From 6c356a5c75208d970f886b2f14b7dc5b58a0ed86 Mon Sep 17 00:00:00 2001
From: Rodrigo Campos <rodrigoca@microsoft.com>
Date: Wed, 7 Feb 2024 10:54:53 +0100
Subject: [PATCH 1/2] cri: Expose userns in PodSandboxStatus rpc

We added support for userns but we weren't showing it in the
podSandboxStatus.

Let's just show the whole nsOpts, so we don't forget in the future
either if something else inside there changes.

Please note that this will expose the content of nsOpts.TargetId that we
weren't exposing before. But that seemed like a bug to me.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>

Maybe this is better?
---
 internal/cri/server/sandbox_status.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/internal/cri/server/sandbox_status.go b/internal/cri/server/sandbox_status.go
index b0c1f728f..0f4da8a31 100644
--- a/internal/cri/server/sandbox_status.go
+++ b/internal/cri/server/sandbox_status.go
@@ -134,11 +134,7 @@ func toCRISandboxStatus(meta sandboxstore.Metadata, status string, createdAt tim
 		},
 		Linux: &runtime.LinuxPodSandboxStatus{
 			Namespaces: &runtime.Namespace{
-				Options: &runtime.NamespaceOption{
-					Network: nsOpts.GetNetwork(),
-					Pid:     nsOpts.GetPid(),
-					Ipc:     nsOpts.GetIpc(),
-				},
+				Options: nsOpts,
 			},
 		},
 		Labels:         meta.Config.GetLabels(),

From 06ed897b22d1a5c1a700ce3b2e9da4b349620c27 Mon Sep 17 00:00:00 2001
From: Rodrigo Campos <rodrigoca@microsoft.com>
Date: Wed, 7 Feb 2024 15:33:20 +0100
Subject: [PATCH 2/2] cri/server: Add userns tests in PodSandboxStatus

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
---
 internal/cri/server/sandbox_status_test.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/internal/cri/server/sandbox_status_test.go b/internal/cri/server/sandbox_status_test.go
index 3516ab8d3..194dce364 100644
--- a/internal/cri/server/sandbox_status_test.go
+++ b/internal/cri/server/sandbox_status_test.go
@@ -31,6 +31,13 @@ func TestPodSandboxStatus(t *testing.T) {
 		id = "test-id"
 		ip = "10.10.10.10"
 	)
+	idmap := []*runtime.IDMapping{
+		{
+			ContainerId: 0,
+			HostId:      100,
+			Length:      1,
+		},
+	}
 	additionalIPs := []string{"8.8.8.8", "2001:db8:85a3::8a2e:370:7334"}
 	createdAt := time.Now()
 	config := &runtime.PodSandboxConfig{
@@ -46,6 +53,11 @@ func TestPodSandboxStatus(t *testing.T) {
 					Network: runtime.NamespaceMode_NODE,
 					Pid:     runtime.NamespaceMode_CONTAINER,
 					Ipc:     runtime.NamespaceMode_POD,
+					UsernsOptions: &runtime.UserNamespace{
+						Uids: idmap,
+						Gids: idmap,
+						Mode: runtime.NamespaceMode_POD,
+					},
 				},
 			},
 		},
@@ -80,6 +92,11 @@ func TestPodSandboxStatus(t *testing.T) {
 					Network: runtime.NamespaceMode_NODE,
 					Pid:     runtime.NamespaceMode_CONTAINER,
 					Ipc:     runtime.NamespaceMode_POD,
+					UsernsOptions: &runtime.UserNamespace{
+						Uids: idmap,
+						Gids: idmap,
+						Mode: runtime.NamespaceMode_POD,
+					},
 				},
 			},
 		},