Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
f7293cfa05
PromucFlow_constructor/deploy/helm/tests/runAsUser_test.yaml
Wyatt Walter 4c7a019adf
fix: support nss wrapper in Helm chart (#40673) 
## Description

Requires: https://github.com/appsmithorg/appsmith/pull/40642

Adds an environment variable activating nss_wrapper when the
`securityPolicy.runAsUser` value is set so the UID can be set
dynamically. This avoids the `I have no name!` in the prompt when doing
a `kubectl exec` with that value set.

I am also introducing
[helm-unittest](https://github.com/helm-unittest/helm-unittest) for
ensuring that changes to our defaults are made explicit.

Fixes https://github.com/appsmithorg/appsmith/issues/38787

## Automation

/ok-to-test tags=""

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!WARNING]
> Tests have not run on the HEAD
d30d87ffc66c107f980a3b27464e97db0910dcbe yet
> <hr>Mon, 19 May 2025 18:59:10 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Added automated unit testing for Helm charts, including snapshot and
security context tests.
- Introduced documentation for running and understanding Helm chart unit
tests.
- Added a GitHub Actions workflow to run Helm chart unit tests on pull
requests and manually.
- **Bug Fixes**
- Ensured the LD_PRELOAD environment variable is set when a specific
security context is configured in deployments.
- **Documentation**
- Updated Helm chart README to reference new testing documentation and
improve clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Goutham Pratapa <goutham@appsmith.com>
2025-06-04 20:54:46 +05:30

28 lines
833 B
YAML
Raw Blame History

templates:
- deployment.yaml
tests:
- name: runAsUser should be 9999
set:
podSecurityContext:
sysctls:
- name: net.ipv4.ip_unprivileged_port_start
value: "80"
securityContext:
runAsNonRoot: true
runAsUser: 9999
asserts:
- equal:
path: spec.template.spec.containers[?(@.name == "appsmith")].securityContext
value:
runAsUser: 9999
runAsNonRoot: true
- equal:
path: spec.template.spec.securityContext
value:
sysctls:
- name: net.ipv4.ip_unprivileged_port_start
value: "80"
- equal:
path: spec.template.spec.containers[?(@.name == "appsmith")].env[?(@.name == "LD_PRELOAD")].value
value: "/usr/local/lib/libnss_wrapper.so"
Reference in New Issue View Git Blame Copy Permalink