From c598a226e9c69113fc7265739b92818d6a2adf37 Mon Sep 17 00:00:00 2001 From: "alexandr.danilin" Date: Thu, 17 Feb 2022 18:26:07 +0300 Subject: [PATCH 01/59] Fixes #10566 Signed-off-by: alexandr.danilin --- cmd/helm/release_testing.go | 4 ++-- pkg/action/release_testing.go | 19 +++++++++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/cmd/helm/release_testing.go b/cmd/helm/release_testing.go index 2637cbb9f..9b82c0645 100644 --- a/cmd/helm/release_testing.go +++ b/cmd/helm/release_testing.go @@ -59,9 +59,9 @@ func newReleaseTestCmd(cfg *action.Configuration, out io.Writer) *cobra.Command notName := regexp.MustCompile(`^!\s?name=`) for _, f := range filter { if strings.HasPrefix(f, "name=") { - client.Filters["name"] = append(client.Filters["name"], strings.TrimPrefix(f, "name=")) + client.Filters[action.IncludeNameFilter] = append(client.Filters[action.IncludeNameFilter], strings.TrimPrefix(f, "name=")) } else if notName.MatchString(f) { - client.Filters["!name"] = append(client.Filters["!name"], notName.ReplaceAllLiteralString(f, "")) + client.Filters[action.ExcludeNameFilter] = append(client.Filters[action.ExcludeNameFilter], notName.ReplaceAllLiteralString(f, "")) } } rel, runErr := client.Run(args[0]) diff --git a/pkg/action/release_testing.go b/pkg/action/release_testing.go index ecaeaf59f..3522a0c98 100644 --- a/pkg/action/release_testing.go +++ b/pkg/action/release_testing.go @@ -29,6 +29,11 @@ import ( "helm.sh/helm/v3/pkg/release" ) +const ( + ExcludeNameFilter = "!name" + IncludeNameFilter = "name" +) + // ReleaseTesting is the action for testing a release. // // It provides the implementation of 'helm test'. @@ -66,9 +71,9 @@ func (r *ReleaseTesting) Run(name string) (*release.Release, error) { skippedHooks := []*release.Hook{} executingHooks := []*release.Hook{} - if len(r.Filters["!name"]) != 0 { + if len(r.Filters[ExcludeNameFilter]) != 0 { for _, h := range rel.Hooks { - if contains(r.Filters["!name"], h.Name) { + if contains(r.Filters[ExcludeNameFilter], h.Name) { skippedHooks = append(skippedHooks, h) } else { executingHooks = append(executingHooks, h) @@ -76,10 +81,10 @@ func (r *ReleaseTesting) Run(name string) (*release.Release, error) { } rel.Hooks = executingHooks } - if len(r.Filters["name"]) != 0 { + if len(r.Filters[IncludeNameFilter]) != 0 { executingHooks = nil for _, h := range rel.Hooks { - if contains(r.Filters["name"], h.Name) { + if contains(r.Filters[IncludeNameFilter], h.Name) { executingHooks = append(executingHooks, h) } else { skippedHooks = append(skippedHooks, h) @@ -110,6 +115,12 @@ func (r *ReleaseTesting) GetPodLogs(out io.Writer, rel *release.Release) error { for _, h := range rel.Hooks { for _, e := range h.Events { if e == release.HookTest { + if contains(r.Filters[ExcludeNameFilter], h.Name) { + continue + } + if len(r.Filters[IncludeNameFilter]) > 0 && !contains(r.Filters[IncludeNameFilter], h.Name) { + continue + } req := client.CoreV1().Pods(r.Namespace).GetLogs(h.Name, &v1.PodLogOptions{}) logReader, err := req.Stream(context.Background()) if err != nil { From f46eaf2f1b836129b25d4c4bc747b2e77ea29980 Mon Sep 17 00:00:00 2001 From: Stepan Dohnal Date: Tue, 5 Apr 2022 10:29:43 +0200 Subject: [PATCH 02/59] Add priority class to kind sorter Signed-off-by: Stepan Dohnal --- pkg/releaseutil/kind_sorter.go | 2 ++ pkg/releaseutil/kind_sorter_test.go | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/releaseutil/kind_sorter.go b/pkg/releaseutil/kind_sorter.go index 1d1874cfa..b5d75b88b 100644 --- a/pkg/releaseutil/kind_sorter.go +++ b/pkg/releaseutil/kind_sorter.go @@ -29,6 +29,7 @@ type KindSortOrder []string // // Those occurring earlier in the list get installed before those occurring later in the list. var InstallOrder KindSortOrder = []string{ + "PriorityClass", "Namespace", "NetworkPolicy", "ResourceQuota", @@ -105,6 +106,7 @@ var UninstallOrder KindSortOrder = []string{ "ResourceQuota", "NetworkPolicy", "Namespace", + "PriorityClass", } // sort manifests by kind. diff --git a/pkg/releaseutil/kind_sorter_test.go b/pkg/releaseutil/kind_sorter_test.go index afcae6d16..9e24c4399 100644 --- a/pkg/releaseutil/kind_sorter_test.go +++ b/pkg/releaseutil/kind_sorter_test.go @@ -169,6 +169,10 @@ func TestKindSorter(t *testing.T) { Name: "x", Head: &SimpleHead{Kind: "HorizontalPodAutoscaler"}, }, + { + Name: "F", + Head: &SimpleHead{Kind: "PriorityClass"}, + }, } for _, test := range []struct { @@ -176,8 +180,8 @@ func TestKindSorter(t *testing.T) { order KindSortOrder expected string }{ - {"install", InstallOrder, "aAbcC3deEf1gh2iIjJkKlLmnopqrxstuUvw!"}, - {"uninstall", UninstallOrder, "wvUmutsxrqponLlKkJjIi2hg1fEed3CcbAa!"}, + {"install", InstallOrder, "FaAbcC3deEf1gh2iIjJkKlLmnopqrxstuUvw!"}, + {"uninstall", UninstallOrder, "wvUmutsxrqponLlKkJjIi2hg1fEed3CcbAaF!"}, } { var buf bytes.Buffer t.Run(test.description, func(t *testing.T) { From 80bc7df7820513e79fc24a1d4bbffd96ef6a9adf Mon Sep 17 00:00:00 2001 From: Antonio Gamez Diaz Date: Fri, 8 Jul 2022 21:14:06 +0200 Subject: [PATCH 03/59] feat(helm): add 'ClientOptResolver' ClientOption This is a way to make the containerd resolver configurable by third-party users. Related #10623 Signed-off-by: Antonio Gamez Diaz --- pkg/registry/client.go | 7 +++++++ pkg/registry/client_test.go | 1 + 2 files changed, 8 insertions(+) diff --git a/pkg/registry/client.go b/pkg/registry/client.go index c1004f956..bafd40c5b 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -166,6 +166,13 @@ func ClientOptCredentialsFile(credentialsFile string) ClientOption { } } +// ClientOptResolver returns a function that sets the resolver setting on a client options set +func ClientOptResolver(resolver remotes.Resolver) ClientOption { + return func(client *Client) { + client.resolver = resolver + } +} + type ( // LoginOption allows specifying various settings on login LoginOption func(*loginOperation) diff --git a/pkg/registry/client_test.go b/pkg/registry/client_test.go index 138dd4245..5cc14ffdf 100644 --- a/pkg/registry/client_test.go +++ b/pkg/registry/client_test.go @@ -73,6 +73,7 @@ func (suite *RegistryClientTestSuite) SetupSuite() { ClientOptEnableCache(true), ClientOptWriter(suite.Out), ClientOptCredentialsFile(credentialsFile), + ClientOptResolver(nil), ) suite.Nil(err, "no error creating registry client") From 62be6f1af688233075249ea2787d016d0b77880f Mon Sep 17 00:00:00 2001 From: Antonio Gamez Diaz Date: Fri, 8 Jul 2022 21:15:14 +0200 Subject: [PATCH 04/59] ref(helm): export DescriptorPullSummary fields Exporting those fields enable 3rd party users to build their own mocked PullResult responses. Related #10623 Signed-off-by: Antonio Gamez Diaz --- pkg/registry/client.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/pkg/registry/client.go b/pkg/registry/client.go index bafd40c5b..499a46737 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -248,21 +248,21 @@ type ( // PullResult is the result returned upon successful pull. PullResult struct { - Manifest *descriptorPullSummary `json:"manifest"` - Config *descriptorPullSummary `json:"config"` - Chart *descriptorPullSummaryWithMeta `json:"chart"` - Prov *descriptorPullSummary `json:"prov"` + Manifest *DescriptorPullSummary `json:"manifest"` + Config *DescriptorPullSummary `json:"config"` + Chart *DescriptorPullSummaryWithMeta `json:"chart"` + Prov *DescriptorPullSummary `json:"prov"` Ref string `json:"ref"` } - descriptorPullSummary struct { + DescriptorPullSummary struct { Data []byte `json:"-"` Digest string `json:"digest"` Size int64 `json:"size"` } - descriptorPullSummaryWithMeta struct { - descriptorPullSummary + DescriptorPullSummaryWithMeta struct { + DescriptorPullSummary Meta *chart.Metadata `json:"meta"` } @@ -361,16 +361,16 @@ func (c *Client) Pull(ref string, options ...PullOption) (*PullResult, error) { } } result := &PullResult{ - Manifest: &descriptorPullSummary{ + Manifest: &DescriptorPullSummary{ Digest: manifest.Digest.String(), Size: manifest.Size, }, - Config: &descriptorPullSummary{ + Config: &DescriptorPullSummary{ Digest: configDescriptor.Digest.String(), Size: configDescriptor.Size, }, - Chart: &descriptorPullSummaryWithMeta{}, - Prov: &descriptorPullSummary{}, + Chart: &DescriptorPullSummaryWithMeta{}, + Prov: &DescriptorPullSummary{}, Ref: parsedRef.String(), } var getManifestErr error From f01486a0eff51f63d3a71e63cf83e04e62778ed3 Mon Sep 17 00:00:00 2001 From: Xin Ruan Date: Thu, 1 Dec 2022 17:52:31 +0100 Subject: [PATCH 05/59] Use wrapped error so that ErrNoObjectsVisited can be compared after return. Signed-off-by: Xin Ruan --- pkg/kube/client.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/pkg/kube/client.go b/pkg/kube/client.go index 5e75c34e4..4d00c6144 100644 --- a/pkg/kube/client.go +++ b/pkg/kube/client.go @@ -325,10 +325,8 @@ func (c *Client) Delete(resources ResourceList) (*Result, []error) { return nil }) if err != nil { - // Rewrite the message from "no objects visited" if that is what we got - // back if err == ErrNoObjectsVisited { - err = errors.New("object not found, skipping delete") + err = fmt.Errorf("object not found, skipping delete: %w", ErrNoObjectsVisited) } errs = append(errs, err) } @@ -352,10 +350,10 @@ func (c *Client) watchTimeout(t time.Duration) func(*resource.Info) error { // For most kinds, it checks to see if the resource is marked as Added or Modified // by the Kubernetes event stream. For some kinds, it does more: // -// - Jobs: A job is marked "Ready" when it has successfully completed. This is -// ascertained by watching the Status fields in a job's output. -// - Pods: A pod is marked "Ready" when it has successfully completed. This is -// ascertained by watching the status.phase field in a pod's output. +// - Jobs: A job is marked "Ready" when it has successfully completed. This is +// ascertained by watching the Status fields in a job's output. +// - Pods: A pod is marked "Ready" when it has successfully completed. This is +// ascertained by watching the status.phase field in a pod's output. // // Handling for other kinds will be added as necessary. func (c *Client) WatchUntilReady(resources ResourceList, timeout time.Duration) error { From 593dd0aef1919cec5e6b5f1c4ec450500c1c4473 Mon Sep 17 00:00:00 2001 From: Mikhail Kopylov Date: Mon, 12 Dec 2022 12:09:20 +0300 Subject: [PATCH 06/59] Add `helm get metadata` command Signed-off-by: Mikhail Kopylov --- cmd/helm/get.go | 1 + cmd/helm/get_metadata.go | 94 +++++++++++++++++++ cmd/helm/get_metadata_test.go | 66 +++++++++++++ .../testdata/output/get-metadata-args.txt | 3 + cmd/helm/testdata/output/get-metadata.json | 1 + cmd/helm/testdata/output/get-metadata.txt | 8 ++ cmd/helm/testdata/output/get-metadata.yaml | 8 ++ pkg/action/get_metadata.go | 69 ++++++++++++++ 8 files changed, 250 insertions(+) create mode 100644 cmd/helm/get_metadata.go create mode 100644 cmd/helm/get_metadata_test.go create mode 100644 cmd/helm/testdata/output/get-metadata-args.txt create mode 100644 cmd/helm/testdata/output/get-metadata.json create mode 100644 cmd/helm/testdata/output/get-metadata.txt create mode 100644 cmd/helm/testdata/output/get-metadata.yaml create mode 100644 pkg/action/get_metadata.go diff --git a/cmd/helm/get.go b/cmd/helm/get.go index 7c4854b59..3233a6c85 100644 --- a/cmd/helm/get.go +++ b/cmd/helm/get.go @@ -48,6 +48,7 @@ func newGetCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { cmd.AddCommand(newGetManifestCmd(cfg, out)) cmd.AddCommand(newGetHooksCmd(cfg, out)) cmd.AddCommand(newGetNotesCmd(cfg, out)) + cmd.AddCommand(newGetMetadataCmd(cfg, out)) return cmd } diff --git a/cmd/helm/get_metadata.go b/cmd/helm/get_metadata.go new file mode 100644 index 000000000..33deb8de3 --- /dev/null +++ b/cmd/helm/get_metadata.go @@ -0,0 +1,94 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + "io" + "log" + + "github.com/spf13/cobra" + + "helm.sh/helm/v3/cmd/helm/require" + "helm.sh/helm/v3/pkg/action" + "helm.sh/helm/v3/pkg/cli/output" +) + +type metadataWriter struct { + metadata *action.Metadata +} + +func newGetMetadataCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { + var outfmt output.Format + client := action.NewGetMetadata(cfg) + + cmd := &cobra.Command{ + Use: "metadata RELEASE_NAME", + Short: "This command fetches metadata for a given release", + Args: require.ExactArgs(1), + ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + if len(args) != 0 { + return nil, cobra.ShellCompDirectiveNoFileComp + } + return compListReleases(toComplete, args, cfg) + }, + RunE: func(cmd *cobra.Command, args []string) error { + releaseMetadata, err := client.Run(args[0]) + if err != nil { + return err + } + return outfmt.Write(out, &metadataWriter{releaseMetadata}) + }, + } + + f := cmd.Flags() + f.IntVar(&client.Version, "revision", 0, "specify release revision") + err := cmd.RegisterFlagCompletionFunc("revision", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + if len(args) == 1 { + return compListRevisions(toComplete, cfg, args[0]) + } + return nil, cobra.ShellCompDirectiveNoFileComp + }) + + if err != nil { + log.Fatal(err) + } + + bindOutputFlag(cmd, &outfmt) + + return cmd +} + +func (w metadataWriter) WriteTable(out io.Writer) error { + _, _ = fmt.Fprintln(out, fmt.Sprintf("NAME: %v", w.metadata.Name)) + _, _ = fmt.Fprintln(out, fmt.Sprintf("CHART: %v", w.metadata.Chart)) + _, _ = fmt.Fprintln(out, fmt.Sprintf("VERSION: %v", w.metadata.Version)) + _, _ = fmt.Fprintln(out, fmt.Sprintf("APP_VERSION: %v", w.metadata.AppVersion)) + _, _ = fmt.Fprintln(out, fmt.Sprintf("NAMESPACE: %v", w.metadata.Namespace)) + _, _ = fmt.Fprintln(out, fmt.Sprintf("REVISION: %v", w.metadata.Revision)) + _, _ = fmt.Fprintln(out, fmt.Sprintf("STATUS: %v", w.metadata.Status)) + _, _ = fmt.Fprintln(out, fmt.Sprintf("DEPLOYED_AT: %v", w.metadata.DeployedAt)) + return nil +} + +func (w metadataWriter) WriteJSON(out io.Writer) error { + return output.EncodeJSON(out, w.metadata) +} + +func (w metadataWriter) WriteYAML(out io.Writer) error { + return output.EncodeYAML(out, w.metadata) +} diff --git a/cmd/helm/get_metadata_test.go b/cmd/helm/get_metadata_test.go new file mode 100644 index 000000000..b6f0ab9f2 --- /dev/null +++ b/cmd/helm/get_metadata_test.go @@ -0,0 +1,66 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "testing" + + "helm.sh/helm/v3/pkg/release" +) + +func TestGetMetadataCmd(t *testing.T) { + tests := []cmdTestCase{{ + name: "get metadata with a release", + cmd: "get metadata thomas-guide", + golden: "output/get-metadata.txt", + rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, + }, { + name: "get metadata requires release name arg", + cmd: "get metadata", + golden: "output/get-metadata-args.txt", + rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, + wantError: true, + }, { + name: "get metadata to json", + cmd: "get metadata thomas-guide --output json", + golden: "output/get-metadata.json", + rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, + }, { + name: "get metadata to yaml", + cmd: "get metadata thomas-guide --output yaml", + golden: "output/get-metadata.yaml", + rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, + }} + runTestCmd(t, tests) +} + +func TestGetMetadataCompletion(t *testing.T) { + checkReleaseCompletion(t, "get metadata", false) +} + +func TestGetMetadataRevisionCompletion(t *testing.T) { + revisionFlagCompletionTest(t, "get metadata") +} + +func TestGetMetadataOutputCompletion(t *testing.T) { + outputFlagCompletionTest(t, "get metadata") +} + +func TestGetMetadataFileCompletion(t *testing.T) { + checkFileCompletion(t, "get metadata", false) + checkFileCompletion(t, "get metadata myrelease", false) +} diff --git a/cmd/helm/testdata/output/get-metadata-args.txt b/cmd/helm/testdata/output/get-metadata-args.txt new file mode 100644 index 000000000..acd3f4c15 --- /dev/null +++ b/cmd/helm/testdata/output/get-metadata-args.txt @@ -0,0 +1,3 @@ +Error: "helm get metadata" requires 1 argument + +Usage: helm get metadata RELEASE_NAME [flags] diff --git a/cmd/helm/testdata/output/get-metadata.json b/cmd/helm/testdata/output/get-metadata.json new file mode 100644 index 000000000..1d5152b24 --- /dev/null +++ b/cmd/helm/testdata/output/get-metadata.json @@ -0,0 +1 @@ +{"name":"thomas-guide","chart":"foo","version":"0.1.0-beta.1","appVersion":"1.0","namespace":"default","revision":1,"status":"deployed","deployedAt":"1977-09-02T22:04:05Z"} diff --git a/cmd/helm/testdata/output/get-metadata.txt b/cmd/helm/testdata/output/get-metadata.txt new file mode 100644 index 000000000..b91f1b86a --- /dev/null +++ b/cmd/helm/testdata/output/get-metadata.txt @@ -0,0 +1,8 @@ +NAME: thomas-guide +CHART: foo +VERSION: 0.1.0-beta.1 +APP_VERSION: 1.0 +NAMESPACE: default +REVISION: 1 +STATUS: deployed +DEPLOYED_AT: 1977-09-02T22:04:05Z diff --git a/cmd/helm/testdata/output/get-metadata.yaml b/cmd/helm/testdata/output/get-metadata.yaml new file mode 100644 index 000000000..b6d49b038 --- /dev/null +++ b/cmd/helm/testdata/output/get-metadata.yaml @@ -0,0 +1,8 @@ +appVersion: "1.0" +chart: foo +deployedAt: "1977-09-02T22:04:05Z" +name: thomas-guide +namespace: default +revision: 1 +status: deployed +version: 0.1.0-beta.1 diff --git a/pkg/action/get_metadata.go b/pkg/action/get_metadata.go new file mode 100644 index 000000000..ec096ae16 --- /dev/null +++ b/pkg/action/get_metadata.go @@ -0,0 +1,69 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import "time" + +// GetMetadata is the action for checking a given release's metadata. +// +// It provides the implementation of 'helm get metadata'. +type GetMetadata struct { + cfg *Configuration + + Version int +} + +type Metadata struct { + Name string `json:"name" yaml:"name"` + Chart string `json:"chart" yaml:"chart"` + Version string `json:"version" yaml:"version"` + AppVersion string `json:"appVersion" yaml:"appVersion"` + Namespace string `json:"namespace" yaml:"namespace"` + Revision int `json:"revision" yaml:"revision"` + Status string `json:"status" yaml:"status"` + DeployedAt string `json:"deployedAt" yaml:"deployedAt"` +} + +// NewGetMetadata creates a new GetMetadata object with the given configuration. +func NewGetMetadata(cfg *Configuration) *GetMetadata { + return &GetMetadata{ + cfg: cfg, + } +} + +// Run executes 'helm get metadata' against the given release. +func (g *GetMetadata) Run(name string) (*Metadata, error) { + if err := g.cfg.KubeClient.IsReachable(); err != nil { + return nil, err + } + + rel, err := g.cfg.releaseContent(name, g.Version) + if err != nil { + return nil, err + } + + return &Metadata{ + Name: rel.Name, + Chart: rel.Chart.Metadata.Name, + Version: rel.Chart.Metadata.Version, + AppVersion: rel.Chart.Metadata.AppVersion, + Namespace: rel.Namespace, + Revision: rel.Version, + Status: rel.Info.Status.String(), + DeployedAt: rel.Info.LastDeployed.Format(time.RFC3339), + }, nil +} From a2b98281a1f9813a962386030b035b7b62cbdd99 Mon Sep 17 00:00:00 2001 From: Xin Ruan Date: Wed, 14 Dec 2022 15:46:39 +0100 Subject: [PATCH 07/59] Use errors.Is to compare Signed-off-by: Xin Ruan --- pkg/kube/client.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/kube/client.go b/pkg/kube/client.go index 4d00c6144..9e289e366 100644 --- a/pkg/kube/client.go +++ b/pkg/kube/client.go @@ -325,8 +325,8 @@ func (c *Client) Delete(resources ResourceList) (*Result, []error) { return nil }) if err != nil { - if err == ErrNoObjectsVisited { - err = fmt.Errorf("object not found, skipping delete: %w", ErrNoObjectsVisited) + if errors.Is(err, ErrNoObjectsVisited) { + err = fmt.Errorf("object not found, skipping delete: %w", err) } errs = append(errs, err) } From 4f353439fa385886719677fabadb9afef0619807 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Thu, 15 Dec 2022 13:59:10 -0600 Subject: [PATCH 08/59] Seed a default switch to control `automountServiceAccountToken` Signed-off-by: Pat Riehecky --- pkg/chartutil/create.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/chartutil/create.go b/pkg/chartutil/create.go index 3a8f3cc5a..c0fbcb1a9 100644 --- a/pkg/chartutil/create.go +++ b/pkg/chartutil/create.go @@ -122,6 +122,8 @@ fullnameOverride: "" serviceAccount: # Specifies whether a service account should be created create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true # Annotations to add to the service account annotations: {} # The name of the service account to use. @@ -366,6 +368,7 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} + automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} ` From fd44c0fc14527fc90749bc15f9d226409c306c07 Mon Sep 17 00:00:00 2001 From: Eugene Zuev Date: Thu, 22 Dec 2022 12:04:19 +0100 Subject: [PATCH 09/59] add volumes and volumeMounts in chartutil add: - volumes in defaultValues - volumes in defaultDeployment - volumeMounts in defaultValues - volumeMounts in defaultDeployment Signed-off-by: Eugene Zuev --- pkg/chartutil/create.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/pkg/chartutil/create.go b/pkg/chartutil/create.go index 3a8f3cc5a..2f07b034a 100644 --- a/pkg/chartutil/create.go +++ b/pkg/chartutil/create.go @@ -180,6 +180,19 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mounthPath: "/etc/foo" +# readOnly: true + nodeSelector: {} tolerations: [] @@ -324,6 +337,14 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From fc1a5a1123793691a0e6f7e339ab49448fc3be77 Mon Sep 17 00:00:00 2001 From: Eugene Zuev Date: Sun, 25 Dec 2022 19:06:28 +0100 Subject: [PATCH 10/59] fix typo: mountPath Signed-off-by: Eugene Zuev --- pkg/chartutil/create.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/chartutil/create.go b/pkg/chartutil/create.go index 2f07b034a..77e1821e9 100644 --- a/pkg/chartutil/create.go +++ b/pkg/chartutil/create.go @@ -190,7 +190,7 @@ volumes: [] # Additional volumeMounts on the output Deployment definition. volumeMounts: [] # - name: foo -# mounthPath: "/etc/foo" +# mountPath: "/etc/foo" # readOnly: true nodeSelector: {} From 290397beb8b0fcb4f5396a2b5f813a4f362edbc0 Mon Sep 17 00:00:00 2001 From: Mikhail Kopylov Date: Sat, 7 Jan 2023 16:41:30 +0300 Subject: [PATCH 11/59] Adjust `get` command description to account metadata Signed-off-by: Mikhail Kopylov --- cmd/helm/get.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/helm/get.go b/cmd/helm/get.go index 3233a6c85..727cdaf88 100644 --- a/cmd/helm/get.go +++ b/cmd/helm/get.go @@ -33,6 +33,7 @@ get extended information about the release, including: - The generated manifest file - The notes provided by the chart of the release - The hooks associated with the release +- The metadata of the release ` func newGetCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { From 9e118ef5db46360fcc67d47ffd3b78060b602295 Mon Sep 17 00:00:00 2001 From: Mikhail Kopylov Date: Sat, 7 Jan 2023 16:42:28 +0300 Subject: [PATCH 12/59] Add `CHART`, `VERSION` and `APP_VERSION` fields to `get all` command output So that it's aligned with `get metadata` command output Signed-off-by: Mikhail Kopylov --- cmd/helm/status.go | 41 +++++++++++++----------- cmd/helm/testdata/output/get-release.txt | 3 ++ 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/cmd/helm/status.go b/cmd/helm/status.go index a482bf18d..e4e52ba7f 100644 --- a/cmd/helm/status.go +++ b/cmd/helm/status.go @@ -119,15 +119,18 @@ func (s statusPrinter) WriteTable(out io.Writer) error { if s.release == nil { return nil } - fmt.Fprintf(out, "NAME: %s\n", s.release.Name) + _, _ = fmt.Fprintf(out, "NAME: %s\n", s.release.Name) if !s.release.Info.LastDeployed.IsZero() { - fmt.Fprintf(out, "LAST DEPLOYED: %s\n", s.release.Info.LastDeployed.Format(time.ANSIC)) + _, _ = fmt.Fprintf(out, "LAST DEPLOYED: %s\n", s.release.Info.LastDeployed.Format(time.ANSIC)) } - fmt.Fprintf(out, "NAMESPACE: %s\n", s.release.Namespace) - fmt.Fprintf(out, "STATUS: %s\n", s.release.Info.Status.String()) - fmt.Fprintf(out, "REVISION: %d\n", s.release.Version) + _, _ = fmt.Fprintf(out, "CHART: %s\n", s.release.Chart.Metadata.Name) + _, _ = fmt.Fprintf(out, "NAMESPACE: %s\n", s.release.Namespace) + _, _ = fmt.Fprintf(out, "STATUS: %s\n", s.release.Info.Status.String()) + _, _ = fmt.Fprintf(out, "REVISION: %d\n", s.release.Version) + _, _ = fmt.Fprintf(out, "VERSION: %s\n", s.release.Chart.Metadata.Version) + _, _ = fmt.Fprintf(out, "APP_VERSION: %s\n", s.release.Chart.Metadata.AppVersion) if s.showDescription { - fmt.Fprintf(out, "DESCRIPTION: %s\n", s.release.Info.Description) + _, _ = fmt.Fprintf(out, "DESCRIPTION: %s\n", s.release.Info.Description) } if s.showResources && s.release.Info.Resources != nil && len(s.release.Info.Resources) > 0 { @@ -142,31 +145,31 @@ func (s statusPrinter) WriteTable(out io.Writer) error { } for _, t := range keys { - fmt.Fprintf(buf, "==> %s\n", t) + _, _ = fmt.Fprintf(buf, "==> %s\n", t) vk := s.release.Info.Resources[t] for _, resource := range vk { if err := printer.PrintObj(resource, buf); err != nil { - fmt.Fprintf(buf, "failed to print object type %s: %v\n", t, err) + _, _ = fmt.Fprintf(buf, "failed to print object type %s: %v\n", t, err) } } buf.WriteString("\n") } - fmt.Fprintf(out, "RESOURCES:\n%s\n", buf.String()) + _, _ = fmt.Fprintf(out, "RESOURCES:\n%s\n", buf.String()) } executions := executionsByHookEvent(s.release) if tests, ok := executions[release.HookTest]; !ok || len(tests) == 0 { - fmt.Fprintln(out, "TEST SUITE: None") + _, _ = fmt.Fprintln(out, "TEST SUITE: None") } else { for _, h := range tests { // Don't print anything if hook has not been initiated if h.LastRun.StartedAt.IsZero() { continue } - fmt.Fprintf(out, "TEST SUITE: %s\n%s\n%s\n%s\n", + _, _ = fmt.Fprintf(out, "TEST SUITE: %s\n%s\n%s\n%s\n", h.Name, fmt.Sprintf("Last Started: %s", h.LastRun.StartedAt.Format(time.ANSIC)), fmt.Sprintf("Last Completed: %s", h.LastRun.CompletedAt.Format(time.ANSIC)), @@ -176,38 +179,38 @@ func (s statusPrinter) WriteTable(out io.Writer) error { } if s.debug { - fmt.Fprintln(out, "USER-SUPPLIED VALUES:") + _, _ = fmt.Fprintln(out, "USER-SUPPLIED VALUES:") err := output.EncodeYAML(out, s.release.Config) if err != nil { return err } // Print an extra newline - fmt.Fprintln(out) + _, _ = fmt.Fprintln(out) cfg, err := chartutil.CoalesceValues(s.release.Chart, s.release.Config) if err != nil { return err } - fmt.Fprintln(out, "COMPUTED VALUES:") + _, _ = fmt.Fprintln(out, "COMPUTED VALUES:") err = output.EncodeYAML(out, cfg.AsMap()) if err != nil { return err } // Print an extra newline - fmt.Fprintln(out) + _, _ = fmt.Fprintln(out) } if strings.EqualFold(s.release.Info.Description, "Dry run complete") || s.debug { - fmt.Fprintln(out, "HOOKS:") + _, _ = fmt.Fprintln(out, "HOOKS:") for _, h := range s.release.Hooks { - fmt.Fprintf(out, "---\n# Source: %s\n%s\n", h.Path, h.Manifest) + _, _ = fmt.Fprintf(out, "---\n# Source: %s\n%s\n", h.Path, h.Manifest) } - fmt.Fprintf(out, "MANIFEST:\n%s\n", s.release.Manifest) + _, _ = fmt.Fprintf(out, "MANIFEST:\n%s\n", s.release.Manifest) } if len(s.release.Info.Notes) > 0 { - fmt.Fprintf(out, "NOTES:\n%s\n", strings.TrimSpace(s.release.Info.Notes)) + _, _ = fmt.Fprintf(out, "NOTES:\n%s\n", strings.TrimSpace(s.release.Info.Notes)) } return nil } diff --git a/cmd/helm/testdata/output/get-release.txt b/cmd/helm/testdata/output/get-release.txt index f6c3b57eb..3e83ca946 100644 --- a/cmd/helm/testdata/output/get-release.txt +++ b/cmd/helm/testdata/output/get-release.txt @@ -1,8 +1,11 @@ NAME: thomas-guide LAST DEPLOYED: Fri Sep 2 22:04:05 1977 +CHART: foo NAMESPACE: default STATUS: deployed REVISION: 1 +VERSION: 0.1.0-beta.1 +APP_VERSION: 1.0 TEST SUITE: None USER-SUPPLIED VALUES: name: value From 92a6640f8a56507f27c2f2732115a787d8d1ed6d Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Sun, 28 Feb 2021 02:02:55 -0600 Subject: [PATCH 13/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- pkg/action/action.go | 14 +++++++------- pkg/action/install.go | 7 ++++++- pkg/action/install_test.go | 2 +- pkg/action/upgrade.go | 4 ++-- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/pkg/action/action.go b/pkg/action/action.go index 82760250f..16e8e010e 100644 --- a/pkg/action/action.go +++ b/pkg/action/action.go @@ -102,7 +102,7 @@ type Configuration struct { // TODO: This function is badly in need of a refactor. // TODO: As part of the refactor the duplicate code in cmd/helm/template.go should be removed // This code has to do with writing files to disk. -func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrender.PostRenderer, dryRun bool) ([]*release.Hook, *bytes.Buffer, string, error) { +func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrender.PostRenderer, interactWithRemote bool) ([]*release.Hook, *bytes.Buffer, string, error) { hs := []*release.Hook{} b := bytes.NewBuffer(nil) @@ -120,12 +120,12 @@ func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Valu var files map[string]string var err2 error - // A `helm template` or `helm install --dry-run` should not talk to the remote cluster. - // It will break in interesting and exotic ways because other data (e.g. discovery) - // is mocked. It is not up to the template author to decide when the user wants to - // connect to the cluster. So when the user says to dry run, respect the user's - // wishes and do not connect to the cluster. - if !dryRun && cfg.RESTClientGetter != nil { + // A `helm template` should not talk to the remote cluster. However, commands + // with `--dry-run` should be able to try to connect to the cluster. + // This enables the ability to render 'lookup' functions. + // It may break in interesting and exotic ways because other data (e.g. discovery) + // is mocked. + if interactWithRemote && cfg.RESTClientGetter != nil { restConfig, err := cfg.RESTClientGetter.ToRESTConfig() if err != nil { return hs, b, "", err diff --git a/pkg/action/install.go b/pkg/action/install.go index 425b66f69..e2dea1355 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -257,7 +257,12 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma rel := i.createRelease(chrt, vals) var manifestDoc *bytes.Buffer - rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, i.DryRun) + // Determines whether `helm template` was used or another command with the --dry-run flag + // as they both set the Install.DryRun field to `true`. The `--dry-run` flag should be able + // to connect to remote for the lookup function. `helm template` is the only command that + // Install.APIVersions field will not be nil. + interactWithRemote := !i.DryRun || i.APIVersions == nil + rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, interactWithRemote) // Even for errors, attach this if available if manifestDoc != nil { rel.Manifest = manifestDoc.String() diff --git a/pkg/action/install_test.go b/pkg/action/install_test.go index 45e5a2670..3bf3380f9 100644 --- a/pkg/action/install_test.go +++ b/pkg/action/install_test.go @@ -254,7 +254,7 @@ func TestInstallRelease_DryRun(t *testing.T) { is.Equal(res.Info.Description, "Dry run complete") } -// Regression test for #7955: Lookup must not connect to Kubernetes on a dry-run. +// Regression test for #7955 func TestInstallRelease_DryRun_Lookup(t *testing.T) { is := assert.New(t) instAction := installAction(t) diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index 690397d4a..7bdeaae5b 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -230,8 +230,8 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin if err != nil { return nil, nil, err } - - hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, u.DryRun) + // Interacts with cluster if possible + hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, true) if err != nil { return nil, nil, err } From 51281c195a019d821082021acdc0fa4614dd74d5 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 16 Jan 2023 02:29:19 -0600 Subject: [PATCH 14/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes helm#8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 24 +++++++++++++++++++++++- cmd/helm/template.go | 2 +- cmd/helm/upgrade.go | 8 +++++++- pkg/action/action.go | 6 +++--- pkg/action/install.go | 16 +++++++++------- pkg/action/install_test.go | 6 +++--- pkg/action/upgrade.go | 16 +++++++++------- 7 files changed, 55 insertions(+), 23 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 281679e5c..c3555fd05 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -154,7 +154,8 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Install, valueOpts *values.Options) { f.BoolVar(&client.CreateNamespace, "create-namespace", false, "create the release namespace if not present") - f.BoolVar(&client.DryRun, "dry-run", false, "simulate an install") + f.StringVar(&client.DryRun, "dry-run", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") + f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") f.BoolVar(&client.DisableHooks, "no-hooks", false, "prevent hooks from running during install") f.BoolVar(&client.Replace, "replace", false, "re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production") @@ -261,6 +262,11 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options client.Namespace = settings.Namespace() + // validate dry-run flag value is one of the allowed values + if err := validateDryRunFlag(client); err != nil { + return nil, err + } + // Create context and prepare the handle of SIGTERM ctx := context.Background() ctx, cancel := context.WithCancel(ctx) @@ -301,3 +307,19 @@ func compInstall(args []string, toComplete string, client *action.Install) ([]st } return nil, cobra.ShellCompDirectiveNoFileComp } + +func validateDryRunFlag(client *action.Install) error { + // validate dry-run flag value with set of allowed value + allowedDryRunValues := []string{"false", "true", "none", "client", "server"} + isAllowed := false + for _, v := range allowedDryRunValues { + if client.DryRun == v { + isAllowed = true + break + } + } + if !isAllowed { + return errors.New("Invalid dry-run flag. Flag must one of the following: false, true, none, client, sever") + } + return nil +} diff --git a/cmd/helm/template.go b/cmd/helm/template.go index ce2be55bc..d341ddab9 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -73,7 +73,7 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.KubeVersion = parsedKubeVersion } - client.DryRun = true + client.DryRun = "client" client.ReleaseName = "release-name" client.Replace = true // Skip the name check client.ClientOnly = !validate diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 02f4cf2a9..3b2325a69 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -120,6 +120,11 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { instClient.Description = client.Description instClient.DependencyUpdate = client.DependencyUpdate + // validate dry-run flag value is one of the allowed values + if err := validateDryRunFlag(instClient); err != nil { + return err + } + rel, err := runInstall(args, instClient, valueOpts, out) if err != nil { return err @@ -214,7 +219,8 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.BoolVar(&createNamespace, "create-namespace", false, "if --install is set, create the release namespace if not present") f.BoolVarP(&client.Install, "install", "i", false, "if a release by this name doesn't already exist, run an install") f.BoolVar(&client.Devel, "devel", false, "use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored") - f.BoolVar(&client.DryRun, "dry-run", false, "simulate an upgrade") + f.StringVar(&client.DryRun, "dry-run", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") + f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.Recreate, "recreate-pods", false, "performs pods restart for the resource if applicable") f.MarkDeprecated("recreate-pods", "functionality will no longer be updated. Consult the documentation for other methods to recreate pods") f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") diff --git a/pkg/action/action.go b/pkg/action/action.go index 16e8e010e..c8a1a9d03 100644 --- a/pkg/action/action.go +++ b/pkg/action/action.go @@ -102,7 +102,7 @@ type Configuration struct { // TODO: This function is badly in need of a refactor. // TODO: As part of the refactor the duplicate code in cmd/helm/template.go should be removed // This code has to do with writing files to disk. -func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrender.PostRenderer, interactWithRemote bool) ([]*release.Hook, *bytes.Buffer, string, error) { +func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrender.PostRenderer, dryRun string) ([]*release.Hook, *bytes.Buffer, string, error) { hs := []*release.Hook{} b := bytes.NewBuffer(nil) @@ -121,11 +121,11 @@ func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Valu var err2 error // A `helm template` should not talk to the remote cluster. However, commands - // with `--dry-run` should be able to try to connect to the cluster. + // with `--dry-run` with the value of false, none, or sever should try to connect to the cluster. // This enables the ability to render 'lookup' functions. // It may break in interesting and exotic ways because other data (e.g. discovery) // is mocked. - if interactWithRemote && cfg.RESTClientGetter != nil { + if (dryRun == "server" || dryRun == "none" || dryRun == "false") && cfg.RESTClientGetter != nil { restConfig, err := cfg.RESTClientGetter.ToRESTConfig() if err != nil { return hs, b, "", err diff --git a/pkg/action/install.go b/pkg/action/install.go index e2dea1355..4eb802f1f 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -71,7 +71,7 @@ type Install struct { ClientOnly bool Force bool CreateNamespace bool - DryRun bool + DryRun string DisableHooks bool Replace bool Wait bool @@ -128,6 +128,8 @@ type ChartPathOptions struct { func NewInstall(cfg *Configuration) *Install { in := &Install{ cfg: cfg, + // Set default value of DryRun for before flags are binded (tests) + DryRun: "none", } in.ChartPathOptions.registryClient = cfg.RegistryClient @@ -207,7 +209,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma // contacts the upstream server and builds the capabilities object. if crds := chrt.CRDObjects(); !i.ClientOnly && !i.SkipCRDs && len(crds) > 0 { // On dry run, bail here - if i.DryRun { + if i.DryRun != "none" && i.DryRun != "false" { i.cfg.Log("WARNING: This chart or one of its subcharts contains CRDs. Rendering may fail or contain inaccuracies.") } else if err := i.installCRDs(crds); err != nil { return nil, err @@ -241,7 +243,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // special case for helm template --is-upgrade - isUpgrade := i.IsUpgrade && i.DryRun + isUpgrade := i.IsUpgrade && (i.DryRun != "none" && i.DryRun != "false") options := chartutil.ReleaseOptions{ Name: i.ReleaseName, Namespace: i.Namespace, @@ -261,8 +263,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma // as they both set the Install.DryRun field to `true`. The `--dry-run` flag should be able // to connect to remote for the lookup function. `helm template` is the only command that // Install.APIVersions field will not be nil. - interactWithRemote := !i.DryRun || i.APIVersions == nil - rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, interactWithRemote) + rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, i.DryRun) // Even for errors, attach this if available if manifestDoc != nil { rel.Manifest = manifestDoc.String() @@ -303,7 +304,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // Bail out here if it is a dry run - if i.DryRun { + if i.DryRun != "none" && i.DryRun != "false" { rel.Info.Description = "Dry run complete" return rel, nil } @@ -472,7 +473,8 @@ func (i *Install) availableName() error { if err := chartutil.ValidateReleaseName(start); err != nil { return errors.Wrapf(err, "release name %q", start) } - if i.DryRun { + // On dry run, bail here + if i.DryRun != "none" && i.DryRun != "false" { return nil } diff --git a/pkg/action/install_test.go b/pkg/action/install_test.go index 3bf3380f9..c669619e3 100644 --- a/pkg/action/install_test.go +++ b/pkg/action/install_test.go @@ -234,7 +234,7 @@ func TestInstallRelease_WithChartAndDependencyAllNotes(t *testing.T) { func TestInstallRelease_DryRun(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = true + instAction.DryRun = "true" vals := map[string]interface{}{} res, err := instAction.Run(buildChart(withSampleTemplates()), vals) if err != nil { @@ -258,7 +258,7 @@ func TestInstallRelease_DryRun(t *testing.T) { func TestInstallRelease_DryRun_Lookup(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = true + instAction.DryRun = "true" vals := map[string]interface{}{} mockChart := buildChart(withSampleTemplates()) @@ -278,7 +278,7 @@ func TestInstallRelease_DryRun_Lookup(t *testing.T) { func TestInstallReleaseIncorrectTemplate_DryRun(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = true + instAction.DryRun = "true" vals := map[string]interface{}{} _, err := instAction.Run(buildChart(withSampleIncludingIncorrectTemplates()), vals) expectedErr := "\"hello/templates/incorrect\" at <.Values.bad.doh>: nil pointer evaluating interface {}.doh" diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index 7bdeaae5b..c82704d31 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -70,8 +70,7 @@ type Upgrade struct { // DisableHooks disables hook processing if set to true. DisableHooks bool // DryRun controls whether the operation is prepared, but not executed. - // If `true`, the upgrade is prepared but not performed. - DryRun bool + DryRun string // Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. // // This should be used with caution. @@ -114,6 +113,8 @@ type resultMessage struct { func NewUpgrade(cfg *Configuration) *Upgrade { up := &Upgrade{ cfg: cfg, + // Set default value of DryRun for before flags are binded (tests) + DryRun: "none", } up.ChartPathOptions.registryClient = cfg.RegistryClient @@ -152,8 +153,8 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. if err != nil { return res, err } - - if !u.DryRun { + // Do not update for dry runs + if u.DryRun == "none" || u.DryRun == "false" { u.cfg.Log("updating status for upgraded release for %s", name) if err := u.cfg.Releases.Update(upgradedRelease); err != nil { return res, err @@ -230,8 +231,8 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin if err != nil { return nil, nil, err } - // Interacts with cluster if possible - hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, true) + + hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, u.DryRun) if err != nil { return nil, nil, err } @@ -309,7 +310,8 @@ func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedR return nil }) - if u.DryRun { + // Run if it is a dry run + if u.DryRun != "none" && u.DryRun != "false" { u.cfg.Log("dry run for %s", upgradedRelease.Name) if len(u.Description) > 0 { upgradedRelease.Info.Description = u.Description From 4d67dfabaa916183297200ed8e6b05f4de261fb1 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 16 Jan 2023 12:25:43 -0600 Subject: [PATCH 15/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 6 +++--- cmd/helm/upgrade.go | 9 ++++----- pkg/action/action.go | 2 +- pkg/action/install.go | 2 +- pkg/action/upgrade.go | 2 +- 5 files changed, 10 insertions(+), 11 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index c3555fd05..57d70cabf 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -263,7 +263,7 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options client.Namespace = settings.Namespace() // validate dry-run flag value is one of the allowed values - if err := validateDryRunFlag(client); err != nil { + if err := validateDryRunFlag(client.DryRun); err != nil { return nil, err } @@ -308,12 +308,12 @@ func compInstall(args []string, toComplete string, client *action.Install) ([]st return nil, cobra.ShellCompDirectiveNoFileComp } -func validateDryRunFlag(client *action.Install) error { +func validateDryRunFlag(dryRunFlagValue string) error { // validate dry-run flag value with set of allowed value allowedDryRunValues := []string{"false", "true", "none", "client", "server"} isAllowed := false for _, v := range allowedDryRunValues { - if client.DryRun == v { + if dryRunFlagValue == v { isAllowed = true break } diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 3b2325a69..adbacd1fd 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -120,11 +120,6 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { instClient.Description = client.Description instClient.DependencyUpdate = client.DependencyUpdate - // validate dry-run flag value is one of the allowed values - if err := validateDryRunFlag(instClient); err != nil { - return err - } - rel, err := runInstall(args, instClient, valueOpts, out) if err != nil { return err @@ -144,6 +139,10 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if err != nil { return err } + // validate dry-run flag value is one of the allowed values + if err := validateDryRunFlag(client.DryRun); err != nil { + return err + } p := getter.All(settings) vals, err := valueOpts.MergeValues(p) diff --git a/pkg/action/action.go b/pkg/action/action.go index c8a1a9d03..f59a31853 100644 --- a/pkg/action/action.go +++ b/pkg/action/action.go @@ -125,7 +125,7 @@ func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Valu // This enables the ability to render 'lookup' functions. // It may break in interesting and exotic ways because other data (e.g. discovery) // is mocked. - if (dryRun == "server" || dryRun == "none" || dryRun == "false") && cfg.RESTClientGetter != nil { + if (dryRun == "server" || dryRun == "none" || dryRun == "false") && cfg.RESTClientGetter != nil { restConfig, err := cfg.RESTClientGetter.ToRESTConfig() if err != nil { return hs, b, "", err diff --git a/pkg/action/install.go b/pkg/action/install.go index 4eb802f1f..f1c9176fc 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -243,7 +243,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // special case for helm template --is-upgrade - isUpgrade := i.IsUpgrade && (i.DryRun != "none" && i.DryRun != "false") + isUpgrade := i.IsUpgrade && (i.DryRun != "none" && i.DryRun != "false") options := chartutil.ReleaseOptions{ Name: i.ReleaseName, Namespace: i.Namespace, diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index c82704d31..f0e246156 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -154,7 +154,7 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. return res, err } // Do not update for dry runs - if u.DryRun == "none" || u.DryRun == "false" { + if u.DryRun == "none" || u.DryRun == "false" { u.cfg.Log("updating status for upgraded release for %s", name) if err := u.cfg.Releases.Update(upgradedRelease); err != nil { return res, err From fc16ea7d44e353cc365c6d59031ef8157d2d9865 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 16 Jan 2023 12:34:01 -0600 Subject: [PATCH 16/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 57d70cabf..a5589918d 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -320,6 +320,6 @@ func validateDryRunFlag(dryRunFlagValue string) error { } if !isAllowed { return errors.New("Invalid dry-run flag. Flag must one of the following: false, true, none, client, sever") - } + } return nil } From be99ebe8af768b5e83892771c0eccdaa329771d9 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 16 Jan 2023 16:10:25 -0600 Subject: [PATCH 17/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- pkg/action/install.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkg/action/install.go b/pkg/action/install.go index f1c9176fc..4d3e6ce6d 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -259,10 +259,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma rel := i.createRelease(chrt, vals) var manifestDoc *bytes.Buffer - // Determines whether `helm template` was used or another command with the --dry-run flag - // as they both set the Install.DryRun field to `true`. The `--dry-run` flag should be able - // to connect to remote for the lookup function. `helm template` is the only command that - // Install.APIVersions field will not be nil. + rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, i.DryRun) // Even for errors, attach this if available if manifestDoc != nil { From ddb33580dbcfd8443208c814cd4df4220b57e8dd Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 23 Jan 2023 13:18:59 -0600 Subject: [PATCH 18/59] feat(helm): add ability for a dry-run to evaluate lookup functions When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 13 ++++++++----- cmd/helm/template.go | 1 - cmd/helm/upgrade.go | 11 +++++++---- pkg/action/action.go | 8 ++++---- pkg/action/install.go | 26 +++++++++++++++++--------- pkg/action/install_test.go | 6 +++--- pkg/action/upgrade.go | 25 +++++++++++++++++++------ 7 files changed, 58 insertions(+), 32 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index a5589918d..580a194dd 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -154,8 +154,9 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Install, valueOpts *values.Options) { f.BoolVar(&client.CreateNamespace, "create-namespace", false, "create the release namespace if not present") - f.StringVar(&client.DryRun, "dry-run", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") - f.Lookup("dry-run").NoOptDefVal = "client" + f.BoolVar(&client.DryRun, "dry-run", false, "simulate an install") + f.StringVar(&client.DryRunOption, "dry-run-option", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") + f.Lookup("dry-run-option").NoOptDefVal = "client" f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") f.BoolVar(&client.DisableHooks, "no-hooks", false, "prevent hooks from running during install") f.BoolVar(&client.Replace, "replace", false, "re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production") @@ -174,6 +175,8 @@ func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Instal addValueOptionsFlags(f, valueOpts) addChartPathOptionsFlags(f, &client.ChartPathOptions) + cmd.MarkFlagsMutuallyExclusive("dry-run", "dry-run-option") + err := cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { requiredArgs := 2 if client.GenerateName { @@ -263,7 +266,7 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options client.Namespace = settings.Namespace() // validate dry-run flag value is one of the allowed values - if err := validateDryRunFlag(client.DryRun); err != nil { + if err := validateDryRunOptionFlag(client.DryRunOption); err != nil { return nil, err } @@ -308,12 +311,12 @@ func compInstall(args []string, toComplete string, client *action.Install) ([]st return nil, cobra.ShellCompDirectiveNoFileComp } -func validateDryRunFlag(dryRunFlagValue string) error { +func validateDryRunOptionFlag(dryRunOptionFlagValue string) error { // validate dry-run flag value with set of allowed value allowedDryRunValues := []string{"false", "true", "none", "client", "server"} isAllowed := false for _, v := range allowedDryRunValues { - if dryRunFlagValue == v { + if dryRunOptionFlagValue == v { isAllowed = true break } diff --git a/cmd/helm/template.go b/cmd/helm/template.go index d341ddab9..93f454fe5 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -73,7 +73,6 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.KubeVersion = parsedKubeVersion } - client.DryRun = "client" client.ReleaseName = "release-name" client.Replace = true // Skip the name check client.ClientOnly = !validate diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index adbacd1fd..34d8ab24b 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -106,6 +106,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { instClient.ChartPathOptions = client.ChartPathOptions instClient.Force = client.Force instClient.DryRun = client.DryRun + instClient.DryRunOption = client.DryRunOption instClient.DisableHooks = client.DisableHooks instClient.SkipCRDs = client.SkipCRDs instClient.Timeout = client.Timeout @@ -119,7 +120,6 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { instClient.SubNotes = client.SubNotes instClient.Description = client.Description instClient.DependencyUpdate = client.DependencyUpdate - rel, err := runInstall(args, instClient, valueOpts, out) if err != nil { return err @@ -140,7 +140,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return err } // validate dry-run flag value is one of the allowed values - if err := validateDryRunFlag(client.DryRun); err != nil { + if err := validateDryRunOptionFlag(client.DryRunOption); err != nil { return err } @@ -218,8 +218,9 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.BoolVar(&createNamespace, "create-namespace", false, "if --install is set, create the release namespace if not present") f.BoolVarP(&client.Install, "install", "i", false, "if a release by this name doesn't already exist, run an install") f.BoolVar(&client.Devel, "devel", false, "use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored") - f.StringVar(&client.DryRun, "dry-run", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") - f.Lookup("dry-run").NoOptDefVal = "client" + f.BoolVar(&client.DryRun, "dry-run", false, "simulate an upgrade") + f.StringVar(&client.DryRunOption, "dry-run-option", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") + f.Lookup("dry-run-option").NoOptDefVal = "client" f.BoolVar(&client.Recreate, "recreate-pods", false, "performs pods restart for the resource if applicable") f.MarkDeprecated("recreate-pods", "functionality will no longer be updated. Consult the documentation for other methods to recreate pods") f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") @@ -242,6 +243,8 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { bindOutputFlag(cmd, &outfmt) bindPostRenderFlag(cmd, &client.PostRenderer) + cmd.MarkFlagsMutuallyExclusive("dry-run", "dry-run-option") + err := cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { if len(args) != 2 { return nil, cobra.ShellCompDirectiveNoFileComp diff --git a/pkg/action/action.go b/pkg/action/action.go index f59a31853..01a49e477 100644 --- a/pkg/action/action.go +++ b/pkg/action/action.go @@ -102,7 +102,7 @@ type Configuration struct { // TODO: This function is badly in need of a refactor. // TODO: As part of the refactor the duplicate code in cmd/helm/template.go should be removed // This code has to do with writing files to disk. -func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrender.PostRenderer, dryRun string) ([]*release.Hook, *bytes.Buffer, string, error) { +func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrender.PostRenderer, interactWithRemote bool) ([]*release.Hook, *bytes.Buffer, string, error) { hs := []*release.Hook{} b := bytes.NewBuffer(nil) @@ -121,11 +121,11 @@ func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Valu var err2 error // A `helm template` should not talk to the remote cluster. However, commands - // with `--dry-run` with the value of false, none, or sever should try to connect to the cluster. - // This enables the ability to render 'lookup' functions. + // with the flag `--dry-run-option` with the value of false, none, or sever + // or with the flag `--dry-run` with the value of false should try to interact with the cluster. // It may break in interesting and exotic ways because other data (e.g. discovery) // is mocked. - if (dryRun == "server" || dryRun == "none" || dryRun == "false") && cfg.RESTClientGetter != nil { + if interactWithRemote && cfg.RESTClientGetter != nil { restConfig, err := cfg.RESTClientGetter.ToRESTConfig() if err != nil { return hs, b, "", err diff --git a/pkg/action/install.go b/pkg/action/install.go index 4d3e6ce6d..3abe102a4 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -71,7 +71,8 @@ type Install struct { ClientOnly bool Force bool CreateNamespace bool - DryRun string + DryRun bool + DryRunOption string DisableHooks bool Replace bool Wait bool @@ -128,8 +129,6 @@ type ChartPathOptions struct { func NewInstall(cfg *Configuration) *Install { in := &Install{ cfg: cfg, - // Set default value of DryRun for before flags are binded (tests) - DryRun: "none", } in.ChartPathOptions.registryClient = cfg.RegistryClient @@ -205,11 +204,21 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma return nil, err } + // determine dry run behavior + if i.DryRun || i.DryRunOption == "client" || i.DryRunOption == "server" || i.DryRunOption == "true" { + i.DryRun = true + } + + var interactWithRemote bool + if !i.DryRun || i.DryRunOption == "server" { + interactWithRemote = true + } + // Pre-install anything in the crd/ directory. We do this before Helm // contacts the upstream server and builds the capabilities object. if crds := chrt.CRDObjects(); !i.ClientOnly && !i.SkipCRDs && len(crds) > 0 { // On dry run, bail here - if i.DryRun != "none" && i.DryRun != "false" { + if i.DryRun { i.cfg.Log("WARNING: This chart or one of its subcharts contains CRDs. Rendering may fail or contain inaccuracies.") } else if err := i.installCRDs(crds); err != nil { return nil, err @@ -243,7 +252,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // special case for helm template --is-upgrade - isUpgrade := i.IsUpgrade && (i.DryRun != "none" && i.DryRun != "false") + isUpgrade := i.IsUpgrade && i.DryRun options := chartutil.ReleaseOptions{ Name: i.ReleaseName, Namespace: i.Namespace, @@ -259,8 +268,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma rel := i.createRelease(chrt, vals) var manifestDoc *bytes.Buffer - - rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, i.DryRun) + rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, interactWithRemote) // Even for errors, attach this if available if manifestDoc != nil { rel.Manifest = manifestDoc.String() @@ -301,7 +309,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // Bail out here if it is a dry run - if i.DryRun != "none" && i.DryRun != "false" { + if i.DryRun { rel.Info.Description = "Dry run complete" return rel, nil } @@ -471,7 +479,7 @@ func (i *Install) availableName() error { return errors.Wrapf(err, "release name %q", start) } // On dry run, bail here - if i.DryRun != "none" && i.DryRun != "false" { + if i.DryRun { return nil } diff --git a/pkg/action/install_test.go b/pkg/action/install_test.go index c669619e3..3bf3380f9 100644 --- a/pkg/action/install_test.go +++ b/pkg/action/install_test.go @@ -234,7 +234,7 @@ func TestInstallRelease_WithChartAndDependencyAllNotes(t *testing.T) { func TestInstallRelease_DryRun(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = "true" + instAction.DryRun = true vals := map[string]interface{}{} res, err := instAction.Run(buildChart(withSampleTemplates()), vals) if err != nil { @@ -258,7 +258,7 @@ func TestInstallRelease_DryRun(t *testing.T) { func TestInstallRelease_DryRun_Lookup(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = "true" + instAction.DryRun = true vals := map[string]interface{}{} mockChart := buildChart(withSampleTemplates()) @@ -278,7 +278,7 @@ func TestInstallRelease_DryRun_Lookup(t *testing.T) { func TestInstallReleaseIncorrectTemplate_DryRun(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = "true" + instAction.DryRun = true vals := map[string]interface{}{} _, err := instAction.Run(buildChart(withSampleIncludingIncorrectTemplates()), vals) expectedErr := "\"hello/templates/incorrect\" at <.Values.bad.doh>: nil pointer evaluating interface {}.doh" diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index f0e246156..817486465 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -70,7 +70,9 @@ type Upgrade struct { // DisableHooks disables hook processing if set to true. DisableHooks bool // DryRun controls whether the operation is prepared, but not executed. - DryRun string + DryRun bool + // DryRunOption controls whether the operation is prepared, but not executed with options on whether or not to interact with the remote cluster. + DryRunOption string // Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. // // This should be used with caution. @@ -113,8 +115,6 @@ type resultMessage struct { func NewUpgrade(cfg *Configuration) *Upgrade { up := &Upgrade{ cfg: cfg, - // Set default value of DryRun for before flags are binded (tests) - DryRun: "none", } up.ChartPathOptions.registryClient = cfg.RegistryClient @@ -140,6 +140,12 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. if err := chartutil.ValidateReleaseName(name); err != nil { return nil, errors.Errorf("release name is invalid: %s", name) } + + // determine dry run behavior + if u.DryRun || u.DryRunOption == "client" || u.DryRunOption == "server" || u.DryRunOption == "true" { + u.DryRun = true + } + u.cfg.Log("preparing upgrade for %s", name) currentRelease, upgradedRelease, err := u.prepareUpgrade(name, chart, vals) if err != nil { @@ -153,8 +159,9 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. if err != nil { return res, err } + // Do not update for dry runs - if u.DryRun == "none" || u.DryRun == "false" { + if !u.DryRun { u.cfg.Log("updating status for upgraded release for %s", name) if err := u.cfg.Releases.Update(upgradedRelease); err != nil { return res, err @@ -232,7 +239,13 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin return nil, nil, err } - hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, u.DryRun) + // determine whether or not to interact with remote + var interactWithRemote bool + if !u.DryRun || u.DryRunOption == "server" { + interactWithRemote = true + } + + hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, interactWithRemote) if err != nil { return nil, nil, err } @@ -311,7 +324,7 @@ func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedR }) // Run if it is a dry run - if u.DryRun != "none" && u.DryRun != "false" { + if u.DryRun { u.cfg.Log("dry run for %s", upgradedRelease.Name) if len(u.Description) > 0 { upgradedRelease.Info.Description = u.Description From d66c7db55a56a88f312ca579f16feaf2b060d7be Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 23 Jan 2023 13:25:32 -0600 Subject: [PATCH 19/59] feat(helm): add ability for a dry-run to evaluate lookup functions When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- pkg/action/action.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/action/action.go b/pkg/action/action.go index 01a49e477..c19a65842 100644 --- a/pkg/action/action.go +++ b/pkg/action/action.go @@ -121,7 +121,7 @@ func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Valu var err2 error // A `helm template` should not talk to the remote cluster. However, commands - // with the flag `--dry-run-option` with the value of false, none, or sever + // with the flag `--dry-run-option` with the value of false, none, or sever // or with the flag `--dry-run` with the value of false should try to interact with the cluster. // It may break in interesting and exotic ways because other data (e.g. discovery) // is mocked. From 5ec7913fd41920e117e20b5229676972ebea06a1 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 23 Jan 2023 13:38:41 -0600 Subject: [PATCH 20/59] feat(helm): add ability for a dry-run to evaluate lookup functions When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 580a194dd..25e52810c 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -265,7 +265,7 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options client.Namespace = settings.Namespace() - // validate dry-run flag value is one of the allowed values + // validate dry-run-option flag value is one of the allowed values if err := validateDryRunOptionFlag(client.DryRunOption); err != nil { return nil, err } @@ -312,7 +312,7 @@ func compInstall(args []string, toComplete string, client *action.Install) ([]st } func validateDryRunOptionFlag(dryRunOptionFlagValue string) error { - // validate dry-run flag value with set of allowed value + // validate dry-run-option flag value with set of allowed value allowedDryRunValues := []string{"false", "true", "none", "client", "server"} isAllowed := false for _, v := range allowedDryRunValues { From 9a0025f96388bcb45f91b2206e0e9d24b498d339 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 23 Jan 2023 14:28:29 -0600 Subject: [PATCH 21/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 7 ++----- cmd/helm/upgrade.go | 7 ++----- pkg/action/install.go | 3 ++- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 25e52810c..410505ef1 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -154,9 +154,8 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Install, valueOpts *values.Options) { f.BoolVar(&client.CreateNamespace, "create-namespace", false, "create the release namespace if not present") - f.BoolVar(&client.DryRun, "dry-run", false, "simulate an install") - f.StringVar(&client.DryRunOption, "dry-run-option", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") - f.Lookup("dry-run-option").NoOptDefVal = "client" + f.StringVar(&client.DryRunOption, "dry-run", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") + f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") f.BoolVar(&client.DisableHooks, "no-hooks", false, "prevent hooks from running during install") f.BoolVar(&client.Replace, "replace", false, "re-use the given name, only if that name is a deleted release which remains in the history. This is unsafe in production") @@ -175,8 +174,6 @@ func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Instal addValueOptionsFlags(f, valueOpts) addChartPathOptionsFlags(f, &client.ChartPathOptions) - cmd.MarkFlagsMutuallyExclusive("dry-run", "dry-run-option") - err := cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { requiredArgs := 2 if client.GenerateName { diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 34d8ab24b..355b181e3 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -218,9 +218,8 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.BoolVar(&createNamespace, "create-namespace", false, "if --install is set, create the release namespace if not present") f.BoolVarP(&client.Install, "install", "i", false, "if a release by this name doesn't already exist, run an install") f.BoolVar(&client.Devel, "devel", false, "use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored") - f.BoolVar(&client.DryRun, "dry-run", false, "simulate an upgrade") - f.StringVar(&client.DryRunOption, "dry-run-option", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") - f.Lookup("dry-run-option").NoOptDefVal = "client" + f.StringVar(&client.DryRunOption, "dry-run", "none", "simulate an install. If --dry-run is set with no option being specified or as 'client', it will not attempt cluster connections. Setting option as 'server' allows attempting cluster connections.") + f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.Recreate, "recreate-pods", false, "performs pods restart for the resource if applicable") f.MarkDeprecated("recreate-pods", "functionality will no longer be updated. Consult the documentation for other methods to recreate pods") f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") @@ -243,8 +242,6 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { bindOutputFlag(cmd, &outfmt) bindPostRenderFlag(cmd, &client.PostRenderer) - cmd.MarkFlagsMutuallyExclusive("dry-run", "dry-run-option") - err := cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { if len(args) != 2 { return nil, cobra.ShellCompDirectiveNoFileComp diff --git a/pkg/action/install.go b/pkg/action/install.go index 3abe102a4..013cf7e94 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -210,7 +210,8 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } var interactWithRemote bool - if !i.DryRun || i.DryRunOption == "server" { + // `helm template` is the only command that Install.APIVersions field will not be nil. + if (!i.DryRun || i.DryRunOption == "server") && i.APIVersions == nil { interactWithRemote = true } From 25ac62e153d14b025c1b0460e82e48bf28ac07a6 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Fri, 27 Jan 2023 20:08:44 -0600 Subject: [PATCH 22/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- pkg/action/install.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/action/install.go b/pkg/action/install.go index 013cf7e94..f4c0c6695 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -211,7 +211,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma var interactWithRemote bool // `helm template` is the only command that Install.APIVersions field will not be nil. - if (!i.DryRun || i.DryRunOption == "server") && i.APIVersions == nil { + if !i.DryRun || i.DryRunOption == "server" { interactWithRemote = true } From f9e54b6079100510d2956df2cbb70aa4b34ef969 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 30 Jan 2023 17:04:10 -0600 Subject: [PATCH 23/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 6 +++--- cmd/helm/upgrade.go | 2 +- pkg/action/action.go | 8 +++----- pkg/action/install.go | 3 +-- pkg/action/upgrade.go | 4 ++-- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 410505ef1..134bc6d6d 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -262,7 +262,7 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options client.Namespace = settings.Namespace() - // validate dry-run-option flag value is one of the allowed values + // Validate DryRunOption member is one of the allowed values if err := validateDryRunOptionFlag(client.DryRunOption); err != nil { return nil, err } @@ -309,7 +309,7 @@ func compInstall(args []string, toComplete string, client *action.Install) ([]st } func validateDryRunOptionFlag(dryRunOptionFlagValue string) error { - // validate dry-run-option flag value with set of allowed value + // Validate dry-run flag value with a set of allowed value allowedDryRunValues := []string{"false", "true", "none", "client", "server"} isAllowed := false for _, v := range allowedDryRunValues { @@ -319,7 +319,7 @@ func validateDryRunOptionFlag(dryRunOptionFlagValue string) error { } } if !isAllowed { - return errors.New("Invalid dry-run flag. Flag must one of the following: false, true, none, client, sever") + return errors.New("Invalid dry-run flag. Flag must one of the following: false, true, none, client, server") } return nil } diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 355b181e3..7c4ff473e 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -139,7 +139,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if err != nil { return err } - // validate dry-run flag value is one of the allowed values + // Validate dry-run flag value is one of the allowed values if err := validateDryRunOptionFlag(client.DryRunOption); err != nil { return err } diff --git a/pkg/action/action.go b/pkg/action/action.go index c19a65842..44c85ecd7 100644 --- a/pkg/action/action.go +++ b/pkg/action/action.go @@ -120,11 +120,9 @@ func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Valu var files map[string]string var err2 error - // A `helm template` should not talk to the remote cluster. However, commands - // with the flag `--dry-run-option` with the value of false, none, or sever - // or with the flag `--dry-run` with the value of false should try to interact with the cluster. - // It may break in interesting and exotic ways because other data (e.g. discovery) - // is mocked. + // A `helm template` should not talk to the remote cluster. However, commands with the flag + //`--dry-run` with the value of `false`, `none`, or `server` should try to interact with the cluster. + // It may break in interesting and exotic ways because other data (e.g. discovery) is mocked. if interactWithRemote && cfg.RESTClientGetter != nil { restConfig, err := cfg.RESTClientGetter.ToRESTConfig() if err != nil { diff --git a/pkg/action/install.go b/pkg/action/install.go index f4c0c6695..c09ae5420 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -204,13 +204,12 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma return nil, err } - // determine dry run behavior + // Determine dry run behavior if i.DryRun || i.DryRunOption == "client" || i.DryRunOption == "server" || i.DryRunOption == "true" { i.DryRun = true } var interactWithRemote bool - // `helm template` is the only command that Install.APIVersions field will not be nil. if !i.DryRun || i.DryRunOption == "server" { interactWithRemote = true } diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index 817486465..2d372f017 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -141,7 +141,7 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. return nil, errors.Errorf("release name is invalid: %s", name) } - // determine dry run behavior + // Determine dry run behavior if u.DryRun || u.DryRunOption == "client" || u.DryRunOption == "server" || u.DryRunOption == "true" { u.DryRun = true } @@ -239,7 +239,7 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin return nil, nil, err } - // determine whether or not to interact with remote + // Determine whether or not to interact with remote var interactWithRemote bool if !u.DryRun || u.DryRunOption == "server" { interactWithRemote = true From b441f5341dd796b1ecdfcec0706a38d51cd8efb7 Mon Sep 17 00:00:00 2001 From: genofire Date: Wed, 1 Feb 2023 14:10:10 +0100 Subject: [PATCH 24/59] fix: add podLabels Signed-off-by: genofire --- pkg/chartutil/create.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/chartutil/create.go b/pkg/chartutil/create.go index 3a8f3cc5a..b60bc9304 100644 --- a/pkg/chartutil/create.go +++ b/pkg/chartutil/create.go @@ -129,6 +129,7 @@ serviceAccount: name: "" podAnnotations: {} +podLabels: {} podSecurityContext: {} # fsGroup: 2000 @@ -296,6 +297,9 @@ spec: {{- end }} labels: {{- include ".selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: From 96ff3537a40e83f083807f41109fba3fa1e1f2c8 Mon Sep 17 00:00:00 2001 From: abhiram11 Date: Sun, 12 Feb 2023 18:08:13 +0530 Subject: [PATCH 25/59] added Contributing.md section and ref link in the README Signed-off-by: abhiram11 --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5ae421183..f91eb8abb 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,6 @@ Think of it like apt/yum/homebrew for Kubernetes. ## Install - Binary downloads of the Helm client can be found on [the Releases page](https://github.com/helm/helm/releases/latest). Unpack the `helm` binary and add it to your PATH and you are good to go! @@ -68,6 +67,10 @@ You can reach the Helm community and developers via the following channels: - [Helm Mailing List](https://lists.cncf.io/g/cncf-helm) - Developer Call: Thursdays at 9:30-10:00 Pacific ([meeting details](https://github.com/helm/community/blob/master/communication.md#meetings)) +### Contribution + +If you're interested in contributing, please refer to the [Contributing Guide](CONTRIBUTING.md) **before submitting a pull request**. + ### Code of conduct Participation in the Helm community is governed by the [Code of Conduct](code-of-conduct.md). From 6fc815da5a2951cecf6805d61b25d53bfe0ab980 Mon Sep 17 00:00:00 2001 From: AdamKorcz Date: Wed, 22 Mar 2023 14:35:57 +0000 Subject: [PATCH 26/59] pkg/action: fix nil-dereference Signed-off-by: AdamKorcz --- pkg/action/show.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/action/show.go b/pkg/action/show.go index 8cf231593..6ed855b83 100644 --- a/pkg/action/show.go +++ b/pkg/action/show.go @@ -153,6 +153,9 @@ func (s *Show) Run(chartpath string) (string, error) { func findReadme(files []*chart.File) (file *chart.File) { for _, file := range files { for _, n := range readmeFileNames { + if file == nil { + continue + } if strings.EqualFold(file.Name, n) { return file } From 2f13355e40ca2790bebb19b7182500d312a536de Mon Sep 17 00:00:00 2001 From: AdamKorcz Date: Wed, 22 Mar 2023 14:56:41 +0000 Subject: [PATCH 27/59] pkg/chartutil: fix nil-dereference Signed-off-by: AdamKorcz --- pkg/chartutil/dependencies.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/chartutil/dependencies.go b/pkg/chartutil/dependencies.go index e01b95bf7..f684b57a2 100644 --- a/pkg/chartutil/dependencies.go +++ b/pkg/chartutil/dependencies.go @@ -137,6 +137,9 @@ Loop: } for _, req := range c.Metadata.Dependencies { + if req == nil { + continue + } if chartDependency := getAliasDependency(c.Dependencies(), req); chartDependency != nil { chartDependencies = append(chartDependencies, chartDependency) } From 2a9594c0feadf0ab637c4e4c6cf50a931ba1778c Mon Sep 17 00:00:00 2001 From: AdamKorcz Date: Wed, 22 Mar 2023 15:15:00 +0000 Subject: [PATCH 28/59] pkg/engine: fix nil-dereference Signed-off-by: AdamKorcz --- pkg/engine/engine.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/engine/engine.go b/pkg/engine/engine.go index 657d5767b..150be16b7 100644 --- a/pkg/engine/engine.go +++ b/pkg/engine/engine.go @@ -391,6 +391,9 @@ func recAllTpls(c *chart.Chart, templates map[string]renderable, vals chartutil. newParentID := c.ChartFullPath() for _, t := range c.Templates { + if t == nil { + continue + } if !isTemplateValid(c, t.Name) { continue } From b3707e666bc562cae76aad554bde6160644aa837 Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Fri, 20 Jan 2023 11:24:13 -0800 Subject: [PATCH 29/59] strip trailing newline from Files.Lines Signed-off-by: Joe Julian --- pkg/engine/files.go | 9 ++++++--- pkg/engine/files_test.go | 15 ++++++++++++++- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/pkg/engine/files.go b/pkg/engine/files.go index f29b0ab7c..f2cfdb3f3 100644 --- a/pkg/engine/files.go +++ b/pkg/engine/files.go @@ -131,7 +131,7 @@ func (f files) AsConfig() string { // // data: // -// {{ .Files.Glob("secrets/*").AsSecrets() }} +// {{ .Files.Glob("secrets/*").AsSecrets() | indent 4 }} func (f files) AsSecrets() string { if f == nil { return "" @@ -157,6 +157,9 @@ func (f files) Lines(path string) []string { if f == nil || f[path] == nil { return []string{} } - - return strings.Split(string(f[path]), "\n") + s := string(f[path]) + if s[len(s)-1] == '\n' { + s = s[:len(s)-1] + } + return strings.Split(s, "\n") } diff --git a/pkg/engine/files_test.go b/pkg/engine/files_test.go index 4b37724f9..e53263c76 100644 --- a/pkg/engine/files_test.go +++ b/pkg/engine/files_test.go @@ -28,7 +28,8 @@ var cases = []struct { {"ship/stowaway.txt", "Legatt"}, {"story/name.txt", "The Secret Sharer"}, {"story/author.txt", "Joseph Conrad"}, - {"multiline/test.txt", "bar\nfoo"}, + {"multiline/test.txt", "bar\nfoo\n"}, + {"multiline/test_with_blank_lines.txt", "bar\nfoo\n\n\n"}, } func getTestFiles() files { @@ -96,3 +97,15 @@ func TestLines(t *testing.T) { as.Equal("bar", out[0]) } + +func TestBlankLines(t *testing.T) { + as := assert.New(t) + + f := getTestFiles() + + out := f.Lines("multiline/test_with_blank_lines.txt") + as.Len(out, 4) + + as.Equal("bar", out[0]) + as.Equal("", out[3]) +} From b7a2d47eca70e18b821b415efa5f47971c8a5302 Mon Sep 17 00:00:00 2001 From: Tapas Kapadia Date: Mon, 1 May 2023 00:04:04 -0500 Subject: [PATCH 30/59] feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 Signed-off-by: Tapas Kapadia --- cmd/helm/install.go | 4 ++-- cmd/helm/template.go | 2 +- cmd/helm/upgrade.go | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 1ab659449..c34f82206 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -142,7 +142,7 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } client.SetRegistryClient(registryClient) - if client.DryRunOption == "unchanged" { + if client.DryRunOption == "" { client.DryRunOption = "none" } rel, err := runInstall(args, client, valueOpts, out) @@ -163,7 +163,7 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Install, valueOpts *values.Options) { f.BoolVar(&client.CreateNamespace, "create-namespace", false, "create the release namespace if not present") - f.StringVar(&client.DryRunOption, "dry-run", "unchanged", "simulate an install. If --dry-run is set with no option being specified or as '--dry-run=client', it will not attempt cluster connections. Setting '--dry-run=server' allows attempting cluster connections.") + f.StringVar(&client.DryRunOption, "dry-run", "", "simulate an install. If --dry-run is set with no option being specified or as '--dry-run=client', it will not attempt cluster connections. Setting '--dry-run=server' allows attempting cluster connections.") f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") f.BoolVar(&client.DisableHooks, "no-hooks", false, "prevent hooks from running during install") diff --git a/cmd/helm/template.go b/cmd/helm/template.go index 0aa7e138d..2cf89131b 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -79,7 +79,7 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } client.SetRegistryClient(registryClient) - if client.DryRunOption == "unchanged" { + if client.DryRunOption == "" { client.DryRunOption = "true" } client.DryRun = true diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 658b26b11..5e23f8347 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -96,7 +96,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } client.SetRegistryClient(registryClient) - if client.DryRunOption == "unchanged" { + if client.DryRunOption == "" { client.DryRunOption = "none" } // Fixes #7002 - Support reading values from STDIN for `upgrade` command @@ -229,7 +229,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.BoolVar(&createNamespace, "create-namespace", false, "if --install is set, create the release namespace if not present") f.BoolVarP(&client.Install, "install", "i", false, "if a release by this name doesn't already exist, run an install") f.BoolVar(&client.Devel, "devel", false, "use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored") - f.StringVar(&client.DryRunOption, "dry-run", "unchanged", "simulate an install. If --dry-run is set with no option being specified or as '--dry-run=client', it will not attempt cluster connections. Setting '--dry-run=server' allows attempting cluster connections.") + f.StringVar(&client.DryRunOption, "dry-run", "", "simulate an install. If --dry-run is set with no option being specified or as '--dry-run=client', it will not attempt cluster connections. Setting '--dry-run=server' allows attempting cluster connections.") f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.Recreate, "recreate-pods", false, "performs pods restart for the resource if applicable") f.MarkDeprecated("recreate-pods", "functionality will no longer be updated. Consult the documentation for other methods to recreate pods") From 770c51ef0a4e6c4d1f9d38185971840a56d10ce3 Mon Sep 17 00:00:00 2001 From: Antonio Gamez Diaz Date: Fri, 12 May 2023 11:45:51 +0200 Subject: [PATCH 31/59] Add ClientOptResolver to test util file Signed-off-by: Antonio Gamez Diaz --- pkg/registry/utils_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/registry/utils_test.go b/pkg/registry/utils_test.go index bdeacc712..022d7a282 100644 --- a/pkg/registry/utils_test.go +++ b/pkg/registry/utils_test.go @@ -98,6 +98,7 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry ClientOptWriter(suite.Out), ClientOptCredentialsFile(credentialsFile), ClientOptHTTPClient(httpClient), + ClientOptResolver(nil), ) } else { suite.RegistryClient, err = NewClient( @@ -105,6 +106,7 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry ClientOptEnableCache(true), ClientOptWriter(suite.Out), ClientOptCredentialsFile(credentialsFile), + ClientOptResolver(nil), ) } From 5eb1e9d0dbe27b0dbe51769777012911564119c5 Mon Sep 17 00:00:00 2001 From: Mikhail Kopylov Date: Thu, 25 May 2023 22:02:30 +0300 Subject: [PATCH 32/59] Replace `fmt.Fprintln` with `fmt.Fprintf` in get_metadata.go Signed-off-by: Mikhail Kopylov --- cmd/helm/get_metadata.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/cmd/helm/get_metadata.go b/cmd/helm/get_metadata.go index 33deb8de3..a079fde13 100644 --- a/cmd/helm/get_metadata.go +++ b/cmd/helm/get_metadata.go @@ -74,14 +74,14 @@ func newGetMetadataCmd(cfg *action.Configuration, out io.Writer) *cobra.Command } func (w metadataWriter) WriteTable(out io.Writer) error { - _, _ = fmt.Fprintln(out, fmt.Sprintf("NAME: %v", w.metadata.Name)) - _, _ = fmt.Fprintln(out, fmt.Sprintf("CHART: %v", w.metadata.Chart)) - _, _ = fmt.Fprintln(out, fmt.Sprintf("VERSION: %v", w.metadata.Version)) - _, _ = fmt.Fprintln(out, fmt.Sprintf("APP_VERSION: %v", w.metadata.AppVersion)) - _, _ = fmt.Fprintln(out, fmt.Sprintf("NAMESPACE: %v", w.metadata.Namespace)) - _, _ = fmt.Fprintln(out, fmt.Sprintf("REVISION: %v", w.metadata.Revision)) - _, _ = fmt.Fprintln(out, fmt.Sprintf("STATUS: %v", w.metadata.Status)) - _, _ = fmt.Fprintln(out, fmt.Sprintf("DEPLOYED_AT: %v", w.metadata.DeployedAt)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("NAME: %v\n", w.metadata.Name)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("CHART: %v\n", w.metadata.Chart)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("VERSION: %v\n", w.metadata.Version)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("APP_VERSION: %v\n", w.metadata.AppVersion)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("NAMESPACE: %v\n", w.metadata.Namespace)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("REVISION: %v\n", w.metadata.Revision)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("STATUS: %v\n", w.metadata.Status)) + _, _ = fmt.Fprintf(out, fmt.Sprintf("DEPLOYED_AT: %v\n", w.metadata.DeployedAt)) return nil } From 587c85f2e7a52aa019aa622b3a59bb2b53b0cd33 Mon Sep 17 00:00:00 2001 From: Mikhail Kopylov Date: Sat, 27 May 2023 06:41:28 +0300 Subject: [PATCH 33/59] Replace `fmt.Fprintf` with `fmt.Fprint` in get_metadata.go Signed-off-by: Mikhail Kopylov --- cmd/helm/get_metadata.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/cmd/helm/get_metadata.go b/cmd/helm/get_metadata.go index a079fde13..0c8302365 100644 --- a/cmd/helm/get_metadata.go +++ b/cmd/helm/get_metadata.go @@ -74,14 +74,14 @@ func newGetMetadataCmd(cfg *action.Configuration, out io.Writer) *cobra.Command } func (w metadataWriter) WriteTable(out io.Writer) error { - _, _ = fmt.Fprintf(out, fmt.Sprintf("NAME: %v\n", w.metadata.Name)) - _, _ = fmt.Fprintf(out, fmt.Sprintf("CHART: %v\n", w.metadata.Chart)) - _, _ = fmt.Fprintf(out, fmt.Sprintf("VERSION: %v\n", w.metadata.Version)) - _, _ = fmt.Fprintf(out, fmt.Sprintf("APP_VERSION: %v\n", w.metadata.AppVersion)) - _, _ = fmt.Fprintf(out, fmt.Sprintf("NAMESPACE: %v\n", w.metadata.Namespace)) - _, _ = fmt.Fprintf(out, fmt.Sprintf("REVISION: %v\n", w.metadata.Revision)) - _, _ = fmt.Fprintf(out, fmt.Sprintf("STATUS: %v\n", w.metadata.Status)) - _, _ = fmt.Fprintf(out, fmt.Sprintf("DEPLOYED_AT: %v\n", w.metadata.DeployedAt)) + _, _ = fmt.Fprint(out, fmt.Sprintf("NAME: %v\n", w.metadata.Name)) + _, _ = fmt.Fprint(out, fmt.Sprintf("CHART: %v\n", w.metadata.Chart)) + _, _ = fmt.Fprint(out, fmt.Sprintf("VERSION: %v\n", w.metadata.Version)) + _, _ = fmt.Fprint(out, fmt.Sprintf("APP_VERSION: %v\n", w.metadata.AppVersion)) + _, _ = fmt.Fprint(out, fmt.Sprintf("NAMESPACE: %v\n", w.metadata.Namespace)) + _, _ = fmt.Fprint(out, fmt.Sprintf("REVISION: %v\n", w.metadata.Revision)) + _, _ = fmt.Fprint(out, fmt.Sprintf("STATUS: %v\n", w.metadata.Status)) + _, _ = fmt.Fprint(out, fmt.Sprintf("DEPLOYED_AT: %v\n", w.metadata.DeployedAt)) return nil } From e35bf1f93924ad7f9b1be732a9f2011f930bdd7c Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Fri, 2 Jun 2023 22:25:19 -0400 Subject: [PATCH 34/59] docs: add an example for using the upgrade command with existing values For users attempting to update a helm chart to add a missing config, it isn't totally clear how one should use helm upgrade. Signed-off-by: Jose Diaz-Gonzalez --- cmd/helm/upgrade.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 145d342b7..42262273d 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -65,6 +65,13 @@ last (right-most) set specified. For example, if both 'bar' and 'newbar' values set for a key called 'foo', the 'newbar' value would take precedence: $ helm upgrade --set foo=bar --set foo=newbar redis ./redis + +You can update the values for an existing release with this command as well via the +'--reuse-values' flag. The 'RELEASE' and 'CHART' arguments should be set to the original +parameters, and existing values will be merged with any values set via '--values'/'-f' +or '--set' flags. Priority is given to new values. + + $ helm upgrade --reuse-values --set foo=bar --set foo=newbar redis ./redis ` func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { From 2538b927a746cea1ea4d69a321c6e564d7d00e20 Mon Sep 17 00:00:00 2001 From: Sanskar Jaiswal Date: Wed, 7 Jun 2023 11:54:02 +0530 Subject: [PATCH 35/59] oci: Add flag `--plain-http` to enable working with HTTP registries Add a new flag `--plain-http` to the following commands: * `helm install` * `helm pull` * `helm push` * `helm template` * `helm upgrade` * `helm show` This flag instructs the registry client to use plain HTTP connections, thus enabling upload/download of charts from OCI registries served at an HTTP endpoint. Signed-off-by: Sanskar Jaiswal --- cmd/helm/flags.go | 1 + cmd/helm/install.go | 3 ++- cmd/helm/pull.go | 3 ++- cmd/helm/push.go | 5 ++++- cmd/helm/root.go | 19 ++++++++++++------- cmd/helm/show.go | 3 ++- cmd/helm/template.go | 3 ++- cmd/helm/upgrade.go | 3 ++- pkg/action/install.go | 2 ++ pkg/action/pull.go | 1 + pkg/action/push.go | 9 +++++++++ pkg/getter/getter.go | 7 +++++++ pkg/getter/ocigetter.go | 15 +++++++++------ pkg/pusher/ocipusher.go | 9 ++++++--- pkg/pusher/pusher.go | 7 +++++++ pkg/registry/client.go | 27 ++++++++++++++------------- 16 files changed, 82 insertions(+), 35 deletions(-) diff --git a/cmd/helm/flags.go b/cmd/helm/flags.go index 3f89aae29..a8f25cb35 100644 --- a/cmd/helm/flags.go +++ b/cmd/helm/flags.go @@ -61,6 +61,7 @@ func addChartPathOptionsFlags(f *pflag.FlagSet, c *action.ChartPathOptions) { f.StringVar(&c.CertFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") f.StringVar(&c.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") f.BoolVar(&c.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") + f.BoolVar(&c.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") f.StringVar(&c.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") f.BoolVar(&c.PassCredentialsAll, "pass-credentials", false, "pass credentials to all domains") } diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 13c674066..7a23fa71f 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -136,7 +136,8 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return compInstall(args, toComplete, client) }, RunE: func(_ *cobra.Command, args []string) error { - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify) + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + client.InsecureSkipTLSverify, client.PlainHTTP) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/pull.go b/cmd/helm/pull.go index 2d3747f28..af3092aff 100644 --- a/cmd/helm/pull.go +++ b/cmd/helm/pull.go @@ -64,7 +64,8 @@ func newPullCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.Version = ">0.0.0-0" } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify) + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + client.InsecureSkipTLSverify, client.PlainHTTP) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/push.go b/cmd/helm/push.go index b1e3e60af..3375155ed 100644 --- a/cmd/helm/push.go +++ b/cmd/helm/push.go @@ -39,6 +39,7 @@ type registryPushOptions struct { keyFile string caFile string insecureSkipTLSverify bool + plainHTTP bool } func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { @@ -67,7 +68,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return nil, cobra.ShellCompDirectiveNoFileComp }, RunE: func(cmd *cobra.Command, args []string) error { - registryClient, err := newRegistryClient(o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify) + registryClient, err := newRegistryClient(o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify, o.plainHTTP) if err != nil { return fmt.Errorf("missing registry client: %w", err) } @@ -77,6 +78,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client := action.NewPushWithOpts(action.WithPushConfig(cfg), action.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile), action.WithInsecureSkipTLSVerify(o.insecureSkipTLSverify), + action.WithPlainHTTP(o.plainHTTP), action.WithPushOptWriter(out)) client.Settings = settings output, err := client.Run(chartRef, remote) @@ -93,6 +95,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload") + f.BoolVar(&o.plainHTTP, "plain-http", false, "use insecure HTTP connections for the chart upload") return cmd } diff --git a/cmd/helm/root.go b/cmd/helm/root.go index 5bccdf5bf..dd95b1df2 100644 --- a/cmd/helm/root.go +++ b/cmd/helm/root.go @@ -152,7 +152,7 @@ func newRootCmd(actionConfig *action.Configuration, out io.Writer, args []string flags.ParseErrorsWhitelist.UnknownFlags = true flags.Parse(args) - registryClient, err := newDefaultRegistryClient() + registryClient, err := newDefaultRegistryClient(false) if err != nil { return nil, err } @@ -257,7 +257,7 @@ func checkForExpiredRepos(repofile string) { } -func newRegistryClient(certFile, keyFile, caFile string, insecureSkipTLSverify bool) (*registry.Client, error) { +func newRegistryClient(certFile, keyFile, caFile string, insecureSkipTLSverify, plainHTTP bool) (*registry.Client, error) { if certFile != "" && keyFile != "" || caFile != "" || insecureSkipTLSverify { registryClient, err := newRegistryClientWithTLS(certFile, keyFile, caFile, insecureSkipTLSverify) if err != nil { @@ -265,21 +265,26 @@ func newRegistryClient(certFile, keyFile, caFile string, insecureSkipTLSverify b } return registryClient, nil } - registryClient, err := newDefaultRegistryClient() + registryClient, err := newDefaultRegistryClient(plainHTTP) if err != nil { return nil, err } return registryClient, nil } -func newDefaultRegistryClient() (*registry.Client, error) { - // Create a new registry client - registryClient, err := registry.NewClient( +func newDefaultRegistryClient(plainHTTP bool) (*registry.Client, error) { + opts := []registry.ClientOption{ registry.ClientOptDebug(settings.Debug), registry.ClientOptEnableCache(true), registry.ClientOptWriter(os.Stderr), registry.ClientOptCredentialsFile(settings.RegistryConfig), - ) + } + if plainHTTP { + opts = append(opts, registry.ClientOptPlainHTTP()) + } + + // Create a new registry client + registryClient, err := registry.NewClient(opts...) if err != nil { return nil, err } diff --git a/cmd/helm/show.go b/cmd/helm/show.go index a2edd1931..28eb9756d 100644 --- a/cmd/helm/show.go +++ b/cmd/helm/show.go @@ -226,7 +226,8 @@ func runShow(args []string, client *action.Show) (string, error) { } func addRegistryClient(client *action.Show) error { - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify) + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + client.InsecureSkipTLSverify, client.PlainHTTP) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/template.go b/cmd/helm/template.go index 3bc70f995..dae3e059a 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -73,7 +73,8 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.KubeVersion = parsedKubeVersion } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify) + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + client.InsecureSkipTLSverify, client.PlainHTTP) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 145d342b7..173cd4242 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -90,7 +90,8 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { RunE: func(cmd *cobra.Command, args []string) error { client.Namespace = settings.Namespace() - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify) + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + client.InsecureSkipTLSverify, client.PlainHTTP) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/pkg/action/install.go b/pkg/action/install.go index d5c34cef7..354b6e557 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -114,6 +114,7 @@ type ChartPathOptions struct { CertFile string // --cert-file KeyFile string // --key-file InsecureSkipTLSverify bool // --insecure-skip-verify + PlainHTTP bool // --plain-http Keyring string // --keyring Password string // --password PassCredentialsAll bool // --pass-credentials @@ -733,6 +734,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( getter.WithPassCredentialsAll(c.PassCredentialsAll), getter.WithTLSClientConfig(c.CertFile, c.KeyFile, c.CaFile), getter.WithInsecureSkipVerifyTLS(c.InsecureSkipTLSverify), + getter.WithPlainHTTP(c.PlainHTTP), }, RepositoryConfig: settings.RepositoryConfig, RepositoryCache: settings.RepositoryCache, diff --git a/pkg/action/pull.go b/pkg/action/pull.go index 37ff144de..787553125 100644 --- a/pkg/action/pull.go +++ b/pkg/action/pull.go @@ -90,6 +90,7 @@ func (p *Pull) Run(chartRef string) (string, error) { getter.WithPassCredentialsAll(p.PassCredentialsAll), getter.WithTLSClientConfig(p.CertFile, p.KeyFile, p.CaFile), getter.WithInsecureSkipVerifyTLS(p.InsecureSkipTLSverify), + getter.WithPlainHTTP(p.PlainHTTP), }, RegistryClient: p.cfg.RegistryClient, RepositoryConfig: p.Settings.RepositoryConfig, diff --git a/pkg/action/push.go b/pkg/action/push.go index 892006406..68d2ba42d 100644 --- a/pkg/action/push.go +++ b/pkg/action/push.go @@ -36,6 +36,7 @@ type Push struct { keyFile string caFile string insecureSkipTLSverify bool + plainHTTP bool out io.Writer } @@ -65,6 +66,13 @@ func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) PushOpt { } } +// WithPlainHTTP configures the use of plain HTTP connections. +func WithPlainHTTP(plainHTTP bool) PushOpt { + return func(p *Push) { + p.plainHTTP = plainHTTP + } +} + // WithOptWriter sets the registryOut field on the push configuration object. func WithPushOptWriter(out io.Writer) PushOpt { return func(p *Push) { @@ -91,6 +99,7 @@ func (p *Push) Run(chartRef string, remote string) (string, error) { Options: []pusher.Option{ pusher.WithTLSClientConfig(p.certFile, p.keyFile, p.caFile), pusher.WithInsecureSkipTLSVerify(p.insecureSkipTLSverify), + pusher.WithPlainHTTP(p.plainHTTP), }, } diff --git a/pkg/getter/getter.go b/pkg/getter/getter.go index 653b032fe..a0a2b49c8 100644 --- a/pkg/getter/getter.go +++ b/pkg/getter/getter.go @@ -37,6 +37,7 @@ type options struct { caFile string unTar bool insecureSkipVerifyTLS bool + plainHTTP bool username string password string passCredentialsAll bool @@ -96,6 +97,12 @@ func WithTLSClientConfig(certFile, keyFile, caFile string) Option { } } +func WithPlainHTTP(plainHTTP bool) Option { + return func(opts *options) { + opts.plainHTTP = plainHTTP + } +} + // WithTimeout sets the timeout for requests func WithTimeout(timeout time.Duration) Option { return func(opts *options) { diff --git a/pkg/getter/ocigetter.go b/pkg/getter/ocigetter.go index 1705fca91..209786bd7 100644 --- a/pkg/getter/ocigetter.go +++ b/pkg/getter/ocigetter.go @@ -137,12 +137,15 @@ func (g *OCIGetter) newRegistryClient() (*registry.Client, error) { g.transport.TLSClientConfig = tlsConf } - client, err := registry.NewClient( - registry.ClientOptHTTPClient(&http.Client{ - Transport: g.transport, - Timeout: g.opts.timeout, - }), - ) + opts := []registry.ClientOption{registry.ClientOptHTTPClient(&http.Client{ + Transport: g.transport, + Timeout: g.opts.timeout, + })} + if g.opts.plainHTTP { + opts = append(opts, registry.ClientOptPlainHTTP()) + } + + client, err := registry.NewClient(opts...) if err != nil { return nil, err diff --git a/pkg/pusher/ocipusher.go b/pkg/pusher/ocipusher.go index ea5e164c2..94154d389 100644 --- a/pkg/pusher/ocipusher.go +++ b/pkg/pusher/ocipusher.go @@ -139,9 +139,12 @@ func (pusher *OCIPusher) newRegistryClient() (*registry.Client, error) { return registryClient, nil } - registryClient, err := registry.NewClient( - registry.ClientOptEnableCache(true), - ) + opts := []registry.ClientOption{registry.ClientOptEnableCache(true)} + if pusher.opts.plainHTTP { + opts = append(opts, registry.ClientOptPlainHTTP()) + } + + registryClient, err := registry.NewClient(opts...) if err != nil { return nil, err } diff --git a/pkg/pusher/pusher.go b/pkg/pusher/pusher.go index e325ce498..c99d97b35 100644 --- a/pkg/pusher/pusher.go +++ b/pkg/pusher/pusher.go @@ -32,6 +32,7 @@ type options struct { keyFile string caFile string insecureSkipTLSverify bool + plainHTTP bool } // Option allows specifying various settings configurable by the user for overriding the defaults @@ -61,6 +62,12 @@ func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option { } } +func WithPlainHTTP(plainHTTP bool) Option { + return func(opts *options) { + opts.plainHTTP = plainHTTP + } +} + // Pusher is an interface to support upload to the specified URL. type Pusher interface { // Push file content by url string diff --git a/pkg/registry/client.go b/pkg/registry/client.go index f9569b62b..00ea159f1 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -61,6 +61,7 @@ type ( registryAuthorizer *registryauth.Client resolver remotes.Resolver httpClient *http.Client + plainHTTP bool } // ClientOption allows specifying various settings configurable by the user for overriding the defaults @@ -93,6 +94,9 @@ func NewClient(options ...ClientOption) (*Client, error) { if client.httpClient != nil { opts = append(opts, auth.WithResolverClient(client.httpClient)) } + if client.plainHTTP { + opts = append(opts, auth.WithResolverPlainHTTP()) + } resolver, err := client.authorizer.ResolverWithOpts(opts...) if err != nil { return nil, err @@ -177,6 +181,12 @@ func ClientOptHTTPClient(httpClient *http.Client) ClientOption { } } +func ClientOptPlainHTTP() ClientOption { + return func(c *Client) { + c.plainHTTP = true + } +} + type ( // LoginOption allows specifying various settings on login LoginOption func(*loginOperation) @@ -626,23 +636,14 @@ func (c *Client) Tags(ref string) ([]string, error) { repository := registryremote.Repository{ Reference: parsedReference, Client: c.registryAuthorizer, + PlainHTTP: c.plainHTTP, } var registryTags []string - for { - registryTags, err = registry.Tags(ctx(c.out, c.debug), &repository) - if err != nil { - // Fallback to http based request - if !repository.PlainHTTP && strings.Contains(err.Error(), "server gave HTTP response") { - repository.PlainHTTP = true - continue - } - return nil, err - } - - break - + registryTags, err = registry.Tags(ctx(c.out, c.debug), &repository) + if err != nil { + return nil, err } var tagVersions []*semver.Version From 6defb96dac59b963c0d19c6d0c89a58821604dd1 Mon Sep 17 00:00:00 2001 From: Sanskar Jaiswal Date: Thu, 8 Jun 2023 16:26:28 +0530 Subject: [PATCH 36/59] oci: add tests for plain HTTP and insecure HTTPS registries Signed-off-by: Sanskar Jaiswal --- pkg/getter/ocigetter_test.go | 14 ++- pkg/pusher/ocipusher_test.go | 10 ++ pkg/registry/client_http_test.go | 68 ++++++++++++++ ...nt_test.go => client_insecure_tls_test.go} | 48 +++------- pkg/registry/client_tls_test.go | 5 - pkg/registry/testdata/tls/ca-cert.pem | 21 ----- pkg/registry/testdata/tls/ca.crt | 21 +++++ pkg/registry/testdata/tls/client-cert.pem | 22 ----- pkg/registry/testdata/tls/client-key.pem | 28 ------ pkg/registry/testdata/tls/client.crt | 20 ++++ pkg/registry/testdata/tls/client.key | 28 ++++++ pkg/registry/testdata/tls/server-cert.pem | 22 ----- pkg/registry/testdata/tls/server-key.pem | 28 ------ pkg/registry/testdata/tls/server.crt | 20 ++++ pkg/registry/testdata/tls/server.key | 28 ++++++ pkg/registry/utils_test.go | 93 ++++++++++--------- 16 files changed, 268 insertions(+), 208 deletions(-) create mode 100644 pkg/registry/client_http_test.go rename pkg/registry/{client_test.go => client_insecure_tls_test.go} (52%) delete mode 100644 pkg/registry/testdata/tls/ca-cert.pem create mode 100644 pkg/registry/testdata/tls/ca.crt delete mode 100644 pkg/registry/testdata/tls/client-cert.pem delete mode 100644 pkg/registry/testdata/tls/client-key.pem create mode 100644 pkg/registry/testdata/tls/client.crt create mode 100644 pkg/registry/testdata/tls/client.key delete mode 100644 pkg/registry/testdata/tls/server-cert.pem delete mode 100644 pkg/registry/testdata/tls/server-key.pem create mode 100644 pkg/registry/testdata/tls/server.crt create mode 100644 pkg/registry/testdata/tls/server.key diff --git a/pkg/getter/ocigetter_test.go b/pkg/getter/ocigetter_test.go index fa2fa67a5..d0834d9fc 100644 --- a/pkg/getter/ocigetter_test.go +++ b/pkg/getter/ocigetter_test.go @@ -39,7 +39,8 @@ func TestOCIGetter(t *testing.T) { ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem") timeout := time.Second * 5 transport := &http.Transport{} - insecureSkipTLSverify := false + insecureSkipVerifyTLS := false + plainHTTP := false // Test with options g, err = NewOCIGetter( @@ -47,7 +48,8 @@ func TestOCIGetter(t *testing.T) { WithTLSClientConfig(pub, priv, ca), WithTimeout(timeout), WithTransport(transport), - WithInsecureSkipVerifyTLS(insecureSkipTLSverify), + WithInsecureSkipVerifyTLS(insecureSkipVerifyTLS), + WithPlainHTTP(plainHTTP), ) if err != nil { t.Fatal(err) @@ -86,6 +88,14 @@ func TestOCIGetter(t *testing.T) { t.Errorf("Expected NewOCIGetter to contain %p as Transport, got %p", transport, og.opts.transport) } + if og.opts.plainHTTP != plainHTTP { + t.Errorf("Expected NewOCIGetter to have plainHTTP as %t, got %t", plainHTTP, og.opts.plainHTTP) + } + + if og.opts.insecureSkipVerifyTLS != insecureSkipVerifyTLS { + t.Errorf("Expected NewOCIGetter to have insecureSkipVerifyTLS as %t, got %t", insecureSkipVerifyTLS, og.opts.insecureSkipVerifyTLS) + } + // Test if setting registryClient is being passed to the ops registryClient, err := registry.NewClient() if err != nil { diff --git a/pkg/pusher/ocipusher_test.go b/pkg/pusher/ocipusher_test.go index 9390710a0..11842b4ae 100644 --- a/pkg/pusher/ocipusher_test.go +++ b/pkg/pusher/ocipusher_test.go @@ -36,11 +36,13 @@ func TestNewOCIPusher(t *testing.T) { join := filepath.Join ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem") insecureSkipTLSverify := false + plainHTTP := false // Test with options p, err = NewOCIPusher( WithTLSClientConfig(pub, priv, ca), WithInsecureSkipTLSVerify(insecureSkipTLSverify), + WithPlainHTTP(plainHTTP), ) if err != nil { t.Fatal(err) @@ -63,6 +65,14 @@ func TestNewOCIPusher(t *testing.T) { t.Errorf("Expected NewOCIPusher to contain %q as the CA file, got %q", ca, op.opts.caFile) } + if op.opts.plainHTTP != plainHTTP { + t.Errorf("Expected NewOCIPusher to have plainHTTP as %t, got %t", plainHTTP, op.opts.plainHTTP) + } + + if op.opts.insecureSkipTLSverify != insecureSkipTLSverify { + t.Errorf("Expected NewOCIPusher to have insecureSkipVerifyTLS as %t, got %t", insecureSkipTLSverify, op.opts.insecureSkipTLSverify) + } + // Test if setting registryClient is being passed to the ops registryClient, err := registry.NewClient() if err != nil { diff --git a/pkg/registry/client_http_test.go b/pkg/registry/client_http_test.go new file mode 100644 index 000000000..872d19fc9 --- /dev/null +++ b/pkg/registry/client_http_test.go @@ -0,0 +1,68 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package registry + +import ( + "fmt" + "os" + "testing" + + "github.com/containerd/containerd/errdefs" + "github.com/stretchr/testify/suite" +) + +type HTTPRegistryClientTestSuite struct { + TestSuite +} + +func (suite *HTTPRegistryClientTestSuite) SetupSuite() { + // init test client + dockerRegistry := setup(&suite.TestSuite, false, false) + + // Start Docker registry + go dockerRegistry.ListenAndServe() +} + +func (suite *HTTPRegistryClientTestSuite) TearDownSuite() { + teardown(&suite.TestSuite) + os.RemoveAll(suite.WorkspaceDir) +} + +func (suite *HTTPRegistryClientTestSuite) Test_1_Push() { + testPush(&suite.TestSuite) +} + +func (suite *HTTPRegistryClientTestSuite) Test_2_Pull() { + testPull(&suite.TestSuite) +} + +func (suite *HTTPRegistryClientTestSuite) Test_3_Tags() { + testTags(&suite.TestSuite) +} + +func (suite *HTTPRegistryClientTestSuite) Test_4_ManInTheMiddle() { + ref := fmt.Sprintf("%s/testrepo/supposedlysafechart:9.9.9", suite.CompromisedRegistryHost) + + // returns content that does not match the expected digest + _, err := suite.RegistryClient.Pull(ref) + suite.NotNil(err) + suite.True(errdefs.IsFailedPrecondition(err)) +} + +func TestHTTPRegistryClientTestSuite(t *testing.T) { + suite.Run(t, new(HTTPRegistryClientTestSuite)) +} diff --git a/pkg/registry/client_test.go b/pkg/registry/client_insecure_tls_test.go similarity index 52% rename from pkg/registry/client_test.go rename to pkg/registry/client_insecure_tls_test.go index 3bb4a991b..5ba79b2ea 100644 --- a/pkg/registry/client_test.go +++ b/pkg/registry/client_insecure_tls_test.go @@ -17,65 +17,54 @@ limitations under the License. package registry import ( - "fmt" "os" "testing" - "github.com/containerd/containerd/errdefs" "github.com/stretchr/testify/suite" ) -type RegistryClientTestSuite struct { +type InsecureTLSRegistryClientTestSuite struct { TestSuite } -func (suite *RegistryClientTestSuite) SetupSuite() { +func (suite *InsecureTLSRegistryClientTestSuite) SetupSuite() { // init test client - dockerRegistry := setup(&suite.TestSuite, false, false) + dockerRegistry := setup(&suite.TestSuite, true, true) // Start Docker registry go dockerRegistry.ListenAndServe() } -func (suite *RegistryClientTestSuite) TearDownSuite() { +func (suite *InsecureTLSRegistryClientTestSuite) TearDownSuite() { + teardown(&suite.TestSuite) os.RemoveAll(suite.WorkspaceDir) } -func (suite *RegistryClientTestSuite) Test_0_Login() { +func (suite *InsecureTLSRegistryClientTestSuite) Test_0_Login() { err := suite.RegistryClient.Login(suite.DockerRegistryHost, - LoginOptBasicAuth("badverybad", "ohsobad"), - LoginOptInsecure(false)) - suite.NotNil(err, "error logging into registry with bad credentials") - - err = suite.RegistryClient.Login(suite.DockerRegistryHost, LoginOptBasicAuth("badverybad", "ohsobad"), LoginOptInsecure(true)) - suite.NotNil(err, "error logging into registry with bad credentials, insecure mode") - - err = suite.RegistryClient.Login(suite.DockerRegistryHost, - LoginOptBasicAuth(testUsername, testPassword), - LoginOptInsecure(false)) - suite.Nil(err, "no error logging into registry with good credentials") + suite.NotNil(err, "error logging into registry with bad credentials") err = suite.RegistryClient.Login(suite.DockerRegistryHost, LoginOptBasicAuth(testUsername, testPassword), LoginOptInsecure(true)) - suite.Nil(err, "no error logging into registry with good credentials, insecure mode") + suite.Nil(err, "no error logging into registry with good credentials") } -func (suite *RegistryClientTestSuite) Test_1_Push() { +func (suite *InsecureTLSRegistryClientTestSuite) Test_1_Push() { testPush(&suite.TestSuite) } -func (suite *RegistryClientTestSuite) Test_2_Pull() { +func (suite *InsecureTLSRegistryClientTestSuite) Test_2_Pull() { testPull(&suite.TestSuite) } -func (suite *RegistryClientTestSuite) Test_3_Tags() { +func (suite *InsecureTLSRegistryClientTestSuite) Test_3_Tags() { testTags(&suite.TestSuite) } -func (suite *RegistryClientTestSuite) Test_4_Logout() { +func (suite *InsecureTLSRegistryClientTestSuite) Test_4_Logout() { err := suite.RegistryClient.Logout("this-host-aint-real:5000") suite.NotNil(err, "error logging out of registry that has no entry") @@ -83,15 +72,6 @@ func (suite *RegistryClientTestSuite) Test_4_Logout() { suite.Nil(err, "no error logging out of registry") } -func (suite *RegistryClientTestSuite) Test_5_ManInTheMiddle() { - ref := fmt.Sprintf("%s/testrepo/supposedlysafechart:9.9.9", suite.CompromisedRegistryHost) - - // returns content that does not match the expected digest - _, err := suite.RegistryClient.Pull(ref) - suite.NotNil(err) - suite.True(errdefs.IsFailedPrecondition(err)) -} - -func TestRegistryClientTestSuite(t *testing.T) { - suite.Run(t, new(RegistryClientTestSuite)) +func TestInsecureTLSRegistryClientTestSuite(t *testing.T) { + suite.Run(t, new(InsecureTLSRegistryClientTestSuite)) } diff --git a/pkg/registry/client_tls_test.go b/pkg/registry/client_tls_test.go index 9b981d35e..518cfced4 100644 --- a/pkg/registry/client_tls_test.go +++ b/pkg/registry/client_tls_test.go @@ -50,11 +50,6 @@ func (suite *TLSRegistryClientTestSuite) Test_0_Login() { LoginOptBasicAuth(testUsername, testPassword), LoginOptTLSClientConfig(tlsCert, tlsKey, tlsCA)) suite.Nil(err, "no error logging into registry with good credentials") - - err = suite.RegistryClient.Login(suite.DockerRegistryHost, - LoginOptBasicAuth(testUsername, testPassword), - LoginOptTLSClientConfig(tlsCert, tlsKey, tlsCA)) - suite.Nil(err, "no error logging into registry with good credentials, insecure mode") } func (suite *TLSRegistryClientTestSuite) Test_1_Push() { diff --git a/pkg/registry/testdata/tls/ca-cert.pem b/pkg/registry/testdata/tls/ca-cert.pem deleted file mode 100644 index b2f4fe107..000000000 --- a/pkg/registry/testdata/tls/ca-cert.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIUdI/ees1mQ4N++1jpF5xI5fq6TSUwDQYJKoZIhvcNAQEL -BQAwUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsG -A1UECgwEaGVsbTEaMBgGA1UEAwwRcmVnaXN0cnktdGVzdC5jb20wIBcNMjIwOTIw -MDgyMDQ2WhgPMzAyMjAxMjEwODIwNDZaMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQI -DAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBGhlbG0xGjAYBgNVBAMMEXJlZ2lz -dHJ5LXRlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mxP -WVkpDo3PnXalJhy9rSYuK8OIxcO1kBroEnILYrNWn5zpKioaBXZEYcaU6crc5N4j -wQRC16wucyQAQh/d3ty7j5Wyy79CgH5AAKDbCacii4BgGUJ2xY6UXuKvwdsROAXN -wEtXT5f3yO8bVboYrZRxJ4UuTUFndtuz2b230JFs2FzTv4QdLaPHo/S4FTW5xRn5 -Irhmcmkns+XY4AduscYtzydvIuuOS3CVmB8/sClo62F5DpBl68b+/WFwqLrkX5Sn -ZWKx/fJPIxln5SavPXHEEcI14ZGNUhsv+4+sABHzVjBPK8oKjoNo8QmxDWdeWPgR -sPj/H2oldE6KfgyoQQIDAQABo1MwUTAdBgNVHQ4EFgQUkkmPK6SIj4PY8YOw+Yer -hKCOS7owHwYDVR0jBBgwFoAUkkmPK6SIj4PY8YOw+YerhKCOS7owDwYDVR0TAQH/ -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADSz9s8rcObLrUo8DpVRptWUxK3NH -hvD7bYGQ9eJO9B4ojKSBKJRchP0m5kpVLorMRZDRw17T2GouKQn3g+Wcy+8CygxW -1JDO/1iCZ8QX3vfwIfHTaKuY6eYcJyVmxL58bRI3qQNRZIU4s18tKFIazBluxS3g -5Wp8kOCBssttsM+lEgC/cj7skl9CBKhUFupHPzXzha+1upJUK51Egc7M7nsrnpaZ -2SY+PBEhSY5Wcuzb5m9tw7PJnkdRDS/dUOY6kSzJXgNMVV0GnN+Smucqmvrez0M5 -vHFMiQjlRxViVLJDNOCJYIjWNygAOvhJyRU2cTodIhZ/jbYqpNGAPc5Eyg== ------END CERTIFICATE----- diff --git a/pkg/registry/testdata/tls/ca.crt b/pkg/registry/testdata/tls/ca.crt new file mode 100644 index 000000000..d5b845acb --- /dev/null +++ b/pkg/registry/testdata/tls/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUEtjKXd8LxpkQf3C5LgdzM1++R3swDQYJKoZIhvcNAQEL +BQAwUzELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjETMBEG +A1UECgwKQWNtZSwgSW5jLjEVMBMGA1UEAwwMQWNtZSBSb290IENBMB4XDTIzMDYw +ODEwNDkzOFoXDTI0MDYwNzEwNDkzOFowUzELMAkGA1UEBhMCQ04xCzAJBgNVBAgM +AkdEMQswCQYDVQQHDAJTWjETMBEGA1UECgwKQWNtZSwgSW5jLjEVMBMGA1UEAwwM +QWNtZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgrX +Lv3k3trxje2JEoqusYN67Z3byZg69djRatfdboS3JKoTIHtcY7MMLdfhjAK97/wv +BaIMuVNgueu4qH6bea7FCP8XWz2BYBrH2GcKjVrBMkUrlIzjG9gnohkeknJQvQvl +oVbqLgZJn0HQcZtsPDnLwfjWDZrNkFBtvPSIMaRQbmtOFdSqAQjLKezbwlznBCJ5 +qpLsgc67ttDW5QAS+GszWPmypUlw8Ih7m8J95eT9aUESP0DbdraeUktWJQTdqukd +NflLaA2ZoV+uTX+wVE4yyXgSjD3Sd93+XhoSSzDzkzRnLsocRutxrTiNC/1S+qhb +Z72XLk0bvNwQhJjHDQIDAQABo1MwUTAdBgNVHQ4EFgQUoSKAVvuJDGszE361K7IF +RXOVj2YwHwYDVR0jBBgwFoAUoSKAVvuJDGszE361K7IFRXOVj2YwDwYDVR0TAQH/ +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOqH/JFuT1sqY/zVxCsATE1ze85/o +r6yPw3AuXsFzWtHe/XOFJzvbfOBWfocVLXTDc5933f1Ws/+PcxQKEQCwnUHrEAso +jLPzy+igHc07pi9PqHJ21Sn8FF5JVv+Y6CcZKaF5aEzUISsVjbF2vGK8FotMS9rs +Jw//dDfKhHjO9MHPBdkhOrM31LV6gwYPepno/YYygrJwHGQ5V9sdY8ifRBG6lX2a +xK4N2bl5q3Cpz+iERLNGP2c8OVQwLfSYLpFRSbHS8UiN4z6WqfgYHG7YurvbiMiJ +/AFkUatVJQ5YLmfCz4FMAiaxNtEOkZh5cvL1eCLK7nzvgAPCI33mEp6eoA== +-----END CERTIFICATE----- diff --git a/pkg/registry/testdata/tls/client-cert.pem b/pkg/registry/testdata/tls/client-cert.pem deleted file mode 100644 index f541fcd54..000000000 --- a/pkg/registry/testdata/tls/client-cert.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEL -MAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQ0wCwYDVQQKDARoZWxtMRowGAYDVQQD -DBFyZWdpc3RyeS10ZXN0LmNvbTAgFw0yMjA5MjAwODI4MzBaGA8yMTIyMDgyNzA4 -MjgzMFowWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEN -MAsGA1UECgwEaGVsbTEhMB8GA1UEAwwYY2xpZW50LnJlZ2lzdHJ5LXRlc3QuY29t -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvxfrJn8PeerlHJLnMVo -p1yOT/kvFAoNhObhtDUosDLjQBt+vICfjWoTNIabIiBRTwkVt5CdGvx1oKsbH3iT -VErL6N6MagIJdnOfBjxtlTL/TFtJ7U/VSUSxZwa+SV6HS4cmIntC/FV3MHjBlFJn -klSdDXa5YdYE2xuSPse+zlGRfmPTNmHsiNWphGC54U6WZ1UI0G22+L/yO8BuEkSq -47iCN6ZIw8ds+azl/woIEDJsVSgEapNsanBrJFnBUJBXh4lwpMB37U+6Ds1kUUuz -GXhVWz1pmRBt+vXWN802MqRg2RnCjTb2gWbmg7En4uFCTzx/GhRlJiV47O15n0g+ -tQIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFJJJjyukiI+D2PGDsPmHq4Sgjku6MAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgTwMCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIKMHg3 -ZjAwMDAwMYIJMTI3LjAuMC4xMB0GA1UdDgQWBBT+cCGLyj5wOIMG7TVqPyxPQsBi -+DANBgkqhkiG9w0BAQsFAAOCAQEATIDXr3LmD1S+13lVG263rn21cDT3m4VycQCu -oGNDuxtFwd/Zn/XnZLk2r1msz6YXWUqErJ8C7Ea7fFdimoJR5V3m7LYrYRPeLYVn -aVqyNN4LD48Su3VO5sjTyFxXJJJ9C5HX8LU/Pw/517qzLOFrmsO/fXN/XE52erBE -+K6vX4lyxnZyPfl3A/X/33G2tsGtHFK1uBILpn29fpeC/Pgm3Nj8ZqQ8rtcLZbog -heqdKkHKWdL3i1deplwxT7xVnqsWszU6Znzm/C/VQSB4Isn4puQDKqVPwGobHgxY -1zZr5mueot8mX9Qmg8IcWOVZ2u7nz8lw6+wpabkyjjdTC6iizg== ------END CERTIFICATE----- diff --git a/pkg/registry/testdata/tls/client-key.pem b/pkg/registry/testdata/tls/client-key.pem deleted file mode 100644 index 7e7ace54f..000000000 --- a/pkg/registry/testdata/tls/client-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCe/F+smfw956uU -ckucxWinXI5P+S8UCg2E5uG0NSiwMuNAG368gJ+NahM0hpsiIFFPCRW3kJ0a/HWg -qxsfeJNUSsvo3oxqAgl2c58GPG2VMv9MW0ntT9VJRLFnBr5JXodLhyYie0L8VXcw -eMGUUmeSVJ0Ndrlh1gTbG5I+x77OUZF+Y9M2YeyI1amEYLnhTpZnVQjQbbb4v/I7 -wG4SRKrjuII3pkjDx2z5rOX/CggQMmxVKARqk2xqcGskWcFQkFeHiXCkwHftT7oO -zWRRS7MZeFVbPWmZEG369dY3zTYypGDZGcKNNvaBZuaDsSfi4UJPPH8aFGUmJXjs -7XmfSD61AgMBAAECggEAKYp/5TWG9xXlezAyGZBrO++vL65IYtANoEBDkTainwds -4X9NqithhS3GPt89Abm4BRK2nfQnWLnGcmjC+YIj3M5+YSZlQf2uQ0kKsDJx354n -nufrdRp6/F36jJTye3E7oLx7dl8GrbAXKI8k5YByl4WMU8xFvA6TzjxyBf1jGb1E -8JBZpnqwSHgtH0zGPqgcIsqmQjiMJ+wHNZxdvtjPPC8exy/yLL9Hhj2UaqZSMMRi -afaAFXBLNvJ6Y/SUjRaL9liAyTQ0kJ+xR6TMDJ7ix0toGlylsK/3YesXEgAyui6c -UC3dmSC4UDJW+fGLrj/hVBLdpMRpgrWzwXnRyr0RMQKBgQDDnJqAtULhlo0W4E29 -Oo7XYFEcilzxB3hxEQSmts53GeQZHo1gI4wthyMzAgY3uOCIUtB2lPkNLV+dU86A -Cy1WTRL2vbwdM1qHz2tls4LNa+k+XTMWX7aqfCzOydBpV3Yehmnzb4NvFn9+QHjp -5omwwOaG7dhJCVet3CUJctoeOwKBgQDQETAVd4xfwQ/cBbKgoQhrkHOr+gTWcKYP -WD86EFDbRVboYDevU/dAj5Vwm5763zRsBFyL6/ZVUr9Wa1HHy0paE5YfdewMrRje -LhHeTbrLJ4Q3I0ix3bawv/04B66hw+Yaom0bQV3gBrNk+Cn8VFAo6IKNy7A0pK3i -KQmwoO+XzwKBgC3EqInQ33M07JIbrVTHLMDL8m6BGTn0C4Q4/SOcxjYrwqj18xI5 -fwTwB5ZZtOa4xSBgcBIuzQ7+PM7s2vYup073/aXpwuf6KgZ4y6IiHErAIvTKjbeA -cZb2Mu23XqInKqX9wTCKOPB3DSGXKDNiE3ldyRJs+BwuqWsuhSPu0YYdAoGADjd+ -b5kRkGFisgf5opweNStTnAajWfusfRPsjg0bWUAtpgcdBu/XzyOAdIdNn5qsvEy3 -/h+LX10eEcuXdO1hETKRaWjnTh5tupCvS99HyiXTFOlmSDD8EKuto6xytD7sdBlx -FxGqVmpey6FhTQp9x63LbeDjE1XFQ9TGArmcZWUCgYEAprSfhSemz9tP5tKKdYTc -LM5eWqK0aB1sN/hCZVx86VcNBxRbV+POEASTYO9AyVMjthGRe6UnCjwdXKTJ/ToX -KdtXINYeeK3hzANeCvtqg81qxi+8nmNLimtcjvFsB5g44LOFYyXqAD5FeQYTog1n -t/TLHYY+S8BbJ9cXfObXqyE= ------END PRIVATE KEY----- diff --git a/pkg/registry/testdata/tls/client.crt b/pkg/registry/testdata/tls/client.crt new file mode 100644 index 000000000..5b1daf278 --- /dev/null +++ b/pkg/registry/testdata/tls/client.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIUdJ6uRYm6RYesJ3CRoLokemFFgX8wDQYJKoZIhvcNAQEL +BQAwUzELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjETMBEG +A1UECgwKQWNtZSwgSW5jLjEVMBMGA1UEAwwMQWNtZSBSb290IENBMB4XDTIzMDYw +ODEwNTA0OFoXDTI0MDYwNzEwNTA0OFowWTELMAkGA1UEBhMCQ04xCzAJBgNVBAgM +AkdEMQswCQYDVQQHDAJTWjETMBEGA1UECgwKQWNtZSwgSW5jLjEbMBkGA1UEAwwS +aGVsbS10ZXN0LXJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAxuVrOJyfUO71wlqe/ae8pNVf3z+6b7aCYRrKJ4l66RKMPz9uP5lHD9QImCTU +LddER48iRr5nzaUKqNUsPn4tTcdaH9EEra+PDp+YeToyZARO+coxCq8yt1NxXrlb +E/q9Ie9QUlruhthrgr+5DC+qogZA8kcVPOs2+ObqeCCO6QGpECxROO2ysXHyjy2b +nwGCzZRz90M4z0ifXcey9RLzbmEsYymq6RbaeQvdzevgXhzIANktILuB0D3wJ2ae +WWP2CfBrjaPbOBtzdDhyl4T1aqLiUpDELUJLVpf/h6xCh52Q0svpsGVGtyO+npPe +kZ1LSVAnVGS6JlWWhs7RL0eaPwIDAQABoyEwHzAdBgNVHREEFjAUghJoZWxtLXRl +c3QtcmVnaXN0cnkwDQYJKoZIhvcNAQELBQADggEBABbxtODFOAeTJg4Q3SXqJ8Gq +zh3/1DaAEnMGHILYuS9tK5lisTLiUerqeQaHKR6U90HK/P1vVxe7PvwfHBrVsGkR +4YC6nivf8LMySKBQmsPUHjdotNZZ8O1pqd+CMqZe2ZuvzLZ4pPdw25lKjhZ7qI+t +hQ8yotiJALzEUWLJSgP5Y8k4hFfRGSso1oAC+WppQeW6ITqDo1MrzH7gpjnp+CJG +NWM1oAQCB1qIdo6gY386w6yLyUhfHtAVa3vviQ0dkRLiK95He5xZcO11rlDNdmgF +cF6lElkci8gPuH8UkKAT5bP9dAEbHPSjAIvg5O9NviknLiNAdFRKeTri+hqNLhE= +-----END CERTIFICATE----- diff --git a/pkg/registry/testdata/tls/client.key b/pkg/registry/testdata/tls/client.key new file mode 100644 index 000000000..2f6a8aa12 --- /dev/null +++ b/pkg/registry/testdata/tls/client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDG5Ws4nJ9Q7vXC +Wp79p7yk1V/fP7pvtoJhGsoniXrpEow/P24/mUcP1AiYJNQt10RHjyJGvmfNpQqo +1Sw+fi1Nx1of0QStr48On5h5OjJkBE75yjEKrzK3U3FeuVsT+r0h71BSWu6G2GuC +v7kML6qiBkDyRxU86zb45up4II7pAakQLFE47bKxcfKPLZufAYLNlHP3QzjPSJ9d +x7L1EvNuYSxjKarpFtp5C93N6+BeHMgA2S0gu4HQPfAnZp5ZY/YJ8GuNo9s4G3N0 +OHKXhPVqouJSkMQtQktWl/+HrEKHnZDSy+mwZUa3I76ek96RnUtJUCdUZLomVZaG +ztEvR5o/AgMBAAECggEBAKTaovRZXPOIHMrqsb0sun8lHEG+YJkXfRlfSw9aNDXa +2cPSn163fN7xr+3rGLKmKkHlsVNRnlgk46Dsj698hbBh+6FDbc1IJhrIzWgthHbB +23PO0rc4X6Dz2JParlLxELJ/2ONp2yqJVxMYNhiTqaqB5HLr1/6WNwo220CWO92D +vLz3rBHO5Vw5b5Y6Kt6MN6ciIHB2k+obhh4GQRJjUhvmmKCzbk1/R1PFYNwhhMN0 +Av6BdwFgngvNzJ8KMxGia7WJSvDYUk0++RRZ1esiZqwWRVCFFkm4Hj+gKJq6Xnz0 +a2nSvlC9k4GJvD9yY9VcDTJY+WsNN3Ny29gIFUeU9IECgYEA4norD3XakMthgOQk +3NE3HSvpZ22xtVgN9uN0b/JXbg7CLlYzn3tabpbQM/4uI6VG3Mk5Pk83QfKnr4W1 +aYO3YTEQ9B4g0eu3t4zfQOibY2+/Jb7Yfv/fH+pjkI26zYDQn61gsFdV9uxF7Pgu +NGNVe/eY+RkxEWsTtb40jcrbCgsCgYEA4NLWAdlrGKWZP5nLvM1hVB8r4WS82c0e +Orfyv2NhiqfRasARC1lQCqwbmCjb0c/eQiW7lJ7iSECc/8xW3HrJBYpG/tCxi9+m +SWxZXzRXDL8bmuoVvYeA/hFZayef5qCc8eiTYGQp6N5ozQHLXuPbNu7n6YSwvoU4 +ANrVBDRXxR0CgYEAmwbfhPS6iVT+yFjjNthrrqdJXQhElgrRfEfUg3DTEj4+A7P0 +IF4y1/KaUIzUjofrSuTfL1zQSW9OA6M2PCTymTAaF9CrzKZbGuTuSaMwAtASe0b5 +MW37EQDD6MZrsZJUvIjU38DY0m6Hqx9zmV7JvFMPPqxU30R5uHWbyderOmMCgYA5 +P3afIe3TaNeNCmyGtwWBli5mRnCQRVrdONnnQjckR3db52xvp15qWUjthfnzgyrl +TRZm0c5s94cC29WCbwGhF4Tcfee35ktBhwV66KkB5efxmonOqSJ/j4tlbcGZyGwu +bTqZ4OeLFJc7HKncj8jSRCNpoxAec22/SfnUCEARQQKBgAnwaN6kmGqIW2EsNOwB +DXCvG4HI9np5xN5Wo2dz7wqGtrt0TVtJ/PNBL3iadDLyPHahwoEVceFrQwqxjPsV +AoSwVDTdX96PKM/v/2ysw1JLf7UMT59mpxFoYiXCPn5Do4D1/25UfMOsJSmFo1Ij +Hkw1bqG8QneuME16BnDQfY3b +-----END PRIVATE KEY----- diff --git a/pkg/registry/testdata/tls/server-cert.pem b/pkg/registry/testdata/tls/server-cert.pem deleted file mode 100644 index 8d2eda528..000000000 --- a/pkg/registry/testdata/tls/server-cert.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEL -MAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQ0wCwYDVQQKDARoZWxtMRowGAYDVQQD -DBFyZWdpc3RyeS10ZXN0LmNvbTAgFw0yMjA5MjAwODI3NDZaGA8yMTIyMDgyNzA4 -Mjc0NlowWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEN -MAsGA1UECgwEaGVsbTEhMB8GA1UEAwwYc2VydmVyLnJlZ2lzdHJ5LXRlc3QuY29t -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxve7spJ44uC/f6BCUEKQ -PA9Sqc+ulTXyptZROLa90o7GK9P1WW8hcDRIYaIU3Rh+o6E0QYwBwvspoEAKYP0q -kp16pD1Ezf5VTikVElq20qvYOaAjvxFltIAmrxoCokkwEIsgEY6RYHZedimKWtdg -kG7R0aNnwgognoz6j4GD/Z/HejCY54jckQczDdaxWrcbBdQ0h/WNjLwHmlids4H9 -ni4cas4An5TZ3cOA9ah+8PSRNYgSLFR34KuydLd8xx5E2fG8OuU5zCNaDQ4puYKP -u+D6GNCdwi+w+Ac/3MTAX8ORLrB/8BCIMwnYi7g7En4a47ck21VqhfE+CH10AR07 -nQIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFJJJjyukiI+D2PGDsPmHq4Sgjku6MAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgTwMCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIKMHg3 -ZjAwMDAwMYIJMTI3LjAuMC4xMB0GA1UdDgQWBBRoIiJ5S3EJmcNUmjT+dxWO+14k -ADANBgkqhkiG9w0BAQsFAAOCAQEAb6UOBss8IA3uT76LIK9TSNSyn6BoYlTFGwgx -O2Cp4kqyKb370qAWV1QVVefQP1uftXpsdqhtwEL4jUptYO5yP4Udtg0QV0SsyMsg -jXgaeuC7589lcJpmTvPj/XlnAZE6vmTrVPG4c1wEC+qCTSHAu3EBRN8hHKZFmLON -254/6x2HlSTqwKzzJY5YEL8pP1kAIww40YMd5G5gFqCNdcg2FKB3ZWo9cFzCU3VK -HoeOUG286GuEN6AG/YT2DIFAZpP+SUgjY8mj1CxoIv9LMNyF1Tm8kzQDU0IA2dfW -1AY0edoHL2kLoUUKet/d7tayP9gnt0sOUrY2oZXrp+TvSHVTlw== ------END CERTIFICATE----- diff --git a/pkg/registry/testdata/tls/server-key.pem b/pkg/registry/testdata/tls/server-key.pem deleted file mode 100644 index 28bcbe214..000000000 --- a/pkg/registry/testdata/tls/server-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDG97uyknji4L9/ -oEJQQpA8D1Kpz66VNfKm1lE4tr3SjsYr0/VZbyFwNEhhohTdGH6joTRBjAHC+ymg -QApg/SqSnXqkPUTN/lVOKRUSWrbSq9g5oCO/EWW0gCavGgKiSTAQiyARjpFgdl52 -KYpa12CQbtHRo2fCCiCejPqPgYP9n8d6MJjniNyRBzMN1rFatxsF1DSH9Y2MvAea -WJ2zgf2eLhxqzgCflNndw4D1qH7w9JE1iBIsVHfgq7J0t3zHHkTZ8bw65TnMI1oN -Dim5go+74PoY0J3CL7D4Bz/cxMBfw5EusH/wEIgzCdiLuDsSfhrjtyTbVWqF8T4I -fXQBHTudAgMBAAECggEAD13Tr7tzPaZ487znUjaJ2DGgwz+obpqvhmYX+MbYSzo+ -oOTqVoFoNje7fVrcvKSnJzEMjaFoA2yNbvRzOMFkt9UUwzl+JmClqvcuSvAZnZSr -CuxMxnVsAvBAzJY4LNt1LFnqXKDDpo0Nx5d2uYRXz1/XsZaqrUhF86jUsx+gF4bM -LYe6SjXWtf1sumgE1gbil8NDLbqHPMvimQhLu1WgVxiarlye2NMyHxk6MTqwYOX3 -iinf3cuRFYuFyD1IHorreVAdOH0zuYvqLFylBbRqEfeOozVytX73yKfRK4lPobc+ -Q1n/mPzwyc9aVWKRo4WId0mA2rhP8sL7BvMFRwYnSwKBgQDdUqlel4/Fj2WfcsKa -SMjmqM66tFDxH27Vp55RoS/Fr+RZSVYda7cdbMJaGVswbZevwsCS46l2BJJdJXHt -UE1viKkKiIxGJzpH9Q1vyUEf+21eESnkr7HKoUrSpopwqOlc1dYPvn47aJukcGee -vwMkiaG5IUaR5MCfLA8xQ89UPwKBgQDmJGWtrwcUIdEvRI1wg8Unj0chAyz+/KIR -9jkVIyu4SUfThQp6GsCHsvc5TGN6yieGLIfrVb7qb8F2gDPdg8L/13zqAorpcK6E -AagYLDgKWV4O2oGT4AGQrcz/66BYAfeD868r442bhyEkD7zLqZSbHlPTpy8bPKuC -nen88JGJIwKBgD/OawHYVByywKt9XFk6jqDhHeh5v7QkScHS9zO1cp5dnUmYePk2 -aq5TAp0THlUR419KmFZAyEQ8AS5Vc0jlk82J6qIcx8QZ3xWLsnn93Yao59jsvdUu -SeWPJpEgbl0YdV7MT1BurNnXyLdZqKX9j5xjCXrj+wJonpfFDgQ39nflAoGAd1bo -YuggA5CFqL0jmvS5h4oEmFnNO2xFnorPjuZuBWH6nPSgOjElJTjoeg3iiAnL9Qei -c6ZDGc5Zw9k3C+cHdyOG4tHutp534Hv7bo1/gd5Vp94m00eViDCX3R2SSBC9CO+U -Jm4ZQE0SImEGxZVqOgW/8kD/bGBJj7HTZBZbYYECgYEAoGwLnE2TiMLfXIKXsmII -h9+rZrPfFyDCM27+QIADpCv7Ae2cIGanqSbyPJrFWD4CRXBv+92L2LyG7yA9C498 -uyMJ98DVp4SAaNWFha+JCz5TO6KCXOuwGrQTSUitqxQ2rMv2WpXnO2T8puvXW8dD -mxfiHuvNMNHfA9Bd4tsbbPE= ------END PRIVATE KEY----- diff --git a/pkg/registry/testdata/tls/server.crt b/pkg/registry/testdata/tls/server.crt new file mode 100644 index 000000000..5fae09bb9 --- /dev/null +++ b/pkg/registry/testdata/tls/server.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIUdJ6uRYm6RYesJ3CRoLokemFFgX4wDQYJKoZIhvcNAQEL +BQAwUzELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjETMBEG +A1UECgwKQWNtZSwgSW5jLjEVMBMGA1UEAwwMQWNtZSBSb290IENBMB4XDTIzMDYw +ODEwNTAzM1oXDTI0MDYwNzEwNTAzM1owWTELMAkGA1UEBhMCQ04xCzAJBgNVBAgM +AkdEMQswCQYDVQQHDAJTWjETMBEGA1UECgwKQWNtZSwgSW5jLjEbMBkGA1UEAwwS +aGVsbS10ZXN0LXJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA59jg4ml82uyvrg+tXf/0S8WHuayl5fB3k1lIPtOrTt5KBNh6z5XHZDogsQ3m +UEko4gVUvKL0Einm1i5c3C6KFFj0RNib0QpOZtxu54mx2Rxazkge0yjoTMwl/P1o +pvRI6qfRri8LdlqWwU9wBIYmKqEM8jPjxKcCOaR0WyQmEJ6KbayTzsVNHaQxG/f3 +aIDCkp3tFl+LaTJHjGdZN7tvJsZ1wXlQy6gXTJIPXHDTS/uh3Xp8jgqhlnQPIr44 +HikiAp9DMnOBGO4u4cZjCr04cQnLS9knsBAQCjja9J9DnZ5vKatBHF3nOVAtGoBM +o69HcYoX5F10Qg8YOa7QwIYjpQIDAQABoyEwHzAdBgNVHREEFjAUghJoZWxtLXRl +c3QtcmVnaXN0cnkwDQYJKoZIhvcNAQELBQADggEBABMYICc/rzijGhFPFOeSrXyk +xFX9SSrGMl0CzV44sxzJFJ89BrW9bUWf4rLuc2ugqWp78kRKGMKgaytDrmGGuZKy +Qy+xl3DTAoc9FYOBphtcH1QndWdbpKSc2sTKvdeV6SslKwWXlAvcqIain80fWAkn +J+9Fd/rq3sJxCYsYhEf17pDjHDnG5ZUsBAWWzN+YjtSAe4PzT1KdljUPCC1GbF+H +1dx+MwapV+atftzlGjld8H73MXrKRNUSZM5lEFvzCZz48J1Ml6UVnYO+QCybeJtQ +lBT3/wclJ86e0eNkZJI0WTmrqlaNS/J7mbZ+4BhfjuO5PyZbLg8DcWmaKeNtT8M= +-----END CERTIFICATE----- diff --git a/pkg/registry/testdata/tls/server.key b/pkg/registry/testdata/tls/server.key new file mode 100644 index 000000000..da44121a7 --- /dev/null +++ b/pkg/registry/testdata/tls/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDn2ODiaXza7K+u +D61d//RLxYe5rKXl8HeTWUg+06tO3koE2HrPlcdkOiCxDeZQSSjiBVS8ovQSKebW +LlzcLooUWPRE2JvRCk5m3G7nibHZHFrOSB7TKOhMzCX8/Wim9Ejqp9GuLwt2WpbB +T3AEhiYqoQzyM+PEpwI5pHRbJCYQnoptrJPOxU0dpDEb9/dogMKSne0WX4tpMkeM +Z1k3u28mxnXBeVDLqBdMkg9ccNNL+6HdenyOCqGWdA8ivjgeKSICn0Myc4EY7i7h +xmMKvThxCctL2SewEBAKONr0n0Odnm8pq0EcXec5UC0agEyjr0dxihfkXXRCDxg5 +rtDAhiOlAgMBAAECggEBAJ6kfFzwqYpz4lJMT+i+Nz+RzilyxaHtRSUCNrkmxVWW +LTfbmU1pw6IFVFFSnYHaTas60pyxNCkpmtZ7qvbOsZTyuVJSlWwYjUU9GHY+df+F +s2zrVIxQtYO3PVc7Xty+0xYd9xAlCMbXfciQvqmZ0Yvh36Xrc7MgRBmFOkkTFyjO +xaT70D5jwK0QKU8sMY+b9XvvaX59jbRmYAHL0wNcke/E7J4NKEAYfRI+x7kuFhP4 +yDbs9YE0u51cHYAGV4EujZhnv2AwvDnAWs0yHqIbVOIWI9+JRYKmPScr7b1bJfd/ +yy24GXvBu7Ss4TkfsJ/FdGXESr0Gj0ZIPIneDn/vrQECgYEA9jHu4FjTbRff+4tV +3zJJe88+yByjC6Hhj223JmRpCXQrXl2WLAYXl94p7M5NFdkD5QG7jsNUogLb73dV +ekUjuQl7IhJZYcRAXcnlkF+8pKt1duA0uRa22VtlR2wyn8oSnLV/9088Moh35sCP +MjWQDlZ/BW7YUPrOtB14eUCvMjECgYEA8RSpmXZVQdGnIIm6gC3rEhtfHQqAoBn0 +JRvnRXC/LKeVSgVF3ijeT9P/0JQuM9uxubV314nY+fhXsM5kkMZUoXMMSoxE+xPw +cgArpzwsleMn7BQ/UF3GLpdkUgNFI8bolZFbIa54F7YSFNto0NBp3mkceCJwoWmZ +BPIoo4zpV7UCgYEAviK2L8GqF5jWvPhRK300z0+xVu725ObywsijKB1oGYsEa26v +qfRSiFFl46M4WWUu4tBBv/IPDMhUf06UT0fSXPd7h0bQjPb6FvT0PFoT4MEiiNqD +HWbzdE5nm49uUYXIdgqed6tT/Fr07ttMPCStysT2eIWwvmnU9bnE7zALniECgYAr +HM7XqtnEU4HXx8macpu/OTXhM6ec+gc3O644NNl7WtzPx/GesSBQllEBM/6vN3Kp +C1LLMNOkoEzOSZqiaVVpKfHgwwTzAbXWLUGhPpmalGznQxevf5WZb2l5YSxUIZYm +aUAq3dCMLPs+z54G+b51D8cPlNkfhIrg34108hYooQKBgQDWMbc6wY6frvJCmesx +i7F/JHJweqcQdW649RCvtK8M/O062/3vvSNTxqEjPaJOGiD4Cn+D5pYchVujqlTM +8DK77N97NzQvpHm81lpKVIg5sObarvT3RnCSRpOumbX5SCBoBUs+nVC01/zZz79c +AJFLAeHI1RjhB0AFpRDCvZZk6w== +-----END PRIVATE KEY----- diff --git a/pkg/registry/utils_test.go b/pkg/registry/utils_test.go index bdeacc712..ee15160f9 100644 --- a/pkg/registry/utils_test.go +++ b/pkg/registry/utils_test.go @@ -44,11 +44,11 @@ import ( ) const ( - tlsServerKey = "./testdata/tls/server-key.pem" - tlsServerCert = "./testdata/tls/server-cert.pem" - tlsCA = "./testdata/tls/ca-cert.pem" - tlsKey = "./testdata/tls/client-key.pem" - tlsCert = "./testdata/tls/client-cert.pem" + tlsServerKey = "./testdata/tls/server.key" + tlsServerCert = "./testdata/tls/server.crt" + tlsCA = "./testdata/tls/ca.crt" + tlsKey = "./testdata/tls/client.key" + tlsCert = "./testdata/tls/client.crt" ) var ( @@ -70,7 +70,7 @@ type TestSuite struct { srv *mockdns.Server } -func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry { +func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry { suite.WorkspaceDir = testWorkspaceDir os.RemoveAll(suite.WorkspaceDir) os.Mkdir(suite.WorkspaceDir, 0700) @@ -83,31 +83,32 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry credentialsFile := filepath.Join(suite.WorkspaceDir, CredentialsFileBasename) // init test client + opts := []ClientOption{ + ClientOptDebug(true), + ClientOptEnableCache(true), + ClientOptWriter(suite.Out), + ClientOptCredentialsFile(credentialsFile), + } + if tlsEnabled { var tlsConf *tls.Config - tlsConf, err = tlsutil.NewClientTLS(tlsCert, tlsKey, tlsCA, insecure) + if insecure { + tlsConf, err = tlsutil.NewClientTLS("", "", "", true) + } else { + tlsConf, err = tlsutil.NewClientTLS(tlsCert, tlsKey, tlsCA, false) + } httpClient := &http.Client{ Transport: &http.Transport{ TLSClientConfig: tlsConf, }, } - suite.Nil(err, "no error loading tlsconfog") - suite.RegistryClient, err = NewClient( - ClientOptDebug(true), - ClientOptEnableCache(true), - ClientOptWriter(suite.Out), - ClientOptCredentialsFile(credentialsFile), - ClientOptHTTPClient(httpClient), - ) + suite.Nil(err, "no error loading tls config") + opts = append(opts, ClientOptHTTPClient(httpClient)) } else { - suite.RegistryClient, err = NewClient( - ClientOptDebug(true), - ClientOptEnableCache(true), - ClientOptWriter(suite.Out), - ClientOptCredentialsFile(credentialsFile), - ) + opts = append(opts, ClientOptPlainHTTP()) } + suite.RegistryClient, err = NewClient(opts...) suite.Nil(err, "no error creating registry client") // create htpasswd file (w BCrypt, which is required) @@ -121,33 +122,30 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry config := &configuration.Configuration{} port, err := freeport.GetFreePort() suite.Nil(err, "no error finding free port for test registry") - if tlsEnabled { - // docker has "MatchLocalhost is a host match function which returns true for - // localhost, and is used to enforce http for localhost requests." - // That function does not handle matching of ip addresses in octal, - // decimal or hex form. - suite.DockerRegistryHost = fmt.Sprintf("0x7f000001:%d", port) - - // As of Go 1.20, Go may lookup "0x7f000001" as a DNS entry and fail. - // Using a mock DNS server to handle the address. - suite.srv, _ = mockdns.NewServer(map[string]mockdns.Zone{ - "0x7f000001.": { - A: []string{"127.0.0.1"}, - }, - }, false) - suite.srv.PatchNet(net.DefaultResolver) - } else { - suite.DockerRegistryHost = fmt.Sprintf("localhost:%d", port) - } + + // Change the registry host to another host which is not localhost. + // This is required because Docker enforces HTTP if the registry + // host is localhost/127.0.0.1. + suite.DockerRegistryHost = fmt.Sprintf("helm-test-registry:%d", port) + suite.srv, _ = mockdns.NewServer(map[string]mockdns.Zone{ + "helm-test-registry.": { + A: []string{"127.0.0.1"}, + }, + }, false) + suite.srv.PatchNet(net.DefaultResolver) + config.HTTP.Addr = fmt.Sprintf(":%d", port) - // config.HTTP.Addr = fmt.Sprintf("127.0.0.1:%d", port) config.HTTP.DrainTimeout = time.Duration(10) * time.Second config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}} - config.Auth = configuration.Auth{ - "htpasswd": configuration.Parameters{ - "realm": "localhost", - "path": htpasswdPath, - }, + + // Basic auth is not possible if we are serving HTTP. + if tlsEnabled { + config.Auth = configuration.Auth{ + "htpasswd": configuration.Parameters{ + "realm": "localhost", + "path": htpasswdPath, + }, + } } // config tls @@ -157,7 +155,10 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry // server tls config config.HTTP.TLS.Certificate = tlsServerCert config.HTTP.TLS.Key = tlsServerKey - config.HTTP.TLS.ClientCAs = []string{tlsCA} + // Skip client authentication if the registry is insecure. + if !insecure { + config.HTTP.TLS.ClientCAs = []string{tlsCA} + } } dockerRegistry, err := registry.NewRegistry(context.Background(), config) suite.Nil(err, "no error creating test registry") From 0a5148faffb7110bab58a466a52be0686a69947c Mon Sep 17 00:00:00 2001 From: Matt Farina Date: Thu, 22 Jun 2023 14:28:41 -0400 Subject: [PATCH 37/59] Fix multiple bugs in values handling First, some notes about priority and how some code flow works. For Helm handling values, the expected order of precidence is: 1. User specified values (e.g CLI) 2. Imported values 3. Parent chart values 4. Subchart values Helm handles dependency values slightly differently. If there are dependencies in the charts folder that are not marked as dependencies all of the values, including nil values, are pulled in. If those charts are listed as a dependency in the Chart.yaml file than they are processed for import handling. Prior to the changes here, it caused nil values at the top level to NOT remove values specified. The changes: 1. The order of priority was chagned from the list above. Parnet chart values would override specifically imported values. This is due to a change from just over a year ago that introduced a bug. That was undone by changing the precidence when maps were merged. 2. To handle merging while retaining the nil values, which was causing inconsistent behavior, a new set of Merge functions were introduced. These functions are just like coalesce except that they DO NOT remove nil/null values. The new functions are used in a backward compatible manner meaning some new functions were introduced that called them. Specific issues fixed (that are known): Closes #9027 Can now delete subkeys from charts when specified in the parent. This behavior was previously inconsistent. Sometimes they could be deleted and other times it did not work. Now it is consistent. Closes #10899 Imported values (from library or other subcharts) are now used following the order above. The previous behavior was inconsistent. import-values using just a string would import them. When named with a child/parent it did not work if the parent already had a value. If string and named were mixed the imports worked if the string happened first but just for the string not the named. If the named parent/child went first then none of them worked for cases where the parent already had a value. It was inconsistent and the tests sometimes mirrored the functionality rather than expected behavior. Tests for this fall into the sub-packages and are in the template tests to verify it's happening in the output. Including having values passed at the CLI as the ultimate highest priority to be used. This relates to a fix that went in for #9940. The expected values there don't fit the precedence above where the parent value would override the imported value. That fix/change introduced more bugs. Closes #10052 This is the case where imported values using the parent/child designation just didn't work right. That has been fixed and there are tests. The underlying issue had to do with the precedence order handling. Note, a lot of tests were added. Hope we got it more right this time. Signed-off-by: Matt Farina --- cmd/helm/template_test.go | 30 ++ cmd/helm/testdata/output/issue-9027.txt | 32 ++ .../output/template-subchart-cm-set-file.txt | 122 ++++++++ .../output/template-subchart-cm-set.txt | 122 ++++++++ .../testdata/output/template-subchart-cm.txt | 122 ++++++++ .../testdata/testcharts/issue-9027/Chart.yaml | 6 + .../issue-9027/charts/subchart/Chart.yaml | 3 + .../charts/subchart/templates/values.yaml | 1 + .../issue-9027/charts/subchart/values.yaml | 17 + .../issue-9027/templates/values.yaml | 1 + .../testcharts/issue-9027/values.yaml | 11 + .../testdata/testcharts/subchart/Chart.yaml | 3 + .../subchart/charts/subchartB/values.yaml | 4 + .../testcharts/subchart/extra_values.yaml | 5 + .../subchart/templates/subdir/configmap.yaml | 8 + .../testdata/testcharts/subchart/values.yaml | 4 + pkg/action/install.go | 2 +- pkg/action/upgrade.go | 2 +- pkg/chartutil/coalesce.go | 99 ++++-- pkg/chartutil/coalesce_test.go | 293 +++++++++++++++++- pkg/chartutil/dependencies.go | 91 +++++- pkg/chartutil/dependencies_test.go | 85 +++-- pkg/chartutil/testdata/subpop/values.yaml | 2 + .../umbrella/Chart.yaml | 6 + .../umbrella/charts/app3/Chart.yaml | 11 + .../charts/app3/charts/library/Chart.yaml | 5 + .../charts/library/templates/service.yaml | 9 + .../charts/app3/charts/library/values.yaml | 5 + .../charts/app3/templates/service.yaml | 1 + .../umbrella/charts/app3/values.yaml | 2 + .../umbrella/charts/app4/Chart.yaml | 9 + .../charts/app4/charts/library/Chart.yaml | 5 + .../charts/library/templates/service.yaml | 9 + .../charts/app4/charts/library/values.yaml | 5 + .../charts/app4/templates/service.yaml | 1 + .../umbrella/charts/app4/values.yaml | 3 + .../umbrella/values.yaml | 6 + pkg/lint/rules/template.go | 2 +- 38 files changed, 1090 insertions(+), 54 deletions(-) create mode 100644 cmd/helm/testdata/output/issue-9027.txt create mode 100644 cmd/helm/testdata/output/template-subchart-cm-set-file.txt create mode 100644 cmd/helm/testdata/output/template-subchart-cm-set.txt create mode 100644 cmd/helm/testdata/output/template-subchart-cm.txt create mode 100644 cmd/helm/testdata/testcharts/issue-9027/Chart.yaml create mode 100644 cmd/helm/testdata/testcharts/issue-9027/charts/subchart/Chart.yaml create mode 100644 cmd/helm/testdata/testcharts/issue-9027/charts/subchart/templates/values.yaml create mode 100644 cmd/helm/testdata/testcharts/issue-9027/charts/subchart/values.yaml create mode 100644 cmd/helm/testdata/testcharts/issue-9027/templates/values.yaml create mode 100644 cmd/helm/testdata/testcharts/issue-9027/values.yaml create mode 100644 cmd/helm/testdata/testcharts/subchart/extra_values.yaml create mode 100644 cmd/helm/testdata/testcharts/subchart/templates/subdir/configmap.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/Chart.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/Chart.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/templates/service.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/values.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/templates/service.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/values.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/Chart.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/Chart.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/templates/service.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/values.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/templates/service.yaml create mode 100644 pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/values.yaml diff --git a/cmd/helm/template_test.go b/cmd/helm/template_test.go index d1f17fe98..123a4c9bc 100644 --- a/cmd/helm/template_test.go +++ b/cmd/helm/template_test.go @@ -25,6 +25,8 @@ import ( var chartPath = "testdata/testcharts/subchart" func TestTemplateCmd(t *testing.T) { + deletevalchart := "testdata/testcharts/issue-9027" + tests := []cmdTestCase{ { name: "check name", @@ -131,6 +133,34 @@ func TestTemplateCmd(t *testing.T) { cmd: fmt.Sprintf(`template '%s' --skip-tests`, chartPath), golden: "output/template-skip-tests.txt", }, + { + // This test case is to ensure the case where specified dependencies + // in the Chart.yaml and those where the Chart.yaml don't have them + // specified are the same. + name: "ensure nil/null values pass to subcharts delete values", + cmd: fmt.Sprintf("template '%s'", deletevalchart), + golden: "output/issue-9027.txt", + }, + { + // Ensure that imported values take precedence over parent chart values + name: "template with imported subchart values ensuring import", + cmd: fmt.Sprintf("template '%s' --set configmap.enabled=true --set subchartb.enabled=true", chartPath), + golden: "output/template-subchart-cm.txt", + }, + { + // Ensure that user input values take precedence over imported + // values from sub-charts. + name: "template with imported subchart values set with --set", + cmd: fmt.Sprintf("template '%s' --set configmap.enabled=true --set subchartb.enabled=true --set configmap.value=baz", chartPath), + golden: "output/template-subchart-cm-set.txt", + }, + { + // Ensure that user input values take precedence over imported + // values from sub-charts when passed by file + name: "template with imported subchart values set with --set", + cmd: fmt.Sprintf("template '%s' -f %s/extra_values.yaml", chartPath, chartPath), + golden: "output/template-subchart-cm-set-file.txt", + }, } runTestCmd(t, tests) } diff --git a/cmd/helm/testdata/output/issue-9027.txt b/cmd/helm/testdata/output/issue-9027.txt new file mode 100644 index 000000000..eb19fc383 --- /dev/null +++ b/cmd/helm/testdata/output/issue-9027.txt @@ -0,0 +1,32 @@ +--- +# Source: issue-9027/charts/subchart/templates/values.yaml +global: + hash: + key3: 13 + key4: 4 + key5: 5 + key6: 6 +hash: + key3: 13 + key4: 4 + key5: 5 + key6: 6 +--- +# Source: issue-9027/templates/values.yaml +global: + hash: + key1: null + key2: null + key3: 13 +subchart: + global: + hash: + key3: 13 + key4: 4 + key5: 5 + key6: 6 + hash: + key3: 13 + key4: 4 + key5: 5 + key6: 6 diff --git a/cmd/helm/testdata/output/template-subchart-cm-set-file.txt b/cmd/helm/testdata/output/template-subchart-cm-set-file.txt new file mode 100644 index 000000000..56844e292 --- /dev/null +++ b/cmd/helm/testdata/output/template-subchart-cm-set-file.txt @@ -0,0 +1,122 @@ +--- +# Source: subchart/templates/subdir/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: subchart-sa +--- +# Source: subchart/templates/subdir/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: subchart-cm +data: + value: qux +--- +# Source: subchart/templates/subdir/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: subchart-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get","list","watch"] +--- +# Source: subchart/templates/subdir/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: subchart-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: subchart-role +subjects: +- kind: ServiceAccount + name: subchart-sa + namespace: default +--- +# Source: subchart/charts/subcharta/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subcharta + labels: + helm.sh/chart: "subcharta-0.1.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: apache + selector: + app.kubernetes.io/name: subcharta +--- +# Source: subchart/charts/subchartb/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subchartb + labels: + helm.sh/chart: "subchartb-0.1.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: nginx + selector: + app.kubernetes.io/name: subchartb +--- +# Source: subchart/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subchart + labels: + helm.sh/chart: "subchart-0.1.0" + app.kubernetes.io/instance: "release-name" + kube-version/major: "1" + kube-version/minor: "20" + kube-version/version: "v1.20.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: nginx + selector: + app.kubernetes.io/name: subchart +--- +# Source: subchart/templates/tests/test-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "release-name-testconfig" + annotations: + "helm.sh/hook": test +data: + message: Hello World +--- +# Source: subchart/templates/tests/test-nothing.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "release-name-test" + annotations: + "helm.sh/hook": test +spec: + containers: + - name: test + image: "alpine:latest" + envFrom: + - configMapRef: + name: "release-name-testconfig" + command: + - echo + - "$message" + restartPolicy: Never diff --git a/cmd/helm/testdata/output/template-subchart-cm-set.txt b/cmd/helm/testdata/output/template-subchart-cm-set.txt new file mode 100644 index 000000000..e52f7c234 --- /dev/null +++ b/cmd/helm/testdata/output/template-subchart-cm-set.txt @@ -0,0 +1,122 @@ +--- +# Source: subchart/templates/subdir/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: subchart-sa +--- +# Source: subchart/templates/subdir/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: subchart-cm +data: + value: baz +--- +# Source: subchart/templates/subdir/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: subchart-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get","list","watch"] +--- +# Source: subchart/templates/subdir/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: subchart-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: subchart-role +subjects: +- kind: ServiceAccount + name: subchart-sa + namespace: default +--- +# Source: subchart/charts/subcharta/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subcharta + labels: + helm.sh/chart: "subcharta-0.1.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: apache + selector: + app.kubernetes.io/name: subcharta +--- +# Source: subchart/charts/subchartb/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subchartb + labels: + helm.sh/chart: "subchartb-0.1.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: nginx + selector: + app.kubernetes.io/name: subchartb +--- +# Source: subchart/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subchart + labels: + helm.sh/chart: "subchart-0.1.0" + app.kubernetes.io/instance: "release-name" + kube-version/major: "1" + kube-version/minor: "20" + kube-version/version: "v1.20.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: nginx + selector: + app.kubernetes.io/name: subchart +--- +# Source: subchart/templates/tests/test-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "release-name-testconfig" + annotations: + "helm.sh/hook": test +data: + message: Hello World +--- +# Source: subchart/templates/tests/test-nothing.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "release-name-test" + annotations: + "helm.sh/hook": test +spec: + containers: + - name: test + image: "alpine:latest" + envFrom: + - configMapRef: + name: "release-name-testconfig" + command: + - echo + - "$message" + restartPolicy: Never diff --git a/cmd/helm/testdata/output/template-subchart-cm.txt b/cmd/helm/testdata/output/template-subchart-cm.txt new file mode 100644 index 000000000..f7e7b3d37 --- /dev/null +++ b/cmd/helm/testdata/output/template-subchart-cm.txt @@ -0,0 +1,122 @@ +--- +# Source: subchart/templates/subdir/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: subchart-sa +--- +# Source: subchart/templates/subdir/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: subchart-cm +data: + value: bar +--- +# Source: subchart/templates/subdir/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: subchart-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get","list","watch"] +--- +# Source: subchart/templates/subdir/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: subchart-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: subchart-role +subjects: +- kind: ServiceAccount + name: subchart-sa + namespace: default +--- +# Source: subchart/charts/subcharta/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subcharta + labels: + helm.sh/chart: "subcharta-0.1.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: apache + selector: + app.kubernetes.io/name: subcharta +--- +# Source: subchart/charts/subchartb/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subchartb + labels: + helm.sh/chart: "subchartb-0.1.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: nginx + selector: + app.kubernetes.io/name: subchartb +--- +# Source: subchart/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: subchart + labels: + helm.sh/chart: "subchart-0.1.0" + app.kubernetes.io/instance: "release-name" + kube-version/major: "1" + kube-version/minor: "20" + kube-version/version: "v1.20.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: nginx + selector: + app.kubernetes.io/name: subchart +--- +# Source: subchart/templates/tests/test-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "release-name-testconfig" + annotations: + "helm.sh/hook": test +data: + message: Hello World +--- +# Source: subchart/templates/tests/test-nothing.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "release-name-test" + annotations: + "helm.sh/hook": test +spec: + containers: + - name: test + image: "alpine:latest" + envFrom: + - configMapRef: + name: "release-name-testconfig" + command: + - echo + - "$message" + restartPolicy: Never diff --git a/cmd/helm/testdata/testcharts/issue-9027/Chart.yaml b/cmd/helm/testdata/testcharts/issue-9027/Chart.yaml new file mode 100644 index 000000000..ea6761a1c --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-9027/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: issue-9027 +version: 0.1.0 +dependencies: + - name: subchart + version: 0.1.0 diff --git a/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/Chart.yaml b/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/Chart.yaml new file mode 100644 index 000000000..0639b1806 --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: subchart +version: 0.1.0 diff --git a/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/templates/values.yaml b/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/templates/values.yaml new file mode 100644 index 000000000..fe0018e1a --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/templates/values.yaml @@ -0,0 +1 @@ +{{ .Values | toYaml }} diff --git a/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/values.yaml b/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/values.yaml new file mode 100644 index 000000000..0da524211 --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-9027/charts/subchart/values.yaml @@ -0,0 +1,17 @@ +global: + hash: + key1: 1 + key2: 2 + key3: 3 + key4: 4 + key5: 5 + key6: 6 + + +hash: + key1: 1 + key2: 2 + key3: 3 + key4: 4 + key5: 5 + key6: 6 diff --git a/cmd/helm/testdata/testcharts/issue-9027/templates/values.yaml b/cmd/helm/testdata/testcharts/issue-9027/templates/values.yaml new file mode 100644 index 000000000..fe0018e1a --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-9027/templates/values.yaml @@ -0,0 +1 @@ +{{ .Values | toYaml }} diff --git a/cmd/helm/testdata/testcharts/issue-9027/values.yaml b/cmd/helm/testdata/testcharts/issue-9027/values.yaml new file mode 100644 index 000000000..22577e4f8 --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-9027/values.yaml @@ -0,0 +1,11 @@ +global: + hash: + key1: null + key2: null + key3: 13 + +subchart: + hash: + key1: null + key2: null + key3: 13 diff --git a/cmd/helm/testdata/testcharts/subchart/Chart.yaml b/cmd/helm/testdata/testcharts/subchart/Chart.yaml index b03ea3cd3..ae844c349 100644 --- a/cmd/helm/testdata/testcharts/subchart/Chart.yaml +++ b/cmd/helm/testdata/testcharts/subchart/Chart.yaml @@ -29,6 +29,9 @@ dependencies: parent: imported-chartA-B - child: exports.SCBexported2 parent: exports.SCBexported2 + # - child: exports.configmap + # parent: configmap + - configmap - SCBexported1 tags: diff --git a/cmd/helm/testdata/testcharts/subchart/charts/subchartB/values.yaml b/cmd/helm/testdata/testcharts/subchart/charts/subchartB/values.yaml index 774fdd75c..0ada0aadc 100644 --- a/cmd/helm/testdata/testcharts/subchart/charts/subchartB/values.yaml +++ b/cmd/helm/testdata/testcharts/subchart/charts/subchartB/values.yaml @@ -20,6 +20,10 @@ exports: SCBexported2: SCBexported2A: "blaster" + + configmap: + configmap: + value: "bar" global: kolla: diff --git a/cmd/helm/testdata/testcharts/subchart/extra_values.yaml b/cmd/helm/testdata/testcharts/subchart/extra_values.yaml new file mode 100644 index 000000000..5976bd178 --- /dev/null +++ b/cmd/helm/testdata/testcharts/subchart/extra_values.yaml @@ -0,0 +1,5 @@ +# This file is used to test values passed by file at the command line + +configmap: + enabled: true + value: "qux" \ No newline at end of file diff --git a/cmd/helm/testdata/testcharts/subchart/templates/subdir/configmap.yaml b/cmd/helm/testdata/testcharts/subchart/templates/subdir/configmap.yaml new file mode 100644 index 000000000..e404a6cb2 --- /dev/null +++ b/cmd/helm/testdata/testcharts/subchart/templates/subdir/configmap.yaml @@ -0,0 +1,8 @@ +{{ if .Values.configmap.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-cm +data: + value: {{ .Values.configmap.value }} +{{- end }} \ No newline at end of file diff --git a/cmd/helm/testdata/testcharts/subchart/values.yaml b/cmd/helm/testdata/testcharts/subchart/values.yaml index 8a3ab6c64..bcbebb5c0 100644 --- a/cmd/helm/testdata/testcharts/subchart/values.yaml +++ b/cmd/helm/testdata/testcharts/subchart/values.yaml @@ -53,3 +53,7 @@ exports: SC1exported2: all: SC1exported3: "SC1expstr" + +configmap: + enabled: false + value: "foo" diff --git a/pkg/action/install.go b/pkg/action/install.go index d5c34cef7..b58676770 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -223,7 +223,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma return nil, err } - if err := chartutil.ProcessDependencies(chrt, vals); err != nil { + if err := chartutil.ProcessDependenciesWithMerge(chrt, vals); err != nil { return nil, err } diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index 829be51df..5f2ae9e24 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -215,7 +215,7 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin return nil, nil, err } - if err := chartutil.ProcessDependencies(chart, vals); err != nil { + if err := chartutil.ProcessDependenciesWithMerge(chart, vals); err != nil { return nil, nil, err } diff --git a/pkg/chartutil/coalesce.go b/pkg/chartutil/coalesce.go index 68bc9aa6f..b8d3a875b 100644 --- a/pkg/chartutil/coalesce.go +++ b/pkg/chartutil/coalesce.go @@ -53,7 +53,35 @@ func CoalesceValues(chrt *chart.Chart, vals map[string]interface{}) (Values, err if valsCopy == nil { valsCopy = make(map[string]interface{}) } - return coalesce(log.Printf, chrt, valsCopy, "") + return coalesce(log.Printf, chrt, valsCopy, "", false) +} + +// MergeValues is used to merge the values in a chart and its subcharts. This +// is different from Coalescing as nil/null values are preserved. +// +// Values are coalesced together using the following rules: +// +// - Values in a higher level chart always override values in a lower-level +// dependency chart +// - Scalar values and arrays are replaced, maps are merged +// - A chart has access to all of the variables for it, as well as all of +// the values destined for its dependencies. +// +// Retaining Nils is useful when processes early in a Helm action or business +// logic need to retain them for when Coalescing will happen again later in the +// business logic. +func MergeValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) { + v, err := copystructure.Copy(vals) + if err != nil { + return vals, err + } + + valsCopy := v.(map[string]interface{}) + // if we have an empty map, make sure it is initialized + if valsCopy == nil { + valsCopy = make(map[string]interface{}) + } + return coalesce(log.Printf, chrt, valsCopy, "", true) } type printFn func(format string, v ...interface{}) @@ -61,13 +89,13 @@ type printFn func(format string, v ...interface{}) // coalesce coalesces the dest values and the chart values, giving priority to the dest values. // // This is a helper function for CoalesceValues. -func coalesce(printf printFn, ch *chart.Chart, dest map[string]interface{}, prefix string) (map[string]interface{}, error) { - coalesceValues(printf, ch, dest, prefix) - return coalesceDeps(printf, ch, dest, prefix) +func coalesce(printf printFn, ch *chart.Chart, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { + coalesceValues(printf, ch, dest, prefix, merge) + return coalesceDeps(printf, ch, dest, prefix, merge) } // coalesceDeps coalesces the dependencies of the given chart. -func coalesceDeps(printf printFn, chrt *chart.Chart, dest map[string]interface{}, prefix string) (map[string]interface{}, error) { +func coalesceDeps(printf printFn, chrt *chart.Chart, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { for _, subchart := range chrt.Dependencies() { if c, ok := dest[subchart.Name()]; !ok { // If dest doesn't already have the key, create it. @@ -78,13 +106,11 @@ func coalesceDeps(printf printFn, chrt *chart.Chart, dest map[string]interface{} if dv, ok := dest[subchart.Name()]; ok { dvmap := dv.(map[string]interface{}) subPrefix := concatPrefix(prefix, chrt.Metadata.Name) - // Get globals out of dest and merge them into dvmap. - coalesceGlobals(printf, dvmap, dest, subPrefix) - + coalesceGlobals(printf, dvmap, dest, subPrefix, merge) // Now coalesce the rest of the values. var err error - dest[subchart.Name()], err = coalesce(printf, subchart, dvmap, subPrefix) + dest[subchart.Name()], err = coalesce(printf, subchart, dvmap, subPrefix, merge) if err != nil { return dest, err } @@ -96,7 +122,7 @@ func coalesceDeps(printf printFn, chrt *chart.Chart, dest map[string]interface{} // coalesceGlobals copies the globals out of src and merges them into dest. // // For convenience, returns dest. -func coalesceGlobals(printf printFn, dest, src map[string]interface{}, prefix string) { +func coalesceGlobals(printf printFn, dest, src map[string]interface{}, prefix string, merge bool) { var dg, sg map[string]interface{} if destglob, ok := dest[GlobalKey]; !ok { @@ -130,7 +156,10 @@ func coalesceGlobals(printf printFn, dest, src map[string]interface{}, prefix st // Basically, we reverse order of coalesce here to merge // top-down. subPrefix := concatPrefix(prefix, key) - coalesceTablesFullKey(printf, vv, destvmap, subPrefix) + // In this location coalesceTablesFullKey should always have + // merge set to true. The output of coalesceGlobals is run + // through coalesce where any nils will be removed. + coalesceTablesFullKey(printf, vv, destvmap, subPrefix, true) dg[key] = vv } } @@ -156,12 +185,38 @@ func copyMap(src map[string]interface{}) map[string]interface{} { // coalesceValues builds up a values map for a particular chart. // // Values in v will override the values in the chart. -func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, prefix string) { +func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, prefix string, merge bool) { subPrefix := concatPrefix(prefix, c.Metadata.Name) - for key, val := range c.Values { + + // Using c.Values directly when coalescing a table can cause problems where + // the original c.Values is altered. Creating a deep copy stops the problem. + // This section is fault-tolerant as there is no ability to return an error. + valuesCopy, err := copystructure.Copy(c.Values) + var vc map[string]interface{} + var ok bool + if err != nil { + // If there is an error something is wrong with copying c.Values it + // means there is a problem in the deep copying package or something + // wrong with c.Values. In this case we will use c.Values and report + // an error. + printf("warning: unable to copy values, err: %s", err) + vc = c.Values + } else { + vc, ok = valuesCopy.(map[string]interface{}) + if !ok { + // c.Values has a map[string]interface{} structure. If the copy of + // it cannot be treated as map[string]interface{} there is something + // strangely wrong. Log it and use c.Values + printf("warning: unable to convert values copy to values type") + vc = c.Values + } + } + + for key, val := range vc { if value, ok := v[key]; ok { - if value == nil { - // When the YAML value is null, we remove the value's key. + if value == nil && !merge { + // When the YAML value is null and we are coalescing instead of + // merging, we remove the value's key. // This allows Helm's various sources of values (value files or --set) to // remove incompatible keys from any previous chart, file, or set values. delete(v, key) @@ -177,7 +232,7 @@ func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, pr } else { // Because v has higher precedence than nv, dest values override src // values. - coalesceTablesFullKey(printf, dest, src, concatPrefix(subPrefix, key)) + coalesceTablesFullKey(printf, dest, src, concatPrefix(subPrefix, key), merge) } } } else { @@ -191,13 +246,17 @@ func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, pr // // dest is considered authoritative. func CoalesceTables(dst, src map[string]interface{}) map[string]interface{} { - return coalesceTablesFullKey(log.Printf, dst, src, "") + return coalesceTablesFullKey(log.Printf, dst, src, "", false) +} + +func MergeTables(dst, src map[string]interface{}) map[string]interface{} { + return coalesceTablesFullKey(log.Printf, dst, src, "", true) } // coalesceTablesFullKey merges a source map into a destination map. // // dest is considered authoritative. -func coalesceTablesFullKey(printf printFn, dst, src map[string]interface{}, prefix string) map[string]interface{} { +func coalesceTablesFullKey(printf printFn, dst, src map[string]interface{}, prefix string, merge bool) map[string]interface{} { // When --reuse-values is set but there are no modifications yet, return new values if src == nil { return dst @@ -209,13 +268,13 @@ func coalesceTablesFullKey(printf printFn, dst, src map[string]interface{}, pref // values. for key, val := range src { fullkey := concatPrefix(prefix, key) - if dv, ok := dst[key]; ok && dv == nil { + if dv, ok := dst[key]; ok && !merge && dv == nil { delete(dst, key) } else if !ok { dst[key] = val } else if istable(val) { if istable(dv) { - coalesceTablesFullKey(printf, dv.(map[string]interface{}), val.(map[string]interface{}), fullkey) + coalesceTablesFullKey(printf, dv.(map[string]interface{}), val.(map[string]interface{}), fullkey, merge) } else { printf("warning: cannot overwrite table with non table for %s (%v)", fullkey, val) } diff --git a/pkg/chartutil/coalesce_test.go b/pkg/chartutil/coalesce_test.go index 3fe93f5ff..61b718d97 100644 --- a/pkg/chartutil/coalesce_test.go +++ b/pkg/chartutil/coalesce_test.go @@ -213,6 +213,160 @@ func TestCoalesceValues(t *testing.T) { is.Equal(valsCopy, vals) } +func TestMergeValues(t *testing.T) { + is := assert.New(t) + + c := withDeps(&chart.Chart{ + Metadata: &chart.Metadata{Name: "moby"}, + Values: map[string]interface{}{ + "back": "exists", + "bottom": "exists", + "front": "exists", + "left": "exists", + "name": "moby", + "nested": map[string]interface{}{"boat": true}, + "override": "bad", + "right": "exists", + "scope": "moby", + "top": "nope", + "global": map[string]interface{}{ + "nested2": map[string]interface{}{"l0": "moby"}, + }, + }, + }, + withDeps(&chart.Chart{ + Metadata: &chart.Metadata{Name: "pequod"}, + Values: map[string]interface{}{ + "name": "pequod", + "scope": "pequod", + "global": map[string]interface{}{ + "nested2": map[string]interface{}{"l1": "pequod"}, + }, + }, + }, + &chart.Chart{ + Metadata: &chart.Metadata{Name: "ahab"}, + Values: map[string]interface{}{ + "global": map[string]interface{}{ + "nested": map[string]interface{}{"foo": "bar"}, + "nested2": map[string]interface{}{"l2": "ahab"}, + }, + "scope": "ahab", + "name": "ahab", + "boat": true, + "nested": map[string]interface{}{"foo": false, "bar": true}, + }, + }, + ), + &chart.Chart{ + Metadata: &chart.Metadata{Name: "spouter"}, + Values: map[string]interface{}{ + "scope": "spouter", + "global": map[string]interface{}{ + "nested2": map[string]interface{}{"l1": "spouter"}, + }, + }, + }, + ) + + vals, err := ReadValues(testCoalesceValuesYaml) + if err != nil { + t.Fatal(err) + } + + // taking a copy of the values before passing it + // to MergeValues as argument, so that we can + // use it for asserting later + valsCopy := make(Values, len(vals)) + for key, value := range vals { + valsCopy[key] = value + } + + v, err := MergeValues(c, vals) + if err != nil { + t.Fatal(err) + } + j, _ := json.MarshalIndent(v, "", " ") + t.Logf("Coalesced Values: %s", string(j)) + + tests := []struct { + tpl string + expect string + }{ + {"{{.top}}", "yup"}, + {"{{.back}}", ""}, + {"{{.name}}", "moby"}, + {"{{.global.name}}", "Ishmael"}, + {"{{.global.subject}}", "Queequeg"}, + {"{{.global.harpooner}}", ""}, + {"{{.pequod.name}}", "pequod"}, + {"{{.pequod.ahab.name}}", "ahab"}, + {"{{.pequod.ahab.scope}}", "whale"}, + {"{{.pequod.ahab.nested.foo}}", "true"}, + {"{{.pequod.ahab.global.name}}", "Ishmael"}, + {"{{.pequod.ahab.global.nested.foo}}", "bar"}, + {"{{.pequod.ahab.global.subject}}", "Queequeg"}, + {"{{.pequod.ahab.global.harpooner}}", "Tashtego"}, + {"{{.pequod.global.name}}", "Ishmael"}, + {"{{.pequod.global.nested.foo}}", ""}, + {"{{.pequod.global.subject}}", "Queequeg"}, + {"{{.spouter.global.name}}", "Ishmael"}, + {"{{.spouter.global.harpooner}}", ""}, + + {"{{.global.nested.boat}}", "true"}, + {"{{.pequod.global.nested.boat}}", "true"}, + {"{{.spouter.global.nested.boat}}", "true"}, + {"{{.pequod.global.nested.sail}}", "true"}, + {"{{.spouter.global.nested.sail}}", ""}, + + {"{{.global.nested2.l0}}", "moby"}, + {"{{.global.nested2.l1}}", ""}, + {"{{.global.nested2.l2}}", ""}, + {"{{.pequod.global.nested2.l0}}", "moby"}, + {"{{.pequod.global.nested2.l1}}", "pequod"}, + {"{{.pequod.global.nested2.l2}}", ""}, + {"{{.pequod.ahab.global.nested2.l0}}", "moby"}, + {"{{.pequod.ahab.global.nested2.l1}}", "pequod"}, + {"{{.pequod.ahab.global.nested2.l2}}", "ahab"}, + {"{{.spouter.global.nested2.l0}}", "moby"}, + {"{{.spouter.global.nested2.l1}}", "spouter"}, + {"{{.spouter.global.nested2.l2}}", ""}, + } + + for _, tt := range tests { + if o, err := ttpl(tt.tpl, v); err != nil || o != tt.expect { + t.Errorf("Expected %q to expand to %q, got %q", tt.tpl, tt.expect, o) + } + } + + // nullKeys is different from coalescing. Here the null/nil values are not + // removed. + nullKeys := []string{"bottom", "right", "left", "front"} + for _, nullKey := range nullKeys { + if vv, ok := v[nullKey]; !ok { + t.Errorf("Expected key %q to be present but it was removed", nullKey) + } else if vv != nil { + t.Errorf("Expected key %q to be null but it has a value of %v", nullKey, vv) + } + } + + if _, ok := v["nested"].(map[string]interface{})["boat"]; !ok { + t.Error("Expected nested boat key to be present but it was removed") + } + + subchart := v["pequod"].(map[string]interface{})["ahab"].(map[string]interface{}) + if _, ok := subchart["boat"]; !ok { + t.Error("Expected subchart boat key to be present but it was removed") + } + + if _, ok := subchart["nested"].(map[string]interface{})["bar"]; !ok { + t.Error("Expected subchart nested bar key to be present but it was removed") + } + + // CoalesceValues should not mutate the passed arguments + is.Equal(valsCopy, vals) +} + func TestCoalesceTables(t *testing.T) { dst := map[string]interface{}{ "name": "Ishmael", @@ -341,6 +495,143 @@ func TestCoalesceTables(t *testing.T) { } } +func TestMergeTables(t *testing.T) { + dst := map[string]interface{}{ + "name": "Ishmael", + "address": map[string]interface{}{ + "street": "123 Spouter Inn Ct.", + "city": "Nantucket", + "country": nil, + }, + "details": map[string]interface{}{ + "friends": []string{"Tashtego"}, + }, + "boat": "pequod", + "hole": nil, + } + src := map[string]interface{}{ + "occupation": "whaler", + "address": map[string]interface{}{ + "state": "MA", + "street": "234 Spouter Inn Ct.", + "country": "US", + }, + "details": "empty", + "boat": map[string]interface{}{ + "mast": true, + }, + "hole": "black", + } + + // What we expect is that anything in dst overrides anything in src, but that + // otherwise the values are coalesced. + MergeTables(dst, src) + + if dst["name"] != "Ishmael" { + t.Errorf("Unexpected name: %s", dst["name"]) + } + if dst["occupation"] != "whaler" { + t.Errorf("Unexpected occupation: %s", dst["occupation"]) + } + + addr, ok := dst["address"].(map[string]interface{}) + if !ok { + t.Fatal("Address went away.") + } + + if addr["street"].(string) != "123 Spouter Inn Ct." { + t.Errorf("Unexpected address: %v", addr["street"]) + } + + if addr["city"].(string) != "Nantucket" { + t.Errorf("Unexpected city: %v", addr["city"]) + } + + if addr["state"].(string) != "MA" { + t.Errorf("Unexpected state: %v", addr["state"]) + } + + // This is one test that is different from CoalesceTables. Because country + // is a nil value and it's not removed it's still present. + if _, ok = addr["country"]; !ok { + t.Error("The country is left out.") + } + + if det, ok := dst["details"].(map[string]interface{}); !ok { + t.Fatalf("Details is the wrong type: %v", dst["details"]) + } else if _, ok := det["friends"]; !ok { + t.Error("Could not find your friends. Maybe you don't have any. :-(") + } + + if dst["boat"].(string) != "pequod" { + t.Errorf("Expected boat string, got %v", dst["boat"]) + } + + // This is one test that is different from CoalesceTables. Because hole + // is a nil value and it's not removed it's still present. + if _, ok = dst["hole"]; !ok { + t.Error("The hole no longer exists.") + } + + dst2 := map[string]interface{}{ + "name": "Ishmael", + "address": map[string]interface{}{ + "street": "123 Spouter Inn Ct.", + "city": "Nantucket", + "country": "US", + }, + "details": map[string]interface{}{ + "friends": []string{"Tashtego"}, + }, + "boat": "pequod", + "hole": "black", + "nilval": nil, + } + + // What we expect is that anything in dst should have all values set, + // this happens when the --reuse-values flag is set but the chart has no modifications yet + MergeTables(dst2, nil) + + if dst2["name"] != "Ishmael" { + t.Errorf("Unexpected name: %s", dst2["name"]) + } + + addr2, ok := dst2["address"].(map[string]interface{}) + if !ok { + t.Fatal("Address went away.") + } + + if addr2["street"].(string) != "123 Spouter Inn Ct." { + t.Errorf("Unexpected address: %v", addr2["street"]) + } + + if addr2["city"].(string) != "Nantucket" { + t.Errorf("Unexpected city: %v", addr2["city"]) + } + + if addr2["country"].(string) != "US" { + t.Errorf("Unexpected Country: %v", addr2["country"]) + } + + if det2, ok := dst2["details"].(map[string]interface{}); !ok { + t.Fatalf("Details is the wrong type: %v", dst2["details"]) + } else if _, ok := det2["friends"]; !ok { + t.Error("Could not find your friends. Maybe you don't have any. :-(") + } + + if dst2["boat"].(string) != "pequod" { + t.Errorf("Expected boat string, got %v", dst2["boat"]) + } + + if dst2["hole"].(string) != "black" { + t.Errorf("Expected hole string, got %v", dst2["boat"]) + } + + if dst2["nilval"] != nil { + t.Error("Expected nilvalue to have nil value but it does not") + } +} + func TestCoalesceValuesWarnings(t *testing.T) { c := withDeps(&chart.Chart{ @@ -391,7 +682,7 @@ func TestCoalesceValuesWarnings(t *testing.T) { warnings = append(warnings, fmt.Sprintf(format, v...)) } - _, err := coalesce(printf, c, vals, "") + _, err := coalesce(printf, c, vals, "", false) if err != nil { t.Fatal(err) } diff --git a/pkg/chartutil/dependencies.go b/pkg/chartutil/dependencies.go index e01b95bf7..a84e9f3e3 100644 --- a/pkg/chartutil/dependencies.go +++ b/pkg/chartutil/dependencies.go @@ -19,15 +19,29 @@ import ( "log" "strings" + "github.com/mitchellh/copystructure" + "helm.sh/helm/v3/pkg/chart" ) // ProcessDependencies checks through this chart's dependencies, processing accordingly. +// +// TODO: For Helm v4 this can be combined with or turned into ProcessDependenciesWithMerge func ProcessDependencies(c *chart.Chart, v Values) error { if err := processDependencyEnabled(c, v, ""); err != nil { return err } - return processDependencyImportValues(c) + return processDependencyImportValues(c, false) +} + +// ProcessDependenciesWithMerge checks through this chart's dependencies, processing accordingly. +// It is similar to ProcessDependencies but it does not remove nil values during +// the import/export handling process. +func ProcessDependenciesWithMerge(c *chart.Chart, v Values) error { + if err := processDependencyEnabled(c, v, ""); err != nil { + return err + } + return processDependencyImportValues(c, true) } // processDependencyConditions disables charts based on condition path value in values @@ -217,12 +231,18 @@ func set(path []string, data map[string]interface{}) map[string]interface{} { } // processImportValues merges values from child to parent based on the chart's dependencies' ImportValues field. -func processImportValues(c *chart.Chart) error { +func processImportValues(c *chart.Chart, merge bool) error { if c.Metadata.Dependencies == nil { return nil } // combine chart values and empty config to get Values - cvals, err := CoalesceValues(c, nil) + var cvals Values + var err error + if merge { + cvals, err = MergeValues(c, nil) + } else { + cvals, err = CoalesceValues(c, nil) + } if err != nil { return err } @@ -248,7 +268,11 @@ func processImportValues(c *chart.Chart) error { continue } // create value map from child to be merged into parent - b = CoalesceTables(cvals, pathToMap(parent, vv.AsMap())) + if merge { + b = MergeTables(b, pathToMap(parent, vv.AsMap())) + } else { + b = CoalesceTables(b, pathToMap(parent, vv.AsMap())) + } case string: child := "exports." + iv outiv = append(outiv, map[string]string{ @@ -260,26 +284,71 @@ func processImportValues(c *chart.Chart) error { log.Printf("Warning: ImportValues missing table: %v", err) continue } - b = CoalesceTables(b, vm.AsMap()) + if merge { + b = MergeTables(b, vm.AsMap()) + } else { + b = CoalesceTables(b, vm.AsMap()) + } } } - // set our formatted import values r.ImportValues = outiv } - // set the new values - c.Values = CoalesceTables(cvals, b) + // Imported values from a child to a parent chart have a higher priority than + // values specified in the parent chart. + if merge { + // deep copying the cvals as there are cases where pointers can end + // up in the cvals when they are copied onto b in ways that break things. + cvals = deepCopyMap(cvals) + c.Values = MergeTables(b, cvals) + } else { + // Trimming the nil values from cvals is needed for backwards compatibility. + // Previously, the b value had been populated with cvals along with some + // overrides. This caused the coalescing functionality to remove the + // nil/null values. This trimming is for backwards compat. + cvals = trimNilValues(cvals) + c.Values = CoalesceTables(b, cvals) + } return nil } +func deepCopyMap(vals map[string]interface{}) map[string]interface{} { + valsCopy, err := copystructure.Copy(vals) + if err != nil { + return vals + } + return valsCopy.(map[string]interface{}) +} + +func trimNilValues(vals map[string]interface{}) map[string]interface{} { + valsCopy, err := copystructure.Copy(vals) + if err != nil { + return vals + } + valsCopyMap := valsCopy.(map[string]interface{}) + for key, val := range valsCopyMap { + if val == nil { + log.Printf("trim deleting %q", key) + // Iterate over the values and remove nil keys + delete(valsCopyMap, key) + } else if istable(val) { + log.Printf("trim copying %q", key) + // Recursively call into ourselves to remove keys from inner tables + valsCopyMap[key] = trimNilValues(val.(map[string]interface{})) + } + } + + return valsCopyMap +} + // processDependencyImportValues imports specified chart values from child to parent. -func processDependencyImportValues(c *chart.Chart) error { +func processDependencyImportValues(c *chart.Chart, merge bool) error { for _, d := range c.Dependencies() { // recurse - if err := processDependencyImportValues(d); err != nil { + if err := processDependencyImportValues(d, merge); err != nil { return err } } - return processImportValues(c) + return processImportValues(c, merge) } diff --git a/pkg/chartutil/dependencies_test.go b/pkg/chartutil/dependencies_test.go index 7f5e74956..7a932c344 100644 --- a/pkg/chartutil/dependencies_test.go +++ b/pkg/chartutil/dependencies_test.go @@ -181,10 +181,13 @@ func TestProcessDependencyImportValues(t *testing.T) { e["imported-chartA-B.SPextra5"] = "k8s" e["imported-chartA-B.SC1extra5"] = "tiller" - e["overridden-chart1.SC1bool"] = "false" - e["overridden-chart1.SC1float"] = "3.141592" - e["overridden-chart1.SC1int"] = "99" - e["overridden-chart1.SC1string"] = "pollywog" + // These values are imported from the child chart to the parent. Imported + // values take precedence over those in the parent so these should be the + // values from the child chart. + e["overridden-chart1.SC1bool"] = "true" + e["overridden-chart1.SC1float"] = "3.14" + e["overridden-chart1.SC1int"] = "100" + e["overridden-chart1.SC1string"] = "dollywood" e["overridden-chart1.SPextra2"] = "42" e["overridden-chartA.SCAbool"] = "true" @@ -193,14 +196,17 @@ func TestProcessDependencyImportValues(t *testing.T) { e["overridden-chartA.SCAstring"] = "jabberwocky" e["overridden-chartA.SPextra4"] = "true" + // These values are imported from the child chart to the parent. Imported + // values take precedence over those in the parent so these should be the + // values from the child chart. e["overridden-chartA-B.SCAbool"] = "true" - e["overridden-chartA-B.SCAfloat"] = "41.3" - e["overridden-chartA-B.SCAint"] = "808" - e["overridden-chartA-B.SCAstring"] = "jabberwocky" - e["overridden-chartA-B.SCBbool"] = "false" - e["overridden-chartA-B.SCBfloat"] = "1.99" - e["overridden-chartA-B.SCBint"] = "77" - e["overridden-chartA-B.SCBstring"] = "jango" + e["overridden-chartA-B.SCAfloat"] = "3.33" + e["overridden-chartA-B.SCAint"] = "555" + e["overridden-chartA-B.SCAstring"] = "wormwood" + e["overridden-chartA-B.SCBbool"] = "true" + e["overridden-chartA-B.SCBfloat"] = "0.25" + e["overridden-chartA-B.SCBint"] = "98" + e["overridden-chartA-B.SCBstring"] = "murkwood" e["overridden-chartA-B.SPextra6"] = "111" e["overridden-chartA-B.SCAextra1"] = "23" e["overridden-chartA-B.SCBextra1"] = "13" @@ -212,7 +218,7 @@ func TestProcessDependencyImportValues(t *testing.T) { e["SCBexported2A"] = "blaster" e["global.SC1exported2.all.SC1exported3"] = "SC1expstr" - if err := processDependencyImportValues(c); err != nil { + if err := processDependencyImportValues(c, false); err != nil { t.Fatalf("processing import values dependencies %v", err) } cc := Values(c.Values) @@ -225,18 +231,44 @@ func TestProcessDependencyImportValues(t *testing.T) { switch pv := pv.(type) { case float64: if s := strconv.FormatFloat(pv, 'f', -1, 64); s != vv { - t.Errorf("failed to match imported float value %v with expected %v", s, vv) + t.Errorf("failed to match imported float value %v with expected %v for key %q", s, vv, kk) } case bool: if b := strconv.FormatBool(pv); b != vv { - t.Errorf("failed to match imported bool value %v with expected %v", b, vv) + t.Errorf("failed to match imported bool value %v with expected %v for key %q", b, vv, kk) } default: if pv != vv { - t.Errorf("failed to match imported string value %q with expected %q", pv, vv) + t.Errorf("failed to match imported string value %q with expected %q for key %q", pv, vv, kk) } } } + + // Since this was processed with coalescing there should be no null values. + // Here we verify that. + _, err := cc.PathValue("ensurenull") + if err == nil { + t.Error("expect nil value not found but found it") + } + switch xerr := err.(type) { + case ErrNoValue: + // We found what we expected + default: + t.Errorf("expected an ErrNoValue but got %q instead", xerr) + } + + c = loadChart(t, "testdata/subpop") + if err := processDependencyImportValues(c, true); err != nil { + t.Fatalf("processing import values dependencies %v", err) + } + cc = Values(c.Values) + val, err := cc.PathValue("ensurenull") + if err != nil { + t.Error("expect value but ensurenull was not found") + } + if val != nil { + t.Errorf("expect nil value but got %q instead", val) + } } func TestProcessDependencyImportValuesMultiLevelPrecedence(t *testing.T) { @@ -244,10 +276,25 @@ func TestProcessDependencyImportValuesMultiLevelPrecedence(t *testing.T) { e := make(map[string]string) + // The order of precedence should be: + // 1. User specified values (e.g CLI) + // 2. Imported values + // 3. Parent chart values + // 4. Sub-chart values + // The 4 app charts here deal with things differently: + // - app1 has a port value set in the umbrella chart. It does not import any + // values so the value from the umbrella chart should be used. + // - app2 has a value in the app chart and imports from the library. The + // library chart value should take precedence. + // - app3 has no value in the app chart and imports the value from the library + // chart. The library chart value should be used. + // - app4 has a value in the app chart and does not import the value from the + // library chart. The app charts value should be used. e["app1.service.port"] = "3456" - e["app2.service.port"] = "8080" - - if err := processDependencyImportValues(c); err != nil { + e["app2.service.port"] = "9090" + e["app3.service.port"] = "9090" + e["app4.service.port"] = "1234" + if err := processDependencyImportValues(c, true); err != nil { t.Fatalf("processing import values dependencies %v", err) } cc := Values(c.Values) @@ -274,7 +321,7 @@ func TestProcessDependencyImportValuesForEnabledCharts(t *testing.T) { c := loadChart(t, "testdata/import-values-from-enabled-subchart/parent-chart") nameOverride := "parent-chart-prod" - if err := processDependencyImportValues(c); err != nil { + if err := processDependencyImportValues(c, false); err != nil { t.Fatalf("processing import values dependencies %v", err) } diff --git a/pkg/chartutil/testdata/subpop/values.yaml b/pkg/chartutil/testdata/subpop/values.yaml index d611d6a89..ba70ed406 100644 --- a/pkg/chartutil/testdata/subpop/values.yaml +++ b/pkg/chartutil/testdata/subpop/values.yaml @@ -41,3 +41,5 @@ tags: subchart2alias: enabled: false + +ensurenull: null diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/Chart.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/Chart.yaml index 7552e07cd..e5dbe3131 100644 --- a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/Chart.yaml +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/Chart.yaml @@ -11,3 +11,9 @@ dependencies: - name: app2 version: 0.1.0 condition: app2.enabled +- name: app3 + version: 0.1.0 + condition: app3.enabled +- name: app4 + version: 0.1.0 + condition: app4.enabled diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/Chart.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/Chart.yaml new file mode 100644 index 000000000..a42f58773 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: app3 +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 + +dependencies: +- name: library + version: 0.1.0 + import-values: + - defaults diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/Chart.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/Chart.yaml new file mode 100644 index 000000000..f2f8a90d9 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: library +description: A Helm chart for Kubernetes +type: library +version: 0.1.0 diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/templates/service.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/templates/service.yaml new file mode 100644 index 000000000..3fd398b53 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/templates/service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/values.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/values.yaml new file mode 100644 index 000000000..0c08b6cd2 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/charts/library/values.yaml @@ -0,0 +1,5 @@ +exports: + defaults: + service: + type: ClusterIP + port: 9090 diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/templates/service.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/templates/service.yaml new file mode 100644 index 000000000..8ed8ddf1f --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/templates/service.yaml @@ -0,0 +1 @@ +{{- include "library.service" . }} diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/values.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/values.yaml new file mode 100644 index 000000000..b738e2a57 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app3/values.yaml @@ -0,0 +1,2 @@ +service: + type: ClusterIP diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/Chart.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/Chart.yaml new file mode 100644 index 000000000..574bfdfd0 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: app4 +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 + +dependencies: +- name: library + version: 0.1.0 diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/Chart.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/Chart.yaml new file mode 100644 index 000000000..f2f8a90d9 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: library +description: A Helm chart for Kubernetes +type: library +version: 0.1.0 diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/templates/service.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/templates/service.yaml new file mode 100644 index 000000000..3fd398b53 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/templates/service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/values.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/values.yaml new file mode 100644 index 000000000..0c08b6cd2 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/charts/library/values.yaml @@ -0,0 +1,5 @@ +exports: + defaults: + service: + type: ClusterIP + port: 9090 diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/templates/service.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/templates/service.yaml new file mode 100644 index 000000000..8ed8ddf1f --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/templates/service.yaml @@ -0,0 +1 @@ +{{- include "library.service" . }} diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/values.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/values.yaml new file mode 100644 index 000000000..3728aa930 --- /dev/null +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/charts/app4/values.yaml @@ -0,0 +1,3 @@ +service: + type: ClusterIP + port: 1234 diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/values.yaml b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/values.yaml index 94ee31855..de0bafa51 100644 --- a/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/values.yaml +++ b/pkg/chartutil/testdata/three-level-dependent-chart/umbrella/values.yaml @@ -6,3 +6,9 @@ app1: app2: enabled: true + +app3: + enabled: true + +app4: + enabled: true diff --git a/pkg/lint/rules/template.go b/pkg/lint/rules/template.go index e6a389153..4016be42d 100644 --- a/pkg/lint/rules/template.go +++ b/pkg/lint/rules/template.go @@ -72,7 +72,7 @@ func Templates(linter *support.Linter, values map[string]interface{}, namespace // lint ignores import-values // See https://github.com/helm/helm/issues/9658 - if err := chartutil.ProcessDependencies(chart, values); err != nil { + if err := chartutil.ProcessDependenciesWithMerge(chart, values); err != nil { return } From 9dab6e977015cb92bf61c1f93a35316cae5e2462 Mon Sep 17 00:00:00 2001 From: James Blair Date: Sun, 9 Jul 2023 16:30:04 +1200 Subject: [PATCH 38/59] Remove warning for template directory not found. Some charts don't need a templates directory. The warning appears to originate back when helm expected all charts to contain templates. In CI situations where linting is performed with --strict the lint warning causes unneccessary failures for charts that quite legitimately do not contain a templates directory. As discussed in #8033 there are no longer any scenarios understood where this warning is helpful so this commit removes it. Signed-off-by: James Blair --- .../lint-chart-with-bad-subcharts-with-subcharts.txt | 5 ++--- .../testdata/output/lint-chart-with-bad-subcharts.txt | 2 +- cmd/helm/testdata/output/lint-quiet-with-error.txt | 2 +- cmd/helm/testdata/output/lint-quiet-with-warning.txt | 4 ---- pkg/action/lint_test.go | 6 +++--- pkg/lint/lint_test.go | 11 +++-------- pkg/lint/rules/template.go | 8 ++++---- 7 files changed, 14 insertions(+), 24 deletions(-) diff --git a/cmd/helm/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt b/cmd/helm/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt index e77aa387f..d43c7c361 100644 --- a/cmd/helm/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt +++ b/cmd/helm/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt @@ -1,6 +1,6 @@ ==> Linting testdata/testcharts/chart-with-bad-subcharts [INFO] Chart.yaml: icon is recommended -[WARNING] templates/: directory not found +[ERROR] templates/: error unpacking bad-subchart in chart-with-bad-subcharts: validation: chart.metadata.name is required [ERROR] : unable to load chart error unpacking bad-subchart in chart-with-bad-subcharts: validation: chart.metadata.name is required @@ -9,12 +9,11 @@ [ERROR] Chart.yaml: apiVersion is required. The value must be either "v1" or "v2" [ERROR] Chart.yaml: version is required [INFO] Chart.yaml: icon is recommended -[WARNING] templates/: directory not found +[ERROR] templates/: validation: chart.metadata.name is required [ERROR] : unable to load chart validation: chart.metadata.name is required ==> Linting testdata/testcharts/chart-with-bad-subcharts/charts/good-subchart [INFO] Chart.yaml: icon is recommended -[WARNING] templates/: directory not found Error: 3 chart(s) linted, 2 chart(s) failed diff --git a/cmd/helm/testdata/output/lint-chart-with-bad-subcharts.txt b/cmd/helm/testdata/output/lint-chart-with-bad-subcharts.txt index 265e555f7..7c898b89f 100644 --- a/cmd/helm/testdata/output/lint-chart-with-bad-subcharts.txt +++ b/cmd/helm/testdata/output/lint-chart-with-bad-subcharts.txt @@ -1,6 +1,6 @@ ==> Linting testdata/testcharts/chart-with-bad-subcharts [INFO] Chart.yaml: icon is recommended -[WARNING] templates/: directory not found +[ERROR] templates/: error unpacking bad-subchart in chart-with-bad-subcharts: validation: chart.metadata.name is required [ERROR] : unable to load chart error unpacking bad-subchart in chart-with-bad-subcharts: validation: chart.metadata.name is required diff --git a/cmd/helm/testdata/output/lint-quiet-with-error.txt b/cmd/helm/testdata/output/lint-quiet-with-error.txt index a4e8575f8..e3d29a5a3 100644 --- a/cmd/helm/testdata/output/lint-quiet-with-error.txt +++ b/cmd/helm/testdata/output/lint-quiet-with-error.txt @@ -1,7 +1,7 @@ ==> Linting testdata/testcharts/chart-bad-requirements [ERROR] Chart.yaml: unable to parse YAML error converting YAML to JSON: yaml: line 6: did not find expected '-' indicator -[WARNING] templates/: directory not found +[ERROR] templates/: cannot load Chart.yaml: error converting YAML to JSON: yaml: line 6: did not find expected '-' indicator [ERROR] : unable to load chart cannot load Chart.yaml: error converting YAML to JSON: yaml: line 6: did not find expected '-' indicator diff --git a/cmd/helm/testdata/output/lint-quiet-with-warning.txt b/cmd/helm/testdata/output/lint-quiet-with-warning.txt index 02c6fa592..e69de29bb 100644 --- a/cmd/helm/testdata/output/lint-quiet-with-warning.txt +++ b/cmd/helm/testdata/output/lint-quiet-with-warning.txt @@ -1,4 +0,0 @@ -==> Linting testdata/testcharts/chart-with-only-crds -[WARNING] templates/: directory not found - -1 chart(s) linted, 0 chart(s) failed diff --git a/pkg/action/lint_test.go b/pkg/action/lint_test.go index 1828461f3..ff69407ca 100644 --- a/pkg/action/lint_test.go +++ b/pkg/action/lint_test.go @@ -149,12 +149,12 @@ func TestLint_ChartWithWarnings(t *testing.T) { } }) - t.Run("should fail with errors when strict", func(t *testing.T) { + t.Run("should pass with no errors when strict", func(t *testing.T) { testCharts := []string{chartWithNoTemplatesDir} testLint := NewLint() testLint.Strict = true - if result := testLint.Run(testCharts, values); len(result.Errors) != 1 { - t.Error("expected one error, but got", len(result.Errors)) + if result := testLint.Run(testCharts, values); len(result.Errors) != 0 { + t.Error("expected no errors, but got", len(result.Errors)) } }) } diff --git a/pkg/lint/lint_test.go b/pkg/lint/lint_test.go index 236ad9121..5516ec668 100644 --- a/pkg/lint/lint_test.go +++ b/pkg/lint/lint_test.go @@ -43,19 +43,14 @@ func TestBadChart(t *testing.T) { t.Errorf("Number of errors %v", len(m)) t.Errorf("All didn't fail with expected errors, got %#v", m) } - // There should be one INFO, 2 WARNINGs and 2 ERROR messages, check for them - var i, w, e, e2, e3, e4, e5, e6 bool + // There should be one INFO, and 2 ERROR messages, check for them + var i, e, e2, e3, e4, e5, e6 bool for _, msg := range m { if msg.Severity == support.InfoSev { if strings.Contains(msg.Err.Error(), "icon is recommended") { i = true } } - if msg.Severity == support.WarningSev { - if strings.Contains(msg.Err.Error(), "directory not found") { - w = true - } - } if msg.Severity == support.ErrorSev { if strings.Contains(msg.Err.Error(), "version '0.0.0.0' is not a valid SemVer") { e = true @@ -81,7 +76,7 @@ func TestBadChart(t *testing.T) { } } } - if !e || !e2 || !e3 || !e4 || !e5 || !w || !i || !e6 { + if !e || !e2 || !e3 || !e4 || !e5 || !i || !e6 { t.Errorf("Didn't find all the expected errors, got %#v", m) } } diff --git a/pkg/lint/rules/template.go b/pkg/lint/rules/template.go index e6a389153..2e2847c52 100644 --- a/pkg/lint/rules/template.go +++ b/pkg/lint/rules/template.go @@ -188,10 +188,10 @@ func validateTopIndentLevel(content string) error { // Validation functions func validateTemplatesDir(templatesPath string) error { - if fi, err := os.Stat(templatesPath); err != nil { - return errors.New("directory not found") - } else if !fi.IsDir() { - return errors.New("not a directory") + if fi, err := os.Stat(templatesPath); err == nil { + if !fi.IsDir() { + return errors.New("not a directory") + } } return nil } From ef0f3e5c51c79d72e6e6f3a28f85f620607f0962 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 21:27:39 +0000 Subject: [PATCH 39/59] chore(deps): bump github.com/opencontainers/image-spec Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc2.0.20221005185240-3a7f492d3f1b to 1.1.0-rc4. - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](https://github.com/opencontainers/image-spec/commits/v1.1.0-rc4) --- updated-dependencies: - dependency-name: github.com/opencontainers/image-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cc3edc163..b7a8fdd24 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/mattn/go-shellwords v1.0.12 github.com/mitchellh/copystructure v1.2.0 github.com/moby/term v0.0.0-20221205130635-1aeaba878587 - github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b + github.com/opencontainers/image-spec v1.1.0-rc4 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 github.com/pkg/errors v0.9.1 github.com/rubenv/sql-migrate v1.5.1 diff --git a/go.sum b/go.sum index 35220f48d..08233eb2e 100644 --- a/go.sum +++ b/go.sum @@ -382,8 +382,8 @@ github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk= github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8= -github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= +github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= +github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= From f11e2dac8d7beb3d01cbdfffa273e1aa2e8fca79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 21:27:52 +0000 Subject: [PATCH 40/59] chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 1.2.1 to 1.3.2. - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](https://github.com/BurntSushi/toml/compare/v1.2.1...v1.3.2) --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cc3edc163..1faa3dc31 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module helm.sh/helm/v3 go 1.19 require ( - github.com/BurntSushi/toml v1.2.1 + github.com/BurntSushi/toml v1.3.2 github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 diff --git a/go.sum b/go.sum index 35220f48d..837965a24 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= From 7d0deb35d9694b396c20bb99f991d98c3fd2ada2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jul 2023 21:48:03 +0000 Subject: [PATCH 41/59] chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5d8bb88d3..07200b4b9 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/sirupsen/logrus v1.9.0 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.2 + github.com/stretchr/testify v1.8.4 github.com/xeipuuv/gojsonschema v1.2.0 golang.org/x/crypto v0.11.0 golang.org/x/term v0.10.0 diff --git a/go.sum b/go.sum index 9affd8ed2..f615f65c3 100644 --- a/go.sum +++ b/go.sum @@ -460,8 +460,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= From 2e223956674fd63f44f424003b7e2062fa6751ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Jul 2023 21:38:33 +0000 Subject: [PATCH 42/59] chore(deps): bump github/codeql-action from 2.20.3 to 2.21.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.3 to 2.21.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/46ed16ded91731b2df79a2893d3aea8e9f03b5c4...1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d61b3d75e..c25beb83e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # pinv2.20.3 + uses: github/codeql-action/init@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # pinv2.21.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # pinv2.20.3 + uses: github/codeql-action/autobuild@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # pinv2.21.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 # pinv2.20.3 + uses: github/codeql-action/analyze@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # pinv2.21.0 From 96e33e2773bb00a82dc94fcdb73950e08dd4229d Mon Sep 17 00:00:00 2001 From: Matt Farina Date: Thu, 20 Jul 2023 14:26:46 -0400 Subject: [PATCH 43/59] Tweaking new dry-run internal handling There are a few changes to the new dry-run handling: 1. Some documentation is added to help clarify what is happening and what is expected. 2. DryRun is never changed by internal handling. If an API user sets the property it is not changed by our code. 3. The behavior on contacting the server with false/none is made consistent between install and upgrade. Signed-off-by: Matt Farina --- cmd/helm/install.go | 8 ++++++++ cmd/helm/template.go | 3 +++ cmd/helm/upgrade.go | 3 +++ pkg/action/install.go | 23 +++++++++++++---------- pkg/action/upgrade.go | 19 +++++++++++-------- 5 files changed, 38 insertions(+), 18 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 935f1f990..bc095de77 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -142,6 +142,9 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } client.SetRegistryClient(registryClient) + // This is for the case where "" is specifically passed in as a + // value. When there is no value passed in NoOptDefVal will be used + // and it is set to client. See addInstallFlags. if client.DryRunOption == "" { client.DryRunOption = "none" } @@ -163,6 +166,11 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Install, valueOpts *values.Options) { f.BoolVar(&client.CreateNamespace, "create-namespace", false, "create the release namespace if not present") + // --dry-run options with expected outcome: + // - Not set means no dry run and server is contacted. + // - Set with no value, a value of client, or a value of true and the server is not contacted + // - Set with a value of false, none, or false and the server is contacted + // The true/false part is meant to reflect some legacy behavior while none is equal to "". f.StringVar(&client.DryRunOption, "dry-run", "", "simulate an install. If --dry-run is set with no option being specified or as '--dry-run=client', it will not attempt cluster connections. Setting '--dry-run=server' allows attempting cluster connections.") f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.Force, "force", false, "force resource updates through a replacement strategy") diff --git a/cmd/helm/template.go b/cmd/helm/template.go index 2cf89131b..f8cd8268b 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -79,6 +79,9 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } client.SetRegistryClient(registryClient) + // This is for the case where "" is specifically passed in as a + // value. When there is no value passed in NoOptDefVal will be used + // and it is set to client. See addInstallFlags. if client.DryRunOption == "" { client.DryRunOption = "true" } diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 5e23f8347..7e6082782 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -96,6 +96,9 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } client.SetRegistryClient(registryClient) + // This is for the case where "" is specifically passed in as a + // value. When there is no value passed in NoOptDefVal will be used + // and it is set to client. See addInstallFlags. if client.DryRunOption == "" { client.DryRunOption = "none" } diff --git a/pkg/action/install.go b/pkg/action/install.go index e24dde070..1860b32f3 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -233,13 +233,8 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma return nil, err } - // Determine dry run behavior - if i.DryRun || i.DryRunOption == "client" || i.DryRunOption == "server" || i.DryRunOption == "true" { - i.DryRun = true - } - var interactWithRemote bool - if !i.DryRun || i.DryRunOption == "server" || i.DryRunOption == "none" || i.DryRunOption == "false" { + if !i.isDryRun() || i.DryRunOption == "server" || i.DryRunOption == "none" || i.DryRunOption == "false" { interactWithRemote = true } @@ -247,7 +242,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma // contacts the upstream server and builds the capabilities object. if crds := chrt.CRDObjects(); !i.ClientOnly && !i.SkipCRDs && len(crds) > 0 { // On dry run, bail here - if i.DryRun { + if i.isDryRun() { i.cfg.Log("WARNING: This chart or one of its subcharts contains CRDs. Rendering may fail or contain inaccuracies.") } else if err := i.installCRDs(crds); err != nil { return nil, err @@ -281,7 +276,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // special case for helm template --is-upgrade - isUpgrade := i.IsUpgrade && i.DryRun + isUpgrade := i.IsUpgrade && i.isDryRun() options := chartutil.ReleaseOptions{ Name: i.ReleaseName, Namespace: i.Namespace, @@ -338,7 +333,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // Bail out here if it is a dry run - if i.DryRun { + if i.isDryRun() { rel.Info.Description = "Dry run complete" return rel, nil } @@ -398,6 +393,14 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } } +// isDryRun returns true if Upgrade is set to run as a DryRun +func (i *Install) isDryRun() bool { + if i.DryRun || i.DryRunOption == "client" || i.DryRunOption == "server" || i.DryRunOption == "true" { + return true + } + return false +} + func (i *Install) performInstall(c chan<- resultMessage, rel *release.Release, toBeAdopted kube.ResourceList, resources kube.ResourceList) { // pre-install hooks @@ -512,7 +515,7 @@ func (i *Install) availableName() error { return errors.Wrapf(err, "release name %q", start) } // On dry run, bail here - if i.DryRun { + if i.isDryRun() { return nil } diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index 4918f1635..8ee6ed881 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -149,11 +149,6 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. return nil, errors.Errorf("release name is invalid: %s", name) } - // Determine dry run behavior - if u.DryRun || u.DryRunOption == "client" || u.DryRunOption == "server" || u.DryRunOption == "true" { - u.DryRun = true - } - u.cfg.Log("preparing upgrade for %s", name) currentRelease, upgradedRelease, err := u.prepareUpgrade(name, chart, vals) if err != nil { @@ -169,7 +164,7 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. } // Do not update for dry runs - if !u.DryRun { + if !u.isDryRun() { u.cfg.Log("updating status for upgraded release for %s", name) if err := u.cfg.Releases.Update(upgradedRelease); err != nil { return res, err @@ -179,6 +174,14 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. return res, nil } +// isDryRun returns true if Upgrade is set to run as a DryRun +func (u *Upgrade) isDryRun() bool { + if u.DryRun || u.DryRunOption == "client" || u.DryRunOption == "server" || u.DryRunOption == "true" { + return true + } + return false +} + // prepareUpgrade builds an upgraded release for an upgrade operation. func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[string]interface{}) (*release.Release, *release.Release, error) { if chart == nil { @@ -249,7 +252,7 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin // Determine whether or not to interact with remote var interactWithRemote bool - if !u.DryRun || u.DryRunOption == "server" { + if !u.isDryRun() || u.DryRunOption == "server" || u.DryRunOption == "none" || u.DryRunOption == "false" { interactWithRemote = true } @@ -332,7 +335,7 @@ func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedR }) // Run if it is a dry run - if u.DryRun { + if u.isDryRun() { u.cfg.Log("dry run for %s", upgradedRelease.Name) if len(u.Description) > 0 { upgradedRelease.Info.Description = u.Description From 48cf02b57f76684501815b200c8223c0fbffe0e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Jul 2023 15:47:39 +0000 Subject: [PATCH 44/59] chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 07200b4b9..ff7657174 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 github.com/pkg/errors v0.9.1 github.com/rubenv/sql-migrate v1.5.1 - github.com/sirupsen/logrus v1.9.0 + github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index f615f65c3..02d9b7dbb 100644 --- a/go.sum +++ b/go.sum @@ -437,8 +437,8 @@ github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= From 4a27baaffc7ae112c2f45e3cd72dd249d9563a5a Mon Sep 17 00:00:00 2001 From: cuisongliu Date: Tue, 18 Jul 2023 22:02:05 +0800 Subject: [PATCH 45/59] fix(main): fix basic auth for helm pull or push Signed-off-by: cuisongliu --- pkg/registry/client.go | 35 +++++++++++++++++++++++++++-------- pkg/registry/util.go | 11 +++++++++++ pkg/registry/util_test.go | 28 ++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 8 deletions(-) diff --git a/pkg/registry/client.go b/pkg/registry/client.go index 509f82d4a..8ae1133f4 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -59,7 +59,7 @@ type ( out io.Writer authorizer auth.Client registryAuthorizer *registryauth.Client - resolver remotes.Resolver + resolver func(ref registry.Reference) (remotes.Resolver, error) httpClient *http.Client } @@ -86,9 +86,23 @@ func NewClient(options ...ClientOption) (*Client, error) { } client.authorizer = authClient } - if client.resolver == nil { + client.resolver = func(ref registry.Reference) (remotes.Resolver, error) { headers := http.Header{} headers.Set("User-Agent", version.GetUserAgent()) + dockerClient, ok := client.authorizer.(*dockerauth.Client) + if ok { + username, password, err := dockerClient.Credential(ref.Registry) + if err != nil { + return nil, errors.New("unable to retrieve credentials") + } + // A blank returned username and password value is a bearer token + if username == "" && password != "" { + headers.Set("Authorization", fmt.Sprintf("Bearer %s", password)) + } else { + headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password))) + } + } + opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} if client.httpClient != nil { opts = append(opts, auth.WithResolverClient(client.httpClient)) @@ -97,9 +111,8 @@ func NewClient(options ...ClientOption) (*Client, error) { if err != nil { return nil, err } - client.resolver = resolver + return resolver, nil } - // allocate a cache if option is set var cache registryauth.Cache if client.enableCache { @@ -117,7 +130,6 @@ func NewClient(options ...ClientOption) (*Client, error) { if !ok { return registryauth.EmptyCredential, errors.New("unable to obtain docker client") } - username, password, err := dockerClient.Credential(reg) if err != nil { return registryauth.EmptyCredential, errors.New("unable to retrieve credentials") @@ -324,7 +336,11 @@ func (c *Client) Pull(ref string, options ...PullOption) (*PullResult, error) { } var descriptors, layers []ocispec.Descriptor - registryStore := content.Registry{Resolver: c.resolver} + remotesResolver, err := c.resolver(parsedRef) + if err != nil { + return nil, err + } + registryStore := content.Registry{Resolver: remotesResolver} manifest, err := oras.Copy(ctx(c.out, c.debug), registryStore, parsedRef.String(), memoryStore, "", oras.WithPullEmptyNameAllowed(), @@ -562,8 +578,11 @@ func (c *Client) Push(data []byte, ref string, options ...PushOption) (*PushResu if err := memoryStore.StoreManifest(parsedRef.String(), manifest, manifestData); err != nil { return nil, err } - - registryStore := content.Registry{Resolver: c.resolver} + remotesResolver, err := c.resolver(parsedRef) + if err != nil { + return nil, err + } + registryStore := content.Registry{Resolver: remotesResolver} _, err = oras.Copy(ctx(c.out, c.debug), memoryStore, parsedRef.String(), registryStore, "", oras.WithNameValidation(nil)) if err != nil { diff --git a/pkg/registry/util.go b/pkg/registry/util.go index 8baf0852a..ca93297e6 100644 --- a/pkg/registry/util.go +++ b/pkg/registry/util.go @@ -19,6 +19,7 @@ package registry // import "helm.sh/helm/v3/pkg/registry" import ( "bytes" "context" + "encoding/base64" "fmt" "io" "net/http" @@ -245,3 +246,13 @@ func addToMap(inputMap map[string]string, newKey string, newValue string) map[st return inputMap } + +// See 2 (end of page 4) https://www.ietf.org/rfc/rfc2617.txt +// "To receive authorization, the client sends the userid and password, +// separated by a single colon (":") character, within a base64 +// encoded string in the credentials." +// It is not meant to be urlencoded. +func basicAuth(username, password string) string { + auth := username + ":" + password + return base64.StdEncoding.EncodeToString([]byte(auth)) +} diff --git a/pkg/registry/util_test.go b/pkg/registry/util_test.go index fdf09360b..f08c1fef1 100644 --- a/pkg/registry/util_test.go +++ b/pkg/registry/util_test.go @@ -238,3 +238,31 @@ func TestGenerateOCICreatedAnnotations(t *testing.T) { } } + +func Test_basicAuth(t *testing.T) { + type args struct { + username string + password string + } + tests := []struct { + name string + args args + want string + }{ + { + name: "Basic Auth", + args: args{ + username: "admin", + password: "passw0rd", + }, + want: "YWRtaW46cGFzc3cwcmQ=", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := basicAuth(tt.args.username, tt.args.password); got != tt.want { + t.Errorf("basicAuth() = %v, want %v", got, tt.want) + } + }) + } +} From e8a748d3003faaa4846d2a9f30f7225d232b76d5 Mon Sep 17 00:00:00 2001 From: Matt Farina Date: Tue, 25 Jul 2023 09:52:46 -0400 Subject: [PATCH 46/59] Updated per feedback from gjenkins8 Signed-off-by: Matt Farina --- pkg/chartutil/coalesce.go | 25 ++++++++++++++++--------- pkg/chartutil/dependencies_test.go | 2 +- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/pkg/chartutil/coalesce.go b/pkg/chartutil/coalesce.go index b8d3a875b..6cf23a122 100644 --- a/pkg/chartutil/coalesce.go +++ b/pkg/chartutil/coalesce.go @@ -43,16 +43,10 @@ func concatPrefix(a, b string) string { // - A chart has access to all of the variables for it, as well as all of // the values destined for its dependencies. func CoalesceValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) { - v, err := copystructure.Copy(vals) + valsCopy, err := copyValues(vals) if err != nil { return vals, err } - - valsCopy := v.(map[string]interface{}) - // if we have an empty map, make sure it is initialized - if valsCopy == nil { - valsCopy = make(map[string]interface{}) - } return coalesce(log.Printf, chrt, valsCopy, "", false) } @@ -71,6 +65,14 @@ func CoalesceValues(chrt *chart.Chart, vals map[string]interface{}) (Values, err // logic need to retain them for when Coalescing will happen again later in the // business logic. func MergeValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) { + valsCopy, err := copyValues(vals) + if err != nil { + return vals, err + } + return coalesce(log.Printf, chrt, valsCopy, "", true) +} + +func copyValues(vals map[string]interface{}) (Values, error) { v, err := copystructure.Copy(vals) if err != nil { return vals, err @@ -81,14 +83,19 @@ func MergeValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) if valsCopy == nil { valsCopy = make(map[string]interface{}) } - return coalesce(log.Printf, chrt, valsCopy, "", true) + + return valsCopy, nil } type printFn func(format string, v ...interface{}) // coalesce coalesces the dest values and the chart values, giving priority to the dest values. // -// This is a helper function for CoalesceValues. +// This is a helper function for CoalesceValues and MergeValues. +// +// Note, the merge argument specifies whether this is being used by MergeValues +// or CoalesceValues. Coalescing removes null values and their keys in some +// situations while merging keeps the null values. func coalesce(printf printFn, ch *chart.Chart, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { coalesceValues(printf, ch, dest, prefix, merge) return coalesceDeps(printf, ch, dest, prefix, merge) diff --git a/pkg/chartutil/dependencies_test.go b/pkg/chartutil/dependencies_test.go index 7a932c344..34ae12f95 100644 --- a/pkg/chartutil/dependencies_test.go +++ b/pkg/chartutil/dependencies_test.go @@ -321,7 +321,7 @@ func TestProcessDependencyImportValuesForEnabledCharts(t *testing.T) { c := loadChart(t, "testdata/import-values-from-enabled-subchart/parent-chart") nameOverride := "parent-chart-prod" - if err := processDependencyImportValues(c, false); err != nil { + if err := processDependencyImportValues(c, true); err != nil { t.Fatalf("processing import values dependencies %v", err) } From 95ba0c69531bca72b75f07d7fb7f53badfaa5266 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Jul 2023 21:44:55 +0000 Subject: [PATCH 47/59] chore(deps): bump github/codeql-action from 2.21.0 to 2.21.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.0 to 2.21.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8...0ba4244466797eb048eb91a6cd43d5c03ca8bd05) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c25beb83e..7a8c3fafc 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # pinv2.21.0 + uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # pinv2.21.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # pinv2.21.0 + uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # pinv2.21.2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # pinv2.21.0 + uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # pinv2.21.2 From e8e6da28d1aab2101aaec0f9b517d2be0b3c4d56 Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Thu, 3 Aug 2023 11:41:25 -0700 Subject: [PATCH 48/59] Revert "Add `helm get metadata` command" Signed-off-by: Joe Julian --- cmd/helm/get.go | 2 - cmd/helm/get_metadata.go | 94 ------------------- cmd/helm/get_metadata_test.go | 66 ------------- cmd/helm/status.go | 41 ++++---- .../testdata/output/get-metadata-args.txt | 3 - cmd/helm/testdata/output/get-metadata.json | 1 - cmd/helm/testdata/output/get-metadata.txt | 8 -- cmd/helm/testdata/output/get-metadata.yaml | 8 -- cmd/helm/testdata/output/get-release.txt | 3 - pkg/action/get_metadata.go | 69 -------------- 10 files changed, 19 insertions(+), 276 deletions(-) delete mode 100644 cmd/helm/get_metadata.go delete mode 100644 cmd/helm/get_metadata_test.go delete mode 100644 cmd/helm/testdata/output/get-metadata-args.txt delete mode 100644 cmd/helm/testdata/output/get-metadata.json delete mode 100644 cmd/helm/testdata/output/get-metadata.txt delete mode 100644 cmd/helm/testdata/output/get-metadata.yaml delete mode 100644 pkg/action/get_metadata.go diff --git a/cmd/helm/get.go b/cmd/helm/get.go index 727cdaf88..7c4854b59 100644 --- a/cmd/helm/get.go +++ b/cmd/helm/get.go @@ -33,7 +33,6 @@ get extended information about the release, including: - The generated manifest file - The notes provided by the chart of the release - The hooks associated with the release -- The metadata of the release ` func newGetCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { @@ -49,7 +48,6 @@ func newGetCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { cmd.AddCommand(newGetManifestCmd(cfg, out)) cmd.AddCommand(newGetHooksCmd(cfg, out)) cmd.AddCommand(newGetNotesCmd(cfg, out)) - cmd.AddCommand(newGetMetadataCmd(cfg, out)) return cmd } diff --git a/cmd/helm/get_metadata.go b/cmd/helm/get_metadata.go deleted file mode 100644 index 0c8302365..000000000 --- a/cmd/helm/get_metadata.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "fmt" - "io" - "log" - - "github.com/spf13/cobra" - - "helm.sh/helm/v3/cmd/helm/require" - "helm.sh/helm/v3/pkg/action" - "helm.sh/helm/v3/pkg/cli/output" -) - -type metadataWriter struct { - metadata *action.Metadata -} - -func newGetMetadataCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { - var outfmt output.Format - client := action.NewGetMetadata(cfg) - - cmd := &cobra.Command{ - Use: "metadata RELEASE_NAME", - Short: "This command fetches metadata for a given release", - Args: require.ExactArgs(1), - ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { - if len(args) != 0 { - return nil, cobra.ShellCompDirectiveNoFileComp - } - return compListReleases(toComplete, args, cfg) - }, - RunE: func(cmd *cobra.Command, args []string) error { - releaseMetadata, err := client.Run(args[0]) - if err != nil { - return err - } - return outfmt.Write(out, &metadataWriter{releaseMetadata}) - }, - } - - f := cmd.Flags() - f.IntVar(&client.Version, "revision", 0, "specify release revision") - err := cmd.RegisterFlagCompletionFunc("revision", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { - if len(args) == 1 { - return compListRevisions(toComplete, cfg, args[0]) - } - return nil, cobra.ShellCompDirectiveNoFileComp - }) - - if err != nil { - log.Fatal(err) - } - - bindOutputFlag(cmd, &outfmt) - - return cmd -} - -func (w metadataWriter) WriteTable(out io.Writer) error { - _, _ = fmt.Fprint(out, fmt.Sprintf("NAME: %v\n", w.metadata.Name)) - _, _ = fmt.Fprint(out, fmt.Sprintf("CHART: %v\n", w.metadata.Chart)) - _, _ = fmt.Fprint(out, fmt.Sprintf("VERSION: %v\n", w.metadata.Version)) - _, _ = fmt.Fprint(out, fmt.Sprintf("APP_VERSION: %v\n", w.metadata.AppVersion)) - _, _ = fmt.Fprint(out, fmt.Sprintf("NAMESPACE: %v\n", w.metadata.Namespace)) - _, _ = fmt.Fprint(out, fmt.Sprintf("REVISION: %v\n", w.metadata.Revision)) - _, _ = fmt.Fprint(out, fmt.Sprintf("STATUS: %v\n", w.metadata.Status)) - _, _ = fmt.Fprint(out, fmt.Sprintf("DEPLOYED_AT: %v\n", w.metadata.DeployedAt)) - return nil -} - -func (w metadataWriter) WriteJSON(out io.Writer) error { - return output.EncodeJSON(out, w.metadata) -} - -func (w metadataWriter) WriteYAML(out io.Writer) error { - return output.EncodeYAML(out, w.metadata) -} diff --git a/cmd/helm/get_metadata_test.go b/cmd/helm/get_metadata_test.go deleted file mode 100644 index b6f0ab9f2..000000000 --- a/cmd/helm/get_metadata_test.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "testing" - - "helm.sh/helm/v3/pkg/release" -) - -func TestGetMetadataCmd(t *testing.T) { - tests := []cmdTestCase{{ - name: "get metadata with a release", - cmd: "get metadata thomas-guide", - golden: "output/get-metadata.txt", - rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, - }, { - name: "get metadata requires release name arg", - cmd: "get metadata", - golden: "output/get-metadata-args.txt", - rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, - wantError: true, - }, { - name: "get metadata to json", - cmd: "get metadata thomas-guide --output json", - golden: "output/get-metadata.json", - rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, - }, { - name: "get metadata to yaml", - cmd: "get metadata thomas-guide --output yaml", - golden: "output/get-metadata.yaml", - rels: []*release.Release{release.Mock(&release.MockReleaseOptions{Name: "thomas-guide"})}, - }} - runTestCmd(t, tests) -} - -func TestGetMetadataCompletion(t *testing.T) { - checkReleaseCompletion(t, "get metadata", false) -} - -func TestGetMetadataRevisionCompletion(t *testing.T) { - revisionFlagCompletionTest(t, "get metadata") -} - -func TestGetMetadataOutputCompletion(t *testing.T) { - outputFlagCompletionTest(t, "get metadata") -} - -func TestGetMetadataFileCompletion(t *testing.T) { - checkFileCompletion(t, "get metadata", false) - checkFileCompletion(t, "get metadata myrelease", false) -} diff --git a/cmd/helm/status.go b/cmd/helm/status.go index bfe058494..aa22aa02a 100644 --- a/cmd/helm/status.go +++ b/cmd/helm/status.go @@ -126,18 +126,15 @@ func (s statusPrinter) WriteTable(out io.Writer) error { if s.release == nil { return nil } - _, _ = fmt.Fprintf(out, "NAME: %s\n", s.release.Name) + fmt.Fprintf(out, "NAME: %s\n", s.release.Name) if !s.release.Info.LastDeployed.IsZero() { - _, _ = fmt.Fprintf(out, "LAST DEPLOYED: %s\n", s.release.Info.LastDeployed.Format(time.ANSIC)) + fmt.Fprintf(out, "LAST DEPLOYED: %s\n", s.release.Info.LastDeployed.Format(time.ANSIC)) } - _, _ = fmt.Fprintf(out, "CHART: %s\n", s.release.Chart.Metadata.Name) - _, _ = fmt.Fprintf(out, "NAMESPACE: %s\n", s.release.Namespace) - _, _ = fmt.Fprintf(out, "STATUS: %s\n", s.release.Info.Status.String()) - _, _ = fmt.Fprintf(out, "REVISION: %d\n", s.release.Version) - _, _ = fmt.Fprintf(out, "VERSION: %s\n", s.release.Chart.Metadata.Version) - _, _ = fmt.Fprintf(out, "APP_VERSION: %s\n", s.release.Chart.Metadata.AppVersion) + fmt.Fprintf(out, "NAMESPACE: %s\n", s.release.Namespace) + fmt.Fprintf(out, "STATUS: %s\n", s.release.Info.Status.String()) + fmt.Fprintf(out, "REVISION: %d\n", s.release.Version) if s.showDescription { - _, _ = fmt.Fprintf(out, "DESCRIPTION: %s\n", s.release.Info.Description) + fmt.Fprintf(out, "DESCRIPTION: %s\n", s.release.Info.Description) } if s.showResources && s.release.Info.Resources != nil && len(s.release.Info.Resources) > 0 { @@ -152,31 +149,31 @@ func (s statusPrinter) WriteTable(out io.Writer) error { } for _, t := range keys { - _, _ = fmt.Fprintf(buf, "==> %s\n", t) + fmt.Fprintf(buf, "==> %s\n", t) vk := s.release.Info.Resources[t] for _, resource := range vk { if err := printer.PrintObj(resource, buf); err != nil { - _, _ = fmt.Fprintf(buf, "failed to print object type %s: %v\n", t, err) + fmt.Fprintf(buf, "failed to print object type %s: %v\n", t, err) } } buf.WriteString("\n") } - _, _ = fmt.Fprintf(out, "RESOURCES:\n%s\n", buf.String()) + fmt.Fprintf(out, "RESOURCES:\n%s\n", buf.String()) } executions := executionsByHookEvent(s.release) if tests, ok := executions[release.HookTest]; !ok || len(tests) == 0 { - _, _ = fmt.Fprintln(out, "TEST SUITE: None") + fmt.Fprintln(out, "TEST SUITE: None") } else { for _, h := range tests { // Don't print anything if hook has not been initiated if h.LastRun.StartedAt.IsZero() { continue } - _, _ = fmt.Fprintf(out, "TEST SUITE: %s\n%s\n%s\n%s\n", + fmt.Fprintf(out, "TEST SUITE: %s\n%s\n%s\n%s\n", h.Name, fmt.Sprintf("Last Started: %s", h.LastRun.StartedAt.Format(time.ANSIC)), fmt.Sprintf("Last Completed: %s", h.LastRun.CompletedAt.Format(time.ANSIC)), @@ -186,38 +183,38 @@ func (s statusPrinter) WriteTable(out io.Writer) error { } if s.debug { - _, _ = fmt.Fprintln(out, "USER-SUPPLIED VALUES:") + fmt.Fprintln(out, "USER-SUPPLIED VALUES:") err := output.EncodeYAML(out, s.release.Config) if err != nil { return err } // Print an extra newline - _, _ = fmt.Fprintln(out) + fmt.Fprintln(out) cfg, err := chartutil.CoalesceValues(s.release.Chart, s.release.Config) if err != nil { return err } - _, _ = fmt.Fprintln(out, "COMPUTED VALUES:") + fmt.Fprintln(out, "COMPUTED VALUES:") err = output.EncodeYAML(out, cfg.AsMap()) if err != nil { return err } // Print an extra newline - _, _ = fmt.Fprintln(out) + fmt.Fprintln(out) } if strings.EqualFold(s.release.Info.Description, "Dry run complete") || s.debug { - _, _ = fmt.Fprintln(out, "HOOKS:") + fmt.Fprintln(out, "HOOKS:") for _, h := range s.release.Hooks { - _, _ = fmt.Fprintf(out, "---\n# Source: %s\n%s\n", h.Path, h.Manifest) + fmt.Fprintf(out, "---\n# Source: %s\n%s\n", h.Path, h.Manifest) } - _, _ = fmt.Fprintf(out, "MANIFEST:\n%s\n", s.release.Manifest) + fmt.Fprintf(out, "MANIFEST:\n%s\n", s.release.Manifest) } if len(s.release.Info.Notes) > 0 { - _, _ = fmt.Fprintf(out, "NOTES:\n%s\n", strings.TrimSpace(s.release.Info.Notes)) + fmt.Fprintf(out, "NOTES:\n%s\n", strings.TrimSpace(s.release.Info.Notes)) } return nil } diff --git a/cmd/helm/testdata/output/get-metadata-args.txt b/cmd/helm/testdata/output/get-metadata-args.txt deleted file mode 100644 index acd3f4c15..000000000 --- a/cmd/helm/testdata/output/get-metadata-args.txt +++ /dev/null @@ -1,3 +0,0 @@ -Error: "helm get metadata" requires 1 argument - -Usage: helm get metadata RELEASE_NAME [flags] diff --git a/cmd/helm/testdata/output/get-metadata.json b/cmd/helm/testdata/output/get-metadata.json deleted file mode 100644 index 1d5152b24..000000000 --- a/cmd/helm/testdata/output/get-metadata.json +++ /dev/null @@ -1 +0,0 @@ -{"name":"thomas-guide","chart":"foo","version":"0.1.0-beta.1","appVersion":"1.0","namespace":"default","revision":1,"status":"deployed","deployedAt":"1977-09-02T22:04:05Z"} diff --git a/cmd/helm/testdata/output/get-metadata.txt b/cmd/helm/testdata/output/get-metadata.txt deleted file mode 100644 index b91f1b86a..000000000 --- a/cmd/helm/testdata/output/get-metadata.txt +++ /dev/null @@ -1,8 +0,0 @@ -NAME: thomas-guide -CHART: foo -VERSION: 0.1.0-beta.1 -APP_VERSION: 1.0 -NAMESPACE: default -REVISION: 1 -STATUS: deployed -DEPLOYED_AT: 1977-09-02T22:04:05Z diff --git a/cmd/helm/testdata/output/get-metadata.yaml b/cmd/helm/testdata/output/get-metadata.yaml deleted file mode 100644 index b6d49b038..000000000 --- a/cmd/helm/testdata/output/get-metadata.yaml +++ /dev/null @@ -1,8 +0,0 @@ -appVersion: "1.0" -chart: foo -deployedAt: "1977-09-02T22:04:05Z" -name: thomas-guide -namespace: default -revision: 1 -status: deployed -version: 0.1.0-beta.1 diff --git a/cmd/helm/testdata/output/get-release.txt b/cmd/helm/testdata/output/get-release.txt index 3e83ca946..f6c3b57eb 100644 --- a/cmd/helm/testdata/output/get-release.txt +++ b/cmd/helm/testdata/output/get-release.txt @@ -1,11 +1,8 @@ NAME: thomas-guide LAST DEPLOYED: Fri Sep 2 22:04:05 1977 -CHART: foo NAMESPACE: default STATUS: deployed REVISION: 1 -VERSION: 0.1.0-beta.1 -APP_VERSION: 1.0 TEST SUITE: None USER-SUPPLIED VALUES: name: value diff --git a/pkg/action/get_metadata.go b/pkg/action/get_metadata.go deleted file mode 100644 index ec096ae16..000000000 --- a/pkg/action/get_metadata.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package action - -import "time" - -// GetMetadata is the action for checking a given release's metadata. -// -// It provides the implementation of 'helm get metadata'. -type GetMetadata struct { - cfg *Configuration - - Version int -} - -type Metadata struct { - Name string `json:"name" yaml:"name"` - Chart string `json:"chart" yaml:"chart"` - Version string `json:"version" yaml:"version"` - AppVersion string `json:"appVersion" yaml:"appVersion"` - Namespace string `json:"namespace" yaml:"namespace"` - Revision int `json:"revision" yaml:"revision"` - Status string `json:"status" yaml:"status"` - DeployedAt string `json:"deployedAt" yaml:"deployedAt"` -} - -// NewGetMetadata creates a new GetMetadata object with the given configuration. -func NewGetMetadata(cfg *Configuration) *GetMetadata { - return &GetMetadata{ - cfg: cfg, - } -} - -// Run executes 'helm get metadata' against the given release. -func (g *GetMetadata) Run(name string) (*Metadata, error) { - if err := g.cfg.KubeClient.IsReachable(); err != nil { - return nil, err - } - - rel, err := g.cfg.releaseContent(name, g.Version) - if err != nil { - return nil, err - } - - return &Metadata{ - Name: rel.Name, - Chart: rel.Chart.Metadata.Name, - Version: rel.Chart.Metadata.Version, - AppVersion: rel.Chart.Metadata.AppVersion, - Namespace: rel.Namespace, - Revision: rel.Version, - Status: rel.Info.Status.String(), - DeployedAt: rel.Info.LastDeployed.Format(time.RFC3339), - }, nil -} From 5c7a63138b70f2493be7ea5245791ba40091b9b2 Mon Sep 17 00:00:00 2001 From: MR ZHAO <62738635+heijian123@users.noreply.github.com> Date: Mon, 7 Aug 2023 09:48:04 +0800 Subject: [PATCH 49/59] Fix helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject Signed-off-by: MR ZHAO <62738635+heijian123@users.noreply.github.com> --- pkg/chart/loader/archive.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkg/chart/loader/archive.go b/pkg/chart/loader/archive.go index 8b38cb89f..196e5f81d 100644 --- a/pkg/chart/loader/archive.go +++ b/pkg/chart/loader/archive.go @@ -85,7 +85,10 @@ func ensureArchive(name string, raw *os.File) error { if err != nil && err != io.EOF { return fmt.Errorf("file '%s' cannot be read: %s", name, err) } - if contentType := http.DetectContentType(buffer); contentType != "application/x-gzip" { + + // Helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject. + // Fix for: https://github.com/helm/helm/issues/12261 + if contentType := http.DetectContentType(buffer); contentType != "application/x-gzip" && !isGZipApplication(buffer) { // TODO: Is there a way to reliably test if a file content is YAML? ghodss/yaml accepts a wide // variety of content (Makefile, .zshrc) as valid YAML without errors. @@ -98,6 +101,12 @@ func ensureArchive(name string, raw *os.File) error { return nil } +// isGZipApplication checks whether the achieve is of the application/x-gzip type. +func isGZipApplication(data []byte) bool { + sig := []byte("\x1F\x8B\x08") + return bytes.HasPrefix(data, sig) +} + // LoadArchiveFiles reads in files out of an archive into memory. This function // performs important path security checks and should always be used before // expanding a tarball From c3a4122dc6a8e2ec78a2f82e1aeb380915935205 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Aug 2023 21:28:39 +0000 Subject: [PATCH 50/59] chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.1 to 4.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/fac708d6674e30b6ba41289acaab6d4b75aa0753...93397bea11091df50f3d7e59dc26a7711a8bcfbe) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build-test.yml | 2 +- .github/workflows/release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 3a8fb215b..85e1369b3 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -15,7 +15,7 @@ jobs: - name: Checkout source code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # pin@v3.5.3 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # pin@4.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # pin@4.1.0 with: go-version: '1.20' - name: Install golangci-lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bd8a3e8d1..1e2d7b223 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # pin@v3.5.3 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # pin@4.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # pin@4.1.0 with: go-version: '1.20' @@ -52,7 +52,7 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # pin@v3.5.3 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # pin@4.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # pin@4.1.0 with: go-version: '1.20' From aab4c4552edea8d8ec617b75b7da667183a2593d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Aug 2023 21:28:46 +0000 Subject: [PATCH 51/59] chore(deps): bump github/codeql-action from 2.21.2 to 2.21.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0ba4244466797eb048eb91a6cd43d5c03ca8bd05...5b6282e01c62d02e720b81eb8a51204f527c3624) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7a8c3fafc..a7b246d3d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # pinv2.21.2 + uses: github/codeql-action/init@5b6282e01c62d02e720b81eb8a51204f527c3624 # pinv2.21.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # pinv2.21.2 + uses: github/codeql-action/autobuild@5b6282e01c62d02e720b81eb8a51204f527c3624 # pinv2.21.3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # pinv2.21.2 + uses: github/codeql-action/analyze@5b6282e01c62d02e720b81eb8a51204f527c3624 # pinv2.21.3 From 48dbda2fa8d1e8981c271a56fe51bdf8b131fac2 Mon Sep 17 00:00:00 2001 From: suzaku Date: Mon, 17 Jan 2022 10:53:53 +0800 Subject: [PATCH 52/59] Fix #3352, add support for --ignore-not-found just like kubectl delete Signed-off-by: suzaku --- cmd/helm/uninstall.go | 1 + pkg/action/uninstall.go | 4 ++++ pkg/action/uninstall_test.go | 11 +++++++++++ 3 files changed, 16 insertions(+) diff --git a/cmd/helm/uninstall.go b/cmd/helm/uninstall.go index 1a47e972c..9ced8fef0 100644 --- a/cmd/helm/uninstall.go +++ b/cmd/helm/uninstall.go @@ -74,6 +74,7 @@ func newUninstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f := cmd.Flags() f.BoolVar(&client.DryRun, "dry-run", false, "simulate a uninstall") f.BoolVar(&client.DisableHooks, "no-hooks", false, "prevent hooks from running during uninstallation") + f.BoolVar(&client.IgnoreNotFound, "ignore-not-found", false, `Treat "release not found" as a successful uninstall`) f.BoolVar(&client.KeepHistory, "keep-history", false, "remove all associated resources and mark the release as deleted, but retain the release history") f.BoolVar(&client.Wait, "wait", false, "if set, will wait until all the resources are deleted before returning. It will wait for as long as --timeout") f.StringVar(&client.DeletionPropagation, "cascade", "background", "Must be \"background\", \"orphan\", or \"foreground\". Selects the deletion cascading strategy for the dependents. Defaults to background.") diff --git a/pkg/action/uninstall.go b/pkg/action/uninstall.go index 801498544..a08cb2320 100644 --- a/pkg/action/uninstall.go +++ b/pkg/action/uninstall.go @@ -38,6 +38,7 @@ type Uninstall struct { DisableHooks bool DryRun bool + IgnoreNotFound bool KeepHistory bool Wait bool DeletionPropagation string @@ -73,6 +74,9 @@ func (u *Uninstall) Run(name string) (*release.UninstallReleaseResponse, error) rels, err := u.cfg.Releases.History(name) if err != nil { + if u.IgnoreNotFound { + return nil, nil + } return nil, errors.Wrapf(err, "uninstall: Release not loaded: %s", name) } if len(rels) < 1 { diff --git a/pkg/action/uninstall_test.go b/pkg/action/uninstall_test.go index 311a34923..869ffb8c7 100644 --- a/pkg/action/uninstall_test.go +++ b/pkg/action/uninstall_test.go @@ -32,6 +32,17 @@ func uninstallAction(t *testing.T) *Uninstall { return unAction } +func TestUninstallRelease_ignoreNotFound(t *testing.T) { + unAction := uninstallAction(t) + unAction.DryRun = false + unAction.IgnoreNotFound = true + + is := assert.New(t) + res, err := unAction.Run("release-non-exist") + is.Nil(res) + is.NoError(err) +} + func TestUninstallRelease_deleteRelease(t *testing.T) { is := assert.New(t) From 5b0898513820e5952e0293b81fd098429f0e394f Mon Sep 17 00:00:00 2001 From: satoru Date: Sun, 4 Sep 2022 16:21:54 +0800 Subject: [PATCH 53/59] goimports Signed-off-by: satoru --- pkg/action/uninstall.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/action/uninstall.go b/pkg/action/uninstall.go index a08cb2320..40d82243e 100644 --- a/pkg/action/uninstall.go +++ b/pkg/action/uninstall.go @@ -21,6 +21,7 @@ import ( "time" "github.com/pkg/errors" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "helm.sh/helm/v3/pkg/chartutil" From 197d1defbf8262c22396e061791cf7c4b8559e9b Mon Sep 17 00:00:00 2001 From: Antonio Gamez Diaz Date: Wed, 9 Aug 2023 11:40:57 +0200 Subject: [PATCH 54/59] Add required changes after merge Signed-off-by: Antonio Gamez Diaz --- pkg/registry/client.go | 60 +++++++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 27 deletions(-) diff --git a/pkg/registry/client.go b/pkg/registry/client.go index 5c0110e32..95dc6d631 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -87,36 +87,40 @@ func NewClient(options ...ClientOption) (*Client, error) { } client.authorizer = authClient } - client.resolver = func(ref registry.Reference) (remotes.Resolver, error) { - headers := http.Header{} - headers.Set("User-Agent", version.GetUserAgent()) - dockerClient, ok := client.authorizer.(*dockerauth.Client) - if ok { - username, password, err := dockerClient.Credential(ref.Registry) - if err != nil { - return nil, errors.New("unable to retrieve credentials") - } - // A blank returned username and password value is a bearer token - if username == "" && password != "" { - headers.Set("Authorization", fmt.Sprintf("Bearer %s", password)) - } else { - headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password))) + + if client.resolver == nil { + client.resolver = func(ref registry.Reference) (remotes.Resolver, error) { + headers := http.Header{} + headers.Set("User-Agent", version.GetUserAgent()) + dockerClient, ok := client.authorizer.(*dockerauth.Client) + if ok { + username, password, err := dockerClient.Credential(ref.Registry) + if err != nil { + return nil, errors.New("unable to retrieve credentials") + } + // A blank returned username and password value is a bearer token + if username == "" && password != "" { + headers.Set("Authorization", fmt.Sprintf("Bearer %s", password)) + } else { + headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password))) + } } - } - opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} - if client.httpClient != nil { - opts = append(opts, auth.WithResolverClient(client.httpClient)) - } - if client.plainHTTP { - opts = append(opts, auth.WithResolverPlainHTTP()) - } - resolver, err := client.authorizer.ResolverWithOpts(opts...) - if err != nil { - return nil, err + opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} + if client.httpClient != nil { + opts = append(opts, auth.WithResolverClient(client.httpClient)) + } + if client.plainHTTP { + opts = append(opts, auth.WithResolverPlainHTTP()) + } + resolver, err := client.authorizer.ResolverWithOpts(opts...) + if err != nil { + return nil, err + } + return resolver, nil } - return resolver, nil } + // allocate a cache if option is set var cache registryauth.Cache if client.enableCache { @@ -202,7 +206,9 @@ func ClientOptPlainHTTP() ClientOption { // ClientOptResolver returns a function that sets the resolver setting on a client options set func ClientOptResolver(resolver remotes.Resolver) ClientOption { return func(client *Client) { - client.resolver = resolver + client.resolver = func(ref registry.Reference) (remotes.Resolver, error) { + return resolver, nil + } } } From 3607cd7110a8e62c69ea02900139c1c54534aaa9 Mon Sep 17 00:00:00 2001 From: Antonio Gamez Diaz Date: Wed, 9 Aug 2023 23:53:56 +0200 Subject: [PATCH 55/59] Avoid nil dereference if passing a nil resolver Signed-off-by: Antonio Gamez Diaz --- pkg/registry/client.go | 58 +++++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/pkg/registry/client.go b/pkg/registry/client.go index 95dc6d631..0dfa6926f 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -88,37 +88,43 @@ func NewClient(options ...ClientOption) (*Client, error) { client.authorizer = authClient } - if client.resolver == nil { - client.resolver = func(ref registry.Reference) (remotes.Resolver, error) { - headers := http.Header{} - headers.Set("User-Agent", version.GetUserAgent()) - dockerClient, ok := client.authorizer.(*dockerauth.Client) - if ok { - username, password, err := dockerClient.Credential(ref.Registry) - if err != nil { - return nil, errors.New("unable to retrieve credentials") - } - // A blank returned username and password value is a bearer token - if username == "" && password != "" { - headers.Set("Authorization", fmt.Sprintf("Bearer %s", password)) - } else { - headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password))) - } + resolverFn := client.resolver // copy for avoiding recursive call + client.resolver = func(ref registry.Reference) (remotes.Resolver, error) { + if resolverFn != nil { + // validate if the resolverFn returns a valid resolver + if resolver, err := resolverFn(ref); resolver != nil && err == nil { + return resolver, nil } + } - opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} - if client.httpClient != nil { - opts = append(opts, auth.WithResolverClient(client.httpClient)) - } - if client.plainHTTP { - opts = append(opts, auth.WithResolverPlainHTTP()) - } - resolver, err := client.authorizer.ResolverWithOpts(opts...) + headers := http.Header{} + headers.Set("User-Agent", version.GetUserAgent()) + dockerClient, ok := client.authorizer.(*dockerauth.Client) + if ok { + username, password, err := dockerClient.Credential(ref.Registry) if err != nil { - return nil, err + return nil, errors.New("unable to retrieve credentials") } - return resolver, nil + // A blank returned username and password value is a bearer token + if username == "" && password != "" { + headers.Set("Authorization", fmt.Sprintf("Bearer %s", password)) + } else { + headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password))) + } + } + + opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} + if client.httpClient != nil { + opts = append(opts, auth.WithResolverClient(client.httpClient)) + } + if client.plainHTTP { + opts = append(opts, auth.WithResolverPlainHTTP()) + } + resolver, err := client.authorizer.ResolverWithOpts(opts...) + if err != nil { + return nil, err } + return resolver, nil } // allocate a cache if option is set From bf543d94e95557cd4cc796ec5313e4548b4d126f Mon Sep 17 00:00:00 2001 From: guoguangwu Date: Thu, 10 Aug 2023 14:38:08 +0800 Subject: [PATCH 56/59] fix: precedence typo Signed-off-by: guoguangwu --- pkg/chartutil/testdata/three-level-dependent-chart/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/chartutil/testdata/three-level-dependent-chart/README.md b/pkg/chartutil/testdata/three-level-dependent-chart/README.md index a5fed642d..e6f586a5c 100644 --- a/pkg/chartutil/testdata/three-level-dependent-chart/README.md +++ b/pkg/chartutil/testdata/three-level-dependent-chart/README.md @@ -8,7 +8,7 @@ Consists of the following charts: - App Chart (Uses Library Chart as dependecy, 2x: app1/app2) - Umbrella Chart (Has all the app charts as dependencies) -The precendence is as follows: `library < app < umbrella` +The precedence is as follows: `library < app < umbrella` Catches two use-cases: From 2011a3191c814ed976b05cb44aa7e9277383422c Mon Sep 17 00:00:00 2001 From: 0xff-dev Date: Thu, 13 Jul 2023 16:55:46 +0800 Subject: [PATCH 57/59] chore: HTTPGetter add default timeout Signed-off-by: 0xff-dev Co-authored-by: bjwswang Co-authored-by: Abirdcfly --- pkg/getter/getter.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/pkg/getter/getter.go b/pkg/getter/getter.go index 653b032fe..3ba72ccde 100644 --- a/pkg/getter/getter.go +++ b/pkg/getter/getter.go @@ -172,9 +172,21 @@ func (p Providers) ByScheme(scheme string) (Getter, error) { return nil, errors.Errorf("scheme %q not supported", scheme) } +const ( + // The cost timeout references curl's default connection timeout. + // https://github.com/curl/curl/blob/master/lib/connect.h#L40C21-L40C21 + // The helm commands are usually executed manually. Considering the acceptable waiting time, we reduced the entire request time to 120s. + DefaultHTTPTimeout = 120 +) + +var defaultOptions = []Option{WithTimeout(time.Second * DefaultHTTPTimeout)} + var httpProvider = Provider{ Schemes: []string{"http", "https"}, - New: NewHTTPGetter, + New: func(options ...Option) (Getter, error) { + options = append(options, defaultOptions...) + return NewHTTPGetter(options...) + }, } var ociProvider = Provider{ From 04850dc73dc7a5c7e8d66ccc9d10d273c109598f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 21:41:05 +0000 Subject: [PATCH 58/59] chore(deps): bump github/codeql-action from 2.21.3 to 2.21.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.3 to 2.21.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5b6282e01c62d02e720b81eb8a51204f527c3624...a09933a12a80f87b87005513f0abb1494c27a716) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a7b246d3d..09231cb97 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5b6282e01c62d02e720b81eb8a51204f527c3624 # pinv2.21.3 + uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # pinv2.21.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@5b6282e01c62d02e720b81eb8a51204f527c3624 # pinv2.21.3 + uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # pinv2.21.4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5b6282e01c62d02e720b81eb8a51204f527c3624 # pinv2.21.3 + uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # pinv2.21.4 From 758dc0163013baab18bd72718f7a4eb26a32e8e3 Mon Sep 17 00:00:00 2001 From: Ian Zink Date: Tue, 15 Aug 2023 12:14:05 -0500 Subject: [PATCH 59/59] Add Ian Zink (z4ce) as triage maintainer Adds Ian Zink (z4ce) as a triage maintainer Signed-off-by: Ian Zink --- OWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/OWNERS b/OWNERS index cbc2cfffc..cc18ea522 100644 --- a/OWNERS +++ b/OWNERS @@ -11,6 +11,7 @@ triage: - yxxhero - zonggen - gjenkins8 + - z4ce emeritus: - adamreese - bacongobbler