From febcd3863343c4adc3d98d6bf2bf5a5ecefe2fa7 Mon Sep 17 00:00:00 2001
From: Stavros kois <s.kois@outlook.com>
Date: Fri, 20 Jan 2023 16:45:22 +0200
Subject: [PATCH] allow to turn off automount on SA

---
 .../serviceAccount/serviceAccount_test.yaml    | 18 ++++++++++++++++++
 .../1.0.0/templates/class/_serviceAccount.tpl  | 10 +++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/library/common-test/tests/serviceAccount/serviceAccount_test.yaml b/library/common-test/tests/serviceAccount/serviceAccount_test.yaml
index 7a363a538b..79c6120293 100644
--- a/library/common-test/tests/serviceAccount/serviceAccount_test.yaml
+++ b/library/common-test/tests/serviceAccount/serviceAccount_test.yaml
@@ -40,6 +40,24 @@ tests:
       - equal:
           path: metadata.name
           value: RELEASE-NAME-common-test
+      - equal:
+          path: automountServiceAccountToken
+          value: true
+
+  - it: should pass with service account enabled
+    documentIndex: *serviceAccountDoc
+    set:
+      serviceAccount:
+        main:
+          enabled: true
+          automountServiceAccountToken: false
+    asserts:
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-common-test
+      - equal:
+          path: automountServiceAccountToken
+          value: false
 
   - it: should pass with primary service account enabled and nameOverride defined
     documentIndex: *serviceAccountDoc
diff --git a/library/common/1.0.0/templates/class/_serviceAccount.tpl b/library/common/1.0.0/templates/class/_serviceAccount.tpl
index ecbf279de3..c16d79ab1b 100644
--- a/library/common/1.0.0/templates/class/_serviceAccount.tpl
+++ b/library/common/1.0.0/templates/class/_serviceAccount.tpl
@@ -3,6 +3,13 @@
 {{- define "ix.v1.common.class.serviceAccount" -}}
   {{- $saValues := .serviceAccount -}}
   {{- $root := .root -}}
+  {{- if hasKey $saValues "automountServiceAccountToken" -}}
+    {{- if not (kindIs "bool" $saValues.automountServiceAccountToken) -}}
+      {{- fail (printf "<automountServiceAccountToken> value (%s) must be boolean" $saValues.automountServiceAccountToken ) -}}
+    {{- end -}}
+  {{- else -}}
+    {{- $_ := set $saValues "automountServiceAccountToken" true -}}
+  {{- end -}}
 
   {{- $saName := include "ix.v1.common.names.serviceAccount" (dict "root" $root "saValues" $saValues) }}
 ---
@@ -19,5 +26,6 @@ metadata:
   {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $root "annotations" $annotations) | trim) }}
   annotations:
     {{- . | nindent 4 }}
-  {{- end -}}
+  {{- end }}
+automountServiceAccountToken: {{ $saValues.automountServiceAccountToken }}
 {{- end }}