From a3d6f70fe646e30c1a1f513b84902de91198f7b6 Mon Sep 17 00:00:00 2001
From: Anatolii Bazko <abazko@redhat.com>
Date: Wed, 10 Aug 2022 19:11:28 +0300
Subject: [PATCH] fix: Don't set runAsNonRoot=true for Eclipse Che operands
 (#1477)

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
---
 pkg/common/test/utils.go | 1 -
 pkg/deploy/deployment.go | 1 -
 2 files changed, 2 deletions(-)

diff --git a/pkg/common/test/utils.go b/pkg/common/test/utils.go
index a6ebe4795..9f8e67d62 100644
--- a/pkg/common/test/utils.go
+++ b/pkg/common/test/utils.go
@@ -83,7 +83,6 @@ func CompareResources(actualDeployment *appsv1.Deployment, expected TestExpected
 
 func ValidateSecurityContext(actualDeployment *appsv1.Deployment, t *testing.T) {
 	assert.Equal(t, corev1.Capability("ALL"), actualDeployment.Spec.Template.Spec.Containers[0].SecurityContext.Capabilities.Drop[0])
-	assert.Equal(t, pointer.BoolPtr(true), actualDeployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsNonRoot)
 	assert.Equal(t, pointer.BoolPtr(false), actualDeployment.Spec.Template.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation)
 }
 
diff --git a/pkg/deploy/deployment.go b/pkg/deploy/deployment.go
index a8b40fccb..22e664e0a 100644
--- a/pkg/deploy/deployment.go
+++ b/pkg/deploy/deployment.go
@@ -176,7 +176,6 @@ func EnsurePodSecurityStandards(deployment *appsv1.Deployment, userId int64, gro
 		if deployment.Spec.Template.Spec.Containers[i].SecurityContext == nil {
 			deployment.Spec.Template.Spec.Containers[i].SecurityContext = &corev1.SecurityContext{}
 		}
-		deployment.Spec.Template.Spec.Containers[i].SecurityContext.RunAsNonRoot = pointer.BoolPtr(true)
 		deployment.Spec.Template.Spec.Containers[i].SecurityContext.AllowPrivilegeEscalation = pointer.BoolPtr(false)
 		deployment.Spec.Template.Spec.Containers[i].SecurityContext.Capabilities = &corev1.Capabilities{Drop: []corev1.Capability{"ALL"}}
 	}