From a8c78d13596e4152d54420705b7fa4ee393d0cbe Mon Sep 17 00:00:00 2001
From: James Sturtevant <jstur@microsoft.com>
Date: Wed, 30 Jan 2019 16:09:04 -0800
Subject: [PATCH] Windows: Sets the effective SecurityContext's RunAsUserName

Co-Authored-By: Claudiu Belu <cbelu@cloudbasesolutions.com>
---
 pkg/kubelet/kuberuntime/kuberuntime_container_windows.go | 5 +++++
 pkg/securitycontext/util.go                              | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go b/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go
index e99660c3c2f..6f858b7482e 100644
--- a/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go
+++ b/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go
@@ -102,5 +102,10 @@ func (m *kubeGenericRuntimeManager) generateWindowsContainerConfig(container *v1
 		wc.SecurityContext.CredentialSpec = *effectiveSc.WindowsOptions.GMSACredentialSpec
 	}
 
+	// override with Windows options if present
+	if effectiveSc.WindowsOptions != nil && effectiveSc.WindowsOptions.RunAsUserName != nil {
+		wc.SecurityContext.RunAsUsername = *effectiveSc.WindowsOptions.RunAsUserName
+	}
+
 	return wc, nil
 }
diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go
index 6a012076dc9..f399dca3f8c 100644
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@@ -76,6 +76,9 @@ func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1
 			effectiveSc.WindowsOptions.GMSACredentialSpecName = containerSc.WindowsOptions.GMSACredentialSpecName
 			effectiveSc.WindowsOptions.GMSACredentialSpec = containerSc.WindowsOptions.GMSACredentialSpec
 		}
+		if containerSc.WindowsOptions.RunAsUserName != nil {
+			effectiveSc.WindowsOptions.RunAsUserName = containerSc.WindowsOptions.RunAsUserName
+		}
 	}
 
 	if containerSc.Capabilities != nil {