From 3fbbf7b8df0cd719d3effcfabf7f23a2c9927988 Mon Sep 17 00:00:00 2001
From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Date: Tue, 12 Nov 2019 19:55:31 -0500
Subject: [PATCH] Remove readOnlyRootFilesystem configurable (#110)

---
 CHANGELOG.md                          |  6 ++++++
 templates/server-statefulset.yaml     |  3 ---
 test/unit/server-dev-statefulset.bats | 21 ---------------------
 test/unit/server-ha-statefulset.bats  | 21 ---------------------
 test/unit/server-statefulset.bats     | 19 -------------------
 values.yaml                           |  3 ---
 6 files changed, 6 insertions(+), 67 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2baf512..5189d2f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
 ## 0.2.0 (October 29th, 2019)
 
 Features:
diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml
index fcbae55..6c67299 100644
--- a/templates/server-statefulset.yaml
+++ b/templates/server-statefulset.yaml
@@ -41,9 +41,6 @@ spec:
       terminationGracePeriodSeconds: 10
       serviceAccountName: {{ template "vault.fullname" . }}
       securityContext:
-        {{- if .Values.server.securityContext.readOnlyRootFilesystem }}
-        readOnlyRootFilesystem: true
-        {{- end }}
         runAsNonRoot: true
         runAsGroup: {{ .Values.server.gid | default 1000 }}
         runAsUser: {{ .Values.server.uid | default 100 }}
diff --git a/test/unit/server-dev-statefulset.bats b/test/unit/server-dev-statefulset.bats
index e99d2fc..bcfb7b0 100755
--- a/test/unit/server-dev-statefulset.bats
+++ b/test/unit/server-dev-statefulset.bats
@@ -376,24 +376,3 @@ load _helpers
       yq -r '.spec.template.spec.securityContext.fsGroup' | tee /dev/stderr)
   [ "${actual}" = "2000" ]
 }
-
-@test "server/dev-StatefulSet: readOnlyRootFilesystem default" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -x templates/server-statefulset.yaml \
-      --set 'server.dev.enabled=true' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.securityContext.readOnlyRootFilesystem' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
-@test "server/dev-StatefulSet: readOnlyRootFilesystem configurable" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -x templates/server-statefulset.yaml \
-      --set 'server.dev.enabled=true' \
-      --set 'server.securityContext.readOnlyRootFilesystem=false' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.securityContext.readOnlyRootFilesystem' | tee /dev/stderr)
-  [ "${actual}" = "null" ]
-}
diff --git a/test/unit/server-ha-statefulset.bats b/test/unit/server-ha-statefulset.bats
index de2d433..7c2a2af 100755
--- a/test/unit/server-ha-statefulset.bats
+++ b/test/unit/server-ha-statefulset.bats
@@ -571,24 +571,3 @@ load _helpers
       yq -r '.spec.template.spec.securityContext.fsGroup' | tee /dev/stderr)
   [ "${actual}" = "2000" ]
 }
-
-@test "server/ha-StatefulSet: readOnlyRootFilesystem default" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -x templates/server-statefulset.yaml \
-      --set 'server.ha.enabled=true' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.securityContext.readOnlyRootFilesystem' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
-@test "server/ha-StatefulSet: readOnlyRootFilesystem configurable" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -x templates/server-statefulset.yaml \
-      --set 'server.ha.enabled=true' \
-      --set 'server.securityContext.readOnlyRootFilesystem=false' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.securityContext.readOnlyRootFilesystem' | tee /dev/stderr)
-  [ "${actual}" = "null" ]
-}
diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats
index c7bc5e7..e16fc8e 100755
--- a/test/unit/server-statefulset.bats
+++ b/test/unit/server-statefulset.bats
@@ -639,22 +639,3 @@ load _helpers
       yq -r '.spec.template.spec.securityContext.fsGroup' | tee /dev/stderr)
   [ "${actual}" = "2000" ]
 }
-
-@test "server/standalone-StatefulSet: readOnlyRootFilesystem default" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -x templates/server-statefulset.yaml \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.securityContext.readOnlyRootFilesystem' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
-@test "server/standalone-StatefulSet: readOnlyRootFilesystem configurable" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -x templates/server-statefulset.yaml \
-      --set 'server.securityContext.readOnlyRootFilesystem=false' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.securityContext.readOnlyRootFilesystem' | tee /dev/stderr)
-  [ "${actual}" = "null" ]
-}
diff --git a/values.yaml b/values.yaml
index 00fb306..45158c6 100644
--- a/values.yaml
+++ b/values.yaml
@@ -21,9 +21,6 @@ server:
   # should map directly to the value of the resources field for a PodSpec.
   # By default no direct resource request is made.
 
-  securityContext:
-    readOnlyRootFilesystem: true
-
   resources:
   # resources:
   #   requests: