From b79f0d4e5bef6b76bbeeb0d7a41266a9e7a4f651 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 29 Feb 2024 12:32:44 +0100
Subject: [PATCH] add securityContext fsGroup

---
 src/main/helm/templates/deployment.yaml               |  8 +++++---
 .../deployment_container_security_context_test.yaml   |  4 ++--
 .../src/main/helm/templates/xta_adapter_cronjob.yaml  | 11 +++++++----
 .../src/test/helm/xta_adapter_cronjob_basic_test.yaml |  4 ++--
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index e1710b8a0..c6aa75141 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -139,9 +139,6 @@ spec:
           {{- with (.Values.securityContext).runAsGroup }}
           runAsGroup: {{ . }}
           {{- end }}
-          {{- with (.Values.securityContext).fsGroup }}
-          fsGroup: {{ . }}
-          {{- end }}
           {{- with (.Values.securityContext).capabilities }}
           capabilities:
 {{ toYaml . | indent 12 }}
@@ -170,5 +167,10 @@ spec:
 {{ toYaml . | indent 8 }}
       {{- end }}
       schedulerName: default-scheduler
+      {{- if (.Values.securityContext).fsGroup }}
+      securityContext:
+        fsGroup: {{ (.Values.securityContext).fsGroup }}
+      {{- else }}
       securityContext: {}
+      {{- end }}
       terminationGracePeriodSeconds: 30
\ No newline at end of file
diff --git a/src/test/helm/deployment_container_security_context_test.yaml b/src/test/helm/deployment_container_security_context_test.yaml
index 165a9742a..416374d56 100644
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -50,7 +50,7 @@ tests:
       - isNull:
           path: spec.template.spec.containers[0].securityContext.runAsGroup
       - isNull:
-          path: spec.template.spec.containers[0].securityContext.fsGroup
+          path: spec.template.spec.securityContext.fsGroup
       - isNull:
           path: spec.template.spec.containers[0].securityContext.capabilities
   - it: check runAsUser
@@ -72,7 +72,7 @@ tests:
       securityContext.fsGroup: 1000
     asserts:
       - equal:
-          path: spec.template.spec.containers[0].securityContext.fsGroup
+          path: spec.template.spec.securityContext.fsGroup
           value: 1000
   - it: check capabilities
     set:
diff --git a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
index 89ad38b04..8f8f55aea 100644
--- a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
+++ b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
@@ -111,9 +111,6 @@ spec:
                 {{- with (.Values.securityContext).runAsGroup }}
                 runAsGroup: {{ . }}
                 {{- end }}
-                {{- with (.Values.securityContext).fsGroup }}
-                fsGroup: {{ . }}
-                {{- end }}
                 {{- with (.Values.securityContext).capabilities }}
                 capabilities:
 {{ toYaml . | indent 18 }}
@@ -170,4 +167,10 @@ spec:
             - name: {{ .Values.imagePullSecret }}
             {{ else }}
             - name: {{ include "app.name" . }}-image-pull-secret
-            {{- end }}
\ No newline at end of file
+            {{- end }}
+          {{- if (.Values.securityContext).fsGroup }}
+          securityContext:
+            fsGroup: {{ (.Values.securityContext).fsGroup }}
+          {{- else }}
+          securityContext: {}
+          {{- end }}
\ No newline at end of file
diff --git a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
index 4b47e6a77..a75640cc5 100644
--- a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
+++ b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
@@ -105,7 +105,7 @@ tests:
     - isNull:
         path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsGroup
     - isNull:
-        path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+        path: spec.jobTemplate.spec.template.spec.securityContext.fsGroup
     - isNull:
         path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities
   - it: check runAsUser
@@ -135,7 +135,7 @@ tests:
       securityContext.fsGroup: 1000
     asserts:
       - equal:
-          path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+          path: spec.jobTemplate.spec.template.spec.securityContext.fsGroup
           value: 1000
   - it: check capabilities
     set:
-- 
GitLab