From 00eeb7f53a8ac67d6f89543a709af16b6e43f29b Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Thu, 29 Jun 2017 09:17:14 +0800 Subject: [PATCH] Add node e2e tests for runAsUser --- test/e2e_node/security_context_test.go | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/test/e2e_node/security_context_test.go b/test/e2e_node/security_context_test.go index 56676d54de8..d79830f4754 100644 --- a/test/e2e_node/security_context_test.go +++ b/test/e2e_node/security_context_test.go @@ -274,4 +274,45 @@ var _ = framework.KubeDescribe("Security Context", func() { }) }) + Context("When creating a container with runAsUser", func() { + makeUserPod := func(podName, image string, command []string, userid int64) *v1.Pod { + return &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: podName, + }, + Spec: v1.PodSpec{ + RestartPolicy: v1.RestartPolicyNever, + Containers: []v1.Container{ + { + Image: image, + Name: podName, + Command: command, + SecurityContext: &v1.SecurityContext{ + RunAsUser: &userid, + }, + }, + }, + }, + } + } + createAndWaitUserPod := func(userid int64) { + podName := fmt.Sprintf("busybox-user-%d-%s", userid, uuid.NewUUID()) + podClient.Create(makeUserPod(podName, + "gcr.io/google_containers/busybox:1.24", + []string{"sh", "-c", fmt.Sprintf("test $(id -u) -eq %d", userid)}, + userid, + )) + + podClient.WaitForSuccess(podName, framework.PodStartTimeout) + } + + It("should run the container with uid 65534", func() { + createAndWaitUserPod(65534) + }) + + It("should run the container with uid 0", func() { + createAndWaitUserPod(0) + }) + + }) })