Merge pull request #245 from kadel/user

Add support for user directive

pkg/transformer/kubernetes/k8sutils.go

@@ -23,6 +23,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"text/template"
 
@@ -286,12 +287,25 @@ func (k *Kubernetes) UpdateKubernetesObjects(name string, service kobject.Servic
 		template.Spec.Containers[0].WorkingDir = service.WorkingDir
 		template.Spec.Containers[0].VolumeMounts = volumesMount
 		template.Spec.Volumes = volumes
-		// Configure the container privileged mode
+
+		securityContext := &api.SecurityContext{}
 		if service.Privileged == true {
-			template.Spec.Containers[0].SecurityContext = &api.SecurityContext{
-				Privileged: &service.Privileged,
-			}
+			securityContext.Privileged = &service.Privileged
 		}
+		if service.User != "" {
+			uid, err := strconv.ParseInt(service.User, 10, 64)
+			if err != nil {
+				logrus.Warn("Ignoring user directive. User to be specified as a UID (numeric).")
+			} else {
+				securityContext.RunAsUser = &uid
+			}
+
+		}
+		// update template only if securityContext is not empty
+		if *securityContext != (api.SecurityContext{}) {
+			template.Spec.Containers[0].SecurityContext = securityContext
+		}
+
 		template.Spec.Containers[0].Ports = ports
 		template.ObjectMeta.Labels = transformer.ConfigLabels(name)
 		// Configure the container restart policy.

pkg/transformer/kubernetes/k8sutils_test.go

@@ -17,10 +17,12 @@ limitations under the License.
 package kubernetes
 
 import (
+	"strconv"
 	"testing"
 
 	"github.com/kubernetes-incubator/kompose/pkg/kobject"
 	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/extensions"
 )
 
 /*
@@ -49,7 +51,7 @@ func TestCreateService(t *testing.T) {
 		Expose:        []string{"expose"},   // not supported
 		Privileged:    true,
 		Restart:       "always",
-		User:          "user", // not supported
+		User:          "user",
 	}
 
 	// An example object generated via k8s runtime.Objects()
@@ -65,3 +67,51 @@ func TestCreateService(t *testing.T) {
 		t.Errorf("Expected port 123 upon conversion, actual %d", svc.Spec.Ports[0].Port)
 	}
 }
+
+/*
+	Test the creation of a service with a specified user.
+	The expected result is that Kompose will set user in PodSpec
+*/
+func TestCreateServiceWithServiceUser(t *testing.T) {
+
+	// An example service
+	service := kobject.ServiceConfig{
+		ContainerName: "name",
+		Image:         "image",
+		Environment:   []kobject.EnvVar{kobject.EnvVar{Name: "env", Value: "value"}},
+		Port:          []kobject.Ports{kobject.Ports{HostPort: 123, ContainerPort: 456, Protocol: api.ProtocolTCP}},
+		Command:       []string{"cmd"},
+		WorkingDir:    "dir",
+		Args:          []string{"arg1", "arg2"},
+		Volumes:       []string{"/tmp/volume"},
+		Network:       []string{"network1", "network2"}, // not supported
+		Labels:        nil,
+		Annotations:   map[string]string{"kompose.service.type": "nodeport"},
+		CPUSet:        "cpu_set",            // not supported
+		CPUShares:     1,                    // not supported
+		CPUQuota:      1,                    // not supported
+		CapAdd:        []string{"cap_add"},  // not supported
+		CapDrop:       []string{"cap_drop"}, // not supported
+		Expose:        []string{"expose"},   // not supported
+		Privileged:    true,
+		Restart:       "always",
+		User:          "1234",
+	}
+
+	komposeObject := kobject.KomposeObject{
+		ServiceConfigs: map[string]kobject.ServiceConfig{"app": service},
+	}
+	k := Kubernetes{}
+
+	objects := k.Transform(komposeObject, kobject.ConvertOptions{CreateD: true, Replicas: 1})
+
+	for _, obj := range objects {
+		if deploy, ok := obj.(*extensions.Deployment); ok {
+			uid := *deploy.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser
+			if strconv.FormatInt(uid, 10) != service.User {
+				t.Errorf("User in ServiceConfig is not matching user in PodSpec")
+			}
+		}
+	}
+
+}