From d9c28064610944ddfe538fccef43379ff1b76042 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 11 Jul 2024 11:53:29 +0200
Subject: [PATCH] test: check that kube generate/play restores the userns

validate that a "podman generate" and "podman play" cycle restores the
specified user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 test/system/700-play.bats | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/test/system/700-play.bats b/test/system/700-play.bats
index 6229a858d4..337108f817 100644
--- a/test/system/700-play.bats
+++ b/test/system/700-play.bats
@@ -1037,3 +1037,33 @@ spec:
     run_podman kube down $fname
     run_podman rmi $imgname
 }
+
+@test "podman kube restore user namespace" {
+    if ! is_rootless; then
+        grep -E -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'"
+    fi
+
+    run_podman pod create --userns auto --name usernspod
+    run_podman create --pod usernspod $IMAGE true
+
+    run_podman pod inspect --format {{.InfraContainerID}} usernspod
+    infraID="$output"
+
+    run_podman inspect --format '{{index .Config.Annotations "io.podman.annotations.userns"}}' $infraID
+    assert "$output" == "auto" "user namespace should be kept"
+
+    YAML=$PODMAN_TMPDIR/test.yml
+
+    # Make sure the same setting is restored if the pod is recreated from the yaml
+    run_podman kube generate usernspod -f $YAML
+    cat $YAML
+    run_podman kube play --replace $YAML
+
+    run_podman pod inspect --format {{.InfraContainerID}} usernspod
+    infraID="$output"
+
+    run_podman inspect --format '{{index .Config.Annotations "io.podman.annotations.userns"}}' $infraID
+    assert "$output" == "auto" "user namespace should be kept"
+
+    run_podman pod rm -f usernspod
+}