You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2021/03/25 00:52:25 UTC

[airflow] 03/05: Fixes default group of Airflow user. (#14944)

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch v2-0-test
in repository https://gitbox.apache.org/repos/asf/airflow.git

commit 3cd0bdc040dce59f9ebd64c0081609a2c9a8ec16
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Tue Mar 23 03:20:23 2021 +0100

    Fixes default group of Airflow user. (#14944)
    
    The production image did not have root group set as default for
    the airflow user. This was not a big problem unless you extended
    the image - in which case you had to change the group manually
    when copying the images in order to keep the image OpenShift
    compatible (i.e. runnable with any user and root group).
    
    This PR fixes it by changing default group of airflow user
    to root, which also works when you extend the image.
    
    ```
    Connected.
    airflow@53f70b1e3675:/opt/airflow$ ls
    dags  logs
    airflow@53f70b1e3675:/opt/airflow$ cd dags/
    airflow@53f70b1e3675:/opt/airflow/dags$ ls -l
    total 4
    -rw-r--r-- 1 airflow root 1648 Mar 22 23:16 test_dag.py
    airflow@53f70b1e3675:/opt/airflow/dags$
    ```
---
 Dockerfile                    | 2 ++
 scripts/ci/libraries/_kind.sh | 8 ++------
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a62ce15..4b1b807 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -485,6 +485,8 @@ WORKDIR ${AIRFLOW_HOME}
 
 EXPOSE 8080
 
+RUN usermod -g 0 airflow
+
 USER ${AIRFLOW_UID}
 
 # Having the variable in final image allows to disable providers manager warnings when
diff --git a/scripts/ci/libraries/_kind.sh b/scripts/ci/libraries/_kind.sh
index f6be375..4fbfee1 100644
--- a/scripts/ci/libraries/_kind.sh
+++ b/scripts/ci/libraries/_kind.sh
@@ -255,13 +255,9 @@ function kind::build_image_for_kubernetes_tests() {
     docker build --tag "${AIRFLOW_PROD_IMAGE_KUBERNETES}" . -f - <<EOF
 FROM ${AIRFLOW_PROD_IMAGE}
 
-USER root
+COPY airflow/example_dags/ \${AIRFLOW_HOME}/dags/
 
-COPY --chown=airflow:root airflow/example_dags/ \${AIRFLOW_HOME}/dags/
-
-COPY --chown=airflow:root airflow/kubernetes_executor_templates/ \${AIRFLOW_HOME}/pod_templates/
-
-USER airflow
+COPY airflow/kubernetes_executor_templates/ \${AIRFLOW_HOME}/pod_templates/
 
 EOF
     echo "The ${AIRFLOW_PROD_IMAGE_KUBERNETES} is prepared for test kubernetes deployment."