test: update test golden files

Author: eywalker

internal/templates/testdata/golden/startup-scripts.yaml

@@ -15,10 +15,10 @@ data:
     TARGET_UID=2000
     TARGET_GID=2000
     DEV_USERNAME="testuser"
+    SA_TOKEN_PATH="/var/run/secrets/devenv/token"
     
     # Path configuration
     PYTHON_BIN_PATH=""
-    PYTHON_PATH="${PYTHON_BIN_PATH}/python3"
     ENV_INIT_SCRIPT="/home/${DEV_USERNAME}/.devenv_init.sh"
     ENV_BASH_SCRIPT="/home/${DEV_USERNAME}/.devenv_bash.sh"
     
@@ -27,7 +27,7 @@ data:
     # === SYSTEM PACKAGE INSTALLATION ===
     echo "Installing core system packages..."
     apt-get update
-    apt-get install -y sudo openssh-server
+    apt-get install -y sudo openssh-server python3 python3-pip
     
     # Install Homebrew dependencies if Homebrew will be installed
     
@@ -51,7 +51,7 @@ data:
         usermod -l ${DEV_USERNAME} -s /bin/bash -d /home/${DEV_USERNAME} -g ${TARGET_GID} $(id -un ${TARGET_UID})
     else
         echo "Adding user ${DEV_USERNAME} with UID ${TARGET_UID}"
-        useradd -u ${TARGET_UID} -m -s /bin/bash ${DEV_USERNAME}
+        useradd -u ${TARGET_UID} -g ${TARGET_GID} -m -s /bin/bash ${DEV_USERNAME}
     fi
     
     # Ensure home directory exists and has correct ownership
@@ -114,10 +114,10 @@ data:
     # Install common python packages from requirements.txt
     if [ -f /scripts/requirements.txt ]; then
         echo "Installing Python packages from requirements.txt"
-        /bin/bash /scripts/run_with_git.sh ${DEV_USERNAME} ${PYTHON_PATH} -m pip install --no-user --no-cache-dir -r /scripts/requirements.txt
+        /bin/bash /scripts/run_with_git.sh ${DEV_USERNAME} ${PYTHON_BIN_PATH} -m pip install --user --no-cache-dir -r /scripts/requirements.txt
     fi
     echo "Installing Python packages: numpy pandas"
-    /bin/bash /scripts/run_with_git.sh ${DEV_USERNAME} ${PYTHON_PATH} -m pip install --no-user --no-cache-dir numpy pandas
+    /bin/bash /scripts/run_with_git.sh ${DEV_USERNAME} ${PYTHON_BIN_PATH} -m pip install --no-user --no-cache-dir numpy pandas
     
     echo "Section 6: Package installation complete"
     

internal/templates/testdata/golden/statefulset.yaml

@@ -29,9 +29,46 @@ spec:
                       - node1
                       - node2
       priorityClassName: dev-gpu
-      serviceAccountName: k8s-launcher
+      
+      serviceAccountName: devenv-testuser
+      automountServiceAccountToken: false
 
       containers:
+      - name: token-syncer
+        image: busybox:latest
+        command:
+        - /bin/sh
+        - -c
+        - |
+          while true; do
+            if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
+              cp /var/run/secrets/kubernetes.io/serviceaccount/token /shared/token
+              cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /shared/ca.crt
+              cp /var/run/secrets/kubernetes.io/serviceaccount/namespace /shared/namespace
+              chmod 644 /shared/*
+            fi
+            sleep 60
+          done
+        securityContext:
+          runAsUser: 0
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+        resources:
+          requests:
+            cpu: "10m"
+            memory: "16Mi"
+          limits:
+            cpu: "50m"
+            memory: "32Mi"
+        volumeMounts:
+        - name: shared-token
+          mountPath: /shared
+        - name: sa-token-source  # Mount the projected volume
+          mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+          readOnly: true
+
       - name: testuser
         image: ubuntu:22.04
         workingDir: "/src"
@@ -79,9 +116,6 @@ spec:
             memory: "16Gi"
 
         volumeMounts:
-        - name: devenv-manager-token
-          mountPath: /var/run/secrets/tokens
-          readOnly: true
         - name: dev-storage
           mountPath: /home/testuser
         - name: dev-linuxbrew  
@@ -93,15 +127,12 @@ spec:
           mountPath: /data
         - name: config-volume
           mountPath: /config
+        - name: shared-token  # Add this mount
+          mountPath: /var/run/secrets/devenv
+          readOnly: true
+
 
       volumes:
-      - name: devenv-manager-token
-        projected:
-          sources:
-            - serviceAccountToken:
-                path: devenv-manager
-                expirationSeconds: 3600
-                audience: devenv-manager
       - name: dev-storage
         hostPath:
           path: /mnt/devenv/testuser/homedir
@@ -114,6 +145,16 @@ spec:
         configMap:
           name: startup-scripts-testuser
           defaultMode: 0755
+      - name: shared-token  # Add this volume
+        emptyDir:
+          sizeLimit: 1Mi
+      - name: sa-token-source
+        projected:
+          sources:
+          - serviceAccountToken:
+              path: token
+              expirationSeconds: 3600  # Token expires after 1 hour
+            audience: devenv-manager  # Your custom audience!
       - name: data-volume
         hostPath:
           path: /mnt/data