From 3eac3f42ae1e9e8df09e5c7c9b79935973c84b47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bojan=20=C4=8Cekrli=C4=87?= Date: Thu, 9 Feb 2023 09:02:28 +0100 Subject: [PATCH] Fix for #118: Properly indent securityContext --- helm/mail/templates/statefulset.yaml | 2 +- helm/test_12_container_security_context.yml | 10 ++++++++++ helm/tests.sh | 8 +++++++- 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 helm/test_12_container_security_context.yml diff --git a/helm/mail/templates/statefulset.yaml b/helm/mail/templates/statefulset.yaml index 5073e8b..66dc7da 100644 --- a/helm/mail/templates/statefulset.yaml +++ b/helm/mail/templates/statefulset.yaml @@ -62,7 +62,7 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: {{- toYaml .Values.container.postfix.securityContext | indent 12 }} + securityContext: {{- toYaml .Values.container.postfix.securityContext | nindent 12 }} ports: - name: smtp containerPort: 587 diff --git a/helm/test_12_container_security_context.yml b/helm/test_12_container_security_context.yml new file mode 100644 index 0000000..0bdd7f9 --- /dev/null +++ b/helm/test_12_container_security_context.yml @@ -0,0 +1,10 @@ +container: + postfix: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault diff --git a/helm/tests.sh b/helm/tests.sh index 0bf0c6c..34ab4f2 100755 --- a/helm/tests.sh +++ b/helm/tests.sh @@ -2,7 +2,13 @@ set -e mkdir -p fixtures -for i in `find -maxdepth 1 -type f -name test\*yml | sort`; do +FIND="find" +# Brew installs GNU find as "gfind" by default +if command -v gfind >/dev/null 2>&2; then + FIND="$(which gfind)" +fi + +for i in `${FIND} -maxdepth 1 -type f -name test\*yml | sort`; do echo "☆☆☆☆☆☆☆☆☆☆ $i ☆☆☆☆☆☆☆☆☆☆" helm template -f $i --dry-run mail > fixtures/demo.yaml docker run -it -v `pwd`/fixtures:/fixtures garethr/kubeval fixtures/demo.yaml