fix: getUIDandGID is able to resolve non-existing users and groups

[hown3d]

Signed-off-by: Höhl, Lukas [email protected]

Fixes #1456

Description
A common pattern in dockerfiles is to provide a plain uid and gid number, which doesn't neccesarily exist inside the os.

Currently, an error accurs, specifying, that the user and group doesn't exist.
This PR changes the logic to lookup the users and groups only if the chown command can't be parsed into a valid uint32.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes unit tests
• Adds integration tests if needed.

Reviewer Notes

• The code flow looks good.
• Unit tests and or integration tests added.

Release Notes

chown flag in Dockerfile COPY statement can specify non-existing user/group

[imjasonh]

In this case I'd love to have an integration test Dockerfile that chowns to a non-existent user, then checks later that it's owned by that user, even though that user doesn't exist. Do you think that's something we could add to this PR?

Otherwise, this looks great, and thank you so much for working on this! 👍

[hown3d]

In this case I'd love to have an integration test Dockerfile that chowns to a non-existent user, then checks later that it's owned by that user, even though that user doesn't exist. Do you think that's something we could add to this PR?

Otherwise, this looks great, and thank you so much for working on this! 👍

I added a Dockerfile, is there something I need to configure inside the integration tests themself?

[hown3d]

@imjasonh This should be ready to go now, added some more tests for other functions involving the user retrieval process.

[hown3d]

I'm currently stuck regarding an issue building this dockerfile
All action in kaniko are executed as root, right? How does it come, that opening a file (as root), which got created in a previous stage, can be denied by the kernel? File permissions on the created file are 420. Isn’t root able to open all files, regardless of permissions and ownership?
I’m running into an access denied error from os.Create like https://github.com/GoogleContainerTools/kaniko/runs/6782183403?check_suite_focus=true#step:6:118 all the time, which is thrown here:

kaniko/pkg/util/fs_util.go

Line 549 in 1395e46

dest, err := os.Create(path)

Maybe a second pair of eyes can spot the mistake, since I don't know why this error appears.

The error can't be reproduced on my WSL workstation, but appears in the github actions and mac running the integration tests.

[msuperina]

@imjasonh Thank you for approving this MR. I am struggling to find info about which release this fix would land in, any chance you could advise ? I can see MR for #2117 but this fix is not highlighted there - I am possibly mistaken though...

[gabyx]

Great!