From 5a8f1df5d240c8840e8242d7bda5225a5e13d234 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reinhard=20Na=CC=88gele?= <unguiculus@gmail.com>
Date: Tue, 19 Mar 2019 18:53:28 +0100
Subject: [PATCH] [stable/keycloak] Add security context to test pod
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Reinhard Nägele <unguiculus@gmail.com>
---
 stable/keycloak/Chart.yaml                         | 2 +-
 stable/keycloak/README.md                          | 1 +
 stable/keycloak/templates/test/test-configmap.yaml | 2 +-
 stable/keycloak/templates/test/test-pod.yaml       | 2 ++
 stable/keycloak/values.yaml                        | 4 ++++
 5 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/stable/keycloak/Chart.yaml b/stable/keycloak/Chart.yaml
index 6a11e7c05d46..bbbf070e10c3 100644
--- a/stable/keycloak/Chart.yaml
+++ b/stable/keycloak/Chart.yaml
@@ -1,5 +1,5 @@
 name: keycloak
-version: 4.6.1
+version: 4.7.0
 appVersion: 4.8.3.Final
 description: Open Source Identity and Access Management For Modern Applications and Services
 keywords:
diff --git a/stable/keycloak/README.md b/stable/keycloak/README.md
index 8343b08a9039..91de7f8772e8 100644
--- a/stable/keycloak/README.md
+++ b/stable/keycloak/README.md
@@ -105,6 +105,7 @@ Parameter | Description | Default
 `test.image.repository` | Test image repository | `unguiculus/docker-python3-phantomjs-selenium`
 `test.image.tag` | Test image tag | `v1`
 `test.image.pullPolicy` | Test image pull policy | `IfNotPresent`
+`test.securityContext` | Security context for the test pod | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 
diff --git a/stable/keycloak/templates/test/test-configmap.yaml b/stable/keycloak/templates/test/test-configmap.yaml
index be9686c14c53..ec9e2d301cb2 100644
--- a/stable/keycloak/templates/test/test-configmap.yaml
+++ b/stable/keycloak/templates/test/test-configmap.yaml
@@ -18,7 +18,7 @@ data:
     from urllib.parse import urlparse
 
     print('Creating PhantomJS driver...')
-    driver = webdriver.PhantomJS()
+    driver = webdriver.PhantomJS(service_log_path='/tmp/ghostdriver.log')
 
     base_url = 'http://{{ template "keycloak.fullname" . }}-http{{ if ne 80 (int .Values.keycloak.service.port) }}{{ .Values.keycloak.service.port }}{{ end }}'
 
diff --git a/stable/keycloak/templates/test/test-pod.yaml b/stable/keycloak/templates/test/test-pod.yaml
index 720cdf99de70..c240f711d2d1 100644
--- a/stable/keycloak/templates/test/test-pod.yaml
+++ b/stable/keycloak/templates/test/test-pod.yaml
@@ -12,6 +12,8 @@ metadata:
   annotations:
     "helm.sh/hook": test-success
 spec:
+  securityContext:
+{{ toYaml .Values.test.securityContext | indent 8 }}
   containers:
     - name: {{ .Chart.Name }}-test
       image: "{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}"
diff --git a/stable/keycloak/values.yaml b/stable/keycloak/values.yaml
index 450c8584dacb..4eb5d2836c0d 100644
--- a/stable/keycloak/values.yaml
+++ b/stable/keycloak/values.yaml
@@ -245,3 +245,7 @@ test:
     repository: unguiculus/docker-python3-phantomjs-selenium
     tag: v1
     pullPolicy: IfNotPresent
+  securityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+    runAsNonRoot: true