Update charts with latest changes

Author: circleci-wiz

wiz-outpost-lite/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.20250610
+version: 0.1.20250615
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

wiz-outpost-lite/templates/_helpers.tpl

@@ -77,10 +77,12 @@ wiz.io/runner: {{ .runner | quote }}
   {{- $moduleType = "remediation" }}
 {{- else if eq $runner "container-registry" -}}
   {{- $moduleType = "container-registry" }}
+{{- else if eq $runner "datascan" -}}
+  {{- $moduleType = "datascan" }}
 {{- else if hasPrefix "vcs-" $runner -}}
   {{- $moduleType = "vcs" }}
 {{- else -}}
-  {{- fail (printf "Invalid runner name: %s. Runner name must start with 'rem-', 'vcs-', or be 'container-registry'" $runner) -}}
+  {{- fail (printf "Invalid runner name: %s. Runner name must start with 'rem-', 'vcs-', or be 'container-registry', 'datascan'" $runner) -}}
 {{- end }}
 
 {{/* e.g. remediation-aws-rds-003 -> outpost-lite-runner-remediation

wiz-outpost-lite/templates/deployment.yaml

@@ -165,6 +165,11 @@ spec:
             - mountPath: /usr/local/share/ca-certificates/
               name: ca-certificate
               readOnly: true
+            {{- range $secretName := .Values.secrets }}
+            - mountPath: /mnt/secrets/{{ $secretName }}
+              name: {{ $secretName }}
+              readOnly: true
+            {{- end }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
@@ -193,6 +198,11 @@ spec:
               - key: caCertificate
                 path: root.crt
             optional: true
+        {{- range $secret := .Values.secrets }}
+        - name: {{ $secret }}
+          secret:
+            secretName: {{ $secret }}
+        {{- end }}
 ---
 {{- end }}
 {{- end }}

wiz-outpost-lite/values.yaml

@@ -109,6 +109,27 @@ modules:
         - SYS_ADMIN
       seLinuxOptions:
         type: spc_t
+  datascan:
+    enabled: false
+    serviceAccount:
+      create: true
+    podSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 1000
+      runAsGroup: 1000
+      fsGroup: 1000
+    containerSecurityContext:
+      capabilities:
+        drop:
+          - ALL
+      runAsNonRoot: true
+      runAsUser: 1000
+      runAsGroup: 1000
+      allowPrivilegeEscalation: false
+      privileged: false
+      readOnlyRootFilesystem: true
+      seLinuxOptions:
+        type: container_t
   remediation:
     enabled: false
     serviceAccount:
@@ -140,3 +161,5 @@ encryption:
   create: false
   secretName: "" # defaults to wiz-encryption-key-<outpostID>
   privateKey: ""
+
+secrets: [] # List of secrets to be used by the runner pod