Add node e2e tests for runAsUser

2025-11-04 12:18:16 +00:00 · 2017-06-29 09:17:14 +08:00
parent b353792f9c
commit 00eeb7f53a
1 changed files with 41 additions and 0 deletions
--- a/test/e2e_node/security_context_test.go
+++ b/test/e2e_node/security_context_test.go
@@ -274,4 +274,45 @@ var _ = framework.KubeDescribe("Security Context", func() {
 		})
 	})

+	Context("When creating a container with runAsUser", func() {
+		makeUserPod := func(podName, image string, command []string, userid int64) *v1.Pod {
+			return &v1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: podName,
+				},
+				Spec: v1.PodSpec{
+					RestartPolicy: v1.RestartPolicyNever,
+					Containers: []v1.Container{
+						{
+							Image:   image,
+							Name:    podName,
+							Command: command,
+							SecurityContext: &v1.SecurityContext{
+								RunAsUser: &userid,
+							},
+						},
+					},
+				},
+			}
+		}
+		createAndWaitUserPod := func(userid int64) {
+			podName := fmt.Sprintf("busybox-user-%d-%s", userid, uuid.NewUUID())
+			podClient.Create(makeUserPod(podName,
+				"gcr.io/google_containers/busybox:1.24",
+				[]string{"sh", "-c", fmt.Sprintf("test $(id -u) -eq %d", userid)},
+				userid,
+			))
+
+			podClient.WaitForSuccess(podName, framework.PodStartTimeout)
+		}
+
+		It("should run the container with uid 65534", func() {
+			createAndWaitUserPod(65534)
+		})
+
+		It("should run the container with uid 0", func() {
+			createAndWaitUserPod(0)
+		})
+
+	})
 })