add todo and update tests

library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_install_test.yaml

@@ -1,83 +1,3 @@
-
-suite: initContainer in deployment test (on Upgrade)
-templates:
-  - common.yaml
-tests:
-  - it: should pass with default values
-    documentIndex: &deploymentDoc 0
-    asserts:
-      - hasDocuments:
-          count: 3
-      - isKind:
-          of: Deployment
-
-  - it: should pass with image defined in init container
-    documentIndex: *deploymentDoc
-    set:
-      image:
-        repository: some-repo
-        tag: some-tag
-        pullPolicy: Always
-      initImage:
-        repository: some-repo-init
-        tag: some-tag-init
-        pullPolicy: Never
-      initContainers:
-        some-name:
-          imageSelector: initImage
-          pullPolicy: Never
-    asserts:
-      - isSubset:
-          path: spec.template.spec.containers[0]
-          content:
-            image: some-repo:some-tag
-            imagePullPolicy: Always
-      - isSubset:
-          path: spec.template.spec.initContainers[0]
-          content:
-            image: some-repo-init:some-tag-init
-            imagePullPolicy: Never
-
-  - it: should pass with image defined in multiple init container
-    documentIndex: *deploymentDoc
-    set:
-      image:
-        repository: some-repo
-        tag: some-tag
-        pullPolicy: Always
-      initImage:
-        repository: some-repo-init
-        tag: some-tag-init
-        pullPolicy: Never
-      initImage2:
-        repository: some-repo-init2
-        tag: some-tag-init2
-        pullPolicy: IfNotPresent
-      initContainers:
-        some-name:
-          imageSelector: initImage
-          pullPolicy: Never
-        some-name2:
-          imageSelector: initImage2
-          pullPolicy: Never
-    asserts:
-      - isSubset:
-          path: spec.template.spec.containers[0]
-          content:
-            image: some-repo:some-tag
-            imagePullPolicy: Always
-      - isSubset:
-          path: spec.template.spec.initContainers[0]
-          content:
-            image: some-repo-init:some-tag-init
-            imagePullPolicy: Never
-      - isSubset:
-          path: spec.template.spec.initContainers[1]
-          content:
-            image: some-repo-init2:some-tag-init2
-            imagePullPolicy: IfNotPresent
-
----
 suite: initContainer in deployment test (onInstall)
 templates:
   - common.yaml

library/common-test/tests/initcontainers_in_deployment/init_containers_in_deployment_upgrade_test.yaml

@@ -0,0 +1,77 @@
+suite: initContainer in deployment test (on Upgrade)
+templates:
+  - common.yaml
+tests:
+  - it: should pass with default values
+    documentIndex: &deploymentDoc 0
+    asserts:
+      - hasDocuments:
+          count: 3
+      - isKind:
+          of: Deployment
+
+  - it: should pass with image defined in init container
+    documentIndex: *deploymentDoc
+    set:
+      image:
+        repository: some-repo
+        tag: some-tag
+        pullPolicy: Always
+      initImage:
+        repository: some-repo-init
+        tag: some-tag-init
+        pullPolicy: Never
+      initContainers:
+        some-name:
+          imageSelector: initImage
+          pullPolicy: Never
+    asserts:
+      - isSubset:
+          path: spec.template.spec.containers[0]
+          content:
+            image: some-repo:some-tag
+            imagePullPolicy: Always
+      - isSubset:
+          path: spec.template.spec.initContainers[0]
+          content:
+            image: some-repo-init:some-tag-init
+            imagePullPolicy: Never
+
+  - it: should pass with image defined in multiple init container
+    documentIndex: *deploymentDoc
+    set:
+      image:
+        repository: some-repo
+        tag: some-tag
+        pullPolicy: Always
+      initImage:
+        repository: some-repo-init
+        tag: some-tag-init
+        pullPolicy: Never
+      initImage2:
+        repository: some-repo-init2
+        tag: some-tag-init2
+        pullPolicy: IfNotPresent
+      initContainers:
+        some-name:
+          imageSelector: initImage
+          pullPolicy: Never
+        some-name2:
+          imageSelector: initImage2
+          pullPolicy: Never
+    asserts:
+      - isSubset:
+          path: spec.template.spec.containers[0]
+          content:
+            image: some-repo:some-tag
+            imagePullPolicy: Always
+      - isSubset:
+          path: spec.template.spec.initContainers[0]
+          content:
+            image: some-repo-init:some-tag-init
+            imagePullPolicy: Never
+      - isSubset:
+          path: spec.template.spec.initContainers[1]
+          content:
+            image: some-repo-init2:some-tag-init2
+            imagePullPolicy: IfNotPresent

library/common/1.0.0/templates/lib/container/_securityContext.tpl

@@ -5,7 +5,7 @@ init{{/* Security Context included by the container */}}
   {{- $root := .root -}}
 
   {{- $defaultSecCont := $root.Values.global.defaults.securityContext -}}
-  {{- $runAsNonRoot := $defaultSecCont.runAsNonRoot -}} {{/* TODO: Inherit from main container? */}}
+  {{- $runAsNonRoot := $defaultSecCont.runAsNonRoot -}}
   {{- $readOnlyRootFilesystem := $defaultSecCont.readOnlyRootFilesystem -}}
   {{- $allowPrivilegeEscalation := $defaultSecCont.allowPrivilegeEscalation -}}
   {{- $privileged := $defaultSecCont.privileged -}}
@@ -20,11 +20,6 @@ init{{/* Security Context included by the container */}}
       {{- end -}}
     {{- end -}}
   {{- end -}}
-  {{- with $secContext -}}
-    {{- if or (not (kindIs "bool" .runAsNonRoot)) (not (kindIs "bool" .privileged)) (not (kindIs "bool" .readOnlyRootFilesystem)) (not (kindIs "bool" .allowPrivilegeEscalation)) -}}
-        {{- fail "One or more of the following are not set as booleans (runAsNonRoot, privileged, readOnlyRootFilesystem, allowPrivilegeEscalation)" -}}
-    {{- end -}}
-  {{- end -}}
 
   {{- if $secContext.inheritMain -}} {{/* if inheritMain is set, use the secContext from main container as default */}}
     {{- $defaultSecCont = $root.Values.securityContext -}}