From 21769a52a7968bd971a1a1b90f010803ba88e47e Mon Sep 17 00:00:00 2001
From: Joshua Cosgrove <cosgrovej@imsweb.com>
Date: Tue, 21 Nov 2023 13:08:04 -0500
Subject: [PATCH 1/4] feat(metabase): add securityContext hooks

This will allow users to specify thier own securityContext.

This adds hooks
---
 charts/metabase/Chart.yaml                | 2 +-
 charts/metabase/templates/deployment.yaml | 6 +++++-
 charts/metabase/values.yaml               | 5 +++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/charts/metabase/Chart.yaml b/charts/metabase/Chart.yaml
index c1cd9db..c8ed9ab 100644
--- a/charts/metabase/Chart.yaml
+++ b/charts/metabase/Chart.yaml
@@ -3,7 +3,7 @@ description:
   The easy, open source way for everyone in your company to ask questions
   and learn from data.
 name: metabase
-version: 2.10.0
+version: 2.10.1
 appVersion: v0.47.2
 maintainers:
   - name: pmint93
diff --git a/charts/metabase/templates/deployment.yaml b/charts/metabase/templates/deployment.yaml
index d5c4082..e72fd16 100644
--- a/charts/metabase/templates/deployment.yaml
+++ b/charts/metabase/templates/deployment.yaml
@@ -213,6 +213,10 @@ spec:
             - containerPort: {{ .Values.monitoring.port }}
               name: metrics
             {{- end }}
+          {{- if .Values.metabaseSecurityContext}}
+          securityContext: 
+          {{- .Values.metabaseSecurityContext | toYaml | nindent 12 }}
+          {{- end }}
           livenessProbe:
             httpGet:
               path: {{ .Values.livenessProbe.path }}
@@ -250,7 +254,7 @@ spec:
             - "-use_http_health_check"
             - "-enable_iam_login"
           securityContext:
-            runAsNonRoot: true
+          {{- .Values.cloudsqlSecurityContext | toYaml | nindent 12 }}
           livenessProbe:
             httpGet:
               path: /liveness
diff --git a/charts/metabase/values.yaml b/charts/metabase/values.yaml
index 71ab820..ab6e1f2 100644
--- a/charts/metabase/values.yaml
+++ b/charts/metabase/values.yaml
@@ -278,3 +278,8 @@ envFrom: []
   #   name: metabase-secret
   # - type: configMap
   #   name: metabase-cm
+
+metabaseSecurityContext: {}
+  
+cloudsqlSecurityContext:
+  runAsNonRoot: true

From 0712618b64fc4d9129424372189a9ad8e33eedba Mon Sep 17 00:00:00 2001
From: Joshua Cosgrove <cosgrovej@imsweb.com>
Date: Mon, 27 Nov 2023 09:37:15 -0500
Subject: [PATCH 2/4] feat(metabase): rename security hooks

Renamed metabaseSecurityContext to securityContext and moved
cloudsqlSecurityContext to database.googleCloudSQL.securityContext
---
 charts/metabase/Chart.yaml                | 2 +-
 charts/metabase/templates/deployment.yaml | 6 +++---
 charts/metabase/values.yaml               | 7 +++----
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/charts/metabase/Chart.yaml b/charts/metabase/Chart.yaml
index c8ed9ab..2714df7 100644
--- a/charts/metabase/Chart.yaml
+++ b/charts/metabase/Chart.yaml
@@ -3,7 +3,7 @@ description:
   The easy, open source way for everyone in your company to ask questions
   and learn from data.
 name: metabase
-version: 2.10.1
+version: 2.10.2
 appVersion: v0.47.2
 maintainers:
   - name: pmint93
diff --git a/charts/metabase/templates/deployment.yaml b/charts/metabase/templates/deployment.yaml
index 0416582..4ba658e 100644
--- a/charts/metabase/templates/deployment.yaml
+++ b/charts/metabase/templates/deployment.yaml
@@ -213,9 +213,9 @@ spec:
             - containerPort: {{ .Values.monitoring.port }}
               name: metrics
             {{- end }}
-          {{- if .Values.metabaseSecurityContext}}
+          {{- if .Values.securityContext}}
           securityContext: 
-          {{- .Values.metabaseSecurityContext | toYaml | nindent 12 }}
+          {{- .Values.securityContext | toYaml | nindent 12 }}
           {{- end }}
           livenessProbe:
             httpGet:
@@ -254,7 +254,7 @@ spec:
             - "-use_http_health_check"
             - "-enable_iam_login"
           securityContext:
-          {{- .Values.cloudsqlSecurityContext | toYaml | nindent 12 }}
+          {{- .Values.database.googleCloudSQL.securityContext | toYaml | nindent 12 }}
           livenessProbe:
             httpGet:
               path: /liveness
diff --git a/charts/metabase/values.yaml b/charts/metabase/values.yaml
index 51fbb46..ebf4d25 100644
--- a/charts/metabase/values.yaml
+++ b/charts/metabase/values.yaml
@@ -81,6 +81,8 @@ database:
     # sidecarImageTag: latest
     ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#running_the_as_a_sidecar
     resources: {}
+    securityContext:
+      runAsNonRoot: true
 
 password:
   # Changing Metabase password complexity:
@@ -279,11 +281,8 @@ envFrom: []
   # - type: configMap
   #   name: metabase-cm
 
-metabaseSecurityContext: {}
+securityContext: {}
   
-cloudsqlSecurityContext:
-  runAsNonRoot: true
-
 sidecars: []
   # - name: busybox
   #   image: busybox

From d7b001bd7fd0136a8263d5a1c0549baec0900975 Mon Sep 17 00:00:00 2001
From: Joshua Cosgrove <cosgrovej@imsweb.com>
Date: Mon, 27 Nov 2023 09:37:58 -0500
Subject: [PATCH 3/4] docs(metabase): added docs for security hooks

---
 charts/metabase/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/metabase/README.md b/charts/metabase/README.md
index cd8c2b0..e2eb625 100644
--- a/charts/metabase/README.md
+++ b/charts/metabase/README.md
@@ -90,6 +90,7 @@ The following table lists the configurable parameters of the Metabase chart and
 | database.googleCloudSQL.instanceConnectionNames | Google Cloud SQL instance connection names. See `values.yaml` for details. | []                |
 | database.googleCloudSQL.sidecarImageTag         | Specific tag for the Google Cloud SQL Auth proxy sidecar image             | latest            |
 | database.googleCloudSQL.resources               | Google Cloud SQL Auth proxy resource requests and limits                   | {}                |
+| database.googleCloudSQL.securityContext         | Google Cloud SQL Security Context                                          | runAsNonRoot: true| 
 | password.complexity                             | Complexity requirement for Metabase account's password                     | normal            |
 | password.length                                 | Minimum length required for Metabase account's password                    | 6                 |
 | timeZone                                        | Service time zone                                                          | UTC               |
@@ -148,5 +149,6 @@ The following table lists the configurable parameters of the Metabase chart and
 | extraEnv                                        | Mapping of extra environment variables                                     | {}                |
 | envFrom                                         | Mapping of extra environment variables from secret and/or configMap        | []                |
 | sidecars                                        | Mapping of container sidecars for the main deployment                      | []                |
+| securityContext                                 | Security Context for the Metabase pod                                      | {}                | 
 
 The above parameters map to the env variables defined in [metabase](http://github.com/metabase/metabase). For more information please refer to the [metabase documentations](https://www.metabase.com/docs/v0.41/operations-guide/environment-variables.html).

From 5d1fd8d19a82dc8e9bab2c6fffdc362dff99e42d Mon Sep 17 00:00:00 2001
From: Thanh Pham Minh <pmint93@users.noreply.github.com>
Date: Wed, 29 Nov 2023 23:40:57 +0700
Subject: [PATCH 4/4] Remove trailing-spaces

---
 charts/metabase/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/metabase/values.yaml b/charts/metabase/values.yaml
index ebf4d25..8dee188 100644
--- a/charts/metabase/values.yaml
+++ b/charts/metabase/values.yaml
@@ -282,7 +282,7 @@ envFrom: []
   #   name: metabase-cm
 
 securityContext: {}
-  
+
 sidecars: []
   # - name: busybox
   #   image: busybox