Merge pull request #46336 from feiskyer/runAsUser

Automatic merge from submit-queue (batch tested with PRs 46336, 47643) Add node e2e tests for runAsUser **What this PR does / why we need it**: This PR adds node e2e tests for runAsUser. **Which issue this PR fixes** Part of #44118. **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
2017-06-29 16:20:30 -07:00 · 2017-06-29 16:20:30 -07:00 · 786407cbfd
parent dc2b4e790d 00eeb7f53a
commit 786407cbfd
1 changed files with 41 additions and 0 deletions
--- a/test/e2e_node/security_context_test.go
+++ b/test/e2e_node/security_context_test.go
@ -274,4 +274,45 @@ var _ = framework.KubeDescribe("Security Context", func() {
 		})
 	})

+	Context("When creating a container with runAsUser", func() {
+		makeUserPod := func(podName, image string, command []string, userid int64) *v1.Pod {
+			return &v1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: podName,
+				},
+				Spec: v1.PodSpec{
+					RestartPolicy: v1.RestartPolicyNever,
+					Containers: []v1.Container{
+						{
+							Image:   image,
+							Name:    podName,
+							Command: command,
+							SecurityContext: &v1.SecurityContext{
+								RunAsUser: &userid,
+							},
+						},
+					},
+				},
+			}
+		}
+		createAndWaitUserPod := func(userid int64) {
+			podName := fmt.Sprintf("busybox-user-%d-%s", userid, uuid.NewUUID())
+			podClient.Create(makeUserPod(podName,
+				"gcr.io/google_containers/busybox:1.24",
+				[]string{"sh", "-c", fmt.Sprintf("test $(id -u) -eq %d", userid)},
+				userid,
+			))
+
+			podClient.WaitForSuccess(podName, framework.PodStartTimeout)
+		}
+
+		It("should run the container with uid 65534", func() {
+			createAndWaitUserPod(65534)
+		})
+
+		It("should run the container with uid 0", func() {
+			createAndWaitUserPod(0)
+		})
+
+	})
 })