@@ -340,6 +340,47 @@ var _ = Describe("LifecycleImplementation", func() {
340340 Expect (container ).To (HaveKey ("securityContext" ))
341341 })
342342
343+ It ("doesn't set security context when it's nil" , func (ctx SpecContext ) {
344+ pod := & corev1.Pod {
345+ TypeMeta : podTypeMeta ,
346+ ObjectMeta : metav1.ObjectMeta {
347+ Name : "test-pod" ,
348+ },
349+ Spec : corev1.PodSpec {Containers : []corev1.Container {{Name : "postgres" }}},
350+ }
351+ podJSON , _ := json .Marshal (pod )
352+ request := & lifecycle.OperatorLifecycleRequest {
353+ ObjectDefinition : podJSON ,
354+ }
355+
356+ response , err := reconcilePod (ctx , cluster , request , pluginConfiguration , nil , nil , nil )
357+ Expect (err ).NotTo (HaveOccurred ())
358+ Expect (response ).NotTo (BeNil ())
359+ Expect (response .JsonPatch ).NotTo (BeEmpty ())
360+
361+ var patch []map [string ]interface {}
362+ err = json .Unmarshal (response .JsonPatch , & patch )
363+ Expect (err ).NotTo (HaveOccurred ())
364+
365+ var initContainersPatch map [string ]interface {}
366+ for _ , p := range patch {
367+ if p ["path" ] == "/spec/initContainers" && p ["op" ] == "add" {
368+ initContainersPatch = p
369+ break
370+ }
371+ }
372+ Expect (initContainersPatch ).NotTo (BeNil ())
373+
374+ // Get the init container patch
375+ initContainers , ok := initContainersPatch ["value" ].([]interface {})
376+ Expect (ok ).To (BeTrue ())
377+ Expect (initContainers ).To (HaveLen (1 ))
378+
379+ // Verify the init container doesn't contain the security context
380+ container , ok := initContainers [0 ].(map [string ]interface {})
381+ Expect (ok ).To (BeTrue ())
382+ Expect (container ).NotTo (HaveKey ("securityContext" ))
383+ })
343384 })
344385
345386 Describe ("reconcileJob with security context" , func () {
@@ -401,5 +442,56 @@ var _ = Describe("LifecycleImplementation", func() {
401442 Expect (ok ).To (BeTrue ())
402443 Expect (container ).To (HaveKey ("securityContext" ))
403444 })
445+
446+ It ("doesn't set security context when it's nil" , func (ctx SpecContext ) {
447+ job := & batchv1.Job {
448+ TypeMeta : jobTypeMeta ,
449+ ObjectMeta : metav1.ObjectMeta {
450+ Name : "test-job" ,
451+ Labels : map [string ]string {},
452+ },
453+ Spec : batchv1.JobSpec {Template : corev1.PodTemplateSpec {
454+ ObjectMeta : metav1.ObjectMeta {
455+ Labels : map [string ]string {
456+ utils .JobRoleLabelName : "full-recovery" ,
457+ },
458+ },
459+ Spec : corev1.PodSpec {Containers : []corev1.Container {{Name : "full-recovery" }}},
460+ }},
461+ }
462+ jobJSON , _ := json .Marshal (job )
463+ request := & lifecycle.OperatorLifecycleRequest {
464+ ObjectDefinition : jobJSON ,
465+ }
466+
467+ response , err := reconcileJob (ctx , cluster , request , nil , nil , nil )
468+ Expect (err ).NotTo (HaveOccurred ())
469+ Expect (response ).NotTo (BeNil ())
470+ Expect (response .JsonPatch ).NotTo (BeEmpty ())
471+
472+ var patch []map [string ]interface {}
473+ err = json .Unmarshal (response .JsonPatch , & patch )
474+ Expect (err ).NotTo (HaveOccurred ())
475+ Expect (patch ).NotTo (BeEmpty ())
476+
477+ var initContainersPatch map [string ]interface {}
478+ for _ , p := range patch {
479+ if p ["path" ] == "/spec/template/spec/initContainers" && p ["op" ] == "add" {
480+ initContainersPatch = p
481+ break
482+ }
483+ }
484+ Expect (initContainersPatch ).NotTo (BeNil ())
485+
486+ // Get the init containers patch
487+ initContainers , ok := initContainersPatch ["value" ].([]interface {})
488+ Expect (ok ).To (BeTrue ())
489+ Expect (initContainers ).To (HaveLen (1 ))
490+
491+ // Verify the init container doesn't contain the security context
492+ container , ok := initContainers [0 ].(map [string ]interface {})
493+ Expect (ok ).To (BeTrue ())
494+ Expect (container ).NotTo (HaveKey ("securityContext" ))
495+ })
404496 })
405497})
0 commit comments