This repository has been archived by the owner on Sep 14, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathentrypoint.py
74 lines (59 loc) · 1.87 KB
/
entrypoint.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import os
import sys
import pwd
import subprocess
from dotenv import load_dotenv
MY_DIR = os.path.abspath(os.path.dirname(__file__))
HOST_UID = os.stat(MY_DIR).st_uid
HOST_USER = 'autoapi_user'
DOTENV_PATH = os.path.join(os.path.dirname(__file__), '.env')
def entrypoint(argv):
'''
This is a Docker entrypoint that configures the container to run
as the same uid of the user on the host container, rather than
the Docker default of root. Aside from following security best
practices, this makes it so that any files created by the Docker
container are also owned by the same user on the host system.
'''
if HOST_UID != os.geteuid():
if not does_uid_exist(HOST_UID):
username = HOST_USER
while does_username_exist(username):
username += '0'
home_dir = '/home/%s' % username
subprocess.check_call([
'adduser',
'-h', home_dir,
'-u', str(HOST_UID),
'-S', username,
])
os.environ['HOME'] = '/home/%s' % pwd.getpwuid(HOST_UID).pw_name
os.setuid(HOST_UID)
if not os.path.exists('/autoapi/node_modules'):
subprocess.check_call(
"ln -s /tmp/node_modules /autoapi/node_modules",
shell=True
)
os.execvp(argv[1], argv[1:])
def does_username_exist(username):
'''
Returns True if the given OS username exists, False otherwise.
'''
try:
pwd.getpwnam(username)
return True
except KeyError:
return False
def does_uid_exist(uid):
'''
Returns True if the given OS user id exists, False otherwise.
'''
try:
pwd.getpwuid(uid)
return True
except KeyError:
return False
if __name__ == "__main__":
if os.path.exists(DOTENV_PATH):
load_dotenv(DOTENV_PATH)
entrypoint(sys.argv)