cloudfoundry
diff --git a/‎app/actions/task_create.rb
Lines changed: 8 additions & 0 deletions b/‎app/actions/task_create.rb
Lines changed: 8 additions & 0 deletions
diff --git a/‎app/messages/task_create_message.rb
Lines changed: 10 additions & 1 deletion b/‎app/messages/task_create_message.rb
Lines changed: 10 additions & 1 deletion
diff --git a/‎app/models/runtime/app_model.rb
Lines changed: 2 additions & 0 deletions b/‎app/models/runtime/app_model.rb
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/models/runtime/droplet_model.rb
Lines changed: 16 additions & 0 deletions b/‎app/models/runtime/droplet_model.rb
Lines changed: 16 additions & 0 deletions
diff --git a/‎app/models/runtime/process_model.rb
Lines changed: 4 additions & 15 deletions b/‎app/models/runtime/process_model.rb
Lines changed: 4 additions & 15 deletions
diff --git a/‎app/models/runtime/task_model.rb
Lines changed: 24 additions & 0 deletions b/‎app/models/runtime/task_model.rb
Lines changed: 24 additions & 0 deletions
diff --git a/‎app/presenters/v3/task_presenter.rb
Lines changed: 1 addition & 0 deletions b/‎app/presenters/v3/task_presenter.rb
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/cloud_controller.yml
Lines changed: 1 addition & 1 deletion b/‎config/cloud_controller.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎db/migrations/20250630170610_add_user_to_tasks.rb
Lines changed: 13 additions & 0 deletions b/‎db/migrations/20250630170610_add_user_to_tasks.rb
Lines changed: 13 additions & 0 deletions
diff --git a/‎docs/v3/source/includes/api_resources/_tasks.erb
Lines changed: 4 additions & 0 deletions b/‎docs/v3/source/includes/api_resources/_tasks.erb
Lines changed: 4 additions & 0 deletions
@@ -27,6 +27,7 @@ def create(app, message, user_audit_info, droplet: nil)
           state: TaskModel::PENDING_STATE,
           droplet: droplet,
           command: command(message, template_process),
+          user: user(message, template_process),
           disk_in_mb: disk_in_mb(message, template_process),
           memory_in_mb: memory_in_mb(message, template_process),
           log_rate_limit: log_rate_limit(message, template_process),
@@ -70,6 +71,13 @@ def command(message, template_process)
       template_process.specified_or_detected_command
     end
 
+    def user(message, template_process)
+      return message.user if message.requested?(:user)
+      return template_process.user if message.template_requested?
+
+      nil
+    end
+
     def memory_in_mb(message, template_process)
       message.memory_in_mb || template_process.try(:memory) || config.get(:default_app_memory)
     end
 
@@ -2,20 +2,29 @@
 
 module VCAP::CloudController
   class TaskCreateMessage < MetadataBaseMessage
-    register_allowed_keys %i[name command disk_in_mb memory_in_mb log_rate_limit_in_bytes_per_second droplet_guid template]
+    register_allowed_keys %i[name command disk_in_mb memory_in_mb log_rate_limit_in_bytes_per_second droplet_guid template user]
 
     validates_with NoAdditionalKeysValidator
 
     def self.validate_template?
       @validate_template ||= proc { |a| a.template_requested? }
     end
 
+    def self.user_requested?
+      @user_requested ||= proc { |a| a.requested?(:user) }
+    end
+
     validates :disk_in_mb, numericality: { only_integer: true, greater_than: 0 }, allow_nil: true
     validates :memory_in_mb, numericality: { only_integer: true, greater_than: 0 }, allow_nil: true
     validates :log_rate_limit_in_bytes_per_second, numericality: { only_integer: true, greater_than: -2, less_than_or_equal_to: MAX_DB_BIGINT }, allow_nil: true
     validates :droplet_guid, guid: true, allow_nil: true
     validates :template_process_guid, guid: true, if: validate_template?
     validate :has_command
+    validates :user,
+              string: true,
+              length: { in: 1..255, message: 'must be between 1 and 255 characters' },
+              allow_nil: true,
+              if: user_requested?
 
     def template_process_guid
       return unless template_requested?
 
@@ -7,6 +7,8 @@ module VCAP::CloudController
   class AppModel < Sequel::Model(:apps)
     include Serializer
     APP_NAME_REGEX = /\A[[:alnum:][:punct:][:print:]]+\Z/
+    DEFAULT_CONTAINER_USER = 'vcap'.freeze
+    DEFAULT_DOCKER_CONTAINER_USER = 'root'.freeze
 
     many_to_many :routes, join_table: :route_mappings, left_key: :app_guid, left_primary_key: :guid, right_primary_key: :guid, right_key: :route_guid
     one_to_many :route_mappings, class: 'VCAP::CloudController::RouteMappingModel', key: :app_guid, primary_key: :guid
 
@@ -125,6 +125,22 @@ def docker_ports
       exposed_ports
     end
 
+    def docker_user
+      return '' unless docker?
+
+      container_user = ''
+      if execution_metadata.present?
+        begin
+          docker_exec_metadata = Oj.load(execution_metadata)
+          container_user = docker_exec_metadata['user']
+        rescue EncodingError
+          # ignore
+        end
+      end
+
+      container_user.presence || AppModel::DEFAULT_DOCKER_CONTAINER_USER
+    end
+
     def staging?
       state == STAGING_STATE
     end
 
@@ -34,7 +34,6 @@ def after_initialize
     NO_APP_PORT_SPECIFIED = -1
     DEFAULT_HTTP_PORT     = 8080
     DEFAULT_PORTS         = [DEFAULT_HTTP_PORT].freeze
-    DEFAULT_USER = 'vcap'.freeze
     UNLIMITED_LOG_RATE = -1
 
     many_to_one :app, class: 'VCAP::CloudController::AppModel', key: :app_guid, primary_key: :guid, without_guid_generation: true
@@ -396,7 +395,7 @@ def started_command
     def run_action_user
       return user if user.present?
 
-      docker? ? docker_run_action_user : DEFAULT_USER
+      docker? ? docker_run_action_user : AppModel::DEFAULT_CONTAINER_USER
     end
 
     def specified_or_detected_command
@@ -573,23 +572,13 @@ def open_ports
     private
 
     def permitted_users
-      Set.new([DEFAULT_USER]) + Config.config.get(:additional_allowed_process_users)
+      Set.new([AppModel::DEFAULT_CONTAINER_USER]) + Config.config.get(:additional_allowed_process_users)
     end
 
     def docker_run_action_user
-      return DEFAULT_USER unless docker?
-
-      container_user = ''
-      if execution_metadata.present?
-        begin
-          docker_exec_metadata = Oj.load(execution_metadata)
-          container_user = docker_exec_metadata['user']
-        rescue EncodingError
-          container_user = ''
-        end
-      end
+      return AppModel::DEFAULT_CONTAINER_USER unless docker?
 
-      container_user.presence || 'root'
+      desired_droplet&.docker_user.presence || AppModel::DEFAULT_DOCKER_CONTAINER_USER
     end
 
     def non_unique_process_types
 
@@ -44,8 +44,31 @@ def after_destroy
       create_stop_event unless terminal_state?
     end
 
+    def run_action_user
+      return user if user.present?
+
+      if docker?
+        docker_run_action_user
+      elsif cnb?
+        'root' # TODO: Why do CNB tasks default to this user instead of vcap?
+      else
+        AppModel::DEFAULT_CONTAINER_USER
+      end
+    end
+
+    delegate :docker?, to: :droplet
+    delegate :cnb?, to: :droplet
+
     private
 
+    def permitted_users
+      Set.new([AppModel::DEFAULT_CONTAINER_USER]) + Config.config.get(:additional_allowed_process_users)
+    end
+
+    def docker_run_action_user
+      droplet.docker_user.presence || AppModel::DEFAULT_CONTAINER_USER
+    end
+
     def running_state?
       state == RUNNING_STATE
     end
@@ -68,6 +91,7 @@ def validate
       validate_org_quotas
       validate_space_quotas
 
+      ProcessUserPolicy.new(self, permitted_users).validate
       MinLogRateLimitPolicy.new(self).validate
     end
 
 
@@ -15,6 +15,7 @@ def to_hash
                          sequence_id: task.sequence_id,
                          name: task.name,
                          command: task.command,
+                         user: task.run_action_user,
                          state: task.state,
                          memory_in_mb: task.memory_in_mb,
                          disk_in_mb: task.disk_in_mb,
 
@@ -67,7 +67,7 @@ maximum_app_disk_in_mb: 2048
 max_retained_deployments_per_app: 100
 max_retained_builds_per_app: 100
 max_retained_revisions_per_app: 100
-additional_allowed_process_users: ['ContainerUser']
+additional_allowed_process_users: ['ContainerUser', 'TestUser']
 
 broker_client_default_async_poll_interval_seconds: 60
 broker_client_max_async_poll_duration_minutes: 10080
 
@@ -0,0 +1,13 @@
+Sequel.migration do
+  up do
+    alter_table :tasks do
+      add_column :user, String, null: true, default: nil, size: 255 unless @db.schema(:tasks).map(&:first).include?(:user)
+    end
+  end
+
+  down do
+    alter_table :tasks do
+      drop_column :user if @db.schema(:tasks).map(&:first).include?(:user)
+    end
+  end
+end
@@ -4,6 +4,7 @@
   "sequence_id": 1,
   "name": "migrate",
   "command": "rake db:migrate",
+  "user": "vcap",
   "state": "RUNNING",
   "memory_in_mb": 512,
   "disk_in_mb": 1024,
@@ -49,6 +50,7 @@
   "sequence_id": 1,
   "name": "migrate",
   "command": "rake db:migrate",
+  "user": "vcap",
   "state": "CANCELING",
   "memory_in_mb": 512,
   "disk_in_mb": 1024,
@@ -109,6 +111,7 @@
       "guid": "d5cc22ec-99a3-4e6a-af91-a44b4ab7b6fa",
       "sequence_id": 1,
       "name": "hello",
+      "user": "vcap",
       "state": "SUCCEEDED",
       "memory_in_mb": 512,
       "disk_in_mb": 1024,
@@ -150,6 +153,7 @@
       "guid": "63b4cd89-fd8b-4bf1-a311-7174fcc907d6",
       "sequence_id": 2,
       "name": "migrate",
+      "user": "vcap",
       "state": "FAILED",
       "memory_in_mb": 512,
       "disk_in_mb": 1024,