[bitnami/oauth2-proxy] fix: 🔒 Move service-account token auto-mount to pod declaration (#22444)

* [bitnami/oauth2-proxy] fix: 🔒 Move service-account token auto-mount to pod declaration

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test: ✅ Update goss test to reflect new value

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

.vib/oauth2-proxy/goss/goss.yaml

@@ -15,7 +15,7 @@ command:
     # or the one randomly defined by openshift (larger values). Otherwise, the chart is still using the default value.
     exec: if [ $(id -u) -lt {{ $uid }} ] || [ $(id -G | awk '{print $2}') -lt {{ $gid }} ]; then exit 1; fi
     exit-status: 0
-  {{ if .Vars.serviceAccount.automountServiceAccountToken }}
+  {{ if .Vars.automountServiceAccountToken }}
   check-sa:
     exec: cat /var/run/secrets/kubernetes.io/serviceaccount/token | cut -d '.' -f 2 | xargs -I '{}' echo '{}====' | fold -w 4 | sed '$ d' | tr -d '\n' | base64 -d
     exit-status: 0

.vib/oauth2-proxy/runtime-parameters.yaml

@@ -26,7 +26,7 @@ containerSecurityContext:
   runAsUser: 1002
 serviceAccount:
   create: true
-  automountServiceAccountToken: true
+automountServiceAccountToken: true
 redis:
   enabled: true
   auth:

bitnami/oauth2-proxy/Chart.yaml

@@ -35,4 +35,4 @@ maintainers:
 name: oauth2-proxy
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/oauth2-proxy
-version: 4.4.1
+version: 4.5.0

bitnami/oauth2-proxy/README.md

@@ -197,6 +197,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                 | `RuntimeDefault` |
 | `command`                                           | Override default container command (useful when using custom images)                             | `[]`             |
 | `args`                                              | Override default container args (useful when using custom images)                                | `[]`             |
+| `automountServiceAccountToken`                      | Mount Service Account token in pod                                                               | `false`          |
 | `hostAliases`                                       | OAuth2 Proxy pods host aliases                                                                   | `[]`             |
 | `podLabels`                                         | Extra labels for OAuth2 Proxy pods                                                               | `{}`             |
 | `podAnnotations`                                    | Annotations for OAuth2 Proxy pods                                                                | `{}`             |

bitnami/oauth2-proxy/templates/deployment.yaml

@@ -34,6 +34,7 @@ spec:
     spec:
       serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
       {{- include "oauth2-proxy.imagePullSecrets" . | nindent 6 }}
+      automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
       {{- if .Values.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
       {{- end }}

bitnami/oauth2-proxy/values.yaml

@@ -505,6 +505,9 @@ command: []
 ## @param args Override default container args (useful when using custom images)
 ##
 args: []
+## @param automountServiceAccountToken Mount Service Account token in pod
+##
+automountServiceAccountToken: false
 ## @param hostAliases OAuth2 Proxy pods host aliases
 ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
 ##