From bf445b4addce2b88b637f1d6f4f4de37ab1303b6 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Fri, 26 Oct 2018 09:53:20 -0500
Subject: [PATCH] Add securityContext helm-toolkit function

This patch set adds in a helm-toolkit function to render the
securityContext in the chart.

Change-Id: Id0fe9b75432076d0b87e89dcaa5a4b88487972aa
Signed-off-by: Tin Lam <tin@irrational.io>
---
 .../_kubernetes_pod_security_context.tpl      | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 helm-toolkit/templates/snippets/_kubernetes_pod_security_context.tpl

diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_security_context.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_security_context.tpl
new file mode 100644
index 0000000000..018bd0a462
--- /dev/null
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_security_context.tpl
@@ -0,0 +1,46 @@
+{{/*
+Copyright 2017-2018 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+abstract: |
+  Renders securityContext for a Kubernetes pod.
+values: |
+  pod:
+    user:
+      myApp:
+        uid: 34356
+    security_context:
+      myApp:
+        seLinuxOptions:
+          level: "s0:c123,c456"
+usage: |
+  {{ dict "envAll" . "application" "myApp" | include "helm-toolkit.snippets.kubernetes_pod_security_context" }}
+return: |
+  securityContext:
+    runAsUser: 34356
+    seLinuxOptions:
+      level: "s0:c123,c456"
+*/}}
+
+{{- define "helm-toolkit.snippets.kubernetes_pod_security_context" -}}
+{{- $envAll := index . "envAll" -}}
+{{- $application := index . "application" -}}
+securityContext:
+  runAsUser: {{ index $envAll.Values.pod.user $application "uid" }}
+{{- if hasKey $envAll.Values.pod $application "security_context" }}
+{{ toYaml (index $envAll.Values.pod $application "security_context") | indent 2 }}
+{{- end }}
+{{- end -}}