fix: job spec

Maurice Faber · Maurice Faber · commit c632624eb90d · 2021-09-02T01:56:40.000+02:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -71,6 +71,7 @@
     "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-jsx-a11y": "^6.4.1",
     "eslint-plugin-prettier": "^3.3.1",
+    "git-branch-is": "^4.0.0",
     "husky": "^4.3.8",
     "jsonwebtoken": "^8.5.1",
     "lint-staged": "^10.5.4",
@@ -141,7 +142,7 @@
     "dev": "ts-node-dev --watch 'src/openapi/*.yaml' --inspect=4321 --respawn --transpile-only src/app.ts",
     "dev:docker": "npm ci && npm run dev",
     "husky:lint-staged": "lint-staged",
-    "husky:pre-commit": "npm run build:client && npm run lint && npm run husky:lint-staged",
+    "husky:pre-commit": "npm run husky:lint-staged && npm run lint && git-branch-is master && npm run build:client",
     "lint": "run-p types lint:es",
     "lint:es": "eslint --ext ts .",
     "lint:fix": "eslint --ext ts --fix .",
diff --git a/src/fixtures/values.ts b/src/fixtures/values.ts
@@ -314,8 +314,6 @@ export default {
         secretMounts: [],
         podSecurityContext: {
           runAsUser: 1001,
-          runAsGroup: 1001,
-          runAsNonRoot: true,
         },
         resources: {
           requests: {
diff --git a/src/openapi/api.yaml b/src/openapi/api.yaml
@@ -693,6 +693,8 @@ components:
       $ref: definitions.yaml#/offChoice
     path:
       $ref: definitions.yaml#/path
+    podSecurityContext:
+      $ref: definitions.yaml#/podSecurityContext
     podSpec:
       $ref: definitions.yaml#/podSpec
     policies:
@@ -715,8 +717,6 @@ components:
       $ref: definitions.yaml#/script
     secrets:
       $ref: definitions.yaml#/secrets
-    securityContext:
-      $ref: definitions.yaml#/securityContext
     svcPredeployed:
       $ref: definitions.yaml#/svcPredeployed
     url:
diff --git a/src/openapi/definitions.yaml b/src/openapi/definitions.yaml
@@ -218,7 +218,9 @@ containerSpecNoSec:
     - resources
 containerSpec:
   allOf:
-    - $ref: '#/securityContext'
+    - properties:
+        securityContext:
+          $ref: '#/securityContext'
     - $ref: '#/containerSpecNoSec'
 cpuQuantity:
   title: CPU quantity
@@ -599,6 +601,32 @@ path:
   description: An absolute path
   type: string
   pattern: '^[/].*$'
+podSecurityContext:
+  properties:
+    runAsUser:
+      $ref: '#/runAsUser'
+      description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+    runAsGroup:
+      $ref: '#/runAsGroup'
+      description: The GID to run the entrypoint of the container process. Defaults to group specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+    runAsNonRoot:
+      $ref: '#/runAsNonRoot'
+      description: Will prevent any container from starting with UID 0.
+    fsGroup:
+      description: Supplementary group ID. Volumes that support ownership management are modified to be owned and writable by this ID.
+      type: string
+    fsGroupChangePolicy:
+      description:
+        'Defines behavior for changing ownership and permission of the volume before being exposed inside a Pod. This field only applies to volume types that support fsGroup controlled ownership and permissions.
+        This field has two possible values:
+        OnRootMismatch: Only change permissions and ownership if permission and ownership of root directory does not match with expected permissions of the volume. This could help shorten the time it takes to change ownership and permission of a volume.
+        Always: Always change permission and ownership of the volume when volume is mounted.'
+      enum:
+        # - null
+        - Always
+        - OnRootMismatch
+  description: Security context for the pod.
+  title: Pod security context
 podSpec:
   allOf:
     - properties:
@@ -607,31 +635,7 @@ podSpec:
           title: Pod annotations
     - properties:
         podSecurityContext:
-          properties:
-            runAsUser:
-              $ref: '#/runAsUser'
-              description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-            runAsGroup:
-              $ref: '#/runAsGroup'
-              description: The GID to run the entrypoint of the container process. Defaults to group specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-            runAsNonRoot:
-              $ref: '#/runAsNonRoot'
-              description: Will prevent any container from starting with UID 0.
-            fsGroup:
-              description: Supplementary group ID. Volumes that support ownership management are modified to be owned and writable by this ID.
-              type: string
-            fsGroupChangePolicy:
-              description:
-                'Defines behavior for changing ownership and permission of the volume before being exposed inside a Pod. This field only applies to volume types that support fsGroup controlled ownership and permissions.
-                This field has two possible values:
-                OnRootMismatch: Only change permissions and ownership if permission and ownership of root directory does not match with expected permissions of the volume. This could help shorten the time it takes to change ownership and permission of a volume.
-                Always: Always change permission and ownership of the volume when volume is mounted.'
-              enum:
-                - null
-                - Always
-                - OnRootMismatch
-          description: Security context for the pod.
-          title: Pod security context
+          $ref: '#/podSecurityContext'
     - $ref: '#/containerSpec'
   type: object
 portNumber:
@@ -714,7 +718,8 @@ script:
   description: May specify a non-empty string containing an executable script.
   type: string
 securityContext:
-  additionalProperties: true
+  additionalProperties:
+    uniqueItems: true
   properties:
     runAsUser:
       $ref: '#/runAsUser'
diff --git a/src/openapi/job.yaml b/src/openapi/job.yaml
@@ -2,14 +2,14 @@ Job:
   x-acl:
     admin: [read-any, create-any, update-any, delete-any]
     team: [read-any, create, update, delete]
-  properties:
-    id:
-      type: string
-      readOnly: true
-    teamId:
-      $ref: definitions.yaml#/idName
-      readOnly: true
   type: object
   allOf:
+    - properties:
+        id:
+          type: string
+          readOnly: true
+        teamId:
+          $ref: definitions.yaml#/idName
+          readOnly: true
     - $ref: definitions.yaml#/jobSpec
     - $ref: definitions.yaml#/podSpec
