From bf5c2e9278388fe7f290c0e8abc74510e9c99860 Mon Sep 17 00:00:00 2001
From: Bastian Hofmann <mail@bastianhofmann.de>
Date: Thu, 3 Jul 2025 13:39:22 +0200
Subject: [PATCH] Add test for setting security contexts (#357)

Test for https://github.com/qdrant/qdrant-helm/pull/354
---
 test/qdrant_statefulset_test.go | 71 +++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 test/qdrant_statefulset_test.go

diff --git a/test/qdrant_statefulset_test.go b/test/qdrant_statefulset_test.go
new file mode 100644
index 0000000..9659430
--- /dev/null
+++ b/test/qdrant_statefulset_test.go
@@ -0,0 +1,71 @@
+package test
+
+import (
+	"github.com/gruntwork-io/terratest/modules/helm"
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/gruntwork-io/terratest/modules/logger"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/stretchr/testify/require"
+	appsv1 "k8s.io/api/apps/v1"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func TestContainerSecurityContextUserAndGroupDefault(t *testing.T) {
+	t.Parallel()
+
+	helmChartPath, err := filepath.Abs("../charts/qdrant")
+	releaseName := "qdrant"
+	require.NoError(t, err)
+
+	namespaceName := "qdrant-" + strings.ToLower(random.UniqueId())
+	logger.Log(t, "Namespace: %s\n", namespaceName)
+
+	options := &helm.Options{
+		SetJsonValues:  map[string]string{},
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+	}
+
+	statefulsetOutput := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/statefulset.yaml"})
+
+	var statefulSet appsv1.StatefulSet
+	helm.UnmarshalK8SYaml(t, statefulsetOutput, &statefulSet)
+	require.Equal(t, "1000:3000", statefulSet.Spec.Template.Spec.InitContainers[0].Command[2])
+	require.Equal(t, int64(1000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser)
+	require.Equal(t, int64(3000), *statefulSet.Spec.Template.Spec.SecurityContext.FSGroup)
+	require.Equal(t, int64(2000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsGroup)
+}
+
+func TestContainerSecurityContextUserAndGroupLargeValues(t *testing.T) {
+	t.Parallel()
+
+	helmChartPath, err := filepath.Abs("../charts/qdrant")
+	releaseName := "qdrant"
+	require.NoError(t, err)
+
+	namespaceName := "qdrant-" + strings.ToLower(random.UniqueId())
+	logger.Log(t, "Namespace: %s\n", namespaceName)
+
+	options := &helm.Options{
+		SetJsonValues: map[string]string{
+			"containerSecurityContext": `{
+				"runAsUser": 1000640000,
+				"runAsGroup": 1000840000
+			}`,
+			"podSecurityContext": `{
+				"fsGroup": 1000740000
+			}`,
+		},
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+	}
+
+	statefulsetOutput := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/statefulset.yaml"})
+
+	var statefulSet appsv1.StatefulSet
+	helm.UnmarshalK8SYaml(t, statefulsetOutput, &statefulSet)
+	require.Equal(t, "1000640000:1000740000", statefulSet.Spec.Template.Spec.InitContainers[0].Command[2])
+	require.Equal(t, int64(1000640000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser)
+	require.Equal(t, int64(1000740000), *statefulSet.Spec.Template.Spec.SecurityContext.FSGroup)
+	require.Equal(t, int64(1000840000), *statefulSet.Spec.Template.Spec.Containers[0].SecurityContext.RunAsGroup)
+}