Adds securityContext to PodSpec builder (#191)

Rodrigo Valin · web-flow · commit 95ffb445d771 · 2020-09-11T16:06:47.000+01:00
diff --git a/pkg/kube/podtemplatespec/podspec_template.go b/pkg/kube/podtemplatespec/podspec_template.go
@@ -140,14 +140,11 @@ func WithTerminationGracePeriodSeconds(seconds int) Modification {
 	}
 }
 
-// WithFsGroup sets the PodTemplateSpec's fs group
-func WithFsGroup(fsGroup int) Modification {
+// WithSecurityContext sets the PodTemplateSpec's SecurityContext
+func WithSecurityContext(securityContext corev1.PodSecurityContext) Modification {
 	return func(podTemplateSpec *corev1.PodTemplateSpec) {
 		spec := &podTemplateSpec.Spec
-		fsGroup64 := int64(fsGroup)
-		spec.SecurityContext = &corev1.PodSecurityContext{
-			FSGroup: &fsGroup64,
-		}
+		spec.SecurityContext = &securityContext
 	}
 }
 
diff --git a/pkg/kube/podtemplatespec/podspec_template_test.go b/pkg/kube/podtemplatespec/podspec_template_test.go
@@ -18,14 +18,22 @@ func TestPodTemplateSpec(t *testing.T) {
 		Name: "vol-2",
 	}
 
+	runAsUser := int64(1111)
+	runAsGroup := int64(2222)
+	fsGroup := int64(3333)
+
 	p := New(
 		WithVolume(corev1.Volume{
 			Name: "vol-1",
 		}),
 		WithVolume(corev1.Volume{
 			Name: "vol-2",
 		}),
-		WithFsGroup(100),
+		WithSecurityContext(corev1.PodSecurityContext{
+			RunAsUser:  &runAsUser,
+			RunAsGroup: &runAsGroup,
+			FSGroup:    &fsGroup,
+		}),
 		WithImagePullSecrets("pull-secrets"),
 		WithInitContainerByIndex(0, container.Apply(
 			container.WithName("init-container-0"),
@@ -50,8 +58,12 @@ func TestPodTemplateSpec(t *testing.T) {
 	assert.Equal(t, p.Spec.Volumes[0].Name, "vol-1")
 	assert.Equal(t, p.Spec.Volumes[1].Name, "vol-2")
 
-	expected := int64(100)
-	assert.Equal(t, &expected, p.Spec.SecurityContext.FSGroup)
+	expectedRunAsUser := int64(1111)
+	expectedRunAsGroup := int64(2222)
+	expectedFsGroup := int64(3333)
+	assert.Equal(t, &expectedRunAsUser, p.Spec.SecurityContext.RunAsUser)
+	assert.Equal(t, &expectedRunAsGroup, p.Spec.SecurityContext.RunAsGroup)
+	assert.Equal(t, &expectedFsGroup, p.Spec.SecurityContext.FSGroup)
 
 	assert.Len(t, p.Spec.ImagePullSecrets, 1)
 	assert.Equal(t, "pull-secrets", p.Spec.ImagePullSecrets[0].Name)

Original file line number	Diff line number	Diff line change
`@@ -140,14 +140,11 @@ func WithTerminationGracePeriodSeconds(seconds int) Modification {`
`140`	`140`	`}`
`141`	`141`	`}`
`142`	`142`
`143`		`-// WithFsGroup sets the PodTemplateSpec's fs group`
`144`		`-func WithFsGroup(fsGroup int) Modification {`
	`143`	`+// WithSecurityContext sets the PodTemplateSpec's SecurityContext`
	`144`	`+func WithSecurityContext(securityContext corev1.PodSecurityContext) Modification {`
`145`	`145`	`return func(podTemplateSpec *corev1.PodTemplateSpec) {`
`146`	`146`	`spec := &podTemplateSpec.Spec`
`147`		`- fsGroup64 := int64(fsGroup)`
`148`		`- spec.SecurityContext = &corev1.PodSecurityContext{`
`149`		`- FSGroup: &fsGroup64,`
`150`		`- }`
	`147`	`+ spec.SecurityContext = &securityContext`
`151`	`148`	`}`
`152`	`149`	`}`
`153`	`150`