add test for adding pod and container security context

fkie-cad · Nov 22, 2024 · 5b4f7c6 · 5b4f7c6
1 parent 7e69bba
commit 5b4f7c6
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/charts/logprep/templates/deployment.yaml b/charts/logprep/templates/deployment.yaml
@@ -29,8 +29,8 @@ spec:
         {{- end }}
       containers:
         - name: logprep
-          {{- if .Values.containerSecruityContext.enabled }}
-          securityContext: {{- omit  .Values.containerSecruityContext "enabled" | toYaml | nindent 12 }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit  .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}

diff --git a/charts/logprep/values.yaml b/charts/logprep/values.yaml
@@ -25,7 +25,7 @@ podSecurityContext:
   runAsUser: 1000
 
 # if enabled: the default security context for the container 
-containerSecruityContext:
+containerSecurityContext:
   enabled: true
   runAsNonRoot: true
   readOnlyRootFilesystem: true

diff --git a/tests/unit/charts/test_deployment.py b/tests/unit/charts/test_deployment.py
@@ -84,6 +84,20 @@ def test_security_context(self):
         assert security_context["readOnlyRootFilesystem"] is True
         assert security_context["runAsNonRoot"] is True
 
+    def test_add_security_context(self):
+        self.manifests = self.render_chart(
+            "logprep",
+            {
+                "containerSecurityContext": {"allowPriviledgeEscalation": "false"},
+                "podSecurityContext": {"supplementalGroups": [4000]},
+            },
+        )
+        assert self.deployment["spec.template.spec.securityContext"]
+        security_context = self.deployment["spec.template.spec.securityContext"]
+        assert security_context["supplementalGroups"] == [4000]
+        security_context = self.deployment["spec.template.spec.containers.0.securityContext"]
+        assert security_context["allowPriviledgeEscalation"] == "false"
+
     def test_resources(self):
         assert self.deployment["spec.template.spec.containers.0.resources"]
         resources = self.deployment["spec.template.spec.containers.0.resources"]