add user to inspect

Signed-off-by: Shubharanshu Mahapatra <[email protected]>

Author: Shubhranshu153

cmd/nerdctl/container/container_inspect_linux_test.go

@@ -19,18 +19,22 @@ package container
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"slices"
 	"strings"
 	"testing"
 
 	"github.com/docker/go-connections/nat"
 	"gotest.tools/v3/assert"
 
+	"github.com/containerd/nerdctl/mod/tigron/expect"
+	"github.com/containerd/nerdctl/mod/tigron/test"
 	"github.com/containerd/nerdctl/v2/pkg/infoutil"
 	"github.com/containerd/nerdctl/v2/pkg/inspecttypes/dockercompat"
 	"github.com/containerd/nerdctl/v2/pkg/labels"
 	"github.com/containerd/nerdctl/v2/pkg/rootlessutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil"
+	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
 )
 
 func TestContainerInspectContainsPortConfig(t *testing.T) {
@@ -456,6 +460,38 @@ func TestContainerInspectDevices(t *testing.T) {
 	assert.DeepEqual(t, expectedDevices, inspect.HostConfig.Devices)
 }
 
+func TestContainerInspectUser(t *testing.T) {
+	nerdtest.Setup()
+	testCase := &test.Case{
+		Description: "Container inspect contains User",
+		Require:     nerdtest.Build,
+		Setup: func(data test.Data, helpers test.Helpers) {
+			dockerfile := fmt.Sprintf(`
+FROM %s
+RUN groupadd -r test && useradd -r -g test test
+USER test
+`, testutil.UbuntuImage)
+
+			err := os.WriteFile(filepath.Join(data.TempDir(), "Dockerfile"), []byte(dockerfile), 0o600)
+			assert.NilError(helpers.T(), err)
+
+			data.Set("buildCtx", data.TempDir())
+			helpers.Ensure("build", "-t", data.Identifier(), data.Get("buildCtx"))
+			helpers.Ensure("create", "--name", data.Identifier(), "--user", "test", data.Identifier())
+		},
+		Cleanup: func(data test.Data, helpers test.Helpers) {
+			os.Remove(filepath.Join(data.TempDir(), "Dockerfile"))
+			helpers.Anyhow("rm", "-f", data.Identifier())
+		},
+		Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+			return helpers.Command("inspect", "--format", "{{.Config.User}}", data.Identifier())
+		},
+		Expected: test.Expects(0, nil, expect.Equals("test\n")),
+	}
+
+	testCase.Run(t)
+}
+
 type hostConfigValues struct {
 	Driver       string
 	ShmSize      int64

pkg/cmd/container/create.go

@@ -179,6 +179,15 @@ func Create(ctx context.Context, client *containerd.Client, args []string, netMa
 		}
 	}
 
+	if ensuredImage != nil && ensuredImage.ImageConfig.User != "" {
+		internalLabels.user = ensuredImage.ImageConfig.User
+	}
+
+	// Override it if User is passed
+	if options.User != "" {
+		internalLabels.user = options.User
+	}
+
 	rootfsOpts, rootfsCOpts, err := generateRootfsOpts(args, id, ensuredImage, options)
 	if err != nil {
 		return nil, generateRemoveStateDirFunc(ctx, id, internalLabels), err
@@ -271,6 +280,7 @@ func Create(ctx context.Context, client *containerd.Client, args []string, netMa
 	if err != nil {
 		return nil, generateRemoveOrphanedDirsFunc(ctx, id, dataStore, internalLabels), err
 	}
+
 	opts = append(opts, uOpts...)
 	gOpts, err := generateGroupsOpts(options.GroupAdd)
 	internalLabels.groupAdd = options.GroupAdd
@@ -665,6 +675,8 @@ type internalLabels struct {
 
 	// label for device mapping set by the --device flag
 	deviceMapping []dockercompat.DeviceMapping
+
+	user string
 }
 
 // WithInternalLabels sets the internal labels for a container.
@@ -790,6 +802,10 @@ func withInternalLabels(internalLabels internalLabels) (containerd.NewContainerO
 	}
 	m[labels.DNSSetting] = string(dnsSettingsJSON)
 
+	if internalLabels.user != "" {
+		m[labels.User] = internalLabels.user
+	}
+
 	return containerd.WithAdditionalContainerLabels(m), nil
 }
 

pkg/inspecttypes/dockercompat/dockercompat.go

@@ -546,6 +546,11 @@ func ContainerFromNative(n *native.Container) (*Container, error) {
 			c.Config.Env = spec.Process.Env
 		}
 	}
+
+	if n.Labels[labels.User] != "" {
+		c.Config.User = n.Labels[labels.User]
+	}
+
 	return c, nil
 }
 

pkg/inspecttypes/dockercompat/dockercompat_test.go

@@ -55,6 +55,7 @@ func TestContainerFromNative(t *testing.T) {
 						"nerdctl/mounts":    "[{\"Type\":\"bind\",\"Source\":\"/mnt/foo\",\"Destination\":\"/mnt/foo\",\"Mode\":\"rshared,rw\",\"RW\":true,\"Propagation\":\"rshared\"}]",
 						"nerdctl/state-dir": tempStateDir,
 						"nerdctl/hostname":  "host1",
+						"nerdctl/user":      "test-user",
 					},
 				},
 				Spec: &specs.Spec{
@@ -104,9 +105,11 @@ func TestContainerFromNative(t *testing.T) {
 						"nerdctl/mounts":    "[{\"Type\":\"bind\",\"Source\":\"/mnt/foo\",\"Destination\":\"/mnt/foo\",\"Mode\":\"rshared,rw\",\"RW\":true,\"Propagation\":\"rshared\"}]",
 						"nerdctl/state-dir": tempStateDir,
 						"nerdctl/hostname":  "host1",
+						"nerdctl/user":      "test-user",
 					},
 					Hostname: "host1",
 					Env:      []string{"/some/path"},
+					User:     "test-user",
 				},
 				NetworkSettings: &NetworkSettings{
 					Ports:    &nat.PortMap{},

pkg/labels/labels.go

@@ -115,4 +115,7 @@ const (
 
 	// DNSSettings sets the dockercompat DNS config values
 	DNSSetting = Prefix + "dns"
+
+	// User is the username of the container
+	User = Prefix + "user"
 )