From 23b7042dd575d0fe4352a6ae614b7c8b34aa4fde Mon Sep 17 00:00:00 2001
From: Chelsea Holland Komlo <me@chelseakomlo.com>
Date: Mon, 4 Dec 2017 14:12:30 -0500
Subject: [PATCH 1/3] add ability to specify user for rkt

---
 CHANGELOG.md         | 1 +
 client/driver/rkt.go | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index caf493a94357..51d6229eedc5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ IMPROVEMENTS:
  * driver/docker: Adds support for `ulimit` and `sysctl` options [GH-3568]
  * driver/docker: Adds support for StopTimeout (set to the same value as
    kill_timeout [GH-3601]
+ * driver/rkt: Add support for passing through user [GH-3612]
  * driver/qemu: Support graceful shutdowns on unix platforms [GH-3411]
  * template: Updated to consul template 0.19.4 [GH-3543]
  * core/enterprise: Return 501 status code in Nomad Pro for Premium end points
diff --git a/client/driver/rkt.go b/client/driver/rkt.go
index 206d5f94fc05..4af31126a06a 100644
--- a/client/driver/rkt.go
+++ b/client/driver/rkt.go
@@ -569,6 +569,11 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse,
 
 	}
 
+	// If a user has been specified for the task, pass it through to the user
+	if task.User != "" {
+		prepareArgs = append(prepareArgs, fmt.Sprintf("--user=%s", task.User))
+	}
+
 	// Add user passed arguments.
 	if len(driverConfig.Args) != 0 {
 		parsed := ctx.TaskEnv.ParseAndReplace(driverConfig.Args)

From 723e47c98c9a666312885b95c248565648e1aaab Mon Sep 17 00:00:00 2001
From: Chelsea Holland Komlo <me@chelseakomlo.com>
Date: Mon, 4 Dec 2017 18:01:31 -0500
Subject: [PATCH 2/3] remove unused user option

---
 client/driver/rkt.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/client/driver/rkt.go b/client/driver/rkt.go
index 4af31126a06a..8c091d2ea077 100644
--- a/client/driver/rkt.go
+++ b/client/driver/rkt.go
@@ -637,7 +637,6 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse,
 	execCmd := &executor.ExecCommand{
 		Cmd:  absPath,
 		Args: runArgs,
-		User: task.User,
 	}
 	ps, err := execIntf.LaunchCmd(execCmd)
 	if err != nil {

From c4e1dc339dcb14faf5810cb918718bf981297cd4 Mon Sep 17 00:00:00 2001
From: Chelsea Holland Komlo <me@chelseakomlo.com>
Date: Tue, 5 Dec 2017 10:12:40 -0500
Subject: [PATCH 3/3] fix up test

---
 client/driver/rkt_test.go | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/client/driver/rkt_test.go b/client/driver/rkt_test.go
index c41f749edc51..d492aa2ea8d6 100644
--- a/client/driver/rkt_test.go
+++ b/client/driver/rkt_test.go
@@ -19,6 +19,7 @@ import (
 	"github.com/hashicorp/nomad/client/config"
 	"github.com/hashicorp/nomad/nomad/structs"
 	"github.com/hashicorp/nomad/testutil"
+	"github.com/stretchr/testify/assert"
 
 	ctestutils "github.com/hashicorp/nomad/client/testutil"
 )
@@ -334,6 +335,7 @@ func TestRktDriver_Start_Wait_AllocDir(t *testing.T) {
 }
 
 func TestRktDriverUser(t *testing.T) {
+	assert := assert.New(t)
 	if !testutil.IsTravis() {
 		t.Parallel()
 	}
@@ -366,18 +368,19 @@ func TestRktDriverUser(t *testing.T) {
 	defer ctx.AllocDir.Destroy()
 	d := NewRktDriver(ctx.DriverCtx)
 
-	if _, err := d.Prestart(ctx.ExecCtx, task); err != nil {
-		t.Fatalf("error in prestart: %v", err)
-	}
+	_, err := d.Prestart(ctx.ExecCtx, task)
+	assert.Nil(err)
 	resp, err := d.Start(ctx.ExecCtx, task)
-	if err == nil {
-		resp.Handle.Kill()
-		t.Fatalf("Should've failed")
-	}
-	msg := "unknown user alice"
-	if !strings.Contains(err.Error(), msg) {
-		t.Fatalf("Expecting '%v' in '%v'", msg, err)
+	assert.Nil(err)
+	defer resp.Handle.Kill()
+
+	select {
+	case res := <-resp.Handle.WaitCh():
+		assert.False(res.Successful())
+	case <-time.After(time.Duration(testutil.TestMultiplier()*15) * time.Second):
+		t.Fatalf("timeout")
 	}
+
 }
 
 func TestRktTrustPrefix(t *testing.T) {