From 5586ddb97b2c87900aa6df3b95212fae48e4ccd0 Mon Sep 17 00:00:00 2001
From: Michael Russell <michael.russell@elastic.co>
Date: Fri, 5 Jul 2019 09:09:56 +0200
Subject: [PATCH] [elasticsearch] Adding testing for security context

Template tests for the changes from #171
---
 elasticsearch/tests/elasticsearch_test.py | 47 +++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py
index 60fb7d163..1782d6802 100755
--- a/elasticsearch/tests/elasticsearch_test.py
+++ b/elasticsearch/tests/elasticsearch_test.py
@@ -721,3 +721,50 @@ def test_esMajorVersion_parse_image_tag_for_oss_image():
 
     r = helm_template(config)
     assert r['statefulset'][uname]['metadata']['annotations']['esMajorVersion'] == '6'
+
+def test_set_pod_security_context():
+    config = ''
+    r = helm_template(config)
+    assert r['statefulset'][uname]['spec']['template']['spec']['securityContext']['fsGroup'] == 1000
+
+    config = '''
+    podSecurityContext:
+      fsGroup: 1001
+      other: test
+    '''
+
+    r = helm_template(config)
+
+    assert r['statefulset'][uname]['spec']['template']['spec']['securityContext']['fsGroup'] == 1001
+    assert r['statefulset'][uname]['spec']['template']['spec']['securityContext']['other'] == 'test'
+
+def test_fsGroup_backwards_compatability():
+    config = '''
+    fsGroup: 1001
+    '''
+
+    r = helm_template(config)
+
+    assert r['statefulset'][uname]['spec']['template']['spec']['securityContext']['fsGroup'] == 1001
+
+def test_set_container_security_context():
+    config = ''
+
+    r = helm_template(config)
+    c = r['statefulset'][uname]['spec']['template']['spec']['containers'][0]
+    assert c['securityContext']['capabilities']['drop'] == ['ALL']
+    assert c['securityContext']['runAsNonRoot'] == True
+    assert c['securityContext']['runAsUser'] == 1000
+
+    config = '''
+    securityContext:
+      runAsUser: 1001
+      other: test
+    '''
+
+    r = helm_template(config)
+    c = r['statefulset'][uname]['spec']['template']['spec']['containers'][0]
+    assert c['securityContext']['capabilities']['drop'] == ['ALL']
+    assert c['securityContext']['runAsNonRoot'] == True
+    assert c['securityContext']['runAsUser'] == 1001
+    assert c['securityContext']['other'] == 'test'