From c6b5b9a02c93d4b39a1a86094b7f9819974f87f1 Mon Sep 17 00:00:00 2001
From: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Date: Wed, 12 Jul 2023 14:26:14 +0900
Subject: [PATCH] remote: fix podman-remote play kube --userns

Fix `podman play kube --userns` to work in remote environment.

Related: #17392

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
---
 pkg/api/handlers/libpod/kube.go |  2 ++
 pkg/api/server/register_kube.go |  4 ++++
 test/e2e/play_kube_test.go      | 19 +++++++++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/pkg/api/handlers/libpod/kube.go b/pkg/api/handlers/libpod/kube.go
index b1575700e5..402a6f8d77 100644
--- a/pkg/api/handlers/libpod/kube.go
+++ b/pkg/api/handlers/libpod/kube.go
@@ -28,6 +28,7 @@ func KubePlay(w http.ResponseWriter, r *http.Request) {
 		StaticIPs        []string          `schema:"staticIPs"`
 		StaticMACs       []string          `schema:"staticMACs"`
 		NoHosts          bool              `schema:"noHosts"`
+		Userns           string            `schema:"userns"`
 		PublishPorts     []string          `schema:"publishPorts"`
 		NoTrunc          bool              `schema:"noTrunc"`
 		Wait             bool              `schema:"wait"`
@@ -98,6 +99,7 @@ func KubePlay(w http.ResponseWriter, r *http.Request) {
 		StaticIPs:          staticIPs,
 		StaticMACs:         staticMACs,
 		IsRemote:           true,
+		Userns:             query.Userns,
 		PublishPorts:       query.PublishPorts,
 		Wait:               query.Wait,
 		ServiceContainer:   query.ServiceContainer,
diff --git a/pkg/api/server/register_kube.go b/pkg/api/server/register_kube.go
index 22c30ad656..3889d9a1e3 100644
--- a/pkg/api/server/register_kube.go
+++ b/pkg/api/server/register_kube.go
@@ -63,6 +63,10 @@ func (s *APIServer) registerKubeHandlers(r *mux.Router) error {
 	//    type: boolean
 	//    default: false
 	//    description: use annotations that are not truncated to the Kubernetes maximum length of 63 characters
+	//  - in: query
+	//    name: userns
+	//    type: string
+	//    description: Set the user namespace mode for the pods.
 	//  - in: body
 	//    name: request
 	//    description: Kubernetes YAML file.
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 635108b7ff..bbfe91ec11 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -4580,6 +4580,25 @@ ENV OPENJ9_JAVA_OPTIONS=%q
 		Expect(usernsInCtr).Should(Exit(0))
 		Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig))))
 
+		kube = podmanTest.PodmanNoCache([]string{"play", "kube", "--replace", "--userns=keep-id", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		usernsInCtr = podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "id", "-u"})
+		usernsInCtr.WaitWithDefaultTimeout()
+		Expect(usernsInCtr).Should(Exit(0))
+		uid := fmt.Sprintf("%d", os.Geteuid())
+		Expect(string(usernsInCtr.Out.Contents())).To(ContainSubstring(uid))
+
+		kube = podmanTest.PodmanNoCache([]string{"play", "kube", "--replace", "--userns=keep-id:uid=10,gid=12", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		usernsInCtr = podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "sh", "-c", "echo $(id -u):$(id -g)"})
+		usernsInCtr.WaitWithDefaultTimeout()
+		Expect(usernsInCtr).Should(Exit(0))
+		Expect(string(usernsInCtr.Out.Contents())).To(ContainSubstring("10:12"))
+
 		// Now try with hostUsers in the pod spec
 		for _, hostUsers := range []bool{true, false} {
 			pod = getPod(withHostUsers(hostUsers))