From 48c612cf6671c918e8f11e836de8c6172bd73663 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <rothberg@redhat.com>
Date: Tue, 9 Feb 2021 14:12:06 +0100
Subject: generate kube: support --privileged

Do not play with capabilities for privileged containers where all
capabilities will be set implicitly.

Also, avoid the device check when running privileged since all of /dev/*
will be mounted in any case.

Fixes: #8897
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
---
 test/e2e/generate_kube_test.go | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

(limited to 'test/e2e')

diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index bcfab0f68..cd949c666 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -699,4 +699,39 @@ ENTRYPOINT /bin/sleep`
 		Expect(containers[0].Command).To(Equal([]string{"/bin/sh", "-c", "/bin/sleep"}))
 		Expect(containers[0].Args).To(Equal([]string{"10s"}))
 	})
+
+	It("podman generate kube - --privileged container", func() {
+		session := podmanTest.Podman([]string{"create", "--pod", "new:testpod", "--privileged", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		kube := podmanTest.Podman([]string{"generate", "kube", "testpod"})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		// Now make sure that the capabilities aren't set.
+		pod := new(v1.Pod)
+		err := yaml.Unmarshal(kube.Out.Contents(), pod)
+		Expect(err).To(BeNil())
+
+		containers := pod.Spec.Containers
+		Expect(len(containers)).To(Equal(1))
+		Expect(containers[0].SecurityContext.Capabilities).To(BeNil())
+
+		// Now make sure we can also `play` it.
+		kubeFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
+
+		kube = podmanTest.Podman([]string{"generate", "kube", "testpod", "-f", kubeFile})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		// Remove the pod so play can recreate it.
+		kube = podmanTest.Podman([]string{"pod", "rm", "-f", "testpod"})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		kube = podmanTest.Podman([]string{"play", "kube", kubeFile})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+	})
 })
-- 
cgit v1.2.3-54-g00ecf