From 1fe5125f24ac2adc4be32c0d401184e1d24261fc Mon Sep 17 00:00:00 2001
From: Fran Mulero <fmulero@vmware.com>
Date: Mon, 12 Aug 2024 20:23:47 +0200
Subject: [PATCH] [bitnami/chainloop] fix: Little issues (#28837)

* [bitnami/chainloop] fix: Add security context to initContainers

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Amend CAS network policy to allow control plane access CAS server

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Split network policy rules

Signed-off-by: Fran Mulero <fmulero@vmware.com>

---------

Signed-off-by: Fran Mulero <fmulero@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
---
 bitnami/chainloop/CHANGELOG.md                           | 8 ++++++--
 bitnami/chainloop/Chart.yaml                             | 2 +-
 bitnami/chainloop/templates/_helpers.tpl                 | 2 +-
 bitnami/chainloop/templates/cas/networkpolicy.yaml       | 6 ++++++
 bitnami/chainloop/templates/controlplane/deployment.yaml | 3 +++
 5 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/bitnami/chainloop/CHANGELOG.md b/bitnami/chainloop/CHANGELOG.md
index bb77643b8d..48f44610ab 100644
--- a/bitnami/chainloop/CHANGELOG.md
+++ b/bitnami/chainloop/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog
 
-## 0.1.2 (2024-08-09)
+## 0.1.3 (2024-08-12)
 
-* [bitnami/chainloop] Release 0.1.2 ([#28809](https://github.com/bitnami/charts/pull/28809))
+* [bitnami/chainloop] fix: Little issues ([#28837](https://github.com/bitnami/charts/pull/28837))
+
+## <small>0.1.2 (2024-08-09)</small>
+
+* [bitnami/chainloop] Release 0.1.2 (#28809) ([c97158c](https://github.com/bitnami/charts/commit/c97158c9fe2ede0c2d11eb3fc4fe884b3f7aec8c)), closes [#28809](https://github.com/bitnami/charts/issues/28809)
 
 ## <small>0.1.1 (2024-08-09)</small>
 
diff --git a/bitnami/chainloop/Chart.yaml b/bitnami/chainloop/Chart.yaml
index d6139b416a..ef774c5670 100644
--- a/bitnami/chainloop/Chart.yaml
+++ b/bitnami/chainloop/Chart.yaml
@@ -63,4 +63,4 @@ sources:
 - https://github.com/bitnami/containers/tree/main/bitnami/chainloop-control-plane-migrations
 - https://github.com/bitnami/containers/tree/main/bitnami/chainloop-artifact-cas
 - https://github.com/chainloop-dev/chainloop
-version: 0.1.2
+version: 0.1.3
diff --git a/bitnami/chainloop/templates/_helpers.tpl b/bitnami/chainloop/templates/_helpers.tpl
index 9ae28f1708..796a4f7262 100644
--- a/bitnami/chainloop/templates/_helpers.tpl
+++ b/bitnami/chainloop/templates/_helpers.tpl
@@ -176,7 +176,7 @@ OIDC settings, will fallback to development settings if needed
 {{- define "controlplane.oidc_settings" -}}
   {{- if .Values.development }}
     {{- with .Values.controlplane.auth }}
-    domain: "{{ coalesce .oidc.url "http://chainloop-dex:5556/dex" }}"
+    domain: "{{ coalesce .oidc.url ( printf "http://%s:%d/dex" ( include  "chainloop.dex" $ ) ( int $.Values.dex.service.ports.http ) ) }}"
     client_id: "{{ coalesce .oidc.clientID "chainloop-dev" }}"
     client_secret: "{{ coalesce .oidc.clientSecret "ZXhhbXBsZS1hcHAtc2VjcmV0" }}"
     {{- if .oidc.loginURLOverride }}
diff --git a/bitnami/chainloop/templates/cas/networkpolicy.yaml b/bitnami/chainloop/templates/cas/networkpolicy.yaml
index 9d2153160f..a25cb4dd35 100644
--- a/bitnami/chainloop/templates/cas/networkpolicy.yaml
+++ b/bitnami/chainloop/templates/cas/networkpolicy.yaml
@@ -46,6 +46,11 @@ spec:
     {{- end }}
   {{- end }}
   ingress:
+    - ports:
+        - port: {{ .Values.cas.containerPorts.grpc }}
+      from:
+        - podSelector:
+            matchLabels: {{ include "chainloop.controlplane.selectorLabels" . | nindent 14 }}
     - ports:
         - port: {{ .Values.cas.containerPorts.http }}
       {{- if not .Values.cas.networkPolicy.allowExternal }}
@@ -53,6 +58,7 @@ spec:
         - podSelector:
             matchLabels:
               {{ printf "%s-cas" (include "common.names.fullname" .) }}: "true"
+        
         {{- if .Values.cas.networkPolicy.ingressNSMatchLabels }}
         - namespaceSelector:
             matchLabels:
diff --git a/bitnami/chainloop/templates/controlplane/deployment.yaml b/bitnami/chainloop/templates/controlplane/deployment.yaml
index 0cc018a51a..f1314289f4 100644
--- a/bitnami/chainloop/templates/controlplane/deployment.yaml
+++ b/bitnami/chainloop/templates/controlplane/deployment.yaml
@@ -74,6 +74,9 @@ spec:
         - name: migrate
           image: {{ include "chainloop.controlplane.migration.image" . }}
           imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }}
+          {{- if .Values.controlplane.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controlplane.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
           command: [ "./atlas" ]
           args:
             - migrate