Add test for setting security contexts (#357)

Test for https://github.com/qdrant/qdrant-helm/pull/354
2026-01-27 10:20:18 +00:00 · 2025-07-03 13:39:22 +02:00
parent f2f4f069c6
commit bf5c2e9278
1 changed files with 71 additions and 0 deletions
--- a/test/qdrant_statefulset_test.go
+++ b/test/qdrant_statefulset_test.go
@@ -0,0 +1,71 @@
+package test
+
+import (
+	"github.com/gruntwork-io/terratest/modules/helm"
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/gruntwork-io/terratest/modules/logger"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/stretchr/testify/require"
+	appsv1 "k8s.io/api/apps/v1"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func TestContainerSecurityContextUserAndGroupDefault(t *testing.T) {
+	t.Parallel()
+
+	helmChartPath, err := filepath.Abs("../charts/qdrant")
+	releaseName := "qdrant"
+	require.NoError(t, err)
+
+	namespaceName := "qdrant-" + strings.ToLower(random.UniqueId())
+	logger.Log(t, "Namespace: %s\n", namespaceName)
+
+	options := &helm.Options{
+		SetJsonValues:  map[string]string{},
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+	}
+
+	statefulsetOutput := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/statefulset.yaml"})
+
+	var statefulSet appsv1.StatefulSet
+	helm.UnmarshalK8SYaml(t, statefulsetOutput, &statefulSet)
+	require.Equal(t, "1000:3000", statefulSet.Spec.Template.Spec.InitContainers[0].Command[2])
+	require.Equal(t, int64(1000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser)
+	require.Equal(t, int64(3000), *statefulSet.Spec.Template.Spec.SecurityContext.FSGroup)
+	require.Equal(t, int64(2000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsGroup)
+}
+
+func TestContainerSecurityContextUserAndGroupLargeValues(t *testing.T) {
+	t.Parallel()
+
+	helmChartPath, err := filepath.Abs("../charts/qdrant")
+	releaseName := "qdrant"
+	require.NoError(t, err)
+
+	namespaceName := "qdrant-" + strings.ToLower(random.UniqueId())
+	logger.Log(t, "Namespace: %s\n", namespaceName)
+
+	options := &helm.Options{
+		SetJsonValues: map[string]string{
+			"containerSecurityContext": `{
+				"runAsUser": 1000640000,
+				"runAsGroup": 1000840000
+			}`,
+			"podSecurityContext": `{
+				"fsGroup": 1000740000
+			}`,
+		},
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+	}
+
+	statefulsetOutput := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/statefulset.yaml"})
+
+	var statefulSet appsv1.StatefulSet
+	helm.UnmarshalK8SYaml(t, statefulsetOutput, &statefulSet)
+	require.Equal(t, "1000640000:1000740000", statefulSet.Spec.Template.Spec.InitContainers[0].Command[2])
+	require.Equal(t, int64(1000640000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser)
+	require.Equal(t, int64(1000740000), *statefulSet.Spec.Template.Spec.SecurityContext.FSGroup)
+	require.Equal(t, int64(1000840000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsGroup)
+}