fix(agent): properly render security block content (#1577)

aroberts87 · web-flow · commit 5762662438ca · 2024-01-26T17:00:38.000Z
diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
@@ -30,4 +30,4 @@ sources:
 - https://app.sysdigcloud.com/#/settings/user
 - https://github.com/draios/sysdig
 type: application
-version: 1.19.2
+version: 1.19.3
diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
@@ -339,10 +339,8 @@ and set the agent chart parameters accordingly
     {{- if and (not .Values.secure.enabled) $secureFeatProvided }}
         {{ fail "Set secure.enabled=true when specifying sysdig.settings.feature.mode is `secure` or `secure_light`" }}
     {{- end }}
-
 {{ include "agent.monitorFeatures" . }}
 {{ include "agent.secureFeatures" . }}
-
 {{- end -}}
 
 {{/*
@@ -431,6 +429,14 @@ agent config to prevent a backend push from enabling them after installation.
         {{- $_ := set $secureConfig "drift_control" (dict "enabled" false) }}
         {{- $_ := set $secureConfig "drift_killer" (dict "enabled" false) }}
     {{- end }}
+
+    {{/* Finally, check sysdig.settings for any additional security block confiugration.
+         If so, merge it with $secureConfig and unset .Values.sysdig.settings.security */}}
+    {{- if hasKey .Values.sysdig.settings "security" }}
+        {{- $secureConfig := merge $secureConfig.security .Values.sysdig.settings.security }}
+        {{- $_ := unset .Values.sysdig.settings "security"}}
+    {{- end }}
+
 {{ toYaml $secureConfig }}
 {{- end }}
 
diff --git a/charts/agent/tests/secure_enable_test.yaml b/charts/agent/tests/secure_enable_test.yaml
@@ -170,3 +170,26 @@ tests:
     asserts:
       - failedTemplate:
           errorMessage: 'Set secure.enabled=true when specifying sysdig.settings.feature.mode is `secure` or `secure_light`'
+
+  - it: Test secure.enabled=true when manually specifying security block content
+    set:
+      secure:
+        enabled: true
+      sysdig:
+        settings:
+          security:
+            goodFeatureEnabled: true
+    asserts:
+      - isKind:
+          of: ConfigMap
+      - matchRegex:
+          path: data['dragent.yaml']
+          pattern: |-
+            security:
+              enabled: true
+              goodFeatureEnabled: true
+      - notMatchRegex:  # Catch the case of duplications due to sysdig.settings.security being specified
+          path: data['dragent.yaml']
+          pattern: |-
+            security:
+              goodFeatureEnabled: true
