Run tests in Docker as non-root user

Makefile

@@ -355,7 +355,7 @@ check: flake8 pep8 # pyflakes pylint
 awx-link:
 	cp -R /tmp/awx.egg-info /awx_devel/ || true
 	sed -i "s/placeholder/$(shell git describe --long | sed 's/\./\\./g')/" /awx_devel/awx.egg-info/PKG-INFO
-	cp /tmp/awx.egg-link /venv/awx/lib/python2.7/site-packages/awx.egg-link
+	cp -f /tmp/awx.egg-link /venv/awx/lib/python2.7/site-packages/awx.egg-link
 
 TEST_DIRS ?= awx/main/tests/unit awx/main/tests/functional awx/conf/tests awx/sso/tests
 
@@ -565,7 +565,7 @@ docker-compose-test: docker-auth
 	cd tools && TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose run --rm --service-ports awx /bin/bash
 
 docker-compose-runtest:
-	cd tools && TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose run --rm --service-ports awx /start_tests.sh
+	cd tools && TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose run --user=$(shell id -u) --rm --service-ports awx /start_tests.sh
 
 docker-compose-clean:
 	cd tools && TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose run --rm -w /awx_devel --service-ports awx make clean
@@ -575,7 +575,7 @@ docker-compose-build: awx-devel-build
 
 # Base development image build
 awx-devel-build:
-	docker build -t ansible/awx_devel -f tools/docker-compose/Dockerfile .
+	docker build -t ansible/awx_devel --build-arg UID=$(shell id -u) -f tools/docker-compose/Dockerfile .
 	docker tag ansible/awx_devel $(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG)
 	#docker push $(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG)
 

tools/docker-compose/Dockerfile

@@ -1,24 +1,39 @@
 FROM centos:7
 
+ARG UID=0
+
 ADD Makefile /tmp/Makefile
+
 RUN mkdir /tmp/requirements
-ADD requirements/requirements.txt \
-requirements/requirements_git.txt \
-requirements/requirements_ansible.txt \
-requirements/requirements_ansible_git.txt \
-requirements/requirements_dev.txt \
-requirements/requirements_ansible_uninstall.txt \
-requirements/requirements_tower_uninstall.txt \
-/tmp/requirements/
+
 RUN yum -y update && yum -y install curl epel-release && yum -y install https://centos7.iuscommunity.org/ius-release.rpm
-RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
 RUN yum -y localinstall http://download.postgresql.org/pub/repos/yum/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-3.noarch.rpm
-RUN yum -y update && yum -y install openssh-server ansible mg vim tmux git2u-core mercurial subversion python-devel python-psycopg2 make postgresql postgresql-devel nginx nodejs python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel zeromq-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel rabbitmq-server bubblewrap zanata-python-client gettext gcc-c++ libcurl-devel python-pycurl bzip2 python-crypto rsync
+RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
+
+RUN yum -y update && yum -y install openssh-server ansible mg vim tmux \
+  git2u-core mercurial subversion python-devel python-psycopg2 make postgresql \
+  postgresql-devel nginx nodejs python-psutil libxml2-devel libxslt-devel \
+  libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel \
+  zeromq-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 \
+  xmlsec1-openssl-devel libtool-ltdl-devel rabbitmq-server bubblewrap \
+  zanata-python-client gettext gcc-c++ libcurl-devel python-pycurl bzip2 \
+  python-crypto rsync
+
 RUN pip install virtualenv
 RUN /usr/bin/ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa
 RUN mkdir -p /data/db
 RUN pip2 install honcho
 RUN pip2 install supervisor
+
+ADD requirements/requirements.txt \
+  requirements/requirements_git.txt \
+  requirements/requirements_ansible.txt \
+  requirements/requirements_ansible_git.txt \
+  requirements/requirements_dev.txt \
+  requirements/requirements_ansible_uninstall.txt \
+  requirements/requirements_tower_uninstall.txt \
+  /tmp/requirements/
+
 ADD tools/docker-compose/awx.egg-link /tmp/awx.egg-link
 ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage
 ADD tools/docker-compose/awx.egg-info /tmp/awx.egg-info
@@ -30,6 +45,8 @@ RUN ln -s /awx_devel/tools/docker-compose/bootstrap_development.sh /bootstrap_de
 RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost"
 RUN openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt
 WORKDIR /tmp
+
+RUN mkdir -p /venv && chmod g+w /venv
 RUN CFLAGS="-DXMLSEC_NO_SIZE_T" SWIG_FEATURES="-cpperraswarn -includeall -D__`uname -m`__ -I/usr/include/openssl" VENV_BASE="/venv" make requirements_dev
 RUN localedef -c -i en_US -f UTF-8 en_US.UTF-8
 ENV LANG en_US.UTF-8
@@ -41,3 +58,11 @@ WORKDIR /
 EXPOSE 8043 8013 8080 22
 ENTRYPOINT ["/tini", "--"]
 CMD /start_development.sh
+
+RUN touch /venv/awx/lib/python2.7/site-packages/awx.egg-link
+RUN chmod g+rwx /venv/awx/lib/python2.7/site-packages/awx.egg-link
+
+RUN chmod g+w /etc/passwd
+RUN mkdir -p /projects && chmod g+w /projects
+
+USER ${UID}

tools/docker-compose/start_development.sh

@@ -1,6 +1,12 @@
 #!/bin/bash
 set +x
 
+if [ `id -u` -ge 500 ]; then
+    echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd
+    cat /tmp/passwd > /etc/passwd
+    rm /tmp/passwd
+fi
+
 /bootstrap_development.sh
 
 cd /awx_devel

tools/docker-compose/start_tests.sh

@@ -1,4 +1,12 @@
+#!/bin/bash
 set +x
+
+if [ `id -u` -ge 500 ]; then
+    echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd
+    cat /tmp/passwd > /etc/passwd
+    rm /tmp/passwd
+fi
+
 cd /awx_devel
 make clean
 cp -R /tmp/awx.egg-info /awx_devel/ || true