client icon indicating copy to clipboard operation
client copied to clipboard

Published 20 hours ago verified publisher icon knative

Populate container.SecurityContext.RunAsUser when --user flag is used

Open vyasgun opened this issue 1 year ago • 2 comments

Description

Changes

  • Setting container's RunAsUser field based on the --user flag at the end so it does not reinitialize the security context

Reference

Fixes #1926

Release Note

vyasgun avatar Mar 21 '24 12:03 vyasgun

Codecov Report

Attention: Patch coverage is 71.42857% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 76.83%. Comparing base (9ef220c) to head (34e2c3f). Report is 7 commits behind head on main.

Files Patch % Lines
pkg/kn/flags/podspec.go 50.00% 1 Missing and 1 partial :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1927      +/-   ##
==========================================
+ Coverage   74.58%   76.83%   +2.25%     
==========================================
  Files         207      207              
  Lines       15563    12753    -2810     
==========================================
- Hits        11607     9799    -1808     
+ Misses       3167     2165    -1002     
  Partials      789      789

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Mar 21 '24 13:03 codecov[bot]

It would be nice to have a simple unit tests for the change.

dsimansk avatar Mar 27 '24 09:03 dsimansk

@vyasgun gentle ping. If you could check my comments, pls. I'd like to make sure both --user flag and --security-context flags understand each other.

dsimansk avatar Apr 10 '24 13:04 dsimansk

Thanks for the review, @dsimansk! Updated the PR with a small change which will test both flags together.

vyasgun avatar Apr 12 '24 12:04 vyasgun

/approve /lgtm

dsimansk avatar Apr 17 '24 08:04 dsimansk

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dsimansk, vyasgun

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • ~~OWNERS~~ [dsimansk,vyasgun]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

knative-prow[bot] avatar Apr 17 '24 08:04 knative-prow[bot]

/retest

dsimansk avatar Apr 17 '24 09:04 dsimansk

@vyasgun I still have a small hesitation how to fix the issue actually. Maybe the --security-context should behave differently. To be able to merge with existing values etc.

dsimansk avatar Apr 17 '24 09:04 dsimansk