From 115d9bdf80b2cfd704e8137b2894ce5cfe240059 Mon Sep 17 00:00:00 2001
From: Marco Franssen <marco.franssen@gmail.com>
Date: Tue, 21 Feb 2023 19:17:26 +0100
Subject: [PATCH 1/2] Add category and license annotations for artifacthub

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
---
 charts/spire/Chart.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/charts/spire/Chart.yaml b/charts/spire/Chart.yaml
index e6c6696ce..2e6db0437 100644
--- a/charts/spire/Chart.yaml
+++ b/charts/spire/Chart.yaml
@@ -29,3 +29,6 @@ dependencies:
     condition: spiffe-oidc-discovery-provider.enabled
     repository: file://./charts/spiffe-oidc-discovery-provider
     version: 0.1.0
+annotations:
+  artifacthub.io/category: security
+  artifacthub.io/license: Apache-2.0

From 8a3ae10da52982ec42b0f09dfe7c9a017e3b047b Mon Sep 17 00:00:00 2001
From: kfox1111 <Kevin.Fox@pnnl.gov>
Date: Thu, 23 Feb 2023 01:32:35 -0800
Subject: [PATCH 2/2] Add the option to disable unix workloadattestor (#26)

Co-authored-by: Faisal Memon <fymemon@yahoo.com>
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
---
 charts/spire/charts/spire-agent/README.md                | 1 +
 charts/spire/charts/spire-agent/templates/configmap.yaml | 2 ++
 charts/spire/charts/spire-agent/values.yaml              | 7 +++++++
 3 files changed, 10 insertions(+)

diff --git a/charts/spire/charts/spire-agent/README.md b/charts/spire/charts/spire-agent/README.md
index 3b905050a..eec75425c 100644
--- a/charts/spire/charts/spire-agent/README.md
+++ b/charts/spire/charts/spire-agent/README.md
@@ -35,5 +35,6 @@ A Helm chart to install the SPIRE agent.
 | waitForIt.image.repository | string | `"chainguard/wait-for-it"` |  |
 | waitForIt.image.version | string | `"latest-20230113"` |  |
 | waitForIt.resources | object | `{}` |  |
+| workloadAttestors.unix.enabled | bool | `false` | enables the Unix workload attestor |
 
 ----------------------------------------------
diff --git a/charts/spire/charts/spire-agent/templates/configmap.yaml b/charts/spire/charts/spire-agent/templates/configmap.yaml
index 55d4e78b7..921762f70 100644
--- a/charts/spire/charts/spire-agent/templates/configmap.yaml
+++ b/charts/spire/charts/spire-agent/templates/configmap.yaml
@@ -36,10 +36,12 @@ data:
         }
       }
 
+      {{- if .Values.workloadAttestors.unix.enabled }}
       WorkloadAttestor "unix" {
           plugin_data {
           }
       }
+      {{- end }}
     }
 
     health_checks {
diff --git a/charts/spire/charts/spire-agent/values.yaml b/charts/spire/charts/spire-agent/values.yaml
index 607e04f52..400f2c3a6 100644
--- a/charts/spire/charts/spire-agent/values.yaml
+++ b/charts/spire/charts/spire-agent/values.yaml
@@ -68,3 +68,10 @@ waitForIt:
     pullPolicy: IfNotPresent
     version: latest-20230113
   resources: {}
+
+# workloadAttestors determine a workload's properties and then generate a set of selectors associated with it.
+workloadAttestors:
+  # unix is a workload attestor which generates unix-based selectors like 'uid' and 'gid'.
+  unix:
+    # -- enables the Unix workload attestor
+    enabled: false