(airflow) branch main updated: Image used for k8s tests copies airflow sources with airflow user (#39843)

Sun, 26 May 2024 03:42:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new cd25d1a458 Image used for k8s tests copies airflow sources with 
airflow user (#39843)
cd25d1a458 is described below

commit cd25d1a45817488b18d32bef8110a361401eb299
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Sun May 26 12:41:50 2024 +0200

    Image used for k8s tests copies airflow sources with airflow user (#39843)
    
    When you have localy umask set to 077 or similar (disallowing
    group access), the PROD image used to run k8s tests was not working
    properly. The files copied to k8s image when preparing k8s
    image for local testing were copied using `root` user. This worked
    with no problems when group read access was set (umask 022 or 002 is
    usually set by defailt). But when someone had umask set to disable
    group read access when checking out the repository (077 or similar)
    then the files copied to the K8s image had no group read access
    and airflow failed with strange "import error".
    
    This PR adds `--chown airflow:0` to all files copied when k8s image
    is prepared and makes sure that airflow user is set by default. This
    should work regardless of the umask setting (as long as the host owner
    has read access to checked out repository).
---
 dev/breeze/src/airflow_breeze/commands/kubernetes_commands.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/dev/breeze/src/airflow_breeze/commands/kubernetes_commands.py 
b/dev/breeze/src/airflow_breeze/commands/kubernetes_commands.py
index d097b61b13..c7ecfcf305 100644
--- a/dev/breeze/src/airflow_breeze/commands/kubernetes_commands.py
+++ b/dev/breeze/src/airflow_breeze/commands/kubernetes_commands.py
@@ -596,17 +596,19 @@ def _rebuild_k8s_image(
         f"airflow base image: {params.airflow_image_name_with_tag}\n"
     )
     if copy_local_sources:
-        extra_copy_command = "COPY . /opt/airflow/"
+        extra_copy_command = "COPY --chown=airflow:0 . /opt/airflow/"
     else:
         extra_copy_command = ""
     docker_image_for_kubernetes_tests = f"""
 FROM {params.airflow_image_name_with_tag}
 
+USER airflow
+
 {extra_copy_command}
 
-COPY airflow/example_dags/ /opt/airflow/dags/
+COPY --chown=airflow:0 airflow/example_dags/ /opt/airflow/dags/
 
-COPY airflow/providers/cncf/kubernetes/kubernetes_executor_templates/ 
/opt/airflow/pod_templates/
+COPY --chown=airflow:0 
airflow/providers/cncf/kubernetes/kubernetes_executor_templates/ 
/opt/airflow/pod_templates/
 
 ENV GUNICORN_CMD_ARGS='--preload' AIRFLOW__WEBSERVER__WORKER_REFRESH_INTERVAL=0
 """

Reply via email to