jenkinsci · Lerentis · Sep 7, 2024 · Sep 7, 2024 · Sep 8, 2024 · Sep 9, 2024
@@ -188,6 +188,8 @@ protected static MessageDigest getLabelDigestFunction() {
 
     private Long terminationGracePeriodSeconds;
 
+    private Long fsGroup;
+
     /**
      * Persisted yaml fragment
      */
@@ -912,6 +914,14 @@ public void setTerminationGracePeriodSeconds(Long terminationGracePeriodSeconds)
         this.terminationGracePeriodSeconds = terminationGracePeriodSeconds;
     }
 
+    public Long getFsGroup() {
+        return fsGroup;
+    }
+
+    public void setFsGroup(Long fsGroup) {
+        this.fsGroup = fsGroup;
+    }
+
     protected Object readResolve() {
         if (containers == null) {
             // upgrading from 0.8
@@ -1135,6 +1145,7 @@ public String toString() {
                 + (!privileged ? "" : ", privileged=" + privileged)
                 + (runAsUser == null ? "" : ", runAsUser=" + runAsUser)
                 + (runAsGroup == null ? "" : ", runAsGroup=" + runAsGroup)
+                + (fsGroup == null ? "" : " ,fsGroup=" + fsGroup)
                 + (!isHostNetwork() ? "" : ", hostNetwork=" + hostNetwork)
                 + (!alwaysPullImage ? "" : ", alwaysPullImage=" + alwaysPullImage)
                 + (command == null ? "" : ", command='" + command + '\'')

@@ -279,7 +279,8 @@ public Pod build() {
         Long runAsUser = template.getRunAsUserAsLong();
         Long runAsGroup = template.getRunAsGroupAsLong();
         String supplementalGroups = template.getSupplementalGroups();
-        if (runAsUser != null || runAsGroup != null || supplementalGroups != null) {
+        Long fsGroup = template.getFsGroup();
+        if (runAsUser != null || runAsGroup != null || supplementalGroups != null || fsGroup != null) {
             var securityContext = builder.editOrNewSecurityContext();
             if (runAsUser != null) {
                 securityContext.withRunAsUser(runAsUser);
@@ -290,6 +291,9 @@ public Pod build() {
             if (supplementalGroups != null) {
                 securityContext.withSupplementalGroups(parseSupplementalGroupList(supplementalGroups));
             }
+            if (fsGroup != null) {
+                securityContext.withFsGroup(fsGroup);
+            }
             securityContext.endSecurityContext();
         }
 

@@ -435,6 +435,22 @@ public static Pod combine(Pod parent, Pod template) {
                                                     .getSecurityContext()
                                                     .getRunAsGroup()
                                             : null))
+                    .withFsGroup(
+                            template.getSpec().getSecurityContext() != null
+                                            && template.getSpec()
+                                                            .getSecurityContext()
+                                                            .getFsGroup()
+                                                    != null
+                                    ? template.getSpec().getSecurityContext().getFsGroup()
+                                    : (parent.getSpec().getSecurityContext() != null
+                                                    && parent.getSpec()
+                                                                    .getSecurityContext()
+                                                                    .getFsGroup()
+                                                            != null
+                                            ? parent.getSpec()
+                                                    .getSecurityContext()
+                                                    .getFsGroup()
+                                            : null))
                     .endSecurityContext();
         }
 

@@ -106,6 +106,9 @@ public class PodTemplateStep extends Step implements Serializable {
     @CheckForNull
     private String supplementalGroups;
 
+    @CheckForNull
+    private String fsGroup;
+
     @DataBoundConstructor
     public PodTemplateStep() {}
 
@@ -415,6 +418,16 @@ public void setSupplementalGroups(@CheckForNull String supplementalGroups) {
         this.supplementalGroups = Util.fixEmpty(supplementalGroups);
     }
 
+    @CheckForNull
+    public String getFsGroup() {
+        return this.fsGroup;
+    }
+
+    @DataBoundSetter
+    public void setFsGroup(String fsGroup) {
+        this.fsGroup = fsGroup;
+    }
+
     @Extension
     public static class DescriptorImpl extends StepDescriptor {
 
@@ -436,7 +449,8 @@ public static class DescriptorImpl extends StepDescriptor {
             "serviceAccount",
             "nodeSelector",
             "workingDir",
-            "workspaceVolume"
+            "workspaceVolume",
+            "fsGroup"
         };
 
         public DescriptorImpl() {

@@ -147,6 +147,10 @@ public boolean start() throws Exception {
             newTemplate.setActiveDeadlineSeconds(step.getActiveDeadlineSeconds());
         }
 
+        if (step.getFsGroup() != null) {
+            newTemplate.setFsGroup(Long.valueOf(step.getFsGroup()));
+        }
+
         for (ContainerTemplate container : newTemplate.getContainers()) {
             if (!PodTemplateUtils.validateContainerName(container.getName())) {
                 throw new AbortException(Messages.RFC1123_error(container.getName()));

@@ -130,4 +130,8 @@ THE SOFTWARE.
 
   <f:descriptorList title="${%Node Properties}" descriptors="${h.getNodePropertyDescriptors(descriptor.clazz)}" field="nodeProperties" />
 
+  <f:entry field="fsGroup" title="${%FS Group ID}">
+    <f:textbox/>
+  </f:entry>
+
 </j:jelly>
@@ -0,0 +1 @@
+Specify the gid for the filesystem.
@@ -83,5 +83,8 @@
         <f:entry field="workspaceVolume" title="${%Workspace Volume}">
             <f:dropdownDescriptorSelector field="workspaceVolume" default="${descriptor.defaultWorkspaceVolume}"/>
         </f:entry>
+        <f:entry field="fsGroup" title="${%FS Group ID}">
+          <f:textbox/>
+        </f:entry>
 	</f:advanced>
 </j:jelly>
@@ -0,0 +1 @@
+Specify the gid for the filesystem.