPipeline.Serialize()
+		groupsStage := manifest.FindStage("org.osbuild.groups", pipeline.Stages)
+		if tc.expectedGroupsStage {
+			// ensure options got passed
+			require.NotNil(t, groupsStage)
+			groupOptions := groupsStage.Options.(*osbuild.GroupsStageOptions)
+			for _, group := range tc.groups {
+				assert.NotNil(t, groupOptions.Groups[group.Name])
+			}
+		} else {
+			require.Nil(t, groupsStage)
+		}
+	}
+}
+
 func assertBootcDeploymentAndBindMount(t *testing.T, stage *osbuild.Stage) {
 	// check for bind mount to deployment is there so
 	// that the customization actually works
@@ -141,13 +170,15 @@ func TestRawBootcImageSerializeCustomizationGenCorrectStages(t *testing.T) {
 
 	for _, tc := range []struct {
 		users   []users.User
+		groups  []users.Group
 		SELinux string
 
 		expectedStages []string
 	}{
-		{nil, "", nil},
-		{[]users.User{{Name: "foo"}}, "", []string{"org.osbuild.mkdir", "org.osbuild.users"}},
-		{[]users.User{{Name: "foo"}}, "targeted", []string{"org.osbuild.mkdir", "org.osbuild.users", "org.osbuild.selinux"}},
+		{nil, nil, "", nil},
+		{[]users.User{{Name: "foo"}}, nil, "", []string{"org.osbuild.mkdir", "org.osbuild.users"}},
+		{[]users.User{{Name: "foo"}}, nil, "targeted", []string{"org.osbuild.mkdir", "org.osbuild.users", "org.osbuild.selinux"}},
+		{[]users.User{{Name: "foo"}}, []users.Group{{Name: "bar"}}, "targeted", []string{"org.osbuild.mkdir", "org.osbuild.users", "org.osbuild.users", "org.osbuild.selinux"}},
 	} {
 		rawBootcPipeline.Users = tc.users
 		rawBootcPipeline.SELinux = tc.SELinux