Add custom owner support for lab resources (#2553)

* Add custom owner support for lab resources

* format

* use existing group checking func

---------

Co-authored-by: Roman Dodin <[email protected]>

Author: FloSch62

clab/clab.go

@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io/fs"
 	"os"
+	"os/user"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -59,6 +60,27 @@ type CLab struct {
 	// checkBindsPaths toggle enables or disables binds paths checks
 	// when set to true, bind sources are verified to exist on the host.
 	checkBindsPaths bool
+	// customOwner is the user-specified owner label for the lab
+	customOwner string
+}
+
+// WithLabOwner sets the owner label for all nodes in the lab.
+// Only users in the clab_admins group can set a custom owner.
+func WithLabOwner(owner string) ClabOption {
+	return func(c *CLab) error {
+		currentUser, err := user.Current()
+		if err != nil {
+			log.Warn("Failed to get current user when trying to set the custom lab owner", "error", err)
+			return nil
+		}
+
+		if isClabAdmin, err := utils.UserInUnixGroup(currentUser.Username, "clab_admins"); err == nil && isClabAdmin {
+			c.customOwner = owner
+		} else if owner != "" {
+			log.Warn("Only users in clab_admins group can set custom owner. Using current user as owner.")
+		}
+		return nil
+	}
 }
 
 type ClabOption func(c *CLab) error

clab/config.go

@@ -550,6 +550,8 @@ func (c *CLab) HasKind(k string) bool {
 	return false
 }
 
+// addDefaultLabels adds default labels to node's config struct.
+// Update the addDefaultLabels function in clab/config.go
 // addDefaultLabels adds default labels to node's config struct.
 func (c *CLab) addDefaultLabels(n nodes.Node) {
 	cfg := n.Config()
@@ -565,9 +567,14 @@ func (c *CLab) addDefaultLabels(n nodes.Node) {
 	cfg.Labels[labels.NodeGroup] = cfg.Group
 	cfg.Labels[labels.NodeLabDir] = cfg.LabDir
 	cfg.Labels[labels.TopoFile] = c.TopoPaths.TopologyFilenameAbsPath()
-	owner := os.Getenv("SUDO_USER")
+
+	// Use custom owner if set, otherwise use current user
+	owner := c.customOwner
 	if owner == "" {
-		owner = os.Getenv("USER")
+		owner = os.Getenv("SUDO_USER")
+		if owner == "" {
+			owner = os.Getenv("USER")
+		}
 	}
 	cfg.Labels[labels.Owner] = owner
 }

cmd/deploy.go

@@ -47,6 +47,9 @@ var deployFormat string
 // skipLabDirFileACLs skips provisioning of extended File ACLs for the Lab directory.
 var skipLabDirFileACLs bool
 
+// labOwner flag for setting the owner label.
+var labOwner string
+
 // deployCmd represents the deploy command.
 var deployCmd = &cobra.Command{
 	Use:          "deploy",
@@ -76,6 +79,8 @@ func init() {
 		"comma separated list of nodes to include")
 	deployCmd.Flags().BoolVarP(&skipLabDirFileACLs, "skip-labdir-acl", "", false,
 		"skip the lab directory extended ACLs provisioning")
+	deployCmd.Flags().StringVarP(&labOwner, "owner", "", "",
+		"lab owner name (only for users in clab_admins group)")
 }
 
 // deployFn function runs deploy sub command.
@@ -89,6 +94,11 @@ func deployFn(_ *cobra.Command, _ []string) error {
 
 	setupCTRLCHandler(cancel)
 
+	// Check for owner from environment (set by generate command)
+	if labOwner == "" && os.Getenv("CLAB_OWNER") != "" {
+		labOwner = os.Getenv("CLAB_OWNER")
+	}
+
 	opts := []clab.ClabOption{
 		clab.WithTimeout(common.Timeout),
 		clab.WithTopoPath(common.Topo, common.VarsFile),
@@ -108,6 +118,9 @@ func deployFn(_ *cobra.Command, _ []string) error {
 	if common.Name != "" {
 		opts = append(opts, clab.WithLabName(common.Name))
 	}
+	if labOwner != "" {
+		opts = append(opts, clab.WithLabOwner(labOwner))
+	}
 	if mgmtNetName != "" {
 		opts = append(opts, clab.WithManagementNetworkName(mgmtNetName))
 	}

cmd/generate.go

@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"os"
 	"strconv"
 	"strings"
 
@@ -103,6 +104,13 @@ var generateCmd = &cobra.Command{
 				}
 			}
 			common.Topo = file
+
+			// Pass owner to deploy command if specified
+			if labOwner != "" {
+				// This will be picked up by the deploy command
+				os.Setenv("CLAB_OWNER", labOwner)
+			}
+
 			return deployCmd.RunE(deployCmd, nil)
 		}
 		if file == "" {
@@ -148,6 +156,9 @@ func init() {
 		"deploy a fabric based on the generated topology file")
 	generateCmd.Flags().UintVarP(&maxWorkers, "max-workers", "", 0,
 		"limit the maximum number of workers creating nodes and virtual wires")
+	// Add the owner flag to generate command
+	generateCmd.Flags().StringVarP(&labOwner, "owner", "", "",
+		"lab owner name (only for users in clab_admins group)")
 }
 
 func generateTopologyConfig(name, network, ipv4range, ipv6range string,

docs/cmd/deploy.md

@@ -143,6 +143,17 @@ The extended File ACLs are provisioned for the lab directory by default, unless
 
 While this is useful in most cases, sometimes extended File ACLs might prevent your lab from working, especially when your lab directory end up being mounted from the network filesystem (NFS, CIFS, etc.). In such cases, you can use this flag to skip the ACL provisioning.
 
+#### owner
+
+The local `--owner` flag allows you to specify a custom owner for the lab. This value will be applied as the owner label for all nodes in the lab.
+
+This flag is designed for multi-user environments where you need to track ownership of lab resources. Only users who are members of the `clab_admins` group can set a custom owner. If a non-admin user attempts to set an owner, the flag will be ignored with a warning, and the current user will be used as the owner instead.
+
+Example:
+```bash
+containerlab deploy -t mylab.clab.yml --owner alice
+```
+
 ### Environment variables
 
 #### `CLAB_RUNTIME`

docs/cmd/generate.md

@@ -18,7 +18,7 @@ It is assumed, that the interconnection between the tiers is done in a full-mesh
 
 #### name
 
-With the global `--name | -n` flag a user sets the name of the lab that will be generated.
+With the global `--name` flag a user sets the name of the lab that will be generated.
 
 #### nodes
 The user configures the CLOS fabric topology by using the `--nodes` flag. The flag value is a comma separated list of CLOS tiers where each tier is defined by the number of nodes, its kind and type. Multiple `--node` flags can be specified.
@@ -42,19 +42,19 @@ For example the following value will generate a 3-tier CLOS fabric of cEOS nodes
 
 ```bash
 # cEOS fabric
-containerlab gen -n 3tier --kind ceos --nodes 4,2,1
+containerlab gen --name 3tier --kind ceos --nodes 4,2,1
 
 # since SR Linux kind is assumed by default
 # SRL fabric command is even shorter
-containerlab gen -n 3tier --nodes 4,2,1
+containerlab gen --name 3tier --nodes 4,2,1
 ```
 
 #### image
 Use `--image` flag to specify the container image that should be used by a given kind.
 
 The value of this flag follows the `kind=image` pattern. For example, to set the container image `ceos:4.32.0F` for the `ceos` kind the flag will be: `--image ceos=ceos:4.32.0F`.
 
-To set images for multiple kinds repeat the flag: `--image srl=srlinux:latest --image ceos=ceos:4.32.0F` or use the comma separated form: `--image srl=srlinux:latest,ceos=ceos:latest`
+To set images for multiple kinds repeat the flag: `--image srl=ghcr.io/nokia/srlinux:latest --image ceos=ceos:4.32.0F` or use the comma separated form: `--image srl=ghcr.io/nokia/srlinux:latest,ceos=ceos:latest`
 
 If the kind information is not provided in the `image` flag, the kind value will be taken from the `--kind` flag.
 
@@ -96,6 +96,17 @@ Default: `clab`.
 #### ipv4-subnet | ipv6-subnet
 With `--ipv4-subnet` and `ipv6-subnet` it's possible to change the address ranges of the management network. Nodes will receive IP addresses from these ranges if they are configured with DHCP.
 
+#### owner
+
+With `--owner` flag you can specify a custom owner for the lab. This value will be applied as the owner label for all nodes in the lab.
+
+This flag is designed for multi-user environments where you need to track ownership of lab resources. Only users who are members of the `clab_admins` group can set a custom owner. If a non-admin user attempts to set an owner, the flag will be ignored with a warning, and the current user will be used as the owner instead.
+
+Example:
+```bash
+containerlab generate --name 3tier --nodes 8,4,2 --owner bob --deploy
+```
+
 ### Examples
 
 #### Generate topology for a 3-tier CLOS network
@@ -105,7 +116,7 @@ Generate and deploy a lab topology for 3-tier CLOS network with 8 leafs, 4 spine
     The `srl` kind in the image and license flags can be omitted, as it is implied by default
 
 ```bash
-containerlab generate --name 3tier --image srl=srlinux:latest \
+containerlab generate --name 3tier --image srl=ghcr.io/nokia/srlinux:latest \
                       --license srl=license.key \
                       --nodes 8,4,2 --deploy
 ```