fix(sysdig-deploy): cluster-shield check for posture does not properl…

…y check the global kspm flag (#1930)
sysdiglabs · Sep 10, 2024 · a40a67b · a40a67b
1 parent a07d9bc
commit a40a67b
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: sysdig-deploy
 description: A chart with various Sysdig components for Kubernetes
 type: application
-version: 1.64.5
+version: 1.64.6
 maintainers:
   - name: AlbertoBarba
     email: [email protected]

diff --git a/charts/sysdig-deploy/templates/cluster-shield-check.yaml b/charts/sysdig-deploy/templates/cluster-shield-check.yaml
@@ -58,7 +58,7 @@
       {{- end -}}
     {{- end -}}
 
-    {{- if and $postureEnabled .Values.global.kspm $kspmCollectorEnabled -}}
+    {{- if and $postureEnabled .Values.global.kspm.deploy $kspmCollectorEnabled -}}
       {{ fail "Cannot enable both cluster_shield.features.posture and kspmCollector" }}
     {{- end -}}
   {{- end -}}

diff --git a/charts/sysdig-deploy/tests/cluster_shield_constraint_test.yaml b/charts/sysdig-deploy/tests/cluster_shield_constraint_test.yaml
@@ -206,6 +206,30 @@ tests:
       - hasDocuments:
           count: 0
 
+  - it: Should not fail fail when both posture and kspmCollector are enabled but global kspm deploy is disabled
+    set:
+      global:
+        kspm:
+          deploy: false
+      admissionController:
+        enabled: true
+        features:
+          kspmAdmissionController: true
+          k8sAuditDetections: true
+      clusterScanner:
+        enabled: true
+      kspmCollector:
+        enabled: true
+      clusterShield:
+        enabled: true
+        cluster_shield:
+          features:
+            posture:
+              enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+
   - it: Should fail when both container vulnerability management and clusterScanner are enabled
     set:
       global: