oncall-engine/helm/oncall/tests/security_context_deployments_test.yaml

suite: test security context for deployments
templates:
  - celery/deployment.yaml
  - engine/deployment.yaml
  - engine/job-migrate.yaml
  - telegram-polling/deployment.yaml
release:
  name: oncall
tests:
  - it: podSecurityContext={} -> spec.template.spec.securityContext is empty (default)
    set:
      telegramPolling.enabled: true
    asserts:
      - isNullOrEmpty:
          path: spec.template.spec.securityContext
      - isNullOrEmpty:
          path: spec.template.spec.containers[0].securityContext

  - it: podSecurityContext.runAsNonRoot=true -> should fill securityContext
    set:
      telegramPolling.enabled: true
      podSecurityContext:
        runAsNonRoot: true
        runAsUser: 1000
    asserts:
      - isSubset:
          path: spec.template.spec.securityContext
          content:
            runAsNonRoot: true
            runAsUser: 1000

  - it: securityContext.runAsNonRoot=true -> should fill securityContext for container
    set:
      telegramPolling.enabled: true
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
    asserts:
      - isSubset:
          path: spec.template.spec.containers[0].securityContext
          content:
            runAsNonRoot: true
            runAsUser: 1000