remove uid changes from main config (#1946)

* remove uid changes from main config * add default test for grafana * update tests * fix pre-commit
astronomer · Aug 4, 2023 · d559831 · d559831
1 parent b2049e2
commit d559831
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 52 deletions.
diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml
@@ -17,8 +17,7 @@ images:
     pullPolicy: IfNotPresent
 
 securityContext:
-    runAsNonRoot: true
-    runAsUser: 472
+  runAsNonRoot: true
 
 backendSecretName: ~
 backendConnection:

diff --git a/tests/chart_tests/test_grafana.py b/tests/chart_tests/test_grafana.py
@@ -12,59 +12,87 @@
     "kube_version",
     supported_k8s_versions,
 )
-def test_deployment_should_render(kube_version):
-    """Test that the grafana-deployment renders without error."""
-    docs = render_chart(
-        kube_version=kube_version,
-        show_only=[DEPLOYMENT_FILE],
-    )
-    assert len(docs) == 1
+class TestGrafanaDeployment:
+    def test_deployment_should_render(self, kube_version):
+        """Test that the grafana-deployment renders without error."""
+        docs = render_chart(
+            kube_version=kube_version,
+            show_only=[DEPLOYMENT_FILE],
+        )
+        assert len(docs) == 1
 
+    def test_deployment_should_render_extra_env(self, kube_version):
+        """Test that helm renders extra environment variables to the grafana-
+        deployment resource when provided."""
+        docs = render_chart(
+            kube_version=kube_version,
+            values={"global": {"ssl": {"enabled": True}}},
+            show_only=[DEPLOYMENT_FILE],
+        )
 
-@pytest.mark.parametrize(
-    "kube_version",
-    supported_k8s_versions,
-)
-def test_deployment_should_render_extra_env(kube_version):
-    """Test that helm renders extra environment variables to the grafana-
-    deployment resource when provided."""
-    docs = render_chart(
-        kube_version=kube_version,
-        values={"global": {"ssl": {"enabled": True}}},
-        show_only=[DEPLOYMENT_FILE],
-    )
+        assert len(docs) == 1
+        doc = docs[0]
+        assert doc["kind"] == "Deployment"
+        grafana_container = None
+        for container in doc["spec"]["template"]["spec"]["containers"]:
+            if container["name"] == "grafana":
+                grafana_container = container
+                break
+        assert grafana_container is not None
+        assert len(grafana_container["env"]) == 3
+
+        docs = render_chart(
+            kube_version=kube_version,
+            values={
+                "global": {"ssl": {"enabled": True}},
+                "grafana": {
+                    "extraEnvVars": [
+                        {"name": "GF_SMTP_ENABLED", "value": "true"},
+                        {"name": "GF_SMTP_HOST", "value": "smtp.astronomer.io"},
+                    ]
+                },
+            },
+            show_only=[DEPLOYMENT_FILE],
+        )
+
+        assert len(docs) == 1
+        doc = docs[0]
+        grafana_container = None
+        for container in doc["spec"]["template"]["spec"]["containers"]:
+            if container["name"] == "grafana":
+                grafana_container = container
+                break
+        assert grafana_container is not None
+        assert len(grafana_container["env"]) == 5
+
+    def test_deployment_with_securitycontext_defaults(self, kube_version):
+        """Test that the grafana-deployment renders with the expected securityContext."""
+        docs = render_chart(
+            kube_version=kube_version,
+            show_only=[DEPLOYMENT_FILE],
+        )
 
-    assert len(docs) == 1
-    doc = docs[0]
-    assert doc["kind"] == "Deployment"
-    grafana_container = None
-    for container in doc["spec"]["template"]["spec"]["containers"]:
-        if container["name"] == "grafana":
-            grafana_container = container
-            break
-    assert grafana_container is not None
-    assert len(grafana_container["env"]) == 3
+        assert len(docs) == 1
+        doc = docs[0]
+        assert doc["kind"] == "Deployment"
+        assert doc["spec"]["template"]["spec"]["containers"][0]["securityContext"] == {
+            "runAsNonRoot": True
+        }
 
-    docs = render_chart(
-        kube_version=kube_version,
-        values={
-            "global": {"ssl": {"enabled": True}},
-            "grafana": {
-                "extraEnvVars": [
-                    {"name": "GF_SMTP_ENABLED", "value": "true"},
-                    {"name": "GF_SMTP_HOST", "value": "smtp.astronomer.io"},
-                ]
+    def test_deployment_with_securitycontext_overrides(self, kube_version):
+        """Test that the grafana-deployment renders with the expected securityContext."""
+        docs = render_chart(
+            kube_version=kube_version,
+            values={
+                "grafana": {"securityContext": {"runAsNonRoot": True, "runAsUser": 467}}
             },
-        },
-        show_only=[DEPLOYMENT_FILE],
-    )
+            show_only=[DEPLOYMENT_FILE],
+        )
 
-    assert len(docs) == 1
-    doc = docs[0]
-    grafana_container = None
-    for container in doc["spec"]["template"]["spec"]["containers"]:
-        if container["name"] == "grafana":
-            grafana_container = container
-            break
-    assert grafana_container is not None
-    assert len(grafana_container["env"]) == 5
+        assert len(docs) == 1
+        doc = docs[0]
+        assert doc["kind"] == "Deployment"
+        assert doc["spec"]["template"]["spec"]["containers"][0]["securityContext"] == {
+            "runAsNonRoot": True,
+            "runAsUser": 467,
+        }