From 952f5448797afbad8cb5139418befcf2b0c9b756 Mon Sep 17 00:00:00 2001
From: Johannes Bauer <82513679+bauerjs1@users.noreply.github.com>
Date: Sat, 28 Oct 2023 13:13:04 +0200
Subject: [PATCH] fix(helm): Capitalize capabilities.drop[] due to PSS (#544)

---
 charts/kubeclarity/templates/deployment.yaml         |  8 ++++----
 .../templates/grype_server/deployment.yaml           |  2 +-
 charts/kubeclarity/templates/sbom_db/deployment.yaml |  2 +-
 .../templates/scanner-template-configmap.yaml        |  4 ++--
 runtime_scan/pkg/config/scanner_template.go          |  2 +-
 runtime_scan/pkg/scanner/job_managment_test.go       | 12 ++++++------
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/charts/kubeclarity/templates/deployment.yaml b/charts/kubeclarity/templates/deployment.yaml
index 00084f9..58094fc 100644
--- a/charts/kubeclarity/templates/deployment.yaml
+++ b/charts/kubeclarity/templates/deployment.yaml
@@ -55,7 +55,7 @@ spec:
           securityContext:
             capabilities:
               drop:
-                - all
+                - ALL
             runAsNonRoot: true
           {{- if not .Values.global.openShiftRestricted }}
             runAsUser: 1001
@@ -78,7 +78,7 @@ spec:
           securityContext:
             capabilities:
               drop:
-                - all
+                - ALL
             runAsNonRoot: true
           {{- if not .Values.global.openShiftRestricted }}
             runAsUser: 1001
@@ -102,7 +102,7 @@ spec:
           securityContext:
             capabilities:
               drop:
-                - all
+                - ALL
             runAsNonRoot: true
           {{- if not .Values.global.openShiftRestricted }}
             runAsUser: 1001
@@ -189,7 +189,7 @@ spec:
           securityContext:
             capabilities:
               drop:
-                - all
+                - ALL
             runAsNonRoot: true
             {{- if not .Values.global.openShiftRestricted }}
             runAsGroup: 1000
diff --git a/charts/kubeclarity/templates/grype_server/deployment.yaml b/charts/kubeclarity/templates/grype_server/deployment.yaml
index 5a1d537..72d1c0c 100644
--- a/charts/kubeclarity/templates/grype_server/deployment.yaml
+++ b/charts/kubeclarity/templates/grype_server/deployment.yaml
@@ -69,7 +69,7 @@ spec:
           securityContext:
             capabilities:
               drop:
-                - all
+                - ALL
             runAsNonRoot: true
             {{- if not .Values.global.openShiftRestricted }}
             runAsGroup: 1000
diff --git a/charts/kubeclarity/templates/sbom_db/deployment.yaml b/charts/kubeclarity/templates/sbom_db/deployment.yaml
index 89cdeae..f9dd530 100644
--- a/charts/kubeclarity/templates/sbom_db/deployment.yaml
+++ b/charts/kubeclarity/templates/sbom_db/deployment.yaml
@@ -62,7 +62,7 @@ spec:
           securityContext:
             capabilities:
               drop:
-                - all
+                - ALL
             runAsNonRoot: true
             {{- if not .Values.global.openShiftRestricted }}
             runAsGroup: 1000
diff --git a/charts/kubeclarity/templates/scanner-template-configmap.yaml b/charts/kubeclarity/templates/scanner-template-configmap.yaml
index 643d5c2..72de5d1 100644
--- a/charts/kubeclarity/templates/scanner-template-configmap.yaml
+++ b/charts/kubeclarity/templates/scanner-template-configmap.yaml
@@ -133,7 +133,7 @@ data:
             securityContext:
               capabilities:
                 drop:
-                - all
+                - ALL
               runAsNonRoot: true
               {{- if not .Values.global.openShiftRestricted }}
               runAsGroup: 1001
@@ -182,7 +182,7 @@ data:
             securityContext:
               capabilities:
                 drop:
-                  - all
+                  - ALL
               runAsNonRoot: true
               {{- if not .Values.global.openShiftRestricted }}
               runAsGroup: 1001
diff --git a/runtime_scan/pkg/config/scanner_template.go b/runtime_scan/pkg/config/scanner_template.go
index 45fe6c2..4e3478a 100644
--- a/runtime_scan/pkg/config/scanner_template.go
+++ b/runtime_scan/pkg/config/scanner_template.go
@@ -50,7 +50,7 @@ spec:
       securityContext:
         capabilities:
           drop:
-          - all
+          - ALL
         runAsNonRoot: true
         runAsGroup: 1001
         runAsUser: 1001
diff --git a/runtime_scan/pkg/scanner/job_managment_test.go b/runtime_scan/pkg/scanner/job_managment_test.go
index 87be27e..48bfea7 100644
--- a/runtime_scan/pkg/scanner/job_managment_test.go
+++ b/runtime_scan/pkg/scanner/job_managment_test.go
@@ -718,7 +718,7 @@ spec:
         securityContext:
           capabilities:
             drop:
-            - all
+            - ALL
           runAsNonRoot: true
           runAsGroup: 1001
           runAsUser: 1001
@@ -766,7 +766,7 @@ spec:
         securityContext:
           capabilities:
             drop:
-            - all
+            - ALL
           runAsNonRoot: true
           runAsGroup: 1001
           runAsUser: 1001
@@ -822,7 +822,7 @@ spec:
         securityContext:
           capabilities:
             drop:
-            - all
+            - ALL
           runAsNonRoot: true
           runAsGroup: 1001
           runAsUser: 1001
@@ -878,7 +878,7 @@ spec:
         securityContext:
           capabilities:
             drop:
-            - all
+            - ALL
           runAsNonRoot: true
           runAsGroup: 1001
           runAsUser: 1001
@@ -945,7 +945,7 @@ spec:
         securityContext:
           capabilities:
             drop:
-            - all
+            - ALL
           runAsNonRoot: true
           runAsGroup: 1001
           runAsUser: 1001
@@ -1003,7 +1003,7 @@ spec:
         securityContext:
           capabilities:
             drop:
-            - all
+            - ALL
           runAsNonRoot: true
           runAsGroup: 1001
           runAsUser: 1001