From 0a36e8875b168f58a45770ac2773cef008c7eec9 Mon Sep 17 00:00:00 2001
From: pjuarezd <pjuarezd@users.noreply.github.com>
Date: Thu, 29 Feb 2024 15:34:01 -0800
Subject: [PATCH] Fixes security context rendering of empty object value.

This will allow to render `securityContext: {}` and `containerSecurityContext: {}.

In Openshift leaving security context as an empty object sets the right values to the pods and containers to be in compliance with the Security Context Constrains (SCC) in the namespace.

https://docs.openshift.com/container-platform/4.15/authentication/managing-security-context-constraints.html
Signed-off-by: pjuarezd <pjuarezd@users.noreply.github.com>
---
 helm/tenant/templates/tenant.yaml | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/helm/tenant/templates/tenant.yaml b/helm/tenant/templates/tenant.yaml
index 1aef2a8d466..e84ebe1a378 100644
--- a/helm/tenant/templates/tenant.yaml
+++ b/helm/tenant/templates/tenant.yaml
@@ -67,11 +67,17 @@ spec:
       {{- with (dig "resources" (dict) .) }}
       resources: {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if hasKey . "securityContext" }}
+      securityContext: {{- if eq (len .securityContext) 0 }} {} {{- end }}
       {{- with (dig "securityContext" (dict) .) }}
-      securityContext: {{- toYaml . | nindent 8 }}
+      {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- end }}
+      {{- if hasKey . "containerSecurityContext" }}
+      containerSecurityContext: {{- if eq (len .containerSecurityContext) 0 }} {} {{- end }}
       {{- with (dig "containerSecurityContext" (dict) .) }}
-      containerSecurityContext: {{- toYaml . | nindent 8 }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- end }}
       {{- with (dig "topologySpreadConstraints" (list) .) }}
       topologySpreadConstraints: {{- toYaml . | nindent 8 }}
@@ -175,10 +181,11 @@ spec:
     labels: {{- toYaml . | nindent 4 }}
     {{- end }}
     serviceAccountName: {{ .kes.serviceAccountName | quote }}
-    securityContext:
-      runAsUser: {{ .kes.securityContext.runAsUser | int }}
-      runAsGroup: {{ .kes.securityContext.runAsGroup | int }}
-      runAsNonRoot: {{ .kes.securityContext.runAsNonRoot }}
-      fsGroup: {{ .kes.securityContext.fsGroup | int }}
+    {{- if hasKey .kes "securityContext" }}
+    securityContext: {{- if eq (len .kes.securityContext) 0 }} {} {{- end }}
+    {{- with (dig "kes" "securityContext" (dict) .) }}
+    {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- end }}
   {{- end }}
 {{- end }}