builder/docker: set user during exec.

Add `exec_user` option to control what user `docker exec` is run as.
2017-09-28 16:37:33 -07:00 · 2017-09-28 16:37:33 -07:00 · b3661c1f63
parent 3998a07086
commit b3661c1f63
3 changed files with 28 additions and 10 deletions
--- a/builder/docker/communicator.go
+++ b/builder/docker/communicator.go
@ -27,13 +27,26 @@ type Communicator struct {
 }

 func (c *Communicator) Start(remote *packer.RemoteCmd) error {
-	var cmd *exec.Cmd
-	if c.Config.Pty {
-		cmd = exec.Command("docker", "exec", "-i", "-t", c.ContainerID, "/bin/sh", "-c", fmt.Sprintf("(%s)", remote.Command))
-	} else {
-		cmd = exec.Command("docker", "exec", "-i", c.ContainerID, "/bin/sh", "-c", fmt.Sprintf("(%s)", remote.Command))
+	dockerArgs := []string{
+		"exec",
+		"-i",
+		c.ContainerID,
+		"/bin/sh",
+		"-c",
+		fmt.Sprintf("(%s)", remote.Command),
 	}

+	if c.Config.Pty {
+		dockerArgs = append(dockerArgs[:2], append([]string{"-t"}, dockerArgs[2:]...)...)
+	}
+
+	if c.Config.ExecUser != "" {
+		dockerArgs = append(dockerArgs[:2],
+			append([]string{"-u", c.Config.ExecUser}, dockerArgs[2:]...)...)
+	}
+
+	cmd := exec.Command("docker", dockerArgs...)
+
 	var (
 		stdin_w io.WriteCloser
 		err     error
--- a/builder/docker/config.go
+++ b/builder/docker/config.go
@ -23,19 +23,20 @@ type Config struct {
 	common.PackerConfig `mapstructure:",squash"`
 	Comm                communicator.Config `mapstructure:",squash"`

+	Author       string
+	Changes      []string
 	Commit       bool
+	ContainerDir string `mapstructure:"container_dir"`
 	Discard      bool
+	ExecUser     string `mapstructure:"exec_user"`
 	ExportPath   string `mapstructure:"export_path"`
 	Image        string
+	Message      string
+	Privileged   bool `mapstructure:"privileged"`
 	Pty          bool
 	Pull         bool
 	RunCommand   []string `mapstructure:"run_command"`
 	Volumes      map[string]string
-	Privileged   bool `mapstructure:"privileged"`
-	Author       string
-	Changes      []string
-	Message      string
-	ContainerDir string `mapstructure:"container_dir"`

 	// This is used to login to dockerhub to pull a private base container. For
 	// pushing to dockerhub, see the docker post-processors
--- a/website/source/docs/builders/docker.html.md
+++ b/website/source/docs/builders/docker.html.md
@ -174,6 +174,10 @@ You must specify (only) one of `commit`, `discard`, or `export_path`.
    `login_password` will be ignored. For more information see the
    [section on ECR](#amazon-ec2-container-registry).

+*   `exec_user` (string) - Username or UID (format: <name|uid>[:<group|gid>])
+    to run remote commands with. You may need this if you get permission errors
+    trying to run the `shell` or other  provisioners.
+
 -   `login` (boolean) - Defaults to false. If true, the builder will login in
    order to pull the image. The builder only logs in for the duration of
    the pull. It always logs out afterwards. For log into ECR see `ecr_login`.