From e91236cc88a120943078207d3f52eeeab885fed4 Mon Sep 17 00:00:00 2001
From: TrueCharts-Bot <bot@truecharts.org>
Date: Wed, 2 Feb 2022 20:24:37 +0000
Subject: [PATCH] Commit new App releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
---
 stable/unifi/{9.0.41 => 9.0.42}/CHANGELOG.md  |  18 +++++++++---------
 stable/unifi/{9.0.41 => 9.0.42}/CONFIG.md     |   0
 stable/unifi/{9.0.41 => 9.0.42}/Chart.lock    |   2 +-
 stable/unifi/{9.0.41 => 9.0.42}/Chart.yaml    |   2 +-
 stable/unifi/{9.0.41 => 9.0.42}/README.md     |   0
 stable/unifi/{9.0.41 => 9.0.42}/app-readme.md |   0
 .../charts/common-8.14.4.tgz                  | Bin
 .../unifi/{9.0.41 => 9.0.42}/helm-values.md   |   9 +++------
 .../unifi/{9.0.41 => 9.0.42}/ix_values.yaml   |  12 +++---------
 .../unifi/{9.0.41 => 9.0.42}/questions.yaml   |  13 +++----------
 stable/unifi/{9.0.41 => 9.0.42}/security.md   |   1 -
 .../{9.0.41 => 9.0.42}/templates/common.yaml  |   0
 stable/unifi/{9.0.41 => 9.0.42}/values.yaml   |   0
 13 files changed, 20 insertions(+), 37 deletions(-)
 rename stable/unifi/{9.0.41 => 9.0.42}/CHANGELOG.md (91%)
 rename stable/unifi/{9.0.41 => 9.0.42}/CONFIG.md (100%)
 rename stable/unifi/{9.0.41 => 9.0.42}/Chart.lock (78%)
 rename stable/unifi/{9.0.41 => 9.0.42}/Chart.yaml (97%)
 rename stable/unifi/{9.0.41 => 9.0.42}/README.md (100%)
 rename stable/unifi/{9.0.41 => 9.0.42}/app-readme.md (100%)
 rename stable/unifi/{9.0.41 => 9.0.42}/charts/common-8.14.4.tgz (100%)
 rename stable/unifi/{9.0.41 => 9.0.42}/helm-values.md (89%)
 rename stable/unifi/{9.0.41 => 9.0.42}/ix_values.yaml (84%)
 rename stable/unifi/{9.0.41 => 9.0.42}/questions.yaml (99%)
 rename stable/unifi/{9.0.41 => 9.0.42}/security.md (99%)
 rename stable/unifi/{9.0.41 => 9.0.42}/templates/common.yaml (100%)
 rename stable/unifi/{9.0.41 => 9.0.42}/values.yaml (100%)

diff --git a/stable/unifi/9.0.41/CHANGELOG.md b/stable/unifi/9.0.42/CHANGELOG.md
similarity index 91%
rename from stable/unifi/9.0.41/CHANGELOG.md
rename to stable/unifi/9.0.42/CHANGELOG.md
index b95848f0be7..ac728007d7f 100644
--- a/stable/unifi/9.0.41/CHANGELOG.md
+++ b/stable/unifi/9.0.42/CHANGELOG.md
@@ -1,6 +1,15 @@
 # Changelog<br>
 
 
+<a name="unifi-9.0.42"></a>
+### [unifi-9.0.42](https://github.com/truecharts/apps/compare/unifi-9.0.41...unifi-9.0.42) (2022-02-02)
+
+#### Fix
+
+* run as non-root ([#1831](https://github.com/truecharts/apps/issues/1831))
+
+
+
 <a name="unifi-9.0.41"></a>
 ### [unifi-9.0.41](https://github.com/truecharts/apps/compare/unifi-9.0.40...unifi-9.0.41) (2022-02-02)
 
@@ -88,12 +97,3 @@
 
 * update helm general non-major helm releases ([#1693](https://github.com/truecharts/apps/issues/1693))
 
-
-
-<a name="unifi-9.0.32"></a>
-### [unifi-9.0.32](https://github.com/truecharts/apps/compare/unifi-9.0.31...unifi-9.0.32) (2022-01-04)
-
-#### Chore
-
-* update helm general non-major helm releases
-
diff --git a/stable/unifi/9.0.41/CONFIG.md b/stable/unifi/9.0.42/CONFIG.md
similarity index 100%
rename from stable/unifi/9.0.41/CONFIG.md
rename to stable/unifi/9.0.42/CONFIG.md
diff --git a/stable/unifi/9.0.41/Chart.lock b/stable/unifi/9.0.42/Chart.lock
similarity index 78%
rename from stable/unifi/9.0.41/Chart.lock
rename to stable/unifi/9.0.42/Chart.lock
index 1624c88ee46..1f3f7820210 100644
--- a/stable/unifi/9.0.41/Chart.lock
+++ b/stable/unifi/9.0.42/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
   repository: https://truecharts.org
   version: 8.14.4
 digest: sha256:174540169e6b40685bffe5c1bcc04b46e4fea44e824666dc750f5b640e9d410a
-generated: "2022-02-02T14:02:37.870923372Z"
+generated: "2022-02-02T20:20:30.362708519Z"
diff --git a/stable/unifi/9.0.41/Chart.yaml b/stable/unifi/9.0.42/Chart.yaml
similarity index 97%
rename from stable/unifi/9.0.41/Chart.yaml
rename to stable/unifi/9.0.42/Chart.yaml
index 00d4ebda9dd..e3af9ef7e1a 100644
--- a/stable/unifi/9.0.41/Chart.yaml
+++ b/stable/unifi/9.0.42/Chart.yaml
@@ -21,7 +21,7 @@ sources:
 - https://github.com/jacobalberty/unifi-docker
 - https://unifi-network.ui.com
 type: application
-version: 9.0.41
+version: 9.0.42
 annotations:
   truecharts.org/catagories: |
     - Networking
diff --git a/stable/unifi/9.0.41/README.md b/stable/unifi/9.0.42/README.md
similarity index 100%
rename from stable/unifi/9.0.41/README.md
rename to stable/unifi/9.0.42/README.md
diff --git a/stable/unifi/9.0.41/app-readme.md b/stable/unifi/9.0.42/app-readme.md
similarity index 100%
rename from stable/unifi/9.0.41/app-readme.md
rename to stable/unifi/9.0.42/app-readme.md
diff --git a/stable/unifi/9.0.41/charts/common-8.14.4.tgz b/stable/unifi/9.0.42/charts/common-8.14.4.tgz
similarity index 100%
rename from stable/unifi/9.0.41/charts/common-8.14.4.tgz
rename to stable/unifi/9.0.42/charts/common-8.14.4.tgz
diff --git a/stable/unifi/9.0.41/helm-values.md b/stable/unifi/9.0.42/helm-values.md
similarity index 89%
rename from stable/unifi/9.0.41/helm-values.md
rename to stable/unifi/9.0.42/helm-values.md
index b7f6d7d24e9..f890cdc0e68 100644
--- a/stable/unifi/9.0.41/helm-values.md
+++ b/stable/unifi/9.0.42/helm-values.md
@@ -11,18 +11,15 @@ You will, however, be able to use all values referenced in the common chart here
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| env.PUID | int | `568` |  |
-| env.UNIFI_GID | string | `"{{ .Values.env.PUID }}"` |  |
-| env.UNIFI_UID | string | `"{{ .Values.podSecurityContext.fsGroup }}"` |  |
+| env | object | `{}` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"tccr.io/truecharts/unifi"` |  |
 | image.tag | string | `"v6.5.55@sha256:c74556ef862dab1534ed848d6efa57f40a11399172230aec57e5e850ce542921"` |  |
 | persistence.config.enabled | bool | `true` |  |
 | persistence.config.mountPath | string | `"/unifi"` |  |
-| podSecurityContext.runAsGroup | int | `0` |  |
-| podSecurityContext.runAsUser | int | `0` |  |
+| podSecurityContext.runAsGroup | int | `999` |  |
+| podSecurityContext.runAsUser | int | `999` |  |
 | securityContext.readOnlyRootFilesystem | bool | `false` |  |
-| securityContext.runAsNonRoot | bool | `false` |  |
 | service.comm.enabled | bool | `true` |  |
 | service.comm.ports.comm.enabled | bool | `true` |  |
 | service.comm.ports.comm.port | int | `8080` |  |
diff --git a/stable/unifi/9.0.41/ix_values.yaml b/stable/unifi/9.0.42/ix_values.yaml
similarity index 84%
rename from stable/unifi/9.0.41/ix_values.yaml
rename to stable/unifi/9.0.42/ix_values.yaml
index 9871379dc46..8a9931fe53c 100644
--- a/stable/unifi/9.0.41/ix_values.yaml
+++ b/stable/unifi/9.0.42/ix_values.yaml
@@ -48,18 +48,12 @@ service:
 
 securityContext:
   readOnlyRootFilesystem: false
-  runAsNonRoot: false
 
 podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
+  runAsGroup: 999
+  runAsUser: 999
 
-env:
-  # TZ:
-  PUID: 568
-  # Permissions Settings
-  UNIFI_GID: "{{ .Values.env.PUID }}"
-  UNIFI_UID: "{{ .Values.podSecurityContext.fsGroup }}"
+env: {}
 
 persistence:
   config:
diff --git a/stable/unifi/9.0.41/questions.yaml b/stable/unifi/9.0.42/questions.yaml
similarity index 99%
rename from stable/unifi/9.0.41/questions.yaml
rename to stable/unifi/9.0.42/questions.yaml
index e5ee0ff5ed9..d7e1acedd39 100644
--- a/stable/unifi/9.0.41/questions.yaml
+++ b/stable/unifi/9.0.42/questions.yaml
@@ -188,13 +188,6 @@ questions:
           schema:
             type: string
             default: "002"
-        - variable: PUID
-          label: "PUID"
-          description: "Sets the PUID env var for LinuxServer.io (compatible) containers"
-          schema:
-            type: int
-            default: 568
-
 
   - variable: envList
     label: "Image environment"
@@ -2002,7 +1995,7 @@ questions:
                 label: "runAsNonRoot"
                 schema:
                   type: boolean
-                  default: false
+                  default: true
               - variable: capabilities
                 label: "Capabilities"
                 schema:
@@ -2042,13 +2035,13 @@ questions:
           description: "The UserID of the user running the application"
           schema:
             type: int
-            default: 0
+            default: 999
         - variable: runAsGroup
           label: "runAsGroup"
           description: The groupID this App of the user running the application"
           schema:
             type: int
-            default: 0
+            default: 999
         - variable: fsGroup
           label: "fsGroup"
           description: "The group that should own ALL storage."
diff --git a/stable/unifi/9.0.41/security.md b/stable/unifi/9.0.42/security.md
similarity index 99%
rename from stable/unifi/9.0.41/security.md
rename to stable/unifi/9.0.42/security.md
index d439d599fec..f1dcf2eca48 100644
--- a/stable/unifi/9.0.41/security.md
+++ b/stable/unifi/9.0.42/security.md
@@ -18,7 +18,6 @@ hide:
 | Type         |    Misconfiguration ID   |   Check  |  Severity |                   Explaination                   | Links  |
 |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
 | Kubernetes Security Check         |    KSV003   |   Default capabilities not dropped  |  LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-unifi&#39; of Deployment &#39;RELEASE-NAME-unifi&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details>  |
-| Kubernetes Security Check         |    KSV012   |   Runs as root user  |  MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-unifi&#39; of Deployment &#39;RELEASE-NAME-unifi&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details>  |
 | Kubernetes Security Check         |    KSV012   |   Runs as root user  |  MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-unifi&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details>  |
 | Kubernetes Security Check         |    KSV014   |   Root file system is not read-only  |  LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-unifi&#39; of Deployment &#39;RELEASE-NAME-unifi&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details>  |
 | Kubernetes Security Check         |    KSV014   |   Root file system is not read-only  |  LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-unifi&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details>  |
diff --git a/stable/unifi/9.0.41/templates/common.yaml b/stable/unifi/9.0.42/templates/common.yaml
similarity index 100%
rename from stable/unifi/9.0.41/templates/common.yaml
rename to stable/unifi/9.0.42/templates/common.yaml
diff --git a/stable/unifi/9.0.41/values.yaml b/stable/unifi/9.0.42/values.yaml
similarity index 100%
rename from stable/unifi/9.0.41/values.yaml
rename to stable/unifi/9.0.42/values.yaml