From 92cc2ffd863b8925ed785d5e8b02ac38488e835e Mon Sep 17 00:00:00 2001
From: Aldwyn Cabarrubias <aldwyn@users.noreply.github.com>
Date: Wed, 29 Nov 2023 11:00:28 +0800
Subject: [PATCH] Add securityContexts in dagProcessor.logGroomerSidecar
 (#34499)

---------

Co-authored-by: Elad Kalif <45845474+eladkal@users.noreply.github.com>
---
 chart/templates/dag-processor/dag-processor-deployment.yaml | 2 ++
 chart/values.yaml                                           | 2 ++
 helm_tests/security/test_security_context.py                | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/chart/templates/dag-processor/dag-processor-deployment.yaml b/chart/templates/dag-processor/dag-processor-deployment.yaml
index 24da3fca8eeef..28a2dc0a30df5 100644
--- a/chart/templates/dag-processor/dag-processor-deployment.yaml
+++ b/chart/templates/dag-processor/dag-processor-deployment.yaml
@@ -29,6 +29,7 @@
 {{- $revisionHistoryLimit := or .Values.dagProcessor.revisionHistoryLimit .Values.revisionHistoryLimit }}
 {{- $securityContext := include "airflowPodSecurityContext" (list . .Values.dagProcessor) }}
 {{- $containerSecurityContext := include "containerSecurityContext" (list . .Values.dagProcessor) }}
+{{- $containerSecurityContextLogGroomerSidecar := include "containerSecurityContext" (list . .Values.dagProcessor.logGroomerSidecar) }}
 {{- $containerSecurityContextWaitForMigrations := include "containerSecurityContext" (list . .Values.dagProcessor.waitForMigrations) }}
 {{- $containerLifecycleHooks := or .Values.dagProcessor.containerLifecycleHooks .Values.containerLifecycleHooks }}
 apiVersion: apps/v1
@@ -198,6 +199,7 @@ spec:
           resources: {{- toYaml .Values.dagProcessor.logGroomerSidecar.resources | nindent 12 }}
           image: {{ template "airflow_image" . }}
           imagePullPolicy: {{ .Values.images.airflow.pullPolicy }}
+          securityContext: {{ $containerSecurityContextLogGroomerSidecar | nindent 12 }}
           {{- if .Values.dagProcessor.logGroomerSidecar.command }}
           command: {{ tpl (toYaml .Values.dagProcessor.logGroomerSidecar.command) . | nindent 12 }}
           {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 4e62390473d5f..763d8248379fd 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1666,6 +1666,8 @@ dagProcessor:
     #  requests:
     #   cpu: 100m
     #   memory: 128Mi
+    securityContexts:
+      container: {}
 
   waitForMigrations:
     # Whether to create init container to wait for db migrations
diff --git a/helm_tests/security/test_security_context.py b/helm_tests/security/test_security_context.py
index 8a51f62e675d2..c6f8f8ce799d8 100644
--- a/helm_tests/security/test_security_context.py
+++ b/helm_tests/security/test_security_context.py
@@ -322,10 +322,12 @@ def test_log_groomer_sidecar_container_setting(self):
             values={
                 "scheduler": {**spec},
                 "workers": {**spec},
+                "dagProcessor": {**spec},
             },
             show_only=[
                 "templates/scheduler/scheduler-deployment.yaml",
                 "templates/workers/worker-deployment.yaml",
+                "templates/dag-processor/dag-processor-deployment.yaml",
             ],
         )