From 5b4f7c667a54bc478134b49cf40c0b49fef57ca7 Mon Sep 17 00:00:00 2001 From: djkhl Date: Fri, 22 Nov 2024 14:08:12 +0100 Subject: [PATCH] add test for adding pod and container security context --- charts/logprep/templates/deployment.yaml | 4 ++-- charts/logprep/values.yaml | 2 +- tests/unit/charts/test_deployment.py | 14 ++++++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/logprep/templates/deployment.yaml b/charts/logprep/templates/deployment.yaml index ac39394ed..f5be0bf5d 100644 --- a/charts/logprep/templates/deployment.yaml +++ b/charts/logprep/templates/deployment.yaml @@ -29,8 +29,8 @@ spec: {{- end }} containers: - name: logprep - {{- if .Values.containerSecruityContext.enabled }} - securityContext: {{- omit .Values.containerSecruityContext "enabled" | toYaml | nindent 12 }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/logprep/values.yaml b/charts/logprep/values.yaml index 5a68140b5..8f7bd3b0c 100644 --- a/charts/logprep/values.yaml +++ b/charts/logprep/values.yaml @@ -25,7 +25,7 @@ podSecurityContext: runAsUser: 1000 # if enabled: the default security context for the container -containerSecruityContext: +containerSecurityContext: enabled: true runAsNonRoot: true readOnlyRootFilesystem: true diff --git a/tests/unit/charts/test_deployment.py b/tests/unit/charts/test_deployment.py index 219b72618..f9a4a9810 100644 --- a/tests/unit/charts/test_deployment.py +++ b/tests/unit/charts/test_deployment.py @@ -84,6 +84,20 @@ def test_security_context(self): assert security_context["readOnlyRootFilesystem"] is True assert security_context["runAsNonRoot"] is True + def test_add_security_context(self): + self.manifests = self.render_chart( + "logprep", + { + "containerSecurityContext": {"allowPriviledgeEscalation": "false"}, + "podSecurityContext": {"supplementalGroups": [4000]}, + }, + ) + assert self.deployment["spec.template.spec.securityContext"] + security_context = self.deployment["spec.template.spec.securityContext"] + assert security_context["supplementalGroups"] == [4000] + security_context = self.deployment["spec.template.spec.containers.0.securityContext"] + assert security_context["allowPriviledgeEscalation"] == "false" + def test_resources(self): assert self.deployment["spec.template.spec.containers.0.resources"] resources = self.deployment["spec.template.spec.containers.0.resources"]