diff --git a/.github/ISSUE_TEMPLATE/bug-report.yaml b/.github/ISSUE_TEMPLATE/bug-report.yaml index 4309d800b..1637d26a5 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yaml +++ b/.github/ISSUE_TEMPLATE/bug-report.yaml @@ -44,6 +44,7 @@ body: label: Helm version value: |
+ ```console $ helm version # paste output here diff --git a/.github/env b/.github/env index 4384ba074..9d79b174f 100644 --- a/.github/env +++ b/.github/env @@ -1,2 +1,2 @@ -GOLANG_VERSION=1.24 -GOLANGCI_LINT_VERSION=v2.1.0 +GOLANG_VERSION=1.25 +GOLANGCI_LINT_VERSION=v2.5.0 diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 6a9d217b0..dbd885350 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -28,6 +28,8 @@ jobs: check-latest: true - name: Test source headers are present run: make test-source-headers + - name: Check if go modules need to be tidied + run: go mod tidy -diff - name: Run unit tests run: make test-coverage - name: Test build diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c1a2bff20..1606902c7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,7 +47,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # pinv3.26.6 + uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # pinv4.30.7 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -58,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # pinv3.26.6 + uses: github/codeql-action/autobuild@e296a935590eb16afc0c0108289f68c87e2a89a5 # pinv4.30.7 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -72,4 +72,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # pinv3.26.6 + uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # pinv4.30.7 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 0d5b4e969..ff441aad5 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -22,6 +22,6 @@ jobs: go-version: '${{ env.GOLANG_VERSION }}' check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 #pin@8.0.0 + uses: golangci/golangci-lint-action@0a35821d5c230e903fcfe077583637dea1b27b47 #pin@9.0.0 with: version: ${{ env.GOLANGCI_LINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 21c527442..a5d547ad6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ permissions: read-all # job is triggered by a tag push, VERSION should be the tag ref. jobs: release: - if: startsWith(github.ref, 'refs/tags/v') + if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'helm/helm' runs-on: ubuntu-latest-16-cores steps: - name: Checkout source code @@ -49,8 +49,13 @@ jobs: # Push the latest semver tag, excluding prerelease tags LATEST_VERSION="$(git tag | sort -r --version-sort | grep '^v[0-9]' | grep -v '-' | head -n1)" echo "LATEST_VERSION=${LATEST_VERSION}" + if [[ "${LATEST_VERSION}" != v4.* ]]; then + echo "Error: Latest version ${LATEST_VERSION} is not a v4 release" + exit 1 + fi + echo "${LATEST_VERSION}" > _dist_versions/helm-latest-version - echo "${LATEST_VERSION}" > _dist_versions/helm3-latest-version + echo "${LATEST_VERSION}" > _dist_versions/helm4-latest-version - name: Upload Binaries uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 # pin@3.0.0 @@ -76,7 +81,7 @@ jobs: canary-release: runs-on: ubuntu-latest-16-cores - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && github.repository == 'helm/helm' steps: - name: Checkout source code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6a44c8afb..4b836a33c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,7 +33,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -64,6 +64,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 3417e1734..3d72d1e17 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs.' diff --git a/.gitignore b/.gitignore index 7ea0717ed..0fd2c6bda 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ *.swp .DS_Store .coverage/ -.idea/ +.idea .vimrc .vscode/ .devcontainer/ diff --git a/.golangci.yml b/.golangci.yml index a9b13c35f..236dadf7b 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -33,6 +33,7 @@ linters: - usetesting exclusions: + generated: lax presets: @@ -41,7 +42,13 @@ linters: - legacy - std-error-handling - rules: [] + rules: + # This rule is triggered for packages like 'util'. When changes to those packages + # occur it triggers this rule. This exclusion enables making changes to existing + # packages. + - linters: + - revive + text: 'var-naming: avoid meaningless package names' warn-unused: true diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 000000000..d2904a9da --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,48 @@ +# AGENTS.md + +## Overview +Helm is a package manager for Kubernetes written in Go, supporting v3 (stable) and v4 (unstable) APIs. + +## Build & Test +```bash +make build # Build binary +make test # Run all tests (style + unit) +make test-unit # Unit tests only +make test-coverage # With coverage +make test-style # Linting +golangci-lint run # Direct linting +go test -run TestName # Specific test +``` + +## Code Structure +- `/cmd/helm/` - CLI entry point (Cobra-based) +- `/pkg/` - Public API + - `action/` - Core operations (install, upgrade, rollback) + - `chart/v2/` - Stable chart format + - `engine/` - Template rendering (Go templates + Sprig) + - `registry/` - OCI support + - `storage/` - Release backends (Secrets/ConfigMaps/SQL) +- `/internal/` - Private implementation + - `chart/v3/` - Next-gen chart format + +## Development Guidelines + +### Code Standards +- Use table-driven tests with testify +- Golden files in `testdata/` for complex output +- Mock Kubernetes clients for action tests +- All commits must include DCO sign-off: `git commit -s` + +### Branching +- `main` - Helm v4 development +- `dev-v3` - Helm v3 stable (backport from main) + +### Dependencies +- `k8s.io/client-go` - Kubernetes interaction +- `github.com/spf13/cobra` - CLI framework +- `github.com/Masterminds/sprig` - Template functions + +### Key Patterns +- **Actions**: Operations in `/pkg/action/` use shared Configuration +- **Dual Chart Support**: v2 (stable) in `/pkg/`, v3 (dev) in `/internal/` +- **Storage Abstraction**: Pluggable release storage backends diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8ab93403d..e809e7ca2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -120,7 +120,7 @@ specific upcoming bugfix or feature release could fall into one of two different Issues and PRs which are deemed backwards-incompatible may be added to the discussion items for Helm 4 with [label:v4.x](https://github.com/helm/helm/labels/v4.x). An issue or PR that we are not -sure we will be addressing will not be added to any milestone. +sure if we will be addressing will not be added to any milestone. A milestone (and hence release) can be closed when all outstanding issues/PRs have been closed or moved to another milestone and the associated release has been published. @@ -160,8 +160,8 @@ There are 5 types of issues (each with their own corresponding [label](#labels)) discussion, these can turn into `feature` or `bug` issues. - `proposal`: Used for items (like this one) that propose a new ideas or functionality that require a larger community discussion. This allows for feedback from others in the community before a - feature is actually developed. This is not needed for small additions. Final word on whether or - not a feature needs a proposal is up to the core maintainers. All issues that are proposals should + feature is actually developed. This is not needed for small additions. Final word on whether + a feature needs a proposal is up to the core maintainers. All issues that are proposals should both have a label and an issue title of "Proposal: [the rest of the title]." A proposal can become a `feature` and does not require a milestone. - `feature`: These track specific feature requests and ideas until they are complete. They can @@ -179,7 +179,7 @@ below. 2. Triage - The maintainer in charge of triaging will apply the proper labels for the issue. This includes labels for priority, type, and metadata (such as `good first issue`). The only issue priority - we will be tracking is whether or not the issue is "critical." If additional levels are needed + we will be tracking is whether the issue is "critical." If additional levels are needed in the future, we will add them. - (If needed) Clean up the title to succinctly and clearly state the issue. Also ensure that proposals are prefaced with "Proposal: [the rest of the title]". diff --git a/Makefile b/Makefile index 0a20259bd..4cf779438 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ BINDIR := $(CURDIR)/bin INSTALL_PATH ?= /usr/local/bin DIST_DIRS := find * -type d -exec -TARGETS := darwin/amd64 darwin/arm64 linux/amd64 linux/386 linux/arm linux/arm64 linux/ppc64le linux/s390x linux/riscv64 windows/amd64 windows/arm64 -TARGET_OBJS ?= darwin-amd64.tar.gz darwin-amd64.tar.gz.sha256 darwin-amd64.tar.gz.sha256sum darwin-arm64.tar.gz darwin-arm64.tar.gz.sha256 darwin-arm64.tar.gz.sha256sum linux-amd64.tar.gz linux-amd64.tar.gz.sha256 linux-amd64.tar.gz.sha256sum linux-386.tar.gz linux-386.tar.gz.sha256 linux-386.tar.gz.sha256sum linux-arm.tar.gz linux-arm.tar.gz.sha256 linux-arm.tar.gz.sha256sum linux-arm64.tar.gz linux-arm64.tar.gz.sha256 linux-arm64.tar.gz.sha256sum linux-ppc64le.tar.gz linux-ppc64le.tar.gz.sha256 linux-ppc64le.tar.gz.sha256sum linux-s390x.tar.gz linux-s390x.tar.gz.sha256 linux-s390x.tar.gz.sha256sum linux-riscv64.tar.gz linux-riscv64.tar.gz.sha256 linux-riscv64.tar.gz.sha256sum windows-amd64.zip windows-amd64.zip.sha256 windows-amd64.zip.sha256sum windows-arm64.zip windows-arm64.zip.sha256 windows-arm64.zip.sha256sum +TARGETS := darwin/amd64 darwin/arm64 linux/amd64 linux/386 linux/arm linux/arm64 linux/loong64 linux/ppc64le linux/s390x linux/riscv64 windows/amd64 windows/arm64 +TARGET_OBJS ?= darwin-amd64.tar.gz darwin-amd64.tar.gz.sha256 darwin-amd64.tar.gz.sha256sum darwin-arm64.tar.gz darwin-arm64.tar.gz.sha256 darwin-arm64.tar.gz.sha256sum linux-amd64.tar.gz linux-amd64.tar.gz.sha256 linux-amd64.tar.gz.sha256sum linux-386.tar.gz linux-386.tar.gz.sha256 linux-386.tar.gz.sha256sum linux-arm.tar.gz linux-arm.tar.gz.sha256 linux-arm.tar.gz.sha256sum linux-arm64.tar.gz linux-arm64.tar.gz.sha256 linux-arm64.tar.gz.sha256sum linux-loong64.tar.gz linux-loong64.tar.gz.sha256 linux-loong64.tar.gz.sha256sum linux-ppc64le.tar.gz linux-ppc64le.tar.gz.sha256 linux-ppc64le.tar.gz.sha256sum linux-s390x.tar.gz linux-s390x.tar.gz.sha256 linux-s390x.tar.gz.sha256sum linux-riscv64.tar.gz linux-riscv64.tar.gz.sha256 linux-riscv64.tar.gz.sha256sum windows-amd64.zip windows-amd64.zip.sha256 windows-amd64.zip.sha256sum windows-arm64.zip windows-arm64.zip.sha256 windows-arm64.zip.sha256sum BINNAME ?= helm GOBIN = $(shell go env GOBIN) @@ -13,9 +13,9 @@ GOX = $(GOBIN)/gox GOIMPORTS = $(GOBIN)/goimports ARCH = $(shell go env GOARCH) -ACCEPTANCE_DIR:=../acceptance-testing +ACCEPTANCE_DIR := ../acceptance-testing # To specify the subset of acceptance tests to run. '.' means all tests -ACCEPTANCE_RUN_TESTS=. +ACCEPTANCE_RUN_TESTS = . # go option PKG := ./... @@ -63,10 +63,14 @@ K8S_MODULES_VER=$(subst ., ,$(subst v,,$(shell go list -f '{{.Version}}' -m k8s. K8S_MODULES_MAJOR_VER=$(shell echo $$(($(firstword $(K8S_MODULES_VER)) + 1))) K8S_MODULES_MINOR_VER=$(word 2,$(K8S_MODULES_VER)) -LDFLAGS += -X helm.sh/helm/v4/pkg/lint/rules.k8sVersionMajor=$(K8S_MODULES_MAJOR_VER) -LDFLAGS += -X helm.sh/helm/v4/pkg/lint/rules.k8sVersionMinor=$(K8S_MODULES_MINOR_VER) -LDFLAGS += -X helm.sh/helm/v4/pkg/chart/v2/util.k8sVersionMajor=$(K8S_MODULES_MAJOR_VER) -LDFLAGS += -X helm.sh/helm/v4/pkg/chart/v2/util.k8sVersionMinor=$(K8S_MODULES_MINOR_VER) +LDFLAGS += -X helm.sh/helm/v4/pkg/chart/v2/lint/rules.k8sVersionMajor=$(K8S_MODULES_MAJOR_VER) +LDFLAGS += -X helm.sh/helm/v4/pkg/chart/v2/lint/rules.k8sVersionMinor=$(K8S_MODULES_MINOR_VER) +LDFLAGS += -X helm.sh/helm/v4/pkg/internal/v3/lint/rules.k8sVersionMajor=$(K8S_MODULES_MAJOR_VER) +LDFLAGS += -X helm.sh/helm/v4/pkg/internal/v3/lint/rules.k8sVersionMinor=$(K8S_MODULES_MINOR_VER) +LDFLAGS += -X helm.sh/helm/v4/pkg/chart/common/util.k8sVersionMajor=$(K8S_MODULES_MAJOR_VER) +LDFLAGS += -X helm.sh/helm/v4/pkg/chart/common/util.k8sVersionMinor=$(K8S_MODULES_MINOR_VER) +LDFLAGS += -X helm.sh/helm/v4/internal/version.kubeClientVersionMajor=$(K8S_MODULES_MAJOR_VER) +LDFLAGS += -X helm.sh/helm/v4/internal/version.kubeClientVersionMinor=$(K8S_MODULES_MINOR_VER) .PHONY: all all: build @@ -75,7 +79,7 @@ all: build # build .PHONY: build -build: $(BINDIR)/$(BINNAME) +build: $(BINDIR)/$(BINNAME) tidy $(BINDIR)/$(BINNAME): $(SRC) CGO_ENABLED=$(CGO_ENABLED) go build $(GOFLAGS) -trimpath -tags '$(TAGS)' -ldflags '$(LDFLAGS)' -o '$(BINDIR)'/$(BINNAME) ./cmd/helm @@ -112,14 +116,16 @@ test-unit: # based on older versions, this is run separately. When run without the ldflags in the unit test (above) or coverage # test, it still passes with a false-positive result as the resources shouldn’t be deprecated in the older Kubernetes # version if it only starts failing with the latest. - go test $(GOFLAGS) -run ^TestHelmCreateChart_CheckDeprecatedWarnings$$ ./pkg/lint/ $(TESTFLAGS) -ldflags '$(LDFLAGS)' + go test $(GOFLAGS) -run ^TestHelmCreateChart_CheckDeprecatedWarnings$$ ./pkg/chart/v2/lint/ $(TESTFLAGS) -ldflags '$(LDFLAGS)' + go test $(GOFLAGS) -run ^TestHelmCreateChart_CheckDeprecatedWarnings$$ ./internal/chart/v3/lint/ $(TESTFLAGS) -ldflags '$(LDFLAGS)' +# To run the coverage for a specific package use: make test-coverage PKG=./pkg/action .PHONY: test-coverage test-coverage: @echo - @echo "==> Running unit tests with coverage <==" - @ ./scripts/coverage.sh + @echo "==> Running unit tests with coverage: $(PKG) <==" + @ ./scripts/coverage.sh $(PKG) .PHONY: test-style test-style: @@ -145,10 +151,6 @@ test-acceptance: build build-cross test-acceptance-completion: ACCEPTANCE_RUN_TESTS = shells.robot test-acceptance-completion: test-acceptance -.PHONY: coverage -coverage: - @scripts/coverage.sh - .PHONY: format format: $(GOIMPORTS) go list -f '{{.Dir}}' ./... | xargs $(GOIMPORTS) -w -local helm.sh/helm @@ -227,22 +229,23 @@ clean: .PHONY: release-notes release-notes: - @if [ ! -d "./_dist" ]; then \ - echo "please run 'make fetch-dist' first" && \ - exit 1; \ - fi - @if [ -z "${PREVIOUS_RELEASE}" ]; then \ - echo "please set PREVIOUS_RELEASE environment variable" \ - && exit 1; \ - fi - - @./scripts/release-notes.sh ${PREVIOUS_RELEASE} ${VERSION} - - + @if [ ! -d "./_dist" ]; then \ + echo "please run 'make fetch-dist' first" && \ + exit 1; \ + fi + @if [ -z "${PREVIOUS_RELEASE}" ]; then \ + echo "please set PREVIOUS_RELEASE environment variable" && \ + exit 1; \ + fi + @./scripts/release-notes.sh ${PREVIOUS_RELEASE} ${VERSION} .PHONY: info info: - @echo "Version: ${VERSION}" - @echo "Git Tag: ${GIT_TAG}" - @echo "Git Commit: ${GIT_COMMIT}" - @echo "Git Tree State: ${GIT_DIRTY}" + @echo "Version: ${VERSION}" + @echo "Git Tag: ${GIT_TAG}" + @echo "Git Commit: ${GIT_COMMIT}" + @echo "Git Tree State: ${GIT_DIRTY}" + +.PHONY: tidy +tidy: + go mod tidy diff --git a/README.md b/README.md index 66fdab041..22422d5a4 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ [![GoDoc](https://img.shields.io/static/v1?label=godoc&message=reference&color=blue)](https://pkg.go.dev/helm.sh/helm/v4) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3131/badge)](https://bestpractices.coreinfrastructure.org/projects/3131) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/helm/helm/badge)](https://scorecard.dev/viewer/?uri=github.com/helm/helm) -[![LFX Health Score](https://insights.production.lfx.dev/api/badge/health-score?project=helm)](https://insights.linuxfoundation.org/project/helm) +[![LFX Health Score](https://insights.linuxfoundation.org/api/badge/health-score?project=helm)](https://insights.linuxfoundation.org/project/helm) Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go index 05e7e7ba2..66d342500 100644 --- a/cmd/helm/helm.go +++ b/cmd/helm/helm.go @@ -41,11 +41,9 @@ func main() { } if err := cmd.Execute(); err != nil { - switch e := err.(type) { - case helmcmd.PluginError: - os.Exit(e.Code) - default: - os.Exit(1) + if cerr, ok := err.(helmcmd.CommandError); ok { + os.Exit(cerr.ExitCode) } + os.Exit(1) } } diff --git a/cmd/helm/helm_test.go b/cmd/helm/helm_test.go index 5431daad0..0458e8037 100644 --- a/cmd/helm/helm_test.go +++ b/cmd/helm/helm_test.go @@ -22,11 +22,13 @@ import ( "os/exec" "runtime" "testing" + + "github.com/stretchr/testify/assert" ) -func TestPluginExitCode(t *testing.T) { +func TestCliPluginExitCode(t *testing.T) { if os.Getenv("RUN_MAIN_FOR_TESTING") == "1" { - os.Args = []string{"helm", "exitwith", "2"} + os.Args = []string{"helm", "exitwith", "43"} // We DO call helm's main() here. So this looks like a normal `helm` process. main() @@ -43,7 +45,7 @@ func TestPluginExitCode(t *testing.T) { // So that the second run is able to run main() and this first run can verify the exit status returned by that. // // This technique originates from https://talks.golang.org/2014/testing.slide#23. - cmd := exec.Command(os.Args[0], "-test.run=TestPluginExitCode") + cmd := exec.Command(os.Args[0], "-test.run=TestCliPluginExitCode") cmd.Env = append( os.Environ(), "RUN_MAIN_FOR_TESTING=1", @@ -57,23 +59,21 @@ func TestPluginExitCode(t *testing.T) { cmd.Stdout = stdout cmd.Stderr = stderr err := cmd.Run() - exiterr, ok := err.(*exec.ExitError) + exiterr, ok := err.(*exec.ExitError) if !ok { - t.Fatalf("Unexpected error returned by os.Exit: %T", err) + t.Fatalf("Unexpected error type returned by os.Exit: %T", err) } - if stdout.String() != "" { - t.Errorf("Expected no write to stdout: Got %q", stdout.String()) - } + assert.Empty(t, stdout.String()) expectedStderr := "Error: plugin \"exitwith\" exited with error\n" if stderr.String() != expectedStderr { t.Errorf("Expected %q written to stderr: Got %q", expectedStderr, stderr.String()) } - if exiterr.ExitCode() != 2 { - t.Errorf("Expected exit code 2: Got %d", exiterr.ExitCode()) + if exiterr.ExitCode() != 43 { + t.Errorf("Expected exit code 43: Got %d", exiterr.ExitCode()) } } } diff --git a/go.mod b/go.mod index 6557d7663..4975fb7c4 100644 --- a/go.mod +++ b/go.mod @@ -10,44 +10,47 @@ require ( github.com/Masterminds/sprig/v3 v3.3.0 github.com/Masterminds/squirrel v1.5.4 github.com/Masterminds/vcs v1.13.3 + github.com/ProtonMail/go-crypto v1.3.0 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 - github.com/cyphar/filepath-securejoin v0.4.1 + github.com/cyphar/filepath-securejoin v0.6.0 github.com/distribution/distribution/v3 v3.0.0 github.com/evanphx/json-patch/v5 v5.9.11 + github.com/extism/go-sdk v1.7.1 github.com/fatih/color v1.18.0 github.com/fluxcd/cli-utils v0.36.0-flux.14 github.com/foxcpp/go-mockdns v1.1.0 github.com/gobwas/glob v0.2.3 - github.com/gofrs/flock v0.12.1 + github.com/gofrs/flock v0.13.0 github.com/gosuri/uitable v0.0.4 github.com/jmoiron/sqlx v1.4.0 github.com/lib/pq v1.10.9 github.com/mattn/go-shellwords v1.0.12 github.com/mitchellh/copystructure v1.2.0 github.com/moby/term v0.5.2 - github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.1 github.com/rubenv/sql-migrate v1.8.0 github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 - github.com/spf13/cobra v1.9.1 - github.com/spf13/pflag v1.0.7 - github.com/stretchr/testify v1.10.0 + github.com/spf13/cobra v1.10.1 + github.com/spf13/pflag v1.0.10 + github.com/stretchr/testify v1.11.1 + github.com/tetratelabs/wazero v1.10.1 go.yaml.in/yaml/v3 v3.0.4 - golang.org/x/crypto v0.41.0 - golang.org/x/term v0.34.0 - golang.org/x/text v0.28.0 + golang.org/x/crypto v0.44.0 + golang.org/x/term v0.37.0 + golang.org/x/text v0.31.0 gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.33.4 - k8s.io/apiextensions-apiserver v0.33.4 - k8s.io/apimachinery v0.33.4 - k8s.io/apiserver v0.33.4 - k8s.io/cli-runtime v0.33.4 - k8s.io/client-go v0.33.4 + k8s.io/api v0.34.2 + k8s.io/apiextensions-apiserver v0.34.2 + k8s.io/apimachinery v0.34.2 + k8s.io/apiserver v0.34.2 + k8s.io/cli-runtime v0.34.2 + k8s.io/client-go v0.34.2 k8s.io/klog/v2 v2.130.1 - k8s.io/kubectl v0.33.4 + k8s.io/kubectl v0.34.2 oras.land/oras-go/v2 v2.6.0 - sigs.k8s.io/controller-runtime v0.21.0 - sigs.k8s.io/kustomize/kyaml v0.20.1 + sigs.k8s.io/controller-runtime v0.22.4 + sigs.k8s.io/kustomize/kyaml v0.21.0 sigs.k8s.io/yaml v1.6.0 ) @@ -59,10 +62,10 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect - github.com/carapace-sh/carapace-shlex v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect + github.com/cloudflare/circl v1.6.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -71,10 +74,11 @@ require ( github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-metrics v0.0.1 // indirect + github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fxamacker/cbor/v2 v2.8.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-errors/errors v1.5.1 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-logr/logr v1.4.3 // indirect @@ -91,10 +95,11 @@ require ( github.com/gorilla/mux v1.8.1 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect github.com/huandu/xstrings v1.5.0 // indirect + github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -111,7 +116,7 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/spdystream v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect @@ -130,6 +135,7 @@ require ( github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/cast v1.7.0 // indirect + github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect @@ -141,8 +147,8 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect go.opentelemetry.io/otel/exporters/prometheus v0.54.0 // indirect go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 // indirect @@ -150,31 +156,31 @@ require ( go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 // indirect go.opentelemetry.io/otel/log v0.8.0 // indirect go.opentelemetry.io/otel/metric v1.37.0 // indirect - go.opentelemetry.io/otel/sdk v1.33.0 // indirect + go.opentelemetry.io/otel/sdk v1.34.0 // indirect go.opentelemetry.io/otel/sdk/log v0.8.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.34.0 // indirect go.opentelemetry.io/otel/trace v1.37.0 // indirect - go.opentelemetry.io/proto/otlp v1.4.0 // indirect + go.opentelemetry.io/proto/otlp v1.5.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect - golang.org/x/mod v0.26.0 // indirect - golang.org/x/net v0.42.0 // indirect + golang.org/x/mod v0.29.0 // indirect + golang.org/x/net v0.46.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect + golang.org/x/sync v0.18.0 // indirect + golang.org/x/sys v0.38.0 // indirect golang.org/x/time v0.12.0 // indirect - golang.org/x/tools v0.35.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/grpc v1.68.1 // indirect + golang.org/x/tools v0.38.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect + google.golang.org/grpc v1.72.1 // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/component-base v0.33.4 // indirect - k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 // indirect + k8s.io/component-base v0.34.2 // indirect + k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/kustomize/api v0.20.0 // indirect + sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect ) diff --git a/go.sum b/go.sum index b76d921d3..ba032ef14 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,8 @@ github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Masterminds/vcs v1.13.3 h1:IIA2aBdXvfbIM+yl/eTnL4hb1XwdpvuQLglAix1gweE= github.com/Masterminds/vcs v1.13.3/go.mod h1:TiE7xuEjl1N4j016moRd6vezp6e6Lz23gypeXfzXeW8= +github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw= +github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -42,8 +44,6 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= -github.com/carapace-sh/carapace-shlex v1.0.1 h1:ww0JCgWpOVuqWG7k3724pJ18Lq8gh5pHQs9j3ojUs1c= -github.com/carapace-sh/carapace-shlex v1.0.1/go.mod h1:lJ4ZsdxytE0wHJ8Ta9S7Qq0XpjgjU0mdfCqiI2FHx7M= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -51,14 +51,16 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= -github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.6.0 h1:BtGB77njd6SVO6VztOHfPxKitJvd/VPT+OFBFMOi1Is= +github.com/cyphar/filepath-securejoin v0.6.0/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -77,12 +79,16 @@ github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= +github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a h1:UwSIFv5g5lIvbGgtf3tVwC7Ky9rmMFBp0RMs+6f6YqE= +github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a/go.mod h1:C8DzXehI4zAbrdlbtOByKX6pfivJTBiV9Jjqv56Yd9Q= github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= +github.com/extism/go-sdk v1.7.1 h1:lWJos6uY+tRFdlIHR+SJjwFDApY7OypS/2nMhiVQ9Sw= +github.com/extism/go-sdk v1.7.1/go.mod h1:IT+Xdg5AZM9hVtpFUA+uZCJMge/hbvshl8bwzLtFyKA= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -93,8 +99,8 @@ github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7Dlme github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU= -github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= @@ -123,8 +129,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= -github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= +github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw= +github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -138,7 +144,6 @@ github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl76 github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -156,14 +161,16 @@ github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI= github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4= github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca h1:T54Ema1DU8ngI+aef9ZhAhNGQhcRTrWxVeG07F+c/Rw= +github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= @@ -227,8 +234,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= @@ -279,16 +287,16 @@ github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnA github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM= github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rubenv/sql-migrate v1.8.0 h1:dXnYiJk9k3wetp7GfQbKJcPHjVJL6YK19tKj8t2Ns0o= github.com/rubenv/sql-migrate v1.8.0/go.mod h1:F2bGFBwCU+pnmbtNYDeKvSuvL6lBVtXDXUUv5t+u1qw= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= -github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= +github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -296,11 +304,11 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= -github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= -github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M= -github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= +github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= @@ -309,8 +317,12 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 h1:ZF+QBjOI+tILZjBaFj3HgFonKXUcwgJ4djLb6i42S3Q= +github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834/go.mod h1:m9ymHTgNSEjuxvw8E7WWe4Pl4hZQHXONY8wE6dMLaRk= +github.com/tetratelabs/wazero v1.10.1 h1:2DugeJf6VVk58KTPszlNfeeN8AhhpwcZqkJj2wwFuH8= +github.com/tetratelabs/wazero v1.10.1/go.mod h1:DRm5twOQ5Gr1AoEdSi0CLjDQF1J9ZAuyqFIjl1KKfQU= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= @@ -336,10 +348,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7Z go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 h1:tgJ0uaNS4c98WRNUEx5U3aDlrDOI5Rs+1Vifcw4DJ8U= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0/go.mod h1:U7HYyW0zt/a9x5J1Kjs+r1f/d4ZHnYFclhYY2+YbeoE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI= go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU= @@ -354,16 +366,16 @@ go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWer go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8= go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= -go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= +go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= +go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs= go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo= -go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= -go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= +go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk= +go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= -go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= -go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= +go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= +go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -384,16 +396,16 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU= +golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= -golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -407,8 +419,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= -golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= +golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -421,8 +433,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -442,8 +454,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -451,8 +463,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= -golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= -golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -460,8 +472,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -472,18 +484,18 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= -golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= -golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= -google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= -google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= +google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950= +google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= +google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA= +google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -500,43 +512,41 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.33.4 h1:oTzrFVNPXBjMu0IlpA2eDDIU49jsuEorGHB4cvKupkk= -k8s.io/api v0.33.4/go.mod h1:VHQZ4cuxQ9sCUMESJV5+Fe8bGnqAARZ08tSTdHWfeAc= -k8s.io/apiextensions-apiserver v0.33.4 h1:rtq5SeXiDbXmSwxsF0MLe2Mtv3SwprA6wp+5qh/CrOU= -k8s.io/apiextensions-apiserver v0.33.4/go.mod h1:mWXcZQkQV1GQyxeIjYApuqsn/081hhXPZwZ2URuJeSs= -k8s.io/apimachinery v0.33.4 h1:SOf/JW33TP0eppJMkIgQ+L6atlDiP/090oaX0y9pd9s= -k8s.io/apimachinery v0.33.4/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= -k8s.io/apiserver v0.33.4 h1:6N0TEVA6kASUS3owYDIFJjUH6lgN8ogQmzZvaFFj1/Y= -k8s.io/apiserver v0.33.4/go.mod h1:8ODgXMnOoSPLMUg1aAzMFx+7wTJM+URil+INjbTZCok= -k8s.io/cli-runtime v0.33.4 h1:V8NSxGfh24XzZVhXmIGzsApdBpGq0RQS2u/Fz1GvJwk= -k8s.io/cli-runtime v0.33.4/go.mod h1:V+ilyokfqjT5OI+XE+O515K7jihtr0/uncwoyVqXaIU= -k8s.io/client-go v0.33.4 h1:TNH+CSu8EmXfitntjUPwaKVPN0AYMbc9F1bBS8/ABpw= -k8s.io/client-go v0.33.4/go.mod h1:LsA0+hBG2DPwovjd931L/AoaezMPX9CmBgyVyBZmbCY= -k8s.io/component-base v0.33.4 h1:Jvb/aw/tl3pfgnJ0E0qPuYLT0NwdYs1VXXYQmSuxJGY= -k8s.io/component-base v0.33.4/go.mod h1:567TeSdixWW2Xb1yYUQ7qk5Docp2kNznKL87eygY8Rc= +k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY= +k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw= +k8s.io/apiextensions-apiserver v0.34.2 h1:WStKftnGeoKP4AZRz/BaAAEJvYp4mlZGN0UCv+uvsqo= +k8s.io/apiextensions-apiserver v0.34.2/go.mod h1:398CJrsgXF1wytdaanynDpJ67zG4Xq7yj91GrmYN2SE= +k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= +k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/apiserver v0.34.2 h1:2/yu8suwkmES7IzwlehAovo8dDE07cFRC7KMDb1+MAE= +k8s.io/apiserver v0.34.2/go.mod h1:gqJQy2yDOB50R3JUReHSFr+cwJnL8G1dzTA0YLEqAPI= +k8s.io/cli-runtime v0.34.2 h1:cct1GEuWc3IyVT8MSCoIWzRGw9HJ/C5rgP32H60H6aE= +k8s.io/cli-runtime v0.34.2/go.mod h1:X13tsrYexYUCIq8MarCBy8lrm0k0weFPTpcaNo7lms4= +k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M= +k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE= +k8s.io/component-base v0.34.2 h1:HQRqK9x2sSAsd8+R4xxRirlTjowsg6fWCPwWYeSvogQ= +k8s.io/component-base v0.34.2/go.mod h1:9xw2FHJavUHBFpiGkZoKuYZ5pdtLKe97DEByaA+hHbM= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 h1:gAXU86Fmbr/ktY17lkHwSjw5aoThQvhnstGGIYKlKYc= -k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911/go.mod h1:GLOk5B+hDbRROvt0X2+hqX64v/zO3vXN7J78OUmBSKw= -k8s.io/kubectl v0.33.4 h1:nXEI6Vi+oB9hXxoAHyHisXolm/l1qutK3oZQMak4N98= -k8s.io/kubectl v0.33.4/go.mod h1:Xe7P9X4DfILvKmlBsVqUtzktkI56lEj22SJW7cFy6nE= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/kubectl v0.34.2 h1:+fWGrVlDONMUmmQLDaGkQ9i91oszjjRAa94cr37hzqA= +k8s.io/kubectl v0.34.2/go.mod h1:X2KTOdtZZNrTWmUD4oHApJ836pevSl+zvC5sI6oO2YQ= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= -sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= -sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= +sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= +sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/kustomize/api v0.20.0 h1:xPLqcobHI0bThyRUteO+nCV8G4d1Rlo5HafO57VRcas= -sigs.k8s.io/kustomize/api v0.20.0/go.mod h1:F6CfaV27oevRCMJgehLqyX81dlUnRX/Fc13Uo7+OSo4= -sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A78= -sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= -sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= +sigs.k8s.io/kustomize/api v0.20.1/go.mod h1:t6hUFxO+Ph0VxIk1sKp1WS0dOjbPCtLJ4p8aADLwqjM= +sigs.k8s.io/kustomize/kyaml v0.21.0 h1:7mQAf3dUwf0wBerWJd8rXhVcnkk5Tvn/q91cGkaP6HQ= +sigs.k8s.io/kustomize/kyaml v0.21.0/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI= -sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/internal/chart/v3/chart.go b/internal/chart/v3/chart.go index 4d59fa5ec..48f006e79 100644 --- a/internal/chart/v3/chart.go +++ b/internal/chart/v3/chart.go @@ -19,6 +19,9 @@ import ( "path/filepath" "regexp" "strings" + "time" + + "helm.sh/helm/v4/pkg/chart/common" ) // APIVersionV3 is the API version number for version 3. @@ -34,20 +37,24 @@ type Chart struct { // // This should not be used except in special cases like `helm show values`, // where we want to display the raw values, comments and all. - Raw []*File `json:"-"` + Raw []*common.File `json:"-"` // Metadata is the contents of the Chartfile. Metadata *Metadata `json:"metadata"` // Lock is the contents of Chart.lock. Lock *Lock `json:"lock"` // Templates for this chart. - Templates []*File `json:"templates"` + Templates []*common.File `json:"templates"` // Values are default config for this chart. Values map[string]interface{} `json:"values"` // Schema is an optional JSON schema for imposing structure on Values Schema []byte `json:"schema"` + // SchemaModTime the schema was last modified + SchemaModTime time.Time `json:"schemamodtime,omitempty"` // Files are miscellaneous files in a chart archive, // e.g. README, LICENSE, etc. - Files []*File `json:"files"` + Files []*common.File `json:"files"` + // ModTime the chart metadata was last modified + ModTime time.Time `json:"modtime,omitzero"` parent *Chart dependencies []*Chart @@ -59,7 +66,7 @@ type CRD struct { // Filename is the File obj Name including (sub-)chart.ChartFullPath Filename string // File is the File obj for the crd - File *File + File *common.File } // SetDependencies replaces the chart dependencies. @@ -134,8 +141,8 @@ func (ch *Chart) AppVersion() string { // CRDs returns a list of File objects in the 'crds/' directory of a Helm chart. // Deprecated: use CRDObjects() -func (ch *Chart) CRDs() []*File { - files := []*File{} +func (ch *Chart) CRDs() []*common.File { + files := []*common.File{} // Find all resources in the crds/ directory for _, f := range ch.Files { if strings.HasPrefix(f.Name, "crds/") && hasManifestExtension(f.Name) { diff --git a/internal/chart/v3/chart_test.go b/internal/chart/v3/chart_test.go index f93b3356b..07cbf4b39 100644 --- a/internal/chart/v3/chart_test.go +++ b/internal/chart/v3/chart_test.go @@ -18,32 +18,41 @@ package v3 import ( "encoding/json" "testing" + "time" "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/pkg/chart/common" ) func TestCRDs(t *testing.T) { + modTime := time.Now() chrt := Chart{ - Files: []*File{ + Files: []*common.File{ { - Name: "crds/foo.yaml", - Data: []byte("hello"), + Name: "crds/foo.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "bar.yaml", - Data: []byte("hello"), + Name: "bar.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/foo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crds/foo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crdsfoo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crdsfoo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/README.md", - Data: []byte("# hello"), + Name: "crds/README.md", + ModTime: modTime, + Data: []byte("# hello"), }, }, } @@ -57,10 +66,11 @@ func TestCRDs(t *testing.T) { func TestSaveChartNoRawData(t *testing.T) { chrt := Chart{ - Raw: []*File{ + Raw: []*common.File{ { - Name: "fhqwhgads.yaml", - Data: []byte("Everybody to the Limit"), + Name: "fhqwhgads.yaml", + ModTime: time.Now(), + Data: []byte("Everybody to the Limit"), }, }, } @@ -76,7 +86,7 @@ func TestSaveChartNoRawData(t *testing.T) { t.Fatal(err) } - is.Equal([]*File(nil), res.Raw) + is.Equal([]*common.File(nil), res.Raw) } func TestMetadata(t *testing.T) { @@ -161,27 +171,33 @@ func TestChartFullPath(t *testing.T) { } func TestCRDObjects(t *testing.T) { + modTime := time.Now() chrt := Chart{ - Files: []*File{ + Files: []*common.File{ { - Name: "crds/foo.yaml", - Data: []byte("hello"), + Name: "crds/foo.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "bar.yaml", - Data: []byte("hello"), + Name: "bar.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/foo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crds/foo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crdsfoo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crdsfoo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/README.md", - Data: []byte("# hello"), + Name: "crds/README.md", + ModTime: modTime, + Data: []byte("# hello"), }, }, } @@ -190,17 +206,19 @@ func TestCRDObjects(t *testing.T) { { Name: "crds/foo.yaml", Filename: "crds/foo.yaml", - File: &File{ - Name: "crds/foo.yaml", - Data: []byte("hello"), + File: &common.File{ + Name: "crds/foo.yaml", + ModTime: modTime, + Data: []byte("hello"), }, }, { Name: "crds/foo/bar/baz.yaml", Filename: "crds/foo/bar/baz.yaml", - File: &File{ - Name: "crds/foo/bar/baz.yaml", - Data: []byte("hello"), + File: &common.File{ + Name: "crds/foo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, }, } diff --git a/pkg/lint/lint.go b/internal/chart/v3/lint/lint.go similarity index 78% rename from pkg/lint/lint.go rename to internal/chart/v3/lint/lint.go index 64b2a6057..0cd949065 100644 --- a/pkg/lint/lint.go +++ b/internal/chart/v3/lint/lint.go @@ -14,24 +14,24 @@ See the License for the specific language governing permissions and limitations under the License. */ -package lint // import "helm.sh/helm/v4/pkg/lint" +package lint // import "helm.sh/helm/v4/internal/chart/v3/lint" import ( "path/filepath" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint/rules" - "helm.sh/helm/v4/pkg/lint/support" + "helm.sh/helm/v4/internal/chart/v3/lint/rules" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + "helm.sh/helm/v4/pkg/chart/common" ) type linterOptions struct { - KubeVersion *chartutil.KubeVersion + KubeVersion *common.KubeVersion SkipSchemaValidation bool } type LinterOption func(lo *linterOptions) -func WithKubeVersion(kubeVersion *chartutil.KubeVersion) LinterOption { +func WithKubeVersion(kubeVersion *common.KubeVersion) LinterOption { return func(lo *linterOptions) { lo.KubeVersion = kubeVersion } @@ -57,7 +57,7 @@ func RunAll(baseDir string, values map[string]interface{}, namespace string, opt } rules.Chartfile(&result) - rules.ValuesWithOverrides(&result, values) + rules.ValuesWithOverrides(&result, values, lo.SkipSchemaValidation) rules.TemplatesWithSkipSchemaValidation(&result, values, namespace, lo.KubeVersion, lo.SkipSchemaValidation) rules.Dependencies(&result) rules.Crds(&result) diff --git a/pkg/lint/lint_test.go b/internal/chart/v3/lint/lint_test.go similarity index 91% rename from pkg/lint/lint_test.go rename to internal/chart/v3/lint/lint_test.go index 5b590c010..d61a9a740 100644 --- a/pkg/lint/lint_test.go +++ b/internal/chart/v3/lint/lint_test.go @@ -23,12 +23,10 @@ import ( "github.com/stretchr/testify/assert" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint/support" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + chartutil "helm.sh/helm/v4/internal/chart/v3/util" ) -var values map[string]interface{} - const namespace = "testNamespace" const badChartDir = "rules/testdata/badchartfile" @@ -40,7 +38,8 @@ const subChartValuesDir = "rules/testdata/withsubchart" const malformedTemplate = "rules/testdata/malformed-template" const invalidChartFileDir = "rules/testdata/invalidchartfile" -func TestBadChart(t *testing.T) { +func TestBadChartV3(t *testing.T) { + var values map[string]any m := RunAll(badChartDir, values, namespace).Messages if len(m) != 8 { t.Errorf("Number of errors %v", len(m)) @@ -60,14 +59,14 @@ func TestBadChart(t *testing.T) { } } if msg.Severity == support.ErrorSev { - if strings.Contains(msg.Err.Error(), "version '0.0.0.0' is not a valid SemVer") { + if strings.Contains(msg.Err.Error(), "version '0.0.0.0' is not a valid SemVerV2") { e = true } if strings.Contains(msg.Err.Error(), "name is required") { e2 = true } - if strings.Contains(msg.Err.Error(), "apiVersion is required. The value must be either \"v1\" or \"v2\"") { + if strings.Contains(msg.Err.Error(), "apiVersion is required. The value must be \"v3\"") { e3 = true } @@ -90,6 +89,7 @@ func TestBadChart(t *testing.T) { } func TestInvalidYaml(t *testing.T) { + var values map[string]any m := RunAll(badYamlFileDir, values, namespace).Messages if len(m) != 1 { t.Fatalf("All didn't fail with expected errors, got %#v", m) @@ -99,9 +99,11 @@ func TestInvalidYaml(t *testing.T) { } } -func TestInvalidChartYaml(t *testing.T) { +func TestInvalidChartYamlV3(t *testing.T) { + var values map[string]any m := RunAll(invalidChartFileDir, values, namespace).Messages - if len(m) != 2 { + t.Log(m) + if len(m) != 3 { t.Fatalf("All didn't fail with expected errors, got %#v", m) } if !strings.Contains(m[0].Err.Error(), "failed to strictly parse chart metadata file") { @@ -109,7 +111,8 @@ func TestInvalidChartYaml(t *testing.T) { } } -func TestBadValues(t *testing.T) { +func TestBadValuesV3(t *testing.T) { + var values map[string]any m := RunAll(badValuesFileDir, values, namespace).Messages if len(m) < 1 { t.Fatalf("All didn't fail with expected errors, got %#v", m) @@ -119,7 +122,8 @@ func TestBadValues(t *testing.T) { } } -func TestBadCrdFile(t *testing.T) { +func TestBadCrdFileV3(t *testing.T) { + var values map[string]any m := RunAll(badCrdFileDir, values, namespace).Messages assert.Lenf(t, m, 2, "All didn't fail with expected errors, got %#v", m) assert.ErrorContains(t, m[0].Err, "apiVersion is not in 'apiextensions.k8s.io'") @@ -127,6 +131,7 @@ func TestBadCrdFile(t *testing.T) { } func TestGoodChart(t *testing.T) { + var values map[string]any m := RunAll(goodChartDir, values, namespace).Messages if len(m) != 0 { t.Error("All returned linter messages when it shouldn't have") @@ -140,6 +145,7 @@ func TestGoodChart(t *testing.T) { // // See https://github.com/helm/helm/issues/7923 func TestHelmCreateChart(t *testing.T) { + var values map[string]any dir := t.TempDir() createdChart, err := chartutil.Create("testhelmcreatepasseslint", dir) @@ -189,11 +195,11 @@ func TestHelmCreateChart_CheckDeprecatedWarnings(t *testing.T) { // Add values to enable hpa, and ingress which are disabled by default. // This is the equivalent of: // helm lint checkdeprecatedwarnings --set 'autoscaling.enabled=true,ingress.enabled=true' - updatedValues := map[string]interface{}{ - "autoscaling": map[string]interface{}{ + updatedValues := map[string]any{ + "autoscaling": map[string]any{ "enabled": true, }, - "ingress": map[string]interface{}{ + "ingress": map[string]any{ "enabled": true, }, } @@ -212,6 +218,7 @@ func TestHelmCreateChart_CheckDeprecatedWarnings(t *testing.T) { // lint ignores import-values // See https://github.com/helm/helm/issues/9658 func TestSubChartValuesChart(t *testing.T) { + var values map[string]any m := RunAll(subChartValuesDir, values, namespace).Messages if len(m) != 0 { t.Error("All returned linter messages when it shouldn't have") @@ -224,6 +231,7 @@ func TestSubChartValuesChart(t *testing.T) { // lint stuck with malformed template object // See https://github.com/helm/helm/issues/11391 func TestMalformedTemplate(t *testing.T) { + var values map[string]any c := time.After(3 * time.Second) ch := make(chan int, 1) var m []support.Message diff --git a/internal/chart/v3/lint/rules/chartfile.go b/internal/chart/v3/lint/rules/chartfile.go new file mode 100644 index 000000000..fc246ba80 --- /dev/null +++ b/internal/chart/v3/lint/rules/chartfile.go @@ -0,0 +1,225 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules // import "helm.sh/helm/v4/internal/chart/v3/lint/rules" + +import ( + "errors" + "fmt" + "os" + "path/filepath" + + "github.com/Masterminds/semver/v3" + "github.com/asaskevich/govalidator" + "sigs.k8s.io/yaml" + + chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + chartutil "helm.sh/helm/v4/internal/chart/v3/util" +) + +// Chartfile runs a set of linter rules related to Chart.yaml file +func Chartfile(linter *support.Linter) { + chartFileName := "Chart.yaml" + chartPath := filepath.Join(linter.ChartDir, chartFileName) + + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartYamlNotDirectory(chartPath)) + + chartFile, err := chartutil.LoadChartfile(chartPath) + validChartFile := linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartYamlFormat(err)) + + // Guard clause. Following linter rules require a parsable ChartFile + if !validChartFile { + return + } + + _, err = chartutil.StrictLoadChartfile(chartPath) + linter.RunLinterRule(support.WarningSev, chartFileName, validateChartYamlStrictFormat(err)) + + // type check for Chart.yaml . ignoring error as any parse + // errors would already be caught in the above load function + chartFileForTypeCheck, _ := loadChartFileForTypeCheck(chartPath) + + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartName(chartFile)) + + // Chart metadata + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartAPIVersion(chartFile)) + + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartVersionType(chartFileForTypeCheck)) + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartVersion(chartFile)) + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartAppVersionType(chartFileForTypeCheck)) + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartMaintainer(chartFile)) + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartSources(chartFile)) + linter.RunLinterRule(support.InfoSev, chartFileName, validateChartIconPresence(chartFile)) + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartIconURL(chartFile)) + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartType(chartFile)) + linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartDependencies(chartFile)) +} + +func validateChartVersionType(data map[string]interface{}) error { + return isStringValue(data, "version") +} + +func validateChartAppVersionType(data map[string]interface{}) error { + return isStringValue(data, "appVersion") +} + +func isStringValue(data map[string]interface{}, key string) error { + value, ok := data[key] + if !ok { + return nil + } + valueType := fmt.Sprintf("%T", value) + if valueType != "string" { + return fmt.Errorf("%s should be of type string but it's of type %s", key, valueType) + } + return nil +} + +func validateChartYamlNotDirectory(chartPath string) error { + fi, err := os.Stat(chartPath) + + if err == nil && fi.IsDir() { + return errors.New("should be a file, not a directory") + } + return nil +} + +func validateChartYamlFormat(chartFileError error) error { + if chartFileError != nil { + return fmt.Errorf("unable to parse YAML\n\t%w", chartFileError) + } + return nil +} + +func validateChartYamlStrictFormat(chartFileError error) error { + if chartFileError != nil { + return fmt.Errorf("failed to strictly parse chart metadata file\n\t%w", chartFileError) + } + return nil +} + +func validateChartName(cf *chart.Metadata) error { + if cf.Name == "" { + return errors.New("name is required") + } + name := filepath.Base(cf.Name) + if name != cf.Name { + return fmt.Errorf("chart name %q is invalid", cf.Name) + } + return nil +} + +func validateChartAPIVersion(cf *chart.Metadata) error { + if cf.APIVersion == "" { + return errors.New("apiVersion is required. The value must be \"v3\"") + } + + if cf.APIVersion != chart.APIVersionV3 { + return fmt.Errorf("apiVersion '%s' is not valid. The value must be \"v3\"", cf.APIVersion) + } + + return nil +} + +func validateChartVersion(cf *chart.Metadata) error { + if cf.Version == "" { + return errors.New("version is required") + } + + version, err := semver.StrictNewVersion(cf.Version) + if err != nil { + return fmt.Errorf("version '%s' is not a valid SemVerV2", cf.Version) + } + + c, err := semver.NewConstraint(">0.0.0-0") + if err != nil { + return err + } + valid, msg := c.Validate(version) + + if !valid && len(msg) > 0 { + return fmt.Errorf("version %v", msg[0]) + } + + return nil +} + +func validateChartMaintainer(cf *chart.Metadata) error { + for _, maintainer := range cf.Maintainers { + if maintainer == nil { + return errors.New("a maintainer entry is empty") + } + if maintainer.Name == "" { + return errors.New("each maintainer requires a name") + } else if maintainer.Email != "" && !govalidator.IsEmail(maintainer.Email) { + return fmt.Errorf("invalid email '%s' for maintainer '%s'", maintainer.Email, maintainer.Name) + } else if maintainer.URL != "" && !govalidator.IsURL(maintainer.URL) { + return fmt.Errorf("invalid url '%s' for maintainer '%s'", maintainer.URL, maintainer.Name) + } + } + return nil +} + +func validateChartSources(cf *chart.Metadata) error { + for _, source := range cf.Sources { + if source == "" || !govalidator.IsRequestURL(source) { + return fmt.Errorf("invalid source URL '%s'", source) + } + } + return nil +} + +func validateChartIconPresence(cf *chart.Metadata) error { + if cf.Icon == "" { + return errors.New("icon is recommended") + } + return nil +} + +func validateChartIconURL(cf *chart.Metadata) error { + if cf.Icon != "" && !govalidator.IsRequestURL(cf.Icon) { + return fmt.Errorf("invalid icon URL '%s'", cf.Icon) + } + return nil +} + +func validateChartDependencies(cf *chart.Metadata) error { + if len(cf.Dependencies) > 0 && cf.APIVersion != chart.APIVersionV3 { + return fmt.Errorf("dependencies are not valid in the Chart file with apiVersion '%s'. They are valid in apiVersion '%s'", cf.APIVersion, chart.APIVersionV3) + } + return nil +} + +func validateChartType(cf *chart.Metadata) error { + if len(cf.Type) > 0 && cf.APIVersion != chart.APIVersionV3 { + return fmt.Errorf("chart type is not valid in apiVersion '%s'. It is valid in apiVersion '%s'", cf.APIVersion, chart.APIVersionV3) + } + return nil +} + +// loadChartFileForTypeCheck loads the Chart.yaml +// in a generic form of a map[string]interface{}, so that the type +// of the values can be checked +func loadChartFileForTypeCheck(filename string) (map[string]interface{}, error) { + b, err := os.ReadFile(filename) + if err != nil { + return nil, err + } + y := make(map[string]interface{}) + err = yaml.Unmarshal(b, &y) + return y, err +} diff --git a/pkg/lint/rules/chartfile_test.go b/internal/chart/v3/lint/rules/chartfile_test.go similarity index 92% rename from pkg/lint/rules/chartfile_test.go rename to internal/chart/v3/lint/rules/chartfile_test.go index 1719a2011..57893e151 100644 --- a/pkg/lint/rules/chartfile_test.go +++ b/internal/chart/v3/lint/rules/chartfile_test.go @@ -23,9 +23,9 @@ import ( "strings" "testing" - chart "helm.sh/helm/v4/pkg/chart/v2" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint/support" + chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + chartutil "helm.sh/helm/v4/internal/chart/v3/util" ) const ( @@ -84,9 +84,11 @@ func TestValidateChartVersion(t *testing.T) { ErrorMsg string }{ {"", "version is required"}, - {"1.2.3.4", "version '1.2.3.4' is not a valid SemVer"}, - {"waps", "'waps' is not a valid SemVer"}, - {"-3", "'-3' is not a valid SemVer"}, + {"1.2.3.4", "version '1.2.3.4' is not a valid SemVerV2"}, + {"waps", "'waps' is not a valid SemVerV2"}, + {"-3", "'-3' is not a valid SemVerV2"}, + {"1.1", "'1.1' is not a valid SemVerV2"}, + {"1", "'1' is not a valid SemVerV2"}, } var successTest = []string{"0.0.1", "0.0.1+build", "0.0.1-beta"} @@ -221,7 +223,7 @@ func TestValidateChartIconURL(t *testing.T) { } } -func TestChartfile(t *testing.T) { +func TestV3Chartfile(t *testing.T) { t.Run("Chart.yaml basic validity issues", func(t *testing.T) { linter := support.Linter{ChartDir: badChartDir} Chartfile(&linter) @@ -237,7 +239,7 @@ func TestChartfile(t *testing.T) { t.Errorf("Unexpected message 0: %s", msgs[0].Err) } - if !strings.Contains(msgs[1].Err.Error(), "apiVersion is required. The value must be either \"v1\" or \"v2\"") { + if !strings.Contains(msgs[1].Err.Error(), "apiVersion is required. The value must be \"v3\"") { t.Errorf("Unexpected message 1: %s", msgs[1].Err) } @@ -248,14 +250,6 @@ func TestChartfile(t *testing.T) { if !strings.Contains(msgs[3].Err.Error(), "icon is recommended") { t.Errorf("Unexpected message 3: %s", msgs[3].Err) } - - if !strings.Contains(msgs[4].Err.Error(), "chart type is not valid in apiVersion") { - t.Errorf("Unexpected message 4: %s", msgs[4].Err) - } - - if !strings.Contains(msgs[5].Err.Error(), "dependencies are not valid in the Chart file with apiVersion") { - t.Errorf("Unexpected message 5: %s", msgs[5].Err) - } }) t.Run("Chart.yaml validity issues due to type mismatch", func(t *testing.T) { diff --git a/internal/chart/v3/lint/rules/crds.go b/internal/chart/v3/lint/rules/crds.go new file mode 100644 index 000000000..6bafb52eb --- /dev/null +++ b/internal/chart/v3/lint/rules/crds.go @@ -0,0 +1,113 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules + +import ( + "bytes" + "errors" + "fmt" + "io" + "io/fs" + "os" + "path/filepath" + "strings" + + "k8s.io/apimachinery/pkg/util/yaml" + + "helm.sh/helm/v4/internal/chart/v3/lint/support" + "helm.sh/helm/v4/internal/chart/v3/loader" +) + +// Crds lints the CRDs in the Linter. +func Crds(linter *support.Linter) { + fpath := "crds/" + crdsPath := filepath.Join(linter.ChartDir, fpath) + + // crds directory is optional + if _, err := os.Stat(crdsPath); errors.Is(err, fs.ErrNotExist) { + return + } + + crdsDirValid := linter.RunLinterRule(support.ErrorSev, fpath, validateCrdsDir(crdsPath)) + if !crdsDirValid { + return + } + + // Load chart and parse CRDs + chart, err := loader.Load(linter.ChartDir) + + chartLoaded := linter.RunLinterRule(support.ErrorSev, fpath, err) + + if !chartLoaded { + return + } + + /* Iterate over all the CRDs to check: + 1. It is a YAML file and not a template + 2. The API version is apiextensions.k8s.io + 3. The kind is CustomResourceDefinition + */ + for _, crd := range chart.CRDObjects() { + fileName := crd.Name + fpath = fileName + + decoder := yaml.NewYAMLOrJSONDecoder(bytes.NewReader(crd.File.Data), 4096) + for { + var yamlStruct *k8sYamlStruct + + err := decoder.Decode(&yamlStruct) + if err == io.EOF { + break + } + + // If YAML parsing fails here, it will always fail in the next block as well, so we should return here. + // This also confirms the YAML is not a template, since templates can't be decoded into a K8sYamlStruct. + if !linter.RunLinterRule(support.ErrorSev, fpath, validateYamlContent(err)) { + return + } + + linter.RunLinterRule(support.ErrorSev, fpath, validateCrdAPIVersion(yamlStruct)) + linter.RunLinterRule(support.ErrorSev, fpath, validateCrdKind(yamlStruct)) + } + } +} + +// Validation functions +func validateCrdsDir(crdsPath string) error { + fi, err := os.Stat(crdsPath) + if err != nil { + return err + } + if !fi.IsDir() { + return errors.New("not a directory") + } + return nil +} + +func validateCrdAPIVersion(obj *k8sYamlStruct) error { + if !strings.HasPrefix(obj.APIVersion, "apiextensions.k8s.io") { + return fmt.Errorf("apiVersion is not in 'apiextensions.k8s.io'") + } + return nil +} + +func validateCrdKind(obj *k8sYamlStruct) error { + if obj.Kind != "CustomResourceDefinition" { + return fmt.Errorf("object kind is not 'CustomResourceDefinition'") + } + return nil +} diff --git a/internal/chart/v3/lint/rules/crds_test.go b/internal/chart/v3/lint/rules/crds_test.go new file mode 100644 index 000000000..d93e3d978 --- /dev/null +++ b/internal/chart/v3/lint/rules/crds_test.go @@ -0,0 +1,36 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/internal/chart/v3/lint/support" +) + +const invalidCrdsDir = "./testdata/invalidcrdsdir" + +func TestInvalidCrdsDir(t *testing.T) { + linter := support.Linter{ChartDir: invalidCrdsDir} + Crds(&linter) + res := linter.Messages + + assert.Len(t, res, 1) + assert.ErrorContains(t, res[0].Err, "not a directory") +} diff --git a/internal/chart/v3/lint/rules/dependencies.go b/internal/chart/v3/lint/rules/dependencies.go new file mode 100644 index 000000000..f45153728 --- /dev/null +++ b/internal/chart/v3/lint/rules/dependencies.go @@ -0,0 +1,101 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules // import "helm.sh/helm/v4/internal/chart/v3/lint/rules" + +import ( + "fmt" + "strings" + + chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + "helm.sh/helm/v4/internal/chart/v3/loader" +) + +// Dependencies runs lints against a chart's dependencies +// +// See https://github.com/helm/helm/issues/7910 +func Dependencies(linter *support.Linter) { + c, err := loader.LoadDir(linter.ChartDir) + if !linter.RunLinterRule(support.ErrorSev, "", validateChartFormat(err)) { + return + } + + linter.RunLinterRule(support.ErrorSev, linter.ChartDir, validateDependencyInMetadata(c)) + linter.RunLinterRule(support.ErrorSev, linter.ChartDir, validateDependenciesUnique(c)) + linter.RunLinterRule(support.WarningSev, linter.ChartDir, validateDependencyInChartsDir(c)) +} + +func validateChartFormat(chartError error) error { + if chartError != nil { + return fmt.Errorf("unable to load chart\n\t%w", chartError) + } + return nil +} + +func validateDependencyInChartsDir(c *chart.Chart) (err error) { + dependencies := map[string]struct{}{} + missing := []string{} + for _, dep := range c.Dependencies() { + dependencies[dep.Metadata.Name] = struct{}{} + } + for _, dep := range c.Metadata.Dependencies { + if _, ok := dependencies[dep.Name]; !ok { + missing = append(missing, dep.Name) + } + } + if len(missing) > 0 { + err = fmt.Errorf("chart directory is missing these dependencies: %s", strings.Join(missing, ",")) + } + return err +} + +func validateDependencyInMetadata(c *chart.Chart) (err error) { + dependencies := map[string]struct{}{} + missing := []string{} + for _, dep := range c.Metadata.Dependencies { + dependencies[dep.Name] = struct{}{} + } + for _, dep := range c.Dependencies() { + if _, ok := dependencies[dep.Metadata.Name]; !ok { + missing = append(missing, dep.Metadata.Name) + } + } + if len(missing) > 0 { + err = fmt.Errorf("chart metadata is missing these dependencies: %s", strings.Join(missing, ",")) + } + return err +} + +func validateDependenciesUnique(c *chart.Chart) (err error) { + dependencies := map[string]*chart.Dependency{} + shadowing := []string{} + + for _, dep := range c.Metadata.Dependencies { + key := dep.Name + if dep.Alias != "" { + key = dep.Alias + } + if dependencies[key] != nil { + shadowing = append(shadowing, key) + } + dependencies[key] = dep + } + if len(shadowing) > 0 { + err = fmt.Errorf("multiple dependencies with name or alias: %s", strings.Join(shadowing, ",")) + } + return err +} diff --git a/internal/chart/v3/lint/rules/dependencies_test.go b/internal/chart/v3/lint/rules/dependencies_test.go new file mode 100644 index 000000000..b80e4b8a9 --- /dev/null +++ b/internal/chart/v3/lint/rules/dependencies_test.go @@ -0,0 +1,157 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package rules + +import ( + "path/filepath" + "testing" + + chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + chartutil "helm.sh/helm/v4/internal/chart/v3/util" +) + +func chartWithBadDependencies() chart.Chart { + badChartDeps := chart.Chart{ + Metadata: &chart.Metadata{ + Name: "badchart", + Version: "0.1.0", + APIVersion: "v2", + Dependencies: []*chart.Dependency{ + { + Name: "sub2", + }, + { + Name: "sub3", + }, + }, + }, + } + + badChartDeps.SetDependencies( + &chart.Chart{ + Metadata: &chart.Metadata{ + Name: "sub1", + Version: "0.1.0", + APIVersion: "v2", + }, + }, + &chart.Chart{ + Metadata: &chart.Metadata{ + Name: "sub2", + Version: "0.1.0", + APIVersion: "v2", + }, + }, + ) + return badChartDeps +} + +func TestValidateDependencyInChartsDir(t *testing.T) { + c := chartWithBadDependencies() + + if err := validateDependencyInChartsDir(&c); err == nil { + t.Error("chart should have been flagged for missing deps in chart directory") + } +} + +func TestValidateDependencyInMetadata(t *testing.T) { + c := chartWithBadDependencies() + + if err := validateDependencyInMetadata(&c); err == nil { + t.Errorf("chart should have been flagged for missing deps in chart metadata") + } +} + +func TestValidateDependenciesUnique(t *testing.T) { + tests := []struct { + chart chart.Chart + }{ + {chart.Chart{ + Metadata: &chart.Metadata{ + Name: "badchart", + Version: "0.1.0", + APIVersion: "v2", + Dependencies: []*chart.Dependency{ + { + Name: "foo", + }, + { + Name: "foo", + }, + }, + }, + }}, + {chart.Chart{ + Metadata: &chart.Metadata{ + Name: "badchart", + Version: "0.1.0", + APIVersion: "v2", + Dependencies: []*chart.Dependency{ + { + Name: "foo", + Alias: "bar", + }, + { + Name: "bar", + }, + }, + }, + }}, + {chart.Chart{ + Metadata: &chart.Metadata{ + Name: "badchart", + Version: "0.1.0", + APIVersion: "v2", + Dependencies: []*chart.Dependency{ + { + Name: "foo", + Alias: "baz", + }, + { + Name: "bar", + Alias: "baz", + }, + }, + }, + }}, + } + + for _, tt := range tests { + if err := validateDependenciesUnique(&tt.chart); err == nil { + t.Errorf("chart should have been flagged for dependency shadowing") + } + } +} + +func TestDependencies(t *testing.T) { + tmp := t.TempDir() + + c := chartWithBadDependencies() + err := chartutil.SaveDir(&c, tmp) + if err != nil { + t.Fatal(err) + } + linter := support.Linter{ChartDir: filepath.Join(tmp, c.Metadata.Name)} + + Dependencies(&linter) + if l := len(linter.Messages); l != 2 { + t.Errorf("expected 2 linter errors for bad chart dependencies. Got %d.", l) + for i, msg := range linter.Messages { + t.Logf("Message: %d, Error: %#v", i, msg) + } + } +} diff --git a/pkg/lint/rules/deprecations.go b/internal/chart/v3/lint/rules/deprecations.go similarity index 95% rename from pkg/lint/rules/deprecations.go rename to internal/chart/v3/lint/rules/deprecations.go index c6d635a5e..6f86bdbbd 100644 --- a/pkg/lint/rules/deprecations.go +++ b/internal/chart/v3/lint/rules/deprecations.go @@ -14,18 +14,18 @@ See the License for the specific language governing permissions and limitations under the License. */ -package rules // import "helm.sh/helm/v4/pkg/lint/rules" +package rules // import "helm.sh/helm/v4/internal/chart/v3/lint/rules" import ( "fmt" "strconv" + "helm.sh/helm/v4/pkg/chart/common" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/endpoints/deprecation" kscheme "k8s.io/client-go/kubernetes/scheme" - - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" ) var ( @@ -47,7 +47,7 @@ func (e deprecatedAPIError) Error() string { return msg } -func validateNoDeprecations(resource *k8sYamlStruct, kubeVersion *chartutil.KubeVersion) error { +func validateNoDeprecations(resource *k8sYamlStruct, kubeVersion *common.KubeVersion) error { // if `resource` does not have an APIVersion or Kind, we cannot test it for deprecation if resource.APIVersion == "" { return nil diff --git a/internal/chart/v3/lint/rules/deprecations_test.go b/internal/chart/v3/lint/rules/deprecations_test.go new file mode 100644 index 000000000..35e541e5c --- /dev/null +++ b/internal/chart/v3/lint/rules/deprecations_test.go @@ -0,0 +1,41 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules // import "helm.sh/helm/v4/internal/chart/v3/lint/rules" + +import "testing" + +func TestValidateNoDeprecations(t *testing.T) { + deprecated := &k8sYamlStruct{ + APIVersion: "extensions/v1beta1", + Kind: "Deployment", + } + err := validateNoDeprecations(deprecated, nil) + if err == nil { + t.Fatal("Expected deprecated extension to be flagged") + } + depErr := err.(deprecatedAPIError) + if depErr.Message == "" { + t.Fatalf("Expected error message to be non-blank: %v", err) + } + + if err := validateNoDeprecations(&k8sYamlStruct{ + APIVersion: "v1", + Kind: "Pod", + }, nil); err != nil { + t.Errorf("Expected a v1 Pod to not be deprecated") + } +} diff --git a/pkg/lint/rules/template.go b/internal/chart/v3/lint/rules/template.go similarity index 93% rename from pkg/lint/rules/template.go rename to internal/chart/v3/lint/rules/template.go index b36153ec6..204966364 100644 --- a/pkg/lint/rules/template.go +++ b/internal/chart/v3/lint/rules/template.go @@ -33,10 +33,12 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/yaml" - "helm.sh/helm/v4/pkg/chart/v2/loader" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + "helm.sh/helm/v4/internal/chart/v3/loader" + chartutil "helm.sh/helm/v4/internal/chart/v3/util" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" "helm.sh/helm/v4/pkg/engine" - "helm.sh/helm/v4/pkg/lint/support" ) // Templates lints the templates in the Linter. @@ -45,12 +47,12 @@ func Templates(linter *support.Linter, values map[string]interface{}, namespace } // TemplatesWithKubeVersion lints the templates in the Linter, allowing to specify the kubernetes version. -func TemplatesWithKubeVersion(linter *support.Linter, values map[string]interface{}, namespace string, kubeVersion *chartutil.KubeVersion) { +func TemplatesWithKubeVersion(linter *support.Linter, values map[string]interface{}, namespace string, kubeVersion *common.KubeVersion) { TemplatesWithSkipSchemaValidation(linter, values, namespace, kubeVersion, false) } // TemplatesWithSkipSchemaValidation lints the templates in the Linter, allowing to specify the kubernetes version and if schema validation is enabled or not. -func TemplatesWithSkipSchemaValidation(linter *support.Linter, values map[string]interface{}, namespace string, kubeVersion *chartutil.KubeVersion, skipSchemaValidation bool) { +func TemplatesWithSkipSchemaValidation(linter *support.Linter, values map[string]interface{}, namespace string, kubeVersion *common.KubeVersion, skipSchemaValidation bool) { fpath := "templates/" templatesPath := filepath.Join(linter.ChartDir, fpath) @@ -74,12 +76,12 @@ func TemplatesWithSkipSchemaValidation(linter *support.Linter, values map[string return } - options := chartutil.ReleaseOptions{ + options := common.ReleaseOptions{ Name: "test-release", Namespace: namespace, } - caps := chartutil.DefaultCapabilities.Copy() + caps := common.DefaultCapabilities.Copy() if kubeVersion != nil { caps.KubeVersion = *kubeVersion } @@ -90,12 +92,12 @@ func TemplatesWithSkipSchemaValidation(linter *support.Linter, values map[string return } - cvals, err := chartutil.CoalesceValues(chart, values) + cvals, err := util.CoalesceValues(chart, values) if err != nil { return } - valuesToRender, err := chartutil.ToRenderValuesWithSchemaValidation(chart, cvals, options, caps, skipSchemaValidation) + valuesToRender, err := util.ToRenderValuesWithSchemaValidation(chart, cvals, options, caps, skipSchemaValidation) if err != nil { linter.RunLinterRule(support.ErrorSev, fpath, err) return @@ -124,7 +126,7 @@ func TemplatesWithSkipSchemaValidation(linter *support.Linter, values map[string linter.RunLinterRule(support.ErrorSev, fpath, validateAllowedExtension(fileName)) // We only apply the following lint rules to yaml files - if filepath.Ext(fileName) != ".yaml" || filepath.Ext(fileName) == ".yml" { + if !isYamlFileExtension(fileName) { continue } @@ -333,6 +335,11 @@ func validateListAnnotations(yamlStruct *k8sYamlStruct, manifest string) error { return nil } +func isYamlFileExtension(fileName string) bool { + ext := strings.ToLower(filepath.Ext(fileName)) + return ext == ".yaml" || ext == ".yml" +} + // k8sYamlStruct stubs a Kubernetes YAML file. type k8sYamlStruct struct { APIVersion string `json:"apiVersion"` diff --git a/pkg/lint/rules/template_test.go b/internal/chart/v3/lint/rules/template_test.go similarity index 91% rename from pkg/lint/rules/template_test.go rename to internal/chart/v3/lint/rules/template_test.go index 787bd6e4b..0ffc92002 100644 --- a/pkg/lint/rules/template_test.go +++ b/internal/chart/v3/lint/rules/template_test.go @@ -22,10 +22,12 @@ import ( "path/filepath" "strings" "testing" + "time" - chart "helm.sh/helm/v4/pkg/chart/v2" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint/support" + chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/internal/chart/v3/lint/support" + chartutil "helm.sh/helm/v4/internal/chart/v3/util" + "helm.sh/helm/v4/pkg/chart/common" ) const templateTestBasedir = "./testdata/albatross" @@ -182,6 +184,7 @@ func TestValidateMetadataName(t *testing.T) { } func TestDeprecatedAPIFails(t *testing.T) { + modTime := time.Now() mychart := chart.Chart{ Metadata: &chart.Metadata{ APIVersion: "v2", @@ -189,14 +192,16 @@ func TestDeprecatedAPIFails(t *testing.T) { Version: "0.1.0", Icon: "satisfy-the-linting-gods.gif", }, - Templates: []*chart.File{ + Templates: []*common.File{ { - Name: "templates/baddeployment.yaml", - Data: []byte("apiVersion: apps/v1beta1\nkind: Deployment\nmetadata:\n name: baddep\nspec: {selector: {matchLabels: {foo: bar}}}"), + Name: "templates/baddeployment.yaml", + ModTime: modTime, + Data: []byte("apiVersion: apps/v1beta1\nkind: Deployment\nmetadata:\n name: baddep\nspec: {selector: {matchLabels: {foo: bar}}}"), }, { - Name: "templates/goodsecret.yaml", - Data: []byte("apiVersion: v1\nkind: Secret\nmetadata:\n name: goodsecret"), + Name: "templates/goodsecret.yaml", + ModTime: modTime, + Data: []byte("apiVersion: v1\nkind: Secret\nmetadata:\n name: goodsecret"), }, }, } @@ -249,10 +254,11 @@ func TestStrictTemplateParsingMapError(t *testing.T) { "key1": "val1", }, }, - Templates: []*chart.File{ + Templates: []*common.File{ { - Name: "templates/configmap.yaml", - Data: []byte(manifest), + Name: "templates/configmap.yaml", + ModTime: time.Now(), + Data: []byte(manifest), }, }, } @@ -378,10 +384,11 @@ func TestEmptyWithCommentsManifests(t *testing.T) { Version: "0.1.0", Icon: "satisfy-the-linting-gods.gif", }, - Templates: []*chart.File{ + Templates: []*common.File{ { - Name: "templates/empty-with-comments.yaml", - Data: []byte("#@formatter:off\n"), + Name: "templates/empty-with-comments.yaml", + ModTime: time.Now(), + Data: []byte("#@formatter:off\n"), }, }, } @@ -438,3 +445,23 @@ items: t.Fatalf("List objects keep annotations should pass. got: %s", err) } } + +func TestIsYamlFileExtension(t *testing.T) { + tests := []struct { + filename string + expected bool + }{ + {"test.yaml", true}, + {"test.yml", true}, + {"test.txt", false}, + {"test", false}, + } + + for _, test := range tests { + result := isYamlFileExtension(test.filename) + if result != test.expected { + t.Errorf("isYamlFileExtension(%s) = %v; want %v", test.filename, result, test.expected) + } + } + +} diff --git a/internal/chart/v3/lint/rules/testdata/albatross/Chart.yaml b/internal/chart/v3/lint/rules/testdata/albatross/Chart.yaml new file mode 100644 index 000000000..5e1ed515c --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/albatross/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v3 +name: albatross +description: testing chart +version: 199.44.12345-Alpha.1+cafe009 +icon: http://riverrun.io diff --git a/pkg/lint/rules/testdata/albatross/templates/_helpers.tpl b/internal/chart/v3/lint/rules/testdata/albatross/templates/_helpers.tpl similarity index 100% rename from pkg/lint/rules/testdata/albatross/templates/_helpers.tpl rename to internal/chart/v3/lint/rules/testdata/albatross/templates/_helpers.tpl diff --git a/pkg/lint/rules/testdata/albatross/templates/fail.yaml b/internal/chart/v3/lint/rules/testdata/albatross/templates/fail.yaml similarity index 100% rename from pkg/lint/rules/testdata/albatross/templates/fail.yaml rename to internal/chart/v3/lint/rules/testdata/albatross/templates/fail.yaml diff --git a/pkg/lint/rules/testdata/albatross/templates/svc.yaml b/internal/chart/v3/lint/rules/testdata/albatross/templates/svc.yaml similarity index 100% rename from pkg/lint/rules/testdata/albatross/templates/svc.yaml rename to internal/chart/v3/lint/rules/testdata/albatross/templates/svc.yaml diff --git a/pkg/lint/rules/testdata/albatross/values.yaml b/internal/chart/v3/lint/rules/testdata/albatross/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/albatross/values.yaml rename to internal/chart/v3/lint/rules/testdata/albatross/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/anotherbadchartfile/Chart.yaml b/internal/chart/v3/lint/rules/testdata/anotherbadchartfile/Chart.yaml new file mode 100644 index 000000000..8a598473b --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/anotherbadchartfile/Chart.yaml @@ -0,0 +1,15 @@ +name: "some-chart" +apiVersion: v3 +description: A Helm chart for Kubernetes +version: 72445e2 +home: "" +type: application +appVersion: 72225e2 +icon: "https://some-url.com/icon.jpeg" +dependencies: + - name: mariadb + version: 5.x.x + repository: https://charts.helm.sh/stable/ + condition: mariadb.enabled + tags: + - database diff --git a/pkg/lint/rules/testdata/badchartfile/Chart.yaml b/internal/chart/v3/lint/rules/testdata/badchartfile/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/badchartfile/Chart.yaml rename to internal/chart/v3/lint/rules/testdata/badchartfile/Chart.yaml diff --git a/pkg/lint/rules/testdata/badchartfile/values.yaml b/internal/chart/v3/lint/rules/testdata/badchartfile/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/badchartfile/values.yaml rename to internal/chart/v3/lint/rules/testdata/badchartfile/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/badchartname/Chart.yaml b/internal/chart/v3/lint/rules/testdata/badchartname/Chart.yaml new file mode 100644 index 000000000..41f452354 --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/badchartname/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v3 +description: A Helm chart for Kubernetes +version: 0.1.0 +name: "../badchartname" +type: application diff --git a/pkg/lint/rules/testdata/badchartname/values.yaml b/internal/chart/v3/lint/rules/testdata/badchartname/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/badchartname/values.yaml rename to internal/chart/v3/lint/rules/testdata/badchartname/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/badcrdfile/Chart.yaml b/internal/chart/v3/lint/rules/testdata/badcrdfile/Chart.yaml new file mode 100644 index 000000000..3bf007393 --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/badcrdfile/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v3 +description: A Helm chart for Kubernetes +version: 0.1.0 +name: badcrdfile +type: application +icon: http://riverrun.io diff --git a/pkg/lint/rules/testdata/badcrdfile/crds/bad-apiversion.yaml b/internal/chart/v3/lint/rules/testdata/badcrdfile/crds/bad-apiversion.yaml similarity index 100% rename from pkg/lint/rules/testdata/badcrdfile/crds/bad-apiversion.yaml rename to internal/chart/v3/lint/rules/testdata/badcrdfile/crds/bad-apiversion.yaml diff --git a/pkg/lint/rules/testdata/badcrdfile/crds/bad-crd.yaml b/internal/chart/v3/lint/rules/testdata/badcrdfile/crds/bad-crd.yaml similarity index 100% rename from pkg/lint/rules/testdata/badcrdfile/crds/bad-crd.yaml rename to internal/chart/v3/lint/rules/testdata/badcrdfile/crds/bad-crd.yaml diff --git a/pkg/lint/rules/testdata/badcrdfile/templates/.gitkeep b/internal/chart/v3/lint/rules/testdata/badcrdfile/templates/.gitkeep similarity index 100% rename from pkg/lint/rules/testdata/badcrdfile/templates/.gitkeep rename to internal/chart/v3/lint/rules/testdata/badcrdfile/templates/.gitkeep diff --git a/pkg/lint/rules/testdata/badcrdfile/values.yaml b/internal/chart/v3/lint/rules/testdata/badcrdfile/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/badcrdfile/values.yaml rename to internal/chart/v3/lint/rules/testdata/badcrdfile/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/badvaluesfile/Chart.yaml b/internal/chart/v3/lint/rules/testdata/badvaluesfile/Chart.yaml new file mode 100644 index 000000000..aace27e21 --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/badvaluesfile/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v3 +name: badvaluesfile +description: A Helm chart for Kubernetes +version: 0.0.1 +home: "" +icon: http://riverrun.io diff --git a/pkg/lint/rules/testdata/badvaluesfile/templates/badvaluesfile.yaml b/internal/chart/v3/lint/rules/testdata/badvaluesfile/templates/badvaluesfile.yaml similarity index 100% rename from pkg/lint/rules/testdata/badvaluesfile/templates/badvaluesfile.yaml rename to internal/chart/v3/lint/rules/testdata/badvaluesfile/templates/badvaluesfile.yaml diff --git a/pkg/lint/rules/testdata/badvaluesfile/values.yaml b/internal/chart/v3/lint/rules/testdata/badvaluesfile/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/badvaluesfile/values.yaml rename to internal/chart/v3/lint/rules/testdata/badvaluesfile/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/goodone/Chart.yaml b/internal/chart/v3/lint/rules/testdata/goodone/Chart.yaml new file mode 100644 index 000000000..bf8f5e309 --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/goodone/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v3 +name: goodone +description: good testing chart +version: 199.44.12345-Alpha.1+cafe009 +icon: http://riverrun.io diff --git a/pkg/lint/rules/testdata/goodone/crds/test-crd.yaml b/internal/chart/v3/lint/rules/testdata/goodone/crds/test-crd.yaml similarity index 100% rename from pkg/lint/rules/testdata/goodone/crds/test-crd.yaml rename to internal/chart/v3/lint/rules/testdata/goodone/crds/test-crd.yaml diff --git a/pkg/lint/rules/testdata/goodone/templates/goodone.yaml b/internal/chart/v3/lint/rules/testdata/goodone/templates/goodone.yaml similarity index 100% rename from pkg/lint/rules/testdata/goodone/templates/goodone.yaml rename to internal/chart/v3/lint/rules/testdata/goodone/templates/goodone.yaml diff --git a/pkg/lint/rules/testdata/goodone/values.yaml b/internal/chart/v3/lint/rules/testdata/goodone/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/goodone/values.yaml rename to internal/chart/v3/lint/rules/testdata/goodone/values.yaml diff --git a/pkg/lint/rules/testdata/invalidchartfile/Chart.yaml b/internal/chart/v3/lint/rules/testdata/invalidchartfile/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/invalidchartfile/Chart.yaml rename to internal/chart/v3/lint/rules/testdata/invalidchartfile/Chart.yaml diff --git a/pkg/lint/rules/testdata/invalidchartfile/values.yaml b/internal/chart/v3/lint/rules/testdata/invalidchartfile/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/invalidchartfile/values.yaml rename to internal/chart/v3/lint/rules/testdata/invalidchartfile/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/invalidcrdsdir/Chart.yaml b/internal/chart/v3/lint/rules/testdata/invalidcrdsdir/Chart.yaml new file mode 100644 index 000000000..0f6d1ee98 --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/invalidcrdsdir/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v3 +description: A Helm chart for Kubernetes +version: 0.1.0 +name: invalidcrdsdir +type: application +icon: http://riverrun.io diff --git a/pkg/lint/rules/testdata/invalidcrdsdir/crds b/internal/chart/v3/lint/rules/testdata/invalidcrdsdir/crds similarity index 100% rename from pkg/lint/rules/testdata/invalidcrdsdir/crds rename to internal/chart/v3/lint/rules/testdata/invalidcrdsdir/crds diff --git a/pkg/lint/rules/testdata/invalidcrdsdir/values.yaml b/internal/chart/v3/lint/rules/testdata/invalidcrdsdir/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/invalidcrdsdir/values.yaml rename to internal/chart/v3/lint/rules/testdata/invalidcrdsdir/values.yaml diff --git a/pkg/lint/rules/testdata/malformed-template/.helmignore b/internal/chart/v3/lint/rules/testdata/malformed-template/.helmignore similarity index 100% rename from pkg/lint/rules/testdata/malformed-template/.helmignore rename to internal/chart/v3/lint/rules/testdata/malformed-template/.helmignore diff --git a/internal/chart/v3/lint/rules/testdata/malformed-template/Chart.yaml b/internal/chart/v3/lint/rules/testdata/malformed-template/Chart.yaml new file mode 100644 index 000000000..d46b98cb5 --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/malformed-template/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v3 +name: test +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" +icon: https://riverrun.io \ No newline at end of file diff --git a/pkg/lint/rules/testdata/malformed-template/templates/bad.yaml b/internal/chart/v3/lint/rules/testdata/malformed-template/templates/bad.yaml similarity index 100% rename from pkg/lint/rules/testdata/malformed-template/templates/bad.yaml rename to internal/chart/v3/lint/rules/testdata/malformed-template/templates/bad.yaml diff --git a/pkg/lint/rules/testdata/malformed-template/values.yaml b/internal/chart/v3/lint/rules/testdata/malformed-template/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/malformed-template/values.yaml rename to internal/chart/v3/lint/rules/testdata/malformed-template/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/multi-template-fail/Chart.yaml b/internal/chart/v3/lint/rules/testdata/multi-template-fail/Chart.yaml new file mode 100644 index 000000000..bfb580bea --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/multi-template-fail/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v3 +name: multi-template-fail +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application and it is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/pkg/lint/rules/testdata/multi-template-fail/templates/multi-fail.yaml b/internal/chart/v3/lint/rules/testdata/multi-template-fail/templates/multi-fail.yaml similarity index 100% rename from pkg/lint/rules/testdata/multi-template-fail/templates/multi-fail.yaml rename to internal/chart/v3/lint/rules/testdata/multi-template-fail/templates/multi-fail.yaml diff --git a/internal/chart/v3/lint/rules/testdata/v3-fail/Chart.yaml b/internal/chart/v3/lint/rules/testdata/v3-fail/Chart.yaml new file mode 100644 index 000000000..2a29c33fa --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/v3-fail/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v3 +name: v3-fail +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application and it is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/pkg/lint/rules/testdata/v3-fail/templates/_helpers.tpl b/internal/chart/v3/lint/rules/testdata/v3-fail/templates/_helpers.tpl similarity index 100% rename from pkg/lint/rules/testdata/v3-fail/templates/_helpers.tpl rename to internal/chart/v3/lint/rules/testdata/v3-fail/templates/_helpers.tpl diff --git a/pkg/lint/rules/testdata/v3-fail/templates/deployment.yaml b/internal/chart/v3/lint/rules/testdata/v3-fail/templates/deployment.yaml similarity index 100% rename from pkg/lint/rules/testdata/v3-fail/templates/deployment.yaml rename to internal/chart/v3/lint/rules/testdata/v3-fail/templates/deployment.yaml diff --git a/pkg/lint/rules/testdata/v3-fail/templates/ingress.yaml b/internal/chart/v3/lint/rules/testdata/v3-fail/templates/ingress.yaml similarity index 100% rename from pkg/lint/rules/testdata/v3-fail/templates/ingress.yaml rename to internal/chart/v3/lint/rules/testdata/v3-fail/templates/ingress.yaml diff --git a/pkg/lint/rules/testdata/v3-fail/templates/service.yaml b/internal/chart/v3/lint/rules/testdata/v3-fail/templates/service.yaml similarity index 100% rename from pkg/lint/rules/testdata/v3-fail/templates/service.yaml rename to internal/chart/v3/lint/rules/testdata/v3-fail/templates/service.yaml diff --git a/pkg/lint/rules/testdata/v3-fail/values.yaml b/internal/chart/v3/lint/rules/testdata/v3-fail/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/v3-fail/values.yaml rename to internal/chart/v3/lint/rules/testdata/v3-fail/values.yaml diff --git a/internal/chart/v3/lint/rules/testdata/withsubchart/Chart.yaml b/internal/chart/v3/lint/rules/testdata/withsubchart/Chart.yaml new file mode 100644 index 000000000..fa15eabaf --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/withsubchart/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v3 +name: withsubchart +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" +icon: http://riverrun.io + +dependencies: + - name: subchart + version: 0.1.16 + repository: "file://../subchart" + import-values: + - child: subchart + parent: subchart + diff --git a/internal/chart/v3/lint/rules/testdata/withsubchart/charts/subchart/Chart.yaml b/internal/chart/v3/lint/rules/testdata/withsubchart/charts/subchart/Chart.yaml new file mode 100644 index 000000000..35b13e70d --- /dev/null +++ b/internal/chart/v3/lint/rules/testdata/withsubchart/charts/subchart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v3 +name: subchart +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/pkg/lint/rules/testdata/withsubchart/charts/subchart/templates/subchart.yaml b/internal/chart/v3/lint/rules/testdata/withsubchart/charts/subchart/templates/subchart.yaml similarity index 100% rename from pkg/lint/rules/testdata/withsubchart/charts/subchart/templates/subchart.yaml rename to internal/chart/v3/lint/rules/testdata/withsubchart/charts/subchart/templates/subchart.yaml diff --git a/pkg/lint/rules/testdata/withsubchart/charts/subchart/values.yaml b/internal/chart/v3/lint/rules/testdata/withsubchart/charts/subchart/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/withsubchart/charts/subchart/values.yaml rename to internal/chart/v3/lint/rules/testdata/withsubchart/charts/subchart/values.yaml diff --git a/pkg/lint/rules/testdata/withsubchart/templates/mainchart.yaml b/internal/chart/v3/lint/rules/testdata/withsubchart/templates/mainchart.yaml similarity index 100% rename from pkg/lint/rules/testdata/withsubchart/templates/mainchart.yaml rename to internal/chart/v3/lint/rules/testdata/withsubchart/templates/mainchart.yaml diff --git a/pkg/lint/rules/testdata/withsubchart/values.yaml b/internal/chart/v3/lint/rules/testdata/withsubchart/values.yaml similarity index 100% rename from pkg/lint/rules/testdata/withsubchart/values.yaml rename to internal/chart/v3/lint/rules/testdata/withsubchart/values.yaml diff --git a/internal/chart/v3/lint/rules/values.go b/internal/chart/v3/lint/rules/values.go new file mode 100644 index 000000000..0af9765dd --- /dev/null +++ b/internal/chart/v3/lint/rules/values.go @@ -0,0 +1,84 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules + +import ( + "fmt" + "os" + "path/filepath" + + "helm.sh/helm/v4/internal/chart/v3/lint/support" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" +) + +// ValuesWithOverrides tests the values.yaml file. +// +// If a schema is present in the chart, values are tested against that. Otherwise, +// they are only tested for well-formedness. +// +// If additional values are supplied, they are coalesced into the values in values.yaml. +func ValuesWithOverrides(linter *support.Linter, valueOverrides map[string]interface{}, skipSchemaValidation bool) { + file := "values.yaml" + vf := filepath.Join(linter.ChartDir, file) + fileExists := linter.RunLinterRule(support.InfoSev, file, validateValuesFileExistence(vf)) + + if !fileExists { + return + } + + linter.RunLinterRule(support.ErrorSev, file, validateValuesFile(vf, valueOverrides, skipSchemaValidation)) +} + +func validateValuesFileExistence(valuesPath string) error { + _, err := os.Stat(valuesPath) + if err != nil { + return fmt.Errorf("file does not exist") + } + return nil +} + +func validateValuesFile(valuesPath string, overrides map[string]interface{}, skipSchemaValidation bool) error { + values, err := common.ReadValuesFile(valuesPath) + if err != nil { + return fmt.Errorf("unable to parse YAML: %w", err) + } + + // Helm 3.0.0 carried over the values linting from Helm 2.x, which only tests the top + // level values against the top-level expectations. Subchart values are not linted. + // We could change that. For now, though, we retain that strategy, and thus can + // coalesce tables (like reuse-values does) instead of doing the full chart + // CoalesceValues + coalescedValues := util.CoalesceTables(make(map[string]interface{}, len(overrides)), overrides) + coalescedValues = util.CoalesceTables(coalescedValues, values) + + ext := filepath.Ext(valuesPath) + schemaPath := valuesPath[:len(valuesPath)-len(ext)] + ".schema.json" + schema, err := os.ReadFile(schemaPath) + if len(schema) == 0 { + return nil + } + if err != nil { + return err + } + + if !skipSchemaValidation { + return util.ValidateAgainstSingleSchema(coalescedValues, schema) + } + + return nil +} diff --git a/pkg/lint/rules/values_test.go b/internal/chart/v3/lint/rules/values_test.go similarity index 82% rename from pkg/lint/rules/values_test.go rename to internal/chart/v3/lint/rules/values_test.go index 348695785..288b77436 100644 --- a/pkg/lint/rules/values_test.go +++ b/internal/chart/v3/lint/rules/values_test.go @@ -67,7 +67,7 @@ func TestValidateValuesFileWellFormed(t *testing.T) { ` tmpdir := ensure.TempFile(t, "values.yaml", []byte(badYaml)) valfile := filepath.Join(tmpdir, "values.yaml") - if err := validateValuesFile(valfile, map[string]interface{}{}); err == nil { + if err := validateValuesFile(valfile, map[string]interface{}{}, false); err == nil { t.Fatal("expected values file to fail parsing") } } @@ -78,7 +78,7 @@ func TestValidateValuesFileSchema(t *testing.T) { createTestingSchema(t, tmpdir) valfile := filepath.Join(tmpdir, "values.yaml") - if err := validateValuesFile(valfile, map[string]interface{}{}); err != nil { + if err := validateValuesFile(valfile, map[string]interface{}{}, false); err != nil { t.Fatalf("Failed validation with %s", err) } } @@ -91,7 +91,7 @@ func TestValidateValuesFileSchemaFailure(t *testing.T) { valfile := filepath.Join(tmpdir, "values.yaml") - err := validateValuesFile(valfile, map[string]interface{}{}) + err := validateValuesFile(valfile, map[string]interface{}{}, false) if err == nil { t.Fatal("expected values file to fail parsing") } @@ -99,6 +99,20 @@ func TestValidateValuesFileSchemaFailure(t *testing.T) { assert.Contains(t, err.Error(), "- at '/username': got number, want string") } +func TestValidateValuesFileSchemaFailureButWithSkipSchemaValidation(t *testing.T) { + // 1234 is an int, not a string. This should fail normally but pass with skipSchemaValidation. + yaml := "username: 1234\npassword: swordfish" + tmpdir := ensure.TempFile(t, "values.yaml", []byte(yaml)) + createTestingSchema(t, tmpdir) + + valfile := filepath.Join(tmpdir, "values.yaml") + + err := validateValuesFile(valfile, map[string]interface{}{}, true) + if err != nil { + t.Fatal("expected values file to pass parsing because of skipSchemaValidation") + } +} + func TestValidateValuesFileSchemaOverrides(t *testing.T) { yaml := "username: admin" overrides := map[string]interface{}{ @@ -108,7 +122,7 @@ func TestValidateValuesFileSchemaOverrides(t *testing.T) { createTestingSchema(t, tmpdir) valfile := filepath.Join(tmpdir, "values.yaml") - if err := validateValuesFile(valfile, overrides); err != nil { + if err := validateValuesFile(valfile, overrides, false); err != nil { t.Fatalf("Failed validation with %s", err) } } @@ -145,7 +159,7 @@ func TestValidateValuesFile(t *testing.T) { valfile := filepath.Join(tmpdir, "values.yaml") - err := validateValuesFile(valfile, tt.overrides) + err := validateValuesFile(valfile, tt.overrides, false) switch { case err != nil && tt.errorMessage == "": diff --git a/internal/chart/v3/util/errors_test.go b/internal/chart/v3/lint/support/doc.go similarity index 67% rename from internal/chart/v3/util/errors_test.go rename to internal/chart/v3/lint/support/doc.go index b8ae86384..2d54a9b7d 100644 --- a/internal/chart/v3/util/errors_test.go +++ b/internal/chart/v3/lint/support/doc.go @@ -14,24 +14,10 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util - -import ( - "testing" -) - -func TestErrorNoTableDoesNotPanic(t *testing.T) { - x := "empty" - - y := ErrNoTable{x} - - t.Logf("error is: %s", y) -} - -func TestErrorNoValueDoesNotPanic(t *testing.T) { - x := "empty" - - y := ErrNoValue{x} +/* +Package support contains tools for linting charts. - t.Logf("error is: %s", y) -} +Linting is the process of testing charts for errors or warnings regarding +formatting, compilation, or standards compliance. +*/ +package support // import "helm.sh/helm/v4/internal/chart/v3/lint/support" diff --git a/pkg/lint/support/message.go b/internal/chart/v3/lint/support/message.go similarity index 100% rename from pkg/lint/support/message.go rename to internal/chart/v3/lint/support/message.go diff --git a/pkg/lint/support/message_test.go b/internal/chart/v3/lint/support/message_test.go similarity index 100% rename from pkg/lint/support/message_test.go rename to internal/chart/v3/lint/support/message_test.go diff --git a/internal/chart/v3/loader/archive.go b/internal/chart/v3/loader/archive.go index 311959d56..358c2ce4d 100644 --- a/internal/chart/v3/loader/archive.go +++ b/internal/chart/v3/loader/archive.go @@ -17,32 +17,16 @@ limitations under the License. package loader import ( - "archive/tar" - "bytes" "compress/gzip" "errors" "fmt" "io" - "net/http" "os" - "path" - "regexp" - "strings" chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/pkg/chart/loader/archive" ) -// MaxDecompressedChartSize is the maximum size of a chart archive that will be -// decompressed. This is the decompressed size of all the files. -// The default value is 100 MiB. -var MaxDecompressedChartSize int64 = 100 * 1024 * 1024 // Default 100 MiB - -// MaxDecompressedFileSize is the size of the largest file that Helm will attempt to load. -// The size of the file is the decompressed version of it when it is stored in an archive. -var MaxDecompressedFileSize int64 = 5 * 1024 * 1024 // Default 5 MiB - -var drivePathPattern = regexp.MustCompile(`^[a-zA-Z]:/`) - // FileLoader loads a chart from a file type FileLoader string @@ -65,7 +49,7 @@ func LoadFile(name string) (*chart.Chart, error) { } defer raw.Close() - err = ensureArchive(name, raw) + err = archive.EnsureArchive(name, raw) if err != nil { return nil, err } @@ -79,153 +63,9 @@ func LoadFile(name string) (*chart.Chart, error) { return c, err } -// ensureArchive's job is to return an informative error if the file does not appear to be a gzipped archive. -// -// Sometimes users will provide a values.yaml for an argument where a chart is expected. One common occurrence -// of this is invoking `helm template values.yaml mychart` which would otherwise produce a confusing error -// if we didn't check for this. -func ensureArchive(name string, raw *os.File) error { - defer raw.Seek(0, 0) // reset read offset to allow archive loading to proceed. - - // Check the file format to give us a chance to provide the user with more actionable feedback. - buffer := make([]byte, 512) - _, err := raw.Read(buffer) - if err != nil && err != io.EOF { - return fmt.Errorf("file '%s' cannot be read: %s", name, err) - } - - // Helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject. - // Fix for: https://github.com/helm/helm/issues/12261 - if contentType := http.DetectContentType(buffer); contentType != "application/x-gzip" && !isGZipApplication(buffer) { - // TODO: Is there a way to reliably test if a file content is YAML? ghodss/yaml accepts a wide - // variety of content (Makefile, .zshrc) as valid YAML without errors. - - // Wrong content type. Let's check if it's yaml and give an extra hint? - if strings.HasSuffix(name, ".yml") || strings.HasSuffix(name, ".yaml") { - return fmt.Errorf("file '%s' seems to be a YAML file, but expected a gzipped archive", name) - } - return fmt.Errorf("file '%s' does not appear to be a gzipped archive; got '%s'", name, contentType) - } - return nil -} - -// isGZipApplication checks whether the archive is of the application/x-gzip type. -func isGZipApplication(data []byte) bool { - sig := []byte("\x1F\x8B\x08") - return bytes.HasPrefix(data, sig) -} - -// LoadArchiveFiles reads in files out of an archive into memory. This function -// performs important path security checks and should always be used before -// expanding a tarball -func LoadArchiveFiles(in io.Reader) ([]*BufferedFile, error) { - unzipped, err := gzip.NewReader(in) - if err != nil { - return nil, err - } - defer unzipped.Close() - - files := []*BufferedFile{} - tr := tar.NewReader(unzipped) - remainingSize := MaxDecompressedChartSize - for { - b := bytes.NewBuffer(nil) - hd, err := tr.Next() - if err == io.EOF { - break - } - if err != nil { - return nil, err - } - - if hd.FileInfo().IsDir() { - // Use this instead of hd.Typeflag because we don't have to do any - // inference chasing. - continue - } - - switch hd.Typeflag { - // We don't want to process these extension header files. - case tar.TypeXGlobalHeader, tar.TypeXHeader: - continue - } - - // Archive could contain \ if generated on Windows - delimiter := "/" - if strings.ContainsRune(hd.Name, '\\') { - delimiter = "\\" - } - - parts := strings.Split(hd.Name, delimiter) - n := strings.Join(parts[1:], delimiter) - - // Normalize the path to the / delimiter - n = strings.ReplaceAll(n, delimiter, "/") - - if path.IsAbs(n) { - return nil, errors.New("chart illegally contains absolute paths") - } - - n = path.Clean(n) - if n == "." { - // In this case, the original path was relative when it should have been absolute. - return nil, fmt.Errorf("chart illegally contains content outside the base directory: %q", hd.Name) - } - if strings.HasPrefix(n, "..") { - return nil, errors.New("chart illegally references parent directory") - } - - // In some particularly arcane acts of path creativity, it is possible to intermix - // UNIX and Windows style paths in such a way that you produce a result of the form - // c:/foo even after all the built-in absolute path checks. So we explicitly check - // for this condition. - if drivePathPattern.MatchString(n) { - return nil, errors.New("chart contains illegally named files") - } - - if parts[0] == "Chart.yaml" { - return nil, errors.New("chart yaml not in base directory") - } - - if hd.Size > remainingSize { - return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize) - } - - if hd.Size > MaxDecompressedFileSize { - return nil, fmt.Errorf("decompressed chart file %q is larger than the maximum file size %d", hd.Name, MaxDecompressedFileSize) - } - - limitedReader := io.LimitReader(tr, remainingSize) - - bytesWritten, err := io.Copy(b, limitedReader) - if err != nil { - return nil, err - } - - remainingSize -= bytesWritten - // When the bytesWritten are less than the file size it means the limit reader ended - // copying early. Here we report that error. This is important if the last file extracted - // is the one that goes over the limit. It assumes the Size stored in the tar header - // is correct, something many applications do. - if bytesWritten < hd.Size || remainingSize <= 0 { - return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize) - } - - data := bytes.TrimPrefix(b.Bytes(), utf8bom) - - files = append(files, &BufferedFile{Name: n, Data: data}) - b.Reset() - } - - if len(files) == 0 { - return nil, errors.New("no files in chart archive") - } - return files, nil -} - // LoadArchive loads from a reader containing a compressed tar archive. func LoadArchive(in io.Reader) (*chart.Chart, error) { - files, err := LoadArchiveFiles(in) + files, err := archive.LoadArchiveFiles(in) if err != nil { return nil, err } diff --git a/internal/chart/v3/loader/directory.go b/internal/chart/v3/loader/directory.go index 947051604..dfe3af3b2 100644 --- a/internal/chart/v3/loader/directory.go +++ b/internal/chart/v3/loader/directory.go @@ -25,6 +25,7 @@ import ( chart "helm.sh/helm/v4/internal/chart/v3" "helm.sh/helm/v4/internal/sympath" + "helm.sh/helm/v4/pkg/chart/loader/archive" "helm.sh/helm/v4/pkg/ignore" ) @@ -61,7 +62,7 @@ func LoadDir(dir string) (*chart.Chart, error) { } rules.AddDefaults() - files := []*BufferedFile{} + files := []*archive.BufferedFile{} topdir += string(filepath.Separator) walk := func(name string, fi os.FileInfo, err error) error { @@ -99,8 +100,8 @@ func LoadDir(dir string) (*chart.Chart, error) { return fmt.Errorf("cannot load irregular file %s as it has file mode type bits set", name) } - if fi.Size() > MaxDecompressedFileSize { - return fmt.Errorf("chart file %q is larger than the maximum file size %d", fi.Name(), MaxDecompressedFileSize) + if fi.Size() > archive.MaxDecompressedFileSize { + return fmt.Errorf("chart file %q is larger than the maximum file size %d", fi.Name(), archive.MaxDecompressedFileSize) } data, err := os.ReadFile(name) @@ -110,7 +111,7 @@ func LoadDir(dir string) (*chart.Chart, error) { data = bytes.TrimPrefix(data, utf8bom) - files = append(files, &BufferedFile{Name: n, Data: data}) + files = append(files, &archive.BufferedFile{Name: n, ModTime: fi.ModTime(), Data: data}) return nil } if err = sympath.Walk(topdir, walk); err != nil { diff --git a/internal/chart/v3/loader/load.go b/internal/chart/v3/loader/load.go index 30bafdad4..1c5b4cad1 100644 --- a/internal/chart/v3/loader/load.go +++ b/internal/chart/v3/loader/load.go @@ -25,12 +25,15 @@ import ( "maps" "os" "path/filepath" + "slices" "strings" utilyaml "k8s.io/apimachinery/pkg/util/yaml" "sigs.k8s.io/yaml" chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/loader/archive" ) // ChartLoader loads a chart. @@ -65,21 +68,16 @@ func Load(name string) (*chart.Chart, error) { return l.Load() } -// BufferedFile represents an archive file buffered for later processing. -type BufferedFile struct { - Name string - Data []byte -} - // LoadFiles loads from in-memory files. -func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { +func LoadFiles(files []*archive.BufferedFile) (*chart.Chart, error) { c := new(chart.Chart) - subcharts := make(map[string][]*BufferedFile) + subcharts := make(map[string][]*archive.BufferedFile) + var subChartsKeys []string // do not rely on assumed ordering of files in the chart and crash // if Chart.yaml was not coming early enough to initialize metadata for _, f := range files { - c.Raw = append(c.Raw, &chart.File{Name: f.Name, Data: f.Data}) + c.Raw = append(c.Raw, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) if f.Name == "Chart.yaml" { if c.Metadata == nil { c.Metadata = new(chart.Metadata) @@ -93,6 +91,7 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { if c.Metadata.APIVersion == "" { c.Metadata.APIVersion = chart.APIVersionV3 } + c.ModTime = f.ModTime } } for _, f := range files { @@ -113,20 +112,24 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { c.Values = values case f.Name == "values.schema.json": c.Schema = f.Data + c.SchemaModTime = f.ModTime case strings.HasPrefix(f.Name, "templates/"): - c.Templates = append(c.Templates, &chart.File{Name: f.Name, Data: f.Data}) + c.Templates = append(c.Templates, &common.File{Name: f.Name, Data: f.Data, ModTime: f.ModTime}) case strings.HasPrefix(f.Name, "charts/"): if filepath.Ext(f.Name) == ".prov" { - c.Files = append(c.Files, &chart.File{Name: f.Name, Data: f.Data}) + c.Files = append(c.Files, &common.File{Name: f.Name, Data: f.Data, ModTime: f.ModTime}) continue } fname := strings.TrimPrefix(f.Name, "charts/") cname := strings.SplitN(fname, "/", 2)[0] - subcharts[cname] = append(subcharts[cname], &BufferedFile{Name: fname, Data: f.Data}) + if slices.Index(subChartsKeys, cname) == -1 { + subChartsKeys = append(subChartsKeys, cname) + } + subcharts[cname] = append(subcharts[cname], &archive.BufferedFile{Name: fname, ModTime: f.ModTime, Data: f.Data}) default: - c.Files = append(c.Files, &chart.File{Name: f.Name, Data: f.Data}) + c.Files = append(c.Files, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) } } @@ -154,7 +157,7 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { default: // We have to trim the prefix off of every file, and ignore any file // that is in charts/, but isn't actually a chart. - buff := make([]*BufferedFile, 0, len(files)) + buff := make([]*archive.BufferedFile, 0, len(files)) for _, f := range files { parts := strings.SplitN(f.Name, "/", 2) if len(parts) < 2 { diff --git a/internal/chart/v3/loader/load_test.go b/internal/chart/v3/loader/load_test.go index e770923ff..f91005bf6 100644 --- a/internal/chart/v3/loader/load_test.go +++ b/internal/chart/v3/loader/load_test.go @@ -31,6 +31,8 @@ import ( "time" chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/loader/archive" ) func TestLoadDir(t *testing.T) { @@ -182,9 +184,11 @@ func TestLoadFile(t *testing.T) { } func TestLoadFiles(t *testing.T) { - goodFiles := []*BufferedFile{ + modTime := time.Now() + goodFiles := []*archive.BufferedFile{ { - Name: "Chart.yaml", + Name: "Chart.yaml", + ModTime: modTime, Data: []byte(`apiVersion: v3 name: frobnitz description: This is a frobnitz. @@ -205,20 +209,24 @@ icon: https://example.com/64x64.png `), }, { - Name: "values.yaml", - Data: []byte("var: some values"), + Name: "values.yaml", + ModTime: modTime, + Data: []byte("var: some values"), }, { - Name: "values.schema.json", - Data: []byte("type: Values"), + Name: "values.schema.json", + ModTime: modTime, + Data: []byte("type: Values"), }, { - Name: "templates/deployment.yaml", - Data: []byte("some deployment"), + Name: "templates/deployment.yaml", + ModTime: modTime, + Data: []byte("some deployment"), }, { - Name: "templates/service.yaml", - Data: []byte("some service"), + Name: "templates/service.yaml", + ModTime: modTime, + Data: []byte("some service"), }, } @@ -247,7 +255,7 @@ icon: https://example.com/64x64.png t.Errorf("Expected number of templates == 2, got %d", len(c.Templates)) } - if _, err = LoadFiles([]*BufferedFile{}); err == nil { + if _, err = LoadFiles([]*archive.BufferedFile{}); err == nil { t.Fatal("Expected err to be non-nil") } if err.Error() != "Chart.yaml file is missing" { @@ -258,26 +266,32 @@ icon: https://example.com/64x64.png // Test the order of file loading. The Chart.yaml file needs to come first for // later comparison checks. See https://github.com/helm/helm/pull/8948 func TestLoadFilesOrder(t *testing.T) { - goodFiles := []*BufferedFile{ + modTime := time.Now() + goodFiles := []*archive.BufferedFile{ { - Name: "requirements.yaml", - Data: []byte("dependencies:"), + Name: "requirements.yaml", + ModTime: modTime, + Data: []byte("dependencies:"), }, { - Name: "values.yaml", - Data: []byte("var: some values"), + Name: "values.yaml", + ModTime: modTime, + Data: []byte("var: some values"), }, { - Name: "templates/deployment.yaml", - Data: []byte("some deployment"), + Name: "templates/deployment.yaml", + ModTime: modTime, + Data: []byte("some deployment"), }, { - Name: "templates/service.yaml", - Data: []byte("some service"), + Name: "templates/service.yaml", + ModTime: modTime, + Data: []byte("some service"), }, { - Name: "Chart.yaml", + Name: "Chart.yaml", + ModTime: modTime, Data: []byte(`apiVersion: v3 name: frobnitz description: This is a frobnitz. @@ -491,7 +505,7 @@ foo: } } -func TestMergeValues(t *testing.T) { +func TestMergeValuesV3(t *testing.T) { nestedMap := map[string]interface{}{ "foo": "bar", "baz": map[string]string{ @@ -701,7 +715,7 @@ func verifyChartFileAndTemplate(t *testing.T, c *chart.Chart, name string) { } } -func verifyBomStripped(t *testing.T, files []*chart.File) { +func verifyBomStripped(t *testing.T, files []*common.File) { t.Helper() for _, file := range files { if bytes.HasPrefix(file.Data, utf8bom) { diff --git a/internal/chart/v3/util/capabilities.go b/internal/chart/v3/util/capabilities.go deleted file mode 100644 index 23b6d46fa..000000000 --- a/internal/chart/v3/util/capabilities.go +++ /dev/null @@ -1,122 +0,0 @@ -/* -Copyright The Helm Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "fmt" - "slices" - "strconv" - - "github.com/Masterminds/semver/v3" - "k8s.io/client-go/kubernetes/scheme" - - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" - - helmversion "helm.sh/helm/v4/internal/version" -) - -var ( - // The Kubernetes version can be set by LDFLAGS. In order to do that the value - // must be a string. - k8sVersionMajor = "1" - k8sVersionMinor = "20" - - // DefaultVersionSet is the default version set, which includes only Core V1 ("v1"). - DefaultVersionSet = allKnownVersions() - - // DefaultCapabilities is the default set of capabilities. - DefaultCapabilities = &Capabilities{ - KubeVersion: KubeVersion{ - Version: fmt.Sprintf("v%s.%s.0", k8sVersionMajor, k8sVersionMinor), - Major: k8sVersionMajor, - Minor: k8sVersionMinor, - }, - APIVersions: DefaultVersionSet, - HelmVersion: helmversion.Get(), - } -) - -// Capabilities describes the capabilities of the Kubernetes cluster. -type Capabilities struct { - // KubeVersion is the Kubernetes version. - KubeVersion KubeVersion - // APIVersions are supported Kubernetes API versions. - APIVersions VersionSet - // HelmVersion is the build information for this helm version - HelmVersion helmversion.BuildInfo -} - -func (capabilities *Capabilities) Copy() *Capabilities { - return &Capabilities{ - KubeVersion: capabilities.KubeVersion, - APIVersions: capabilities.APIVersions, - HelmVersion: capabilities.HelmVersion, - } -} - -// KubeVersion is the Kubernetes version. -type KubeVersion struct { - Version string // Kubernetes version - Major string // Kubernetes major version - Minor string // Kubernetes minor version -} - -// String implements fmt.Stringer -func (kv *KubeVersion) String() string { return kv.Version } - -// GitVersion returns the Kubernetes version string. -// -// Deprecated: use KubeVersion.Version. -func (kv *KubeVersion) GitVersion() string { return kv.Version } - -// ParseKubeVersion parses kubernetes version from string -func ParseKubeVersion(version string) (*KubeVersion, error) { - sv, err := semver.NewVersion(version) - if err != nil { - return nil, err - } - return &KubeVersion{ - Version: "v" + sv.String(), - Major: strconv.FormatUint(sv.Major(), 10), - Minor: strconv.FormatUint(sv.Minor(), 10), - }, nil -} - -// VersionSet is a set of Kubernetes API versions. -type VersionSet []string - -// Has returns true if the version string is in the set. -// -// vs.Has("apps/v1") -func (v VersionSet) Has(apiVersion string) bool { - return slices.Contains(v, apiVersion) -} - -func allKnownVersions() VersionSet { - // We should register the built in extension APIs as well so CRDs are - // supported in the default version set. This has caused problems with `helm - // template` in the past, so let's be safe - apiextensionsv1beta1.AddToScheme(scheme.Scheme) - apiextensionsv1.AddToScheme(scheme.Scheme) - - groups := scheme.Scheme.PrioritizedVersionsAllGroups() - vs := make(VersionSet, 0, len(groups)) - for _, gv := range groups { - vs = append(vs, gv.String()) - } - return vs -} diff --git a/internal/chart/v3/util/capabilities_test.go b/internal/chart/v3/util/capabilities_test.go deleted file mode 100644 index aa9be9db8..000000000 --- a/internal/chart/v3/util/capabilities_test.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright The Helm Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "testing" -) - -func TestVersionSet(t *testing.T) { - vs := VersionSet{"v1", "apps/v1"} - if d := len(vs); d != 2 { - t.Errorf("Expected 2 versions, got %d", d) - } - - if !vs.Has("apps/v1") { - t.Error("Expected to find apps/v1") - } - - if vs.Has("Spanish/inquisition") { - t.Error("No one expects the Spanish/inquisition") - } -} - -func TestDefaultVersionSet(t *testing.T) { - if !DefaultVersionSet.Has("v1") { - t.Error("Expected core v1 version set") - } -} - -func TestDefaultCapabilities(t *testing.T) { - kv := DefaultCapabilities.KubeVersion - if kv.String() != "v1.20.0" { - t.Errorf("Expected default KubeVersion.String() to be v1.20.0, got %q", kv.String()) - } - if kv.Version != "v1.20.0" { - t.Errorf("Expected default KubeVersion.Version to be v1.20.0, got %q", kv.Version) - } - if kv.GitVersion() != "v1.20.0" { - t.Errorf("Expected default KubeVersion.GitVersion() to be v1.20.0, got %q", kv.Version) - } - if kv.Major != "1" { - t.Errorf("Expected default KubeVersion.Major to be 1, got %q", kv.Major) - } - if kv.Minor != "20" { - t.Errorf("Expected default KubeVersion.Minor to be 20, got %q", kv.Minor) - } -} - -func TestDefaultCapabilitiesHelmVersion(t *testing.T) { - hv := DefaultCapabilities.HelmVersion - - if hv.Version != "v4.0" { - t.Errorf("Expected default HelmVersion to be v4.0, got %q", hv.Version) - } -} - -func TestParseKubeVersion(t *testing.T) { - kv, err := ParseKubeVersion("v1.16.0") - if err != nil { - t.Errorf("Expected v1.16.0 to parse successfully") - } - if kv.Version != "v1.16.0" { - t.Errorf("Expected parsed KubeVersion.Version to be v1.16.0, got %q", kv.String()) - } - if kv.Major != "1" { - t.Errorf("Expected parsed KubeVersion.Major to be 1, got %q", kv.Major) - } - if kv.Minor != "16" { - t.Errorf("Expected parsed KubeVersion.Minor to be 16, got %q", kv.Minor) - } -} diff --git a/internal/chart/v3/util/coalesce_test.go b/internal/chart/v3/util/coalesce_test.go deleted file mode 100644 index 4770b601d..000000000 --- a/internal/chart/v3/util/coalesce_test.go +++ /dev/null @@ -1,723 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "encoding/json" - "fmt" - "maps" - "testing" - - "github.com/stretchr/testify/assert" - - chart "helm.sh/helm/v4/internal/chart/v3" -) - -// ref: http://www.yaml.org/spec/1.2/spec.html#id2803362 -var testCoalesceValuesYaml = []byte(` -top: yup -bottom: null -right: Null -left: NULL -front: ~ -back: "" -nested: - boat: null - -global: - name: Ishmael - subject: Queequeg - nested: - boat: true - -pequod: - boat: null - global: - name: Stinky - harpooner: Tashtego - nested: - boat: false - sail: true - foo2: null - ahab: - scope: whale - boat: null - nested: - foo: true - boat: null - object: null -`) - -func withDeps(c *chart.Chart, deps ...*chart.Chart) *chart.Chart { - c.AddDependency(deps...) - return c -} - -func TestCoalesceValues(t *testing.T) { - is := assert.New(t) - - c := withDeps(&chart.Chart{ - Metadata: &chart.Metadata{Name: "moby"}, - Values: map[string]interface{}{ - "back": "exists", - "bottom": "exists", - "front": "exists", - "left": "exists", - "name": "moby", - "nested": map[string]interface{}{"boat": true}, - "override": "bad", - "right": "exists", - "scope": "moby", - "top": "nope", - "global": map[string]interface{}{ - "nested2": map[string]interface{}{"l0": "moby"}, - }, - "pequod": map[string]interface{}{ - "boat": "maybe", - "ahab": map[string]interface{}{ - "boat": "maybe", - "nested": map[string]interface{}{"boat": "maybe"}, - }, - }, - }, - }, - withDeps(&chart.Chart{ - Metadata: &chart.Metadata{Name: "pequod"}, - Values: map[string]interface{}{ - "name": "pequod", - "scope": "pequod", - "global": map[string]interface{}{ - "nested2": map[string]interface{}{"l1": "pequod"}, - }, - "boat": false, - "ahab": map[string]interface{}{ - "boat": false, - "nested": map[string]interface{}{"boat": false}, - }, - }, - }, - &chart.Chart{ - Metadata: &chart.Metadata{Name: "ahab"}, - Values: map[string]interface{}{ - "global": map[string]interface{}{ - "nested": map[string]interface{}{"foo": "bar", "foo2": "bar2"}, - "nested2": map[string]interface{}{"l2": "ahab"}, - }, - "scope": "ahab", - "name": "ahab", - "boat": true, - "nested": map[string]interface{}{"foo": false, "boat": true}, - "object": map[string]interface{}{"foo": "bar"}, - }, - }, - ), - &chart.Chart{ - Metadata: &chart.Metadata{Name: "spouter"}, - Values: map[string]interface{}{ - "scope": "spouter", - "global": map[string]interface{}{ - "nested2": map[string]interface{}{"l1": "spouter"}, - }, - }, - }, - ) - - vals, err := ReadValues(testCoalesceValuesYaml) - if err != nil { - t.Fatal(err) - } - - // taking a copy of the values before passing it - // to CoalesceValues as argument, so that we can - // use it for asserting later - valsCopy := make(Values, len(vals)) - maps.Copy(valsCopy, vals) - - v, err := CoalesceValues(c, vals) - if err != nil { - t.Fatal(err) - } - j, _ := json.MarshalIndent(v, "", " ") - t.Logf("Coalesced Values: %s", string(j)) - - tests := []struct { - tpl string - expect string - }{ - {"{{.top}}", "yup"}, - {"{{.back}}", ""}, - {"{{.name}}", "moby"}, - {"{{.global.name}}", "Ishmael"}, - {"{{.global.subject}}", "Queequeg"}, - {"{{.global.harpooner}}", ""}, - {"{{.pequod.name}}", "pequod"}, - {"{{.pequod.ahab.name}}", "ahab"}, - {"{{.pequod.ahab.scope}}", "whale"}, - {"{{.pequod.ahab.nested.foo}}", "true"}, - {"{{.pequod.ahab.global.name}}", "Ishmael"}, - {"{{.pequod.ahab.global.nested.foo}}", "bar"}, - {"{{.pequod.ahab.global.nested.foo2}}", ""}, - {"{{.pequod.ahab.global.subject}}", "Queequeg"}, - {"{{.pequod.ahab.global.harpooner}}", "Tashtego"}, - {"{{.pequod.global.name}}", "Ishmael"}, - {"{{.pequod.global.nested.foo}}", ""}, - {"{{.pequod.global.subject}}", "Queequeg"}, - {"{{.spouter.global.name}}", "Ishmael"}, - {"{{.spouter.global.harpooner}}", ""}, - - {"{{.global.nested.boat}}", "true"}, - {"{{.pequod.global.nested.boat}}", "true"}, - {"{{.spouter.global.nested.boat}}", "true"}, - {"{{.pequod.global.nested.sail}}", "true"}, - {"{{.spouter.global.nested.sail}}", ""}, - - {"{{.global.nested2.l0}}", "moby"}, - {"{{.global.nested2.l1}}", ""}, - {"{{.global.nested2.l2}}", ""}, - {"{{.pequod.global.nested2.l0}}", "moby"}, - {"{{.pequod.global.nested2.l1}}", "pequod"}, - {"{{.pequod.global.nested2.l2}}", ""}, - {"{{.pequod.ahab.global.nested2.l0}}", "moby"}, - {"{{.pequod.ahab.global.nested2.l1}}", "pequod"}, - {"{{.pequod.ahab.global.nested2.l2}}", "ahab"}, - {"{{.spouter.global.nested2.l0}}", "moby"}, - {"{{.spouter.global.nested2.l1}}", "spouter"}, - {"{{.spouter.global.nested2.l2}}", ""}, - } - - for _, tt := range tests { - if o, err := ttpl(tt.tpl, v); err != nil || o != tt.expect { - t.Errorf("Expected %q to expand to %q, got %q", tt.tpl, tt.expect, o) - } - } - - nullKeys := []string{"bottom", "right", "left", "front"} - for _, nullKey := range nullKeys { - if _, ok := v[nullKey]; ok { - t.Errorf("Expected key %q to be removed, still present", nullKey) - } - } - - if _, ok := v["nested"].(map[string]interface{})["boat"]; ok { - t.Error("Expected nested boat key to be removed, still present") - } - - subchart := v["pequod"].(map[string]interface{}) - if _, ok := subchart["boat"]; ok { - t.Error("Expected subchart boat key to be removed, still present") - } - - subsubchart := subchart["ahab"].(map[string]interface{}) - if _, ok := subsubchart["boat"]; ok { - t.Error("Expected sub-subchart ahab boat key to be removed, still present") - } - - if _, ok := subsubchart["nested"].(map[string]interface{})["boat"]; ok { - t.Error("Expected sub-subchart nested boat key to be removed, still present") - } - - if _, ok := subsubchart["object"]; ok { - t.Error("Expected sub-subchart object map to be removed, still present") - } - - // CoalesceValues should not mutate the passed arguments - is.Equal(valsCopy, vals) -} - -func TestMergeValues(t *testing.T) { - is := assert.New(t) - - c := withDeps(&chart.Chart{ - Metadata: &chart.Metadata{Name: "moby"}, - Values: map[string]interface{}{ - "back": "exists", - "bottom": "exists", - "front": "exists", - "left": "exists", - "name": "moby", - "nested": map[string]interface{}{"boat": true}, - "override": "bad", - "right": "exists", - "scope": "moby", - "top": "nope", - "global": map[string]interface{}{ - "nested2": map[string]interface{}{"l0": "moby"}, - }, - }, - }, - withDeps(&chart.Chart{ - Metadata: &chart.Metadata{Name: "pequod"}, - Values: map[string]interface{}{ - "name": "pequod", - "scope": "pequod", - "global": map[string]interface{}{ - "nested2": map[string]interface{}{"l1": "pequod"}, - }, - }, - }, - &chart.Chart{ - Metadata: &chart.Metadata{Name: "ahab"}, - Values: map[string]interface{}{ - "global": map[string]interface{}{ - "nested": map[string]interface{}{"foo": "bar"}, - "nested2": map[string]interface{}{"l2": "ahab"}, - }, - "scope": "ahab", - "name": "ahab", - "boat": true, - "nested": map[string]interface{}{"foo": false, "bar": true}, - }, - }, - ), - &chart.Chart{ - Metadata: &chart.Metadata{Name: "spouter"}, - Values: map[string]interface{}{ - "scope": "spouter", - "global": map[string]interface{}{ - "nested2": map[string]interface{}{"l1": "spouter"}, - }, - }, - }, - ) - - vals, err := ReadValues(testCoalesceValuesYaml) - if err != nil { - t.Fatal(err) - } - - // taking a copy of the values before passing it - // to MergeValues as argument, so that we can - // use it for asserting later - valsCopy := make(Values, len(vals)) - maps.Copy(valsCopy, vals) - - v, err := MergeValues(c, vals) - if err != nil { - t.Fatal(err) - } - j, _ := json.MarshalIndent(v, "", " ") - t.Logf("Coalesced Values: %s", string(j)) - - tests := []struct { - tpl string - expect string - }{ - {"{{.top}}", "yup"}, - {"{{.back}}", ""}, - {"{{.name}}", "moby"}, - {"{{.global.name}}", "Ishmael"}, - {"{{.global.subject}}", "Queequeg"}, - {"{{.global.harpooner}}", ""}, - {"{{.pequod.name}}", "pequod"}, - {"{{.pequod.ahab.name}}", "ahab"}, - {"{{.pequod.ahab.scope}}", "whale"}, - {"{{.pequod.ahab.nested.foo}}", "true"}, - {"{{.pequod.ahab.global.name}}", "Ishmael"}, - {"{{.pequod.ahab.global.nested.foo}}", "bar"}, - {"{{.pequod.ahab.global.subject}}", "Queequeg"}, - {"{{.pequod.ahab.global.harpooner}}", "Tashtego"}, - {"{{.pequod.global.name}}", "Ishmael"}, - {"{{.pequod.global.nested.foo}}", ""}, - {"{{.pequod.global.subject}}", "Queequeg"}, - {"{{.spouter.global.name}}", "Ishmael"}, - {"{{.spouter.global.harpooner}}", ""}, - - {"{{.global.nested.boat}}", "true"}, - {"{{.pequod.global.nested.boat}}", "true"}, - {"{{.spouter.global.nested.boat}}", "true"}, - {"{{.pequod.global.nested.sail}}", "true"}, - {"{{.spouter.global.nested.sail}}", ""}, - - {"{{.global.nested2.l0}}", "moby"}, - {"{{.global.nested2.l1}}", ""}, - {"{{.global.nested2.l2}}", ""}, - {"{{.pequod.global.nested2.l0}}", "moby"}, - {"{{.pequod.global.nested2.l1}}", "pequod"}, - {"{{.pequod.global.nested2.l2}}", ""}, - {"{{.pequod.ahab.global.nested2.l0}}", "moby"}, - {"{{.pequod.ahab.global.nested2.l1}}", "pequod"}, - {"{{.pequod.ahab.global.nested2.l2}}", "ahab"}, - {"{{.spouter.global.nested2.l0}}", "moby"}, - {"{{.spouter.global.nested2.l1}}", "spouter"}, - {"{{.spouter.global.nested2.l2}}", ""}, - } - - for _, tt := range tests { - if o, err := ttpl(tt.tpl, v); err != nil || o != tt.expect { - t.Errorf("Expected %q to expand to %q, got %q", tt.tpl, tt.expect, o) - } - } - - // nullKeys is different from coalescing. Here the null/nil values are not - // removed. - nullKeys := []string{"bottom", "right", "left", "front"} - for _, nullKey := range nullKeys { - if vv, ok := v[nullKey]; !ok { - t.Errorf("Expected key %q to be present but it was removed", nullKey) - } else if vv != nil { - t.Errorf("Expected key %q to be null but it has a value of %v", nullKey, vv) - } - } - - if _, ok := v["nested"].(map[string]interface{})["boat"]; !ok { - t.Error("Expected nested boat key to be present but it was removed") - } - - subchart := v["pequod"].(map[string]interface{})["ahab"].(map[string]interface{}) - if _, ok := subchart["boat"]; !ok { - t.Error("Expected subchart boat key to be present but it was removed") - } - - if _, ok := subchart["nested"].(map[string]interface{})["bar"]; !ok { - t.Error("Expected subchart nested bar key to be present but it was removed") - } - - // CoalesceValues should not mutate the passed arguments - is.Equal(valsCopy, vals) -} - -func TestCoalesceTables(t *testing.T) { - dst := map[string]interface{}{ - "name": "Ishmael", - "address": map[string]interface{}{ - "street": "123 Spouter Inn Ct.", - "city": "Nantucket", - "country": nil, - }, - "details": map[string]interface{}{ - "friends": []string{"Tashtego"}, - }, - "boat": "pequod", - "hole": nil, - } - src := map[string]interface{}{ - "occupation": "whaler", - "address": map[string]interface{}{ - "state": "MA", - "street": "234 Spouter Inn Ct.", - "country": "US", - }, - "details": "empty", - "boat": map[string]interface{}{ - "mast": true, - }, - "hole": "black", - } - - // What we expect is that anything in dst overrides anything in src, but that - // otherwise the values are coalesced. - CoalesceTables(dst, src) - - if dst["name"] != "Ishmael" { - t.Errorf("Unexpected name: %s", dst["name"]) - } - if dst["occupation"] != "whaler" { - t.Errorf("Unexpected occupation: %s", dst["occupation"]) - } - - addr, ok := dst["address"].(map[string]interface{}) - if !ok { - t.Fatal("Address went away.") - } - - if addr["street"].(string) != "123 Spouter Inn Ct." { - t.Errorf("Unexpected address: %v", addr["street"]) - } - - if addr["city"].(string) != "Nantucket" { - t.Errorf("Unexpected city: %v", addr["city"]) - } - - if addr["state"].(string) != "MA" { - t.Errorf("Unexpected state: %v", addr["state"]) - } - - if _, ok = addr["country"]; ok { - t.Error("The country is not left out.") - } - - if det, ok := dst["details"].(map[string]interface{}); !ok { - t.Fatalf("Details is the wrong type: %v", dst["details"]) - } else if _, ok := det["friends"]; !ok { - t.Error("Could not find your friends. Maybe you don't have any. :-(") - } - - if dst["boat"].(string) != "pequod" { - t.Errorf("Expected boat string, got %v", dst["boat"]) - } - - if _, ok = dst["hole"]; ok { - t.Error("The hole still exists.") - } - - dst2 := map[string]interface{}{ - "name": "Ishmael", - "address": map[string]interface{}{ - "street": "123 Spouter Inn Ct.", - "city": "Nantucket", - "country": "US", - }, - "details": map[string]interface{}{ - "friends": []string{"Tashtego"}, - }, - "boat": "pequod", - "hole": "black", - } - - // What we expect is that anything in dst should have all values set, - // this happens when the --reuse-values flag is set but the chart has no modifications yet - CoalesceTables(dst2, nil) - - if dst2["name"] != "Ishmael" { - t.Errorf("Unexpected name: %s", dst2["name"]) - } - - addr2, ok := dst2["address"].(map[string]interface{}) - if !ok { - t.Fatal("Address went away.") - } - - if addr2["street"].(string) != "123 Spouter Inn Ct." { - t.Errorf("Unexpected address: %v", addr2["street"]) - } - - if addr2["city"].(string) != "Nantucket" { - t.Errorf("Unexpected city: %v", addr2["city"]) - } - - if addr2["country"].(string) != "US" { - t.Errorf("Unexpected Country: %v", addr2["country"]) - } - - if det2, ok := dst2["details"].(map[string]interface{}); !ok { - t.Fatalf("Details is the wrong type: %v", dst2["details"]) - } else if _, ok := det2["friends"]; !ok { - t.Error("Could not find your friends. Maybe you don't have any. :-(") - } - - if dst2["boat"].(string) != "pequod" { - t.Errorf("Expected boat string, got %v", dst2["boat"]) - } - - if dst2["hole"].(string) != "black" { - t.Errorf("Expected hole string, got %v", dst2["boat"]) - } -} - -func TestMergeTables(t *testing.T) { - dst := map[string]interface{}{ - "name": "Ishmael", - "address": map[string]interface{}{ - "street": "123 Spouter Inn Ct.", - "city": "Nantucket", - "country": nil, - }, - "details": map[string]interface{}{ - "friends": []string{"Tashtego"}, - }, - "boat": "pequod", - "hole": nil, - } - src := map[string]interface{}{ - "occupation": "whaler", - "address": map[string]interface{}{ - "state": "MA", - "street": "234 Spouter Inn Ct.", - "country": "US", - }, - "details": "empty", - "boat": map[string]interface{}{ - "mast": true, - }, - "hole": "black", - } - - // What we expect is that anything in dst overrides anything in src, but that - // otherwise the values are coalesced. - MergeTables(dst, src) - - if dst["name"] != "Ishmael" { - t.Errorf("Unexpected name: %s", dst["name"]) - } - if dst["occupation"] != "whaler" { - t.Errorf("Unexpected occupation: %s", dst["occupation"]) - } - - addr, ok := dst["address"].(map[string]interface{}) - if !ok { - t.Fatal("Address went away.") - } - - if addr["street"].(string) != "123 Spouter Inn Ct." { - t.Errorf("Unexpected address: %v", addr["street"]) - } - - if addr["city"].(string) != "Nantucket" { - t.Errorf("Unexpected city: %v", addr["city"]) - } - - if addr["state"].(string) != "MA" { - t.Errorf("Unexpected state: %v", addr["state"]) - } - - // This is one test that is different from CoalesceTables. Because country - // is a nil value and it's not removed it's still present. - if _, ok = addr["country"]; !ok { - t.Error("The country is left out.") - } - - if det, ok := dst["details"].(map[string]interface{}); !ok { - t.Fatalf("Details is the wrong type: %v", dst["details"]) - } else if _, ok := det["friends"]; !ok { - t.Error("Could not find your friends. Maybe you don't have any. :-(") - } - - if dst["boat"].(string) != "pequod" { - t.Errorf("Expected boat string, got %v", dst["boat"]) - } - - // This is one test that is different from CoalesceTables. Because hole - // is a nil value and it's not removed it's still present. - if _, ok = dst["hole"]; !ok { - t.Error("The hole no longer exists.") - } - - dst2 := map[string]interface{}{ - "name": "Ishmael", - "address": map[string]interface{}{ - "street": "123 Spouter Inn Ct.", - "city": "Nantucket", - "country": "US", - }, - "details": map[string]interface{}{ - "friends": []string{"Tashtego"}, - }, - "boat": "pequod", - "hole": "black", - "nilval": nil, - } - - // What we expect is that anything in dst should have all values set, - // this happens when the --reuse-values flag is set but the chart has no modifications yet - MergeTables(dst2, nil) - - if dst2["name"] != "Ishmael" { - t.Errorf("Unexpected name: %s", dst2["name"]) - } - - addr2, ok := dst2["address"].(map[string]interface{}) - if !ok { - t.Fatal("Address went away.") - } - - if addr2["street"].(string) != "123 Spouter Inn Ct." { - t.Errorf("Unexpected address: %v", addr2["street"]) - } - - if addr2["city"].(string) != "Nantucket" { - t.Errorf("Unexpected city: %v", addr2["city"]) - } - - if addr2["country"].(string) != "US" { - t.Errorf("Unexpected Country: %v", addr2["country"]) - } - - if det2, ok := dst2["details"].(map[string]interface{}); !ok { - t.Fatalf("Details is the wrong type: %v", dst2["details"]) - } else if _, ok := det2["friends"]; !ok { - t.Error("Could not find your friends. Maybe you don't have any. :-(") - } - - if dst2["boat"].(string) != "pequod" { - t.Errorf("Expected boat string, got %v", dst2["boat"]) - } - - if dst2["hole"].(string) != "black" { - t.Errorf("Expected hole string, got %v", dst2["boat"]) - } - - if dst2["nilval"] != nil { - t.Error("Expected nilvalue to have nil value but it does not") - } -} - -func TestCoalesceValuesWarnings(t *testing.T) { - - c := withDeps(&chart.Chart{ - Metadata: &chart.Metadata{Name: "level1"}, - Values: map[string]interface{}{ - "name": "moby", - }, - }, - withDeps(&chart.Chart{ - Metadata: &chart.Metadata{Name: "level2"}, - Values: map[string]interface{}{ - "name": "pequod", - }, - }, - &chart.Chart{ - Metadata: &chart.Metadata{Name: "level3"}, - Values: map[string]interface{}{ - "name": "ahab", - "boat": true, - "spear": map[string]interface{}{ - "tip": true, - "sail": map[string]interface{}{ - "cotton": true, - }, - }, - }, - }, - ), - ) - - vals := map[string]interface{}{ - "level2": map[string]interface{}{ - "level3": map[string]interface{}{ - "boat": map[string]interface{}{"mast": true}, - "spear": map[string]interface{}{ - "tip": map[string]interface{}{ - "sharp": true, - }, - "sail": true, - }, - }, - }, - } - - warnings := make([]string, 0) - printf := func(format string, v ...interface{}) { - t.Logf(format, v...) - warnings = append(warnings, fmt.Sprintf(format, v...)) - } - - _, err := coalesce(printf, c, vals, "", false) - if err != nil { - t.Fatal(err) - } - - t.Logf("vals: %v", vals) - assert.Contains(t, warnings, "warning: skipped value for level1.level2.level3.boat: Not a table.") - assert.Contains(t, warnings, "warning: destination for level1.level2.level3.spear.tip is a table. Ignoring non-table value (true)") - assert.Contains(t, warnings, "warning: cannot overwrite table with non table for level1.level2.level3.spear.sail (map[cotton:true])") - -} - -func TestConcatPrefix(t *testing.T) { - assert.Equal(t, "b", concatPrefix("", "b")) - assert.Equal(t, "a.b", concatPrefix("a", "b")) -} diff --git a/internal/chart/v3/util/create.go b/internal/chart/v3/util/create.go index 6a28f99d4..0dfa30995 100644 --- a/internal/chart/v3/util/create.go +++ b/internal/chart/v3/util/create.go @@ -28,6 +28,7 @@ import ( chart "helm.sh/helm/v4/internal/chart/v3" "helm.sh/helm/v4/internal/chart/v3/loader" + "helm.sh/helm/v4/pkg/chart/common" ) // chartName is a regular expression for testing the supplied name of a chart. @@ -217,9 +218,10 @@ httpRoute: # value: v2 resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following + # For publicly distributed charts, we recommend leaving 'resources' commented out. + # This makes resource allocation a conscious choice for the user and increases the chances + # charts run on a wide range of environments from low-resource clusters like Minikube to those + # with strict resource policies. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m @@ -655,11 +657,11 @@ func CreateFrom(chartfile *chart.Metadata, dest, src string) error { schart.Metadata = chartfile - var updatedTemplates []*chart.File + var updatedTemplates []*common.File for _, template := range schart.Templates { newData := transform(string(template.Data), schart.Name()) - updatedTemplates = append(updatedTemplates, &chart.File{Name: template.Name, Data: newData}) + updatedTemplates = append(updatedTemplates, &common.File{Name: template.Name, ModTime: template.ModTime, Data: newData}) } schart.Templates = updatedTemplates diff --git a/internal/chart/v3/util/dependencies.go b/internal/chart/v3/util/dependencies.go index 129c46372..489772115 100644 --- a/internal/chart/v3/util/dependencies.go +++ b/internal/chart/v3/util/dependencies.go @@ -23,10 +23,12 @@ import ( "github.com/mitchellh/copystructure" chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" ) // ProcessDependencies checks through this chart's dependencies, processing accordingly. -func ProcessDependencies(c *chart.Chart, v Values) error { +func ProcessDependencies(c *chart.Chart, v common.Values) error { if err := processDependencyEnabled(c, v, ""); err != nil { return err } @@ -34,7 +36,7 @@ func ProcessDependencies(c *chart.Chart, v Values) error { } // processDependencyConditions disables charts based on condition path value in values -func processDependencyConditions(reqs []*chart.Dependency, cvals Values, cpath string) { +func processDependencyConditions(reqs []*chart.Dependency, cvals common.Values, cpath string) { if reqs == nil { return } @@ -50,7 +52,7 @@ func processDependencyConditions(reqs []*chart.Dependency, cvals Values, cpath s break } slog.Warn("returned non-bool value", "path", c, "chart", r.Name) - } else if _, ok := err.(ErrNoValue); !ok { + } else if _, ok := err.(common.ErrNoValue); !ok { // this is a real error slog.Warn("the method PathValue returned error", slog.Any("error", err)) } @@ -60,7 +62,7 @@ func processDependencyConditions(reqs []*chart.Dependency, cvals Values, cpath s } // processDependencyTags disables charts based on tags in values -func processDependencyTags(reqs []*chart.Dependency, cvals Values) { +func processDependencyTags(reqs []*chart.Dependency, cvals common.Values) { if reqs == nil { return } @@ -177,7 +179,7 @@ Loop: for _, lr := range c.Metadata.Dependencies { lr.Enabled = true } - cvals, err := CoalesceValues(c, v) + cvals, err := util.CoalesceValues(c, v) if err != nil { return err } @@ -232,6 +234,8 @@ func pathToMap(path string, data map[string]interface{}) map[string]interface{} return set(parsePath(path), data) } +func parsePath(key string) []string { return strings.Split(key, ".") } + func set(path []string, data map[string]interface{}) map[string]interface{} { if len(path) == 0 { return nil @@ -249,12 +253,12 @@ func processImportValues(c *chart.Chart, merge bool) error { return nil } // combine chart values and empty config to get Values - var cvals Values + var cvals common.Values var err error if merge { - cvals, err = MergeValues(c, nil) + cvals, err = util.MergeValues(c, nil) } else { - cvals, err = CoalesceValues(c, nil) + cvals, err = util.CoalesceValues(c, nil) } if err != nil { return err @@ -282,9 +286,9 @@ func processImportValues(c *chart.Chart, merge bool) error { } // create value map from child to be merged into parent if merge { - b = MergeTables(b, pathToMap(parent, vv.AsMap())) + b = util.MergeTables(b, pathToMap(parent, vv.AsMap())) } else { - b = CoalesceTables(b, pathToMap(parent, vv.AsMap())) + b = util.CoalesceTables(b, pathToMap(parent, vv.AsMap())) } case string: child := "exports." + iv @@ -298,9 +302,9 @@ func processImportValues(c *chart.Chart, merge bool) error { continue } if merge { - b = MergeTables(b, vm.AsMap()) + b = util.MergeTables(b, vm.AsMap()) } else { - b = CoalesceTables(b, vm.AsMap()) + b = util.CoalesceTables(b, vm.AsMap()) } } } @@ -315,14 +319,14 @@ func processImportValues(c *chart.Chart, merge bool) error { // deep copying the cvals as there are cases where pointers can end // up in the cvals when they are copied onto b in ways that break things. cvals = deepCopyMap(cvals) - c.Values = MergeTables(cvals, b) + c.Values = util.MergeTables(cvals, b) } else { // Trimming the nil values from cvals is needed for backwards compatibility. // Previously, the b value had been populated with cvals along with some // overrides. This caused the coalescing functionality to remove the // nil/null values. This trimming is for backwards compat. cvals = trimNilValues(cvals) - c.Values = CoalesceTables(cvals, b) + c.Values = util.CoalesceTables(cvals, b) } return nil @@ -355,6 +359,12 @@ func trimNilValues(vals map[string]interface{}) map[string]interface{} { return valsCopyMap } +// istable is a special-purpose function to see if the present thing matches the definition of a YAML table. +func istable(v interface{}) bool { + _, ok := v.(map[string]interface{}) + return ok +} + // processDependencyImportValues imports specified chart values from child to parent. func processDependencyImportValues(c *chart.Chart, merge bool) error { for _, d := range c.Dependencies() { diff --git a/internal/chart/v3/util/dependencies_test.go b/internal/chart/v3/util/dependencies_test.go index 55839fe65..3c5bb96f7 100644 --- a/internal/chart/v3/util/dependencies_test.go +++ b/internal/chart/v3/util/dependencies_test.go @@ -23,6 +23,7 @@ import ( chart "helm.sh/helm/v4/internal/chart/v3" "helm.sh/helm/v4/internal/chart/v3/loader" + "helm.sh/helm/v4/pkg/chart/common" ) func loadChart(t *testing.T, path string) *chart.Chart { @@ -221,7 +222,7 @@ func TestProcessDependencyImportValues(t *testing.T) { if err := processDependencyImportValues(c, false); err != nil { t.Fatalf("processing import values dependencies %v", err) } - cc := Values(c.Values) + cc := common.Values(c.Values) for kk, vv := range e { pv, err := cc.PathValue(kk) if err != nil { @@ -251,7 +252,7 @@ func TestProcessDependencyImportValues(t *testing.T) { t.Error("expect nil value not found but found it") } switch xerr := err.(type) { - case ErrNoValue: + case common.ErrNoValue: // We found what we expected default: t.Errorf("expected an ErrNoValue but got %q instead", xerr) @@ -261,7 +262,7 @@ func TestProcessDependencyImportValues(t *testing.T) { if err := processDependencyImportValues(c, true); err != nil { t.Fatalf("processing import values dependencies %v", err) } - cc = Values(c.Values) + cc = common.Values(c.Values) val, err := cc.PathValue("ensurenull") if err != nil { t.Error("expect value but ensurenull was not found") @@ -291,7 +292,7 @@ func TestProcessDependencyImportValuesFromSharedDependencyToAliases(t *testing.T e["foo.grandchild.defaults.defaultValue"] = "42" e["bar.grandchild.defaults.defaultValue"] = "42" - cValues := Values(c.Values) + cValues := common.Values(c.Values) for kk, vv := range e { pv, err := cValues.PathValue(kk) if err != nil { @@ -329,7 +330,7 @@ func TestProcessDependencyImportValuesMultiLevelPrecedence(t *testing.T) { if err := processDependencyImportValues(c, true); err != nil { t.Fatalf("processing import values dependencies %v", err) } - cc := Values(c.Values) + cc := common.Values(c.Values) for kk, vv := range e { pv, err := cc.PathValue(kk) if err != nil { diff --git a/internal/chart/v3/util/expand.go b/internal/chart/v3/util/expand.go index 6cbbeabf2..1a10fce3c 100644 --- a/internal/chart/v3/util/expand.go +++ b/internal/chart/v3/util/expand.go @@ -27,12 +27,12 @@ import ( "sigs.k8s.io/yaml" chart "helm.sh/helm/v4/internal/chart/v3" - "helm.sh/helm/v4/internal/chart/v3/loader" + "helm.sh/helm/v4/pkg/chart/loader/archive" ) // Expand uncompresses and extracts a chart into the specified directory. func Expand(dir string, r io.Reader) error { - files, err := loader.LoadArchiveFiles(r) + files, err := archive.LoadArchiveFiles(r) if err != nil { return err } diff --git a/internal/chart/v3/util/jsonschema.go b/internal/chart/v3/util/jsonschema.go deleted file mode 100644 index 9fe35904e..000000000 --- a/internal/chart/v3/util/jsonschema.go +++ /dev/null @@ -1,113 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "bytes" - "errors" - "fmt" - "log/slog" - "strings" - - "github.com/santhosh-tekuri/jsonschema/v6" - - chart "helm.sh/helm/v4/internal/chart/v3" -) - -// ValidateAgainstSchema checks that values does not violate the structure laid out in schema -func ValidateAgainstSchema(chrt *chart.Chart, values map[string]interface{}) error { - var sb strings.Builder - if chrt.Schema != nil { - slog.Debug("chart name", "chart-name", chrt.Name()) - err := ValidateAgainstSingleSchema(values, chrt.Schema) - if err != nil { - sb.WriteString(fmt.Sprintf("%s:\n", chrt.Name())) - sb.WriteString(err.Error()) - } - } - slog.Debug("number of dependencies in the chart", "dependencies", len(chrt.Dependencies())) - // For each dependency, recursively call this function with the coalesced values - for _, subchart := range chrt.Dependencies() { - subchartValues := values[subchart.Name()].(map[string]interface{}) - if err := ValidateAgainstSchema(subchart, subchartValues); err != nil { - sb.WriteString(err.Error()) - } - } - - if sb.Len() > 0 { - return errors.New(sb.String()) - } - - return nil -} - -// ValidateAgainstSingleSchema checks that values does not violate the structure laid out in this schema -func ValidateAgainstSingleSchema(values Values, schemaJSON []byte) (reterr error) { - defer func() { - if r := recover(); r != nil { - reterr = fmt.Errorf("unable to validate schema: %s", r) - } - }() - - // This unmarshal function leverages UseNumber() for number precision. The parser - // used for values does this as well. - schema, err := jsonschema.UnmarshalJSON(bytes.NewReader(schemaJSON)) - if err != nil { - return err - } - slog.Debug("unmarshalled JSON schema", "schema", schemaJSON) - - compiler := jsonschema.NewCompiler() - err = compiler.AddResource("file:///values.schema.json", schema) - if err != nil { - return err - } - - validator, err := compiler.Compile("file:///values.schema.json") - if err != nil { - return err - } - - err = validator.Validate(values.AsMap()) - if err != nil { - return JSONSchemaValidationError{err} - } - - return nil -} - -// Note, JSONSchemaValidationError is used to wrap the error from the underlying -// validation package so that Helm has a clean interface and the validation package -// could be replaced without changing the Helm SDK API. - -// JSONSchemaValidationError is the error returned when there is a schema validation -// error. -type JSONSchemaValidationError struct { - embeddedErr error -} - -// Error prints the error message -func (e JSONSchemaValidationError) Error() string { - errStr := e.embeddedErr.Error() - - // This string prefixes all of our error details. Further up the stack of helm error message - // building more detail is provided to users. This is removed. - errStr = strings.TrimPrefix(errStr, "jsonschema validation failed with 'file:///values.schema.json#'\n") - - // The extra new line is needed for when there are sub-charts. - return errStr + "\n" -} diff --git a/internal/chart/v3/util/jsonschema_test.go b/internal/chart/v3/util/jsonschema_test.go deleted file mode 100644 index 0a3820377..000000000 --- a/internal/chart/v3/util/jsonschema_test.go +++ /dev/null @@ -1,247 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "os" - "testing" - - chart "helm.sh/helm/v4/internal/chart/v3" -) - -func TestValidateAgainstSingleSchema(t *testing.T) { - values, err := ReadValuesFile("./testdata/test-values.yaml") - if err != nil { - t.Fatalf("Error reading YAML file: %s", err) - } - schema, err := os.ReadFile("./testdata/test-values.schema.json") - if err != nil { - t.Fatalf("Error reading YAML file: %s", err) - } - - if err := ValidateAgainstSingleSchema(values, schema); err != nil { - t.Errorf("Error validating Values against Schema: %s", err) - } -} - -func TestValidateAgainstInvalidSingleSchema(t *testing.T) { - values, err := ReadValuesFile("./testdata/test-values.yaml") - if err != nil { - t.Fatalf("Error reading YAML file: %s", err) - } - schema, err := os.ReadFile("./testdata/test-values-invalid.schema.json") - if err != nil { - t.Fatalf("Error reading YAML file: %s", err) - } - - var errString string - if err := ValidateAgainstSingleSchema(values, schema); err == nil { - t.Fatalf("Expected an error, but got nil") - } else { - errString = err.Error() - } - - expectedErrString := `"file:///values.schema.json#" is not valid against metaschema: jsonschema validation failed with 'https://json-schema.org/draft/2020-12/schema#' -- at '': got number, want boolean or object` - if errString != expectedErrString { - t.Errorf("Error string :\n`%s`\ndoes not match expected\n`%s`", errString, expectedErrString) - } -} - -func TestValidateAgainstSingleSchemaNegative(t *testing.T) { - values, err := ReadValuesFile("./testdata/test-values-negative.yaml") - if err != nil { - t.Fatalf("Error reading YAML file: %s", err) - } - schema, err := os.ReadFile("./testdata/test-values.schema.json") - if err != nil { - t.Fatalf("Error reading JSON file: %s", err) - } - - var errString string - if err := ValidateAgainstSingleSchema(values, schema); err == nil { - t.Fatalf("Expected an error, but got nil") - } else { - errString = err.Error() - } - - expectedErrString := `- at '': missing property 'employmentInfo' -- at '/age': minimum: got -5, want 0 -` - if errString != expectedErrString { - t.Errorf("Error string :\n`%s`\ndoes not match expected\n`%s`", errString, expectedErrString) - } -} - -const subchartSchema = `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Values", - "type": "object", - "properties": { - "age": { - "description": "Age", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "age" - ] -} -` - -const subchartSchema2020 = `{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "title": "Values", - "type": "object", - "properties": { - "data": { - "type": "array", - "contains": { "type": "string" }, - "unevaluatedItems": { "type": "number" } - } - }, - "required": ["data"] -} -` - -func TestValidateAgainstSchema(t *testing.T) { - subchartJSON := []byte(subchartSchema) - subchart := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "subchart", - }, - Schema: subchartJSON, - } - chrt := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "chrt", - }, - } - chrt.AddDependency(subchart) - - vals := map[string]interface{}{ - "name": "John", - "subchart": map[string]interface{}{ - "age": 25, - }, - } - - if err := ValidateAgainstSchema(chrt, vals); err != nil { - t.Errorf("Error validating Values against Schema: %s", err) - } -} - -func TestValidateAgainstSchemaNegative(t *testing.T) { - subchartJSON := []byte(subchartSchema) - subchart := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "subchart", - }, - Schema: subchartJSON, - } - chrt := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "chrt", - }, - } - chrt.AddDependency(subchart) - - vals := map[string]interface{}{ - "name": "John", - "subchart": map[string]interface{}{}, - } - - var errString string - if err := ValidateAgainstSchema(chrt, vals); err == nil { - t.Fatalf("Expected an error, but got nil") - } else { - errString = err.Error() - } - - expectedErrString := `subchart: -- at '': missing property 'age' -` - if errString != expectedErrString { - t.Errorf("Error string :\n`%s`\ndoes not match expected\n`%s`", errString, expectedErrString) - } -} - -func TestValidateAgainstSchema2020(t *testing.T) { - subchartJSON := []byte(subchartSchema2020) - subchart := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "subchart", - }, - Schema: subchartJSON, - } - chrt := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "chrt", - }, - } - chrt.AddDependency(subchart) - - vals := map[string]interface{}{ - "name": "John", - "subchart": map[string]interface{}{ - "data": []any{"hello", 12}, - }, - } - - if err := ValidateAgainstSchema(chrt, vals); err != nil { - t.Errorf("Error validating Values against Schema: %s", err) - } -} - -func TestValidateAgainstSchema2020Negative(t *testing.T) { - subchartJSON := []byte(subchartSchema2020) - subchart := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "subchart", - }, - Schema: subchartJSON, - } - chrt := &chart.Chart{ - Metadata: &chart.Metadata{ - Name: "chrt", - }, - } - chrt.AddDependency(subchart) - - vals := map[string]interface{}{ - "name": "John", - "subchart": map[string]interface{}{ - "data": []any{12}, - }, - } - - var errString string - if err := ValidateAgainstSchema(chrt, vals); err == nil { - t.Fatalf("Expected an error, but got nil") - } else { - errString = err.Error() - } - - expectedErrString := `subchart: -- at '/data': no items match contains schema - - at '/data/0': got number, want string -` - if errString != expectedErrString { - t.Errorf("Error string :\n`%s`\ndoes not match expected\n`%s`", errString, expectedErrString) - } -} diff --git a/internal/chart/v3/util/save.go b/internal/chart/v3/util/save.go index 3125cc3c9..f886c6175 100644 --- a/internal/chart/v3/util/save.go +++ b/internal/chart/v3/util/save.go @@ -30,6 +30,7 @@ import ( "sigs.k8s.io/yaml" chart "helm.sh/helm/v4/internal/chart/v3" + "helm.sh/helm/v4/pkg/chart/common" ) var headerBytes = []byte("+aHR0cHM6Ly95b3V0dS5iZS96OVV6MWljandyTQo=") @@ -76,7 +77,7 @@ func SaveDir(c *chart.Chart, dest string) error { } // Save templates and files - for _, o := range [][]*chart.File{c.Templates, c.Files} { + for _, o := range [][]*common.File{c.Templates, c.Files} { for _, f := range o { n := filepath.Join(outdir, f.Name) if err := writeFile(n, f.Data); err != nil { @@ -165,7 +166,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { if err != nil { return err } - if err := writeToTar(out, filepath.Join(base, ChartfileName), cdata); err != nil { + if err := writeToTar(out, filepath.Join(base, ChartfileName), cdata, c.ModTime); err != nil { return err } @@ -175,7 +176,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { if err != nil { return err } - if err := writeToTar(out, filepath.Join(base, "Chart.lock"), ldata); err != nil { + if err := writeToTar(out, filepath.Join(base, "Chart.lock"), ldata, c.Lock.Generated); err != nil { return err } } @@ -183,7 +184,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { // Save values.yaml for _, f := range c.Raw { if f.Name == ValuesfileName { - if err := writeToTar(out, filepath.Join(base, ValuesfileName), f.Data); err != nil { + if err := writeToTar(out, filepath.Join(base, ValuesfileName), f.Data, f.ModTime); err != nil { return err } } @@ -194,7 +195,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { if !json.Valid(c.Schema) { return errors.New("invalid JSON in " + SchemafileName) } - if err := writeToTar(out, filepath.Join(base, SchemafileName), c.Schema); err != nil { + if err := writeToTar(out, filepath.Join(base, SchemafileName), c.Schema, c.SchemaModTime); err != nil { return err } } @@ -202,7 +203,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { // Save templates for _, f := range c.Templates { n := filepath.Join(base, f.Name) - if err := writeToTar(out, n, f.Data); err != nil { + if err := writeToTar(out, n, f.Data, f.ModTime); err != nil { return err } } @@ -210,7 +211,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { // Save files for _, f := range c.Files { n := filepath.Join(base, f.Name) - if err := writeToTar(out, n, f.Data); err != nil { + if err := writeToTar(out, n, f.Data, f.ModTime); err != nil { return err } } @@ -225,13 +226,16 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { } // writeToTar writes a single file to a tar archive. -func writeToTar(out *tar.Writer, name string, body []byte) error { +func writeToTar(out *tar.Writer, name string, body []byte, modTime time.Time) error { // TODO: Do we need to create dummy parent directory names if none exist? h := &tar.Header{ Name: filepath.ToSlash(name), Mode: 0644, Size: int64(len(body)), - ModTime: time.Now(), + ModTime: modTime, + } + if h.ModTime.IsZero() { + h.ModTime = time.Now() } if err := out.WriteHeader(h); err != nil { return err @@ -246,7 +250,7 @@ func validateName(name string) error { nname := filepath.Base(name) if nname != name { - return ErrInvalidChartName{name} + return common.ErrInvalidChartName{Name: name} } return nil diff --git a/internal/chart/v3/util/save_test.go b/internal/chart/v3/util/save_test.go index 852675bb0..62625919b 100644 --- a/internal/chart/v3/util/save_test.go +++ b/internal/chart/v3/util/save_test.go @@ -20,6 +20,8 @@ import ( "archive/tar" "bytes" "compress/gzip" + "crypto/sha256" + "fmt" "io" "os" "path" @@ -31,6 +33,7 @@ import ( chart "helm.sh/helm/v4/internal/chart/v3" "helm.sh/helm/v4/internal/chart/v3/loader" + "helm.sh/helm/v4/pkg/chart/common" ) func TestSave(t *testing.T) { @@ -47,8 +50,8 @@ func TestSave(t *testing.T) { Lock: &chart.Lock{ Digest: "testdigest", }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: time.Now(), Data: []byte("1,001 Nights")}, }, Schema: []byte("{\n \"title\": \"Values\"\n}"), } @@ -113,8 +116,8 @@ func TestSave(t *testing.T) { Lock: &chart.Lock{ Digest: "testdigest", }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: time.Now(), Data: []byte("1,001 Nights")}, }, } _, err := Save(c, tmp) @@ -140,7 +143,6 @@ func TestSavePreservesTimestamps(t *testing.T) { // check will fail because `initialCreateTime` will be identical to the // written timestamp for the files. initialCreateTime := time.Now().Add(-1 * time.Second) - tmp := t.TempDir() c := &chart.Chart{ @@ -149,14 +151,16 @@ func TestSavePreservesTimestamps(t *testing.T) { Name: "ahab", Version: "1.2.3", }, + ModTime: initialCreateTime, Values: map[string]interface{}{ "imageName": "testimage", "imageId": 42, }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: initialCreateTime, Data: []byte("1,001 Nights")}, }, - Schema: []byte("{\n \"title\": \"Values\"\n}"), + Schema: []byte("{\n \"title\": \"Values\"\n}"), + SchemaModTime: initialCreateTime, } where, err := Save(c, tmp) @@ -169,8 +173,9 @@ func TestSavePreservesTimestamps(t *testing.T) { t.Fatalf("Failed to parse tar: %v", err) } + roundedTime := initialCreateTime.Round(time.Second) for _, header := range allHeaders { - if header.ModTime.Before(initialCreateTime) { + if !header.ModTime.Equal(roundedTime) { t.Fatalf("File timestamp not preserved: %v", header.ModTime) } } @@ -212,6 +217,7 @@ func retrieveAllHeadersFromTar(path string) ([]*tar.Header, error) { func TestSaveDir(t *testing.T) { tmp := t.TempDir() + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{ @@ -219,11 +225,11 @@ func TestSaveDir(t *testing.T) { Name: "ahab", Version: "1.2.3", }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: modTime, Data: []byte("1,001 Nights")}, }, - Templates: []*chart.File{ - {Name: path.Join(TemplatesDir, "nested", "dir", "thing.yaml"), Data: []byte("abc: {{ .Values.abc }}")}, + Templates: []*common.File{ + {Name: path.Join(TemplatesDir, "nested", "dir", "thing.yaml"), ModTime: modTime, Data: []byte("abc: {{ .Values.abc }}")}, }, } @@ -259,3 +265,92 @@ func TestSaveDir(t *testing.T) { t.Fatalf("Did not get expected error for chart named %q", c.Name()) } } + +func TestRepeatableSave(t *testing.T) { + tmp := t.TempDir() + defer os.RemoveAll(tmp) + modTime := time.Date(2021, 9, 1, 20, 34, 58, 651387237, time.UTC) + tests := []struct { + name string + chart *chart.Chart + want string + }{ + { + name: "Package 1 file", + chart: &chart.Chart{ + Metadata: &chart.Metadata{ + APIVersion: chart.APIVersionV3, + Name: "ahab", + Version: "1.2.3", + }, + ModTime: modTime, + Lock: &chart.Lock{ + Digest: "testdigest", + Generated: modTime, + }, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: modTime, Data: []byte("1,001 Nights")}, + }, + Schema: []byte("{\n \"title\": \"Values\"\n}"), + SchemaModTime: modTime, + }, + want: "5bfea18cc3c8cbc265744bc32bffa9489a4dbe87d6b51b90f4255e4839d35e03", + }, + { + name: "Package 2 files", + chart: &chart.Chart{ + Metadata: &chart.Metadata{ + APIVersion: chart.APIVersionV3, + Name: "ahab", + Version: "1.2.3", + }, + ModTime: modTime, + Lock: &chart.Lock{ + Digest: "testdigest", + Generated: modTime, + }, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: modTime, Data: []byte("1,001 Nights")}, + {Name: "scheherazade/dunyazad.txt", ModTime: modTime, Data: []byte("1,001 Nights again")}, + }, + Schema: []byte("{\n \"title\": \"Values\"\n}"), + SchemaModTime: modTime, + }, + want: "a240365c21e0a2f4a57873132a9b686566a612d08bcb3f20c9446bfff005ccce", + }, + } + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + // create package + dest := path.Join(tmp, "newdir") + where, err := Save(test.chart, dest) + if err != nil { + t.Fatalf("Failed to save: %s", err) + } + // get shasum for package + result, err := sha256Sum(where) + if err != nil { + t.Fatalf("Failed to check shasum: %s", err) + } + // assert that the package SHA is what we wanted. + if result != test.want { + t.Errorf("FormatName() result = %v, want %v", result, test.want) + } + }) + } +} + +func sha256Sum(filePath string) (string, error) { + f, err := os.Open(filePath) + if err != nil { + return "", err + } + defer f.Close() + + h := sha256.New() + if _, err := io.Copy(h, f); err != nil { + return "", err + } + + return fmt.Sprintf("%x", h.Sum(nil)), nil +} diff --git a/internal/chart/v3/util/values.go b/internal/chart/v3/util/values.go deleted file mode 100644 index 8e1a14b45..000000000 --- a/internal/chart/v3/util/values.go +++ /dev/null @@ -1,220 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "errors" - "fmt" - "io" - "os" - "strings" - - "sigs.k8s.io/yaml" - - chart "helm.sh/helm/v4/internal/chart/v3" -) - -// GlobalKey is the name of the Values key that is used for storing global vars. -const GlobalKey = "global" - -// Values represents a collection of chart values. -type Values map[string]interface{} - -// YAML encodes the Values into a YAML string. -func (v Values) YAML() (string, error) { - b, err := yaml.Marshal(v) - return string(b), err -} - -// Table gets a table (YAML subsection) from a Values object. -// -// The table is returned as a Values. -// -// Compound table names may be specified with dots: -// -// foo.bar -// -// The above will be evaluated as "The table bar inside the table -// foo". -// -// An ErrNoTable is returned if the table does not exist. -func (v Values) Table(name string) (Values, error) { - table := v - var err error - - for _, n := range parsePath(name) { - if table, err = tableLookup(table, n); err != nil { - break - } - } - return table, err -} - -// AsMap is a utility function for converting Values to a map[string]interface{}. -// -// It protects against nil map panics. -func (v Values) AsMap() map[string]interface{} { - if len(v) == 0 { - return map[string]interface{}{} - } - return v -} - -// Encode writes serialized Values information to the given io.Writer. -func (v Values) Encode(w io.Writer) error { - out, err := yaml.Marshal(v) - if err != nil { - return err - } - _, err = w.Write(out) - return err -} - -func tableLookup(v Values, simple string) (Values, error) { - v2, ok := v[simple] - if !ok { - return v, ErrNoTable{simple} - } - if vv, ok := v2.(map[string]interface{}); ok { - return vv, nil - } - - // This catches a case where a value is of type Values, but doesn't (for some - // reason) match the map[string]interface{}. This has been observed in the - // wild, and might be a result of a nil map of type Values. - if vv, ok := v2.(Values); ok { - return vv, nil - } - - return Values{}, ErrNoTable{simple} -} - -// ReadValues will parse YAML byte data into a Values. -func ReadValues(data []byte) (vals Values, err error) { - err = yaml.Unmarshal(data, &vals) - if len(vals) == 0 { - vals = Values{} - } - return vals, err -} - -// ReadValuesFile will parse a YAML file into a map of values. -func ReadValuesFile(filename string) (Values, error) { - data, err := os.ReadFile(filename) - if err != nil { - return map[string]interface{}{}, err - } - return ReadValues(data) -} - -// ReleaseOptions represents the additional release options needed -// for the composition of the final values struct -type ReleaseOptions struct { - Name string - Namespace string - Revision int - IsUpgrade bool - IsInstall bool -} - -// ToRenderValues composes the struct from the data coming from the Releases, Charts and Values files -// -// This takes both ReleaseOptions and Capabilities to merge into the render values. -func ToRenderValues(chrt *chart.Chart, chrtVals map[string]interface{}, options ReleaseOptions, caps *Capabilities) (Values, error) { - return ToRenderValuesWithSchemaValidation(chrt, chrtVals, options, caps, false) -} - -// ToRenderValuesWithSchemaValidation composes the struct from the data coming from the Releases, Charts and Values files -// -// This takes both ReleaseOptions and Capabilities to merge into the render values. -func ToRenderValuesWithSchemaValidation(chrt *chart.Chart, chrtVals map[string]interface{}, options ReleaseOptions, caps *Capabilities, skipSchemaValidation bool) (Values, error) { - if caps == nil { - caps = DefaultCapabilities - } - top := map[string]interface{}{ - "Chart": chrt.Metadata, - "Capabilities": caps, - "Release": map[string]interface{}{ - "Name": options.Name, - "Namespace": options.Namespace, - "IsUpgrade": options.IsUpgrade, - "IsInstall": options.IsInstall, - "Revision": options.Revision, - "Service": "Helm", - }, - } - - vals, err := CoalesceValues(chrt, chrtVals) - if err != nil { - return top, err - } - - if !skipSchemaValidation { - if err := ValidateAgainstSchema(chrt, vals); err != nil { - return top, fmt.Errorf("values don't meet the specifications of the schema(s) in the following chart(s):\n%w", err) - } - } - - top["Values"] = vals - return top, nil -} - -// istable is a special-purpose function to see if the present thing matches the definition of a YAML table. -func istable(v interface{}) bool { - _, ok := v.(map[string]interface{}) - return ok -} - -// PathValue takes a path that traverses a YAML structure and returns the value at the end of that path. -// The path starts at the root of the YAML structure and is comprised of YAML keys separated by periods. -// Given the following YAML data the value at path "chapter.one.title" is "Loomings". -// -// chapter: -// one: -// title: "Loomings" -func (v Values) PathValue(path string) (interface{}, error) { - if path == "" { - return nil, errors.New("YAML path cannot be empty") - } - return v.pathValue(parsePath(path)) -} - -func (v Values) pathValue(path []string) (interface{}, error) { - if len(path) == 1 { - // if exists must be root key not table - if _, ok := v[path[0]]; ok && !istable(v[path[0]]) { - return v[path[0]], nil - } - return nil, ErrNoValue{path[0]} - } - - key, path := path[len(path)-1], path[:len(path)-1] - // get our table for table path - t, err := v.Table(joinPath(path...)) - if err != nil { - return nil, ErrNoValue{key} - } - // check table for key and ensure value is not a table - if k, ok := t[key]; ok && !istable(k) { - return k, nil - } - return nil, ErrNoValue{key} -} - -func parsePath(key string) []string { return strings.Split(key, ".") } - -func joinPath(path ...string) string { return strings.Join(path, ".") } diff --git a/internal/chart/v3/util/values_test.go b/internal/chart/v3/util/values_test.go deleted file mode 100644 index 34c664581..000000000 --- a/internal/chart/v3/util/values_test.go +++ /dev/null @@ -1,293 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "bytes" - "fmt" - "testing" - "text/template" - - chart "helm.sh/helm/v4/internal/chart/v3" -) - -func TestReadValues(t *testing.T) { - doc := `# Test YAML parse -poet: "Coleridge" -title: "Rime of the Ancient Mariner" -stanza: - - "at" - - "length" - - "did" - - cross - - an - - Albatross - -mariner: - with: "crossbow" - shot: "ALBATROSS" - -water: - water: - where: "everywhere" - nor: "any drop to drink" -` - - data, err := ReadValues([]byte(doc)) - if err != nil { - t.Fatalf("Error parsing bytes: %s", err) - } - matchValues(t, data) - - tests := []string{`poet: "Coleridge"`, "# Just a comment", ""} - - for _, tt := range tests { - data, err = ReadValues([]byte(tt)) - if err != nil { - t.Fatalf("Error parsing bytes (%s): %s", tt, err) - } - if data == nil { - t.Errorf(`YAML string "%s" gave a nil map`, tt) - } - } -} - -func TestToRenderValues(t *testing.T) { - - chartValues := map[string]interface{}{ - "name": "al Rashid", - "where": map[string]interface{}{ - "city": "Basrah", - "title": "caliph", - }, - } - - overrideValues := map[string]interface{}{ - "name": "Haroun", - "where": map[string]interface{}{ - "city": "Baghdad", - "date": "809 CE", - }, - } - - c := &chart.Chart{ - Metadata: &chart.Metadata{Name: "test"}, - Templates: []*chart.File{}, - Values: chartValues, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, - }, - } - c.AddDependency(&chart.Chart{ - Metadata: &chart.Metadata{Name: "where"}, - }) - - o := ReleaseOptions{ - Name: "Seven Voyages", - Namespace: "default", - Revision: 1, - IsInstall: true, - } - - res, err := ToRenderValuesWithSchemaValidation(c, overrideValues, o, nil, false) - if err != nil { - t.Fatal(err) - } - - // Ensure that the top-level values are all set. - if name := res["Chart"].(*chart.Metadata).Name; name != "test" { - t.Errorf("Expected chart name 'test', got %q", name) - } - relmap := res["Release"].(map[string]interface{}) - if name := relmap["Name"]; name.(string) != "Seven Voyages" { - t.Errorf("Expected release name 'Seven Voyages', got %q", name) - } - if namespace := relmap["Namespace"]; namespace.(string) != "default" { - t.Errorf("Expected namespace 'default', got %q", namespace) - } - if revision := relmap["Revision"]; revision.(int) != 1 { - t.Errorf("Expected revision '1', got %d", revision) - } - if relmap["IsUpgrade"].(bool) { - t.Error("Expected upgrade to be false.") - } - if !relmap["IsInstall"].(bool) { - t.Errorf("Expected install to be true.") - } - if !res["Capabilities"].(*Capabilities).APIVersions.Has("v1") { - t.Error("Expected Capabilities to have v1 as an API") - } - if res["Capabilities"].(*Capabilities).KubeVersion.Major != "1" { - t.Error("Expected Capabilities to have a Kube version") - } - - vals := res["Values"].(Values) - if vals["name"] != "Haroun" { - t.Errorf("Expected 'Haroun', got %q (%v)", vals["name"], vals) - } - where := vals["where"].(map[string]interface{}) - expects := map[string]string{ - "city": "Baghdad", - "date": "809 CE", - "title": "caliph", - } - for field, expect := range expects { - if got := where[field]; got != expect { - t.Errorf("Expected %q, got %q (%v)", expect, got, where) - } - } -} - -func TestReadValuesFile(t *testing.T) { - data, err := ReadValuesFile("./testdata/coleridge.yaml") - if err != nil { - t.Fatalf("Error reading YAML file: %s", err) - } - matchValues(t, data) -} - -func ExampleValues() { - doc := ` -title: "Moby Dick" -chapter: - one: - title: "Loomings" - two: - title: "The Carpet-Bag" - three: - title: "The Spouter Inn" -` - d, err := ReadValues([]byte(doc)) - if err != nil { - panic(err) - } - ch1, err := d.Table("chapter.one") - if err != nil { - panic("could not find chapter one") - } - fmt.Print(ch1["title"]) - // Output: - // Loomings -} - -func TestTable(t *testing.T) { - doc := ` -title: "Moby Dick" -chapter: - one: - title: "Loomings" - two: - title: "The Carpet-Bag" - three: - title: "The Spouter Inn" -` - d, err := ReadValues([]byte(doc)) - if err != nil { - t.Fatalf("Failed to parse the White Whale: %s", err) - } - - if _, err := d.Table("title"); err == nil { - t.Fatalf("Title is not a table.") - } - - if _, err := d.Table("chapter"); err != nil { - t.Fatalf("Failed to get the chapter table: %s\n%v", err, d) - } - - if v, err := d.Table("chapter.one"); err != nil { - t.Errorf("Failed to get chapter.one: %s", err) - } else if v["title"] != "Loomings" { - t.Errorf("Unexpected title: %s", v["title"]) - } - - if _, err := d.Table("chapter.three"); err != nil { - t.Errorf("Chapter three is missing: %s\n%v", err, d) - } - - if _, err := d.Table("chapter.OneHundredThirtySix"); err == nil { - t.Errorf("I think you mean 'Epilogue'") - } -} - -func matchValues(t *testing.T, data map[string]interface{}) { - t.Helper() - if data["poet"] != "Coleridge" { - t.Errorf("Unexpected poet: %s", data["poet"]) - } - - if o, err := ttpl("{{len .stanza}}", data); err != nil { - t.Errorf("len stanza: %s", err) - } else if o != "6" { - t.Errorf("Expected 6, got %s", o) - } - - if o, err := ttpl("{{.mariner.shot}}", data); err != nil { - t.Errorf(".mariner.shot: %s", err) - } else if o != "ALBATROSS" { - t.Errorf("Expected that mariner shot ALBATROSS") - } - - if o, err := ttpl("{{.water.water.where}}", data); err != nil { - t.Errorf(".water.water.where: %s", err) - } else if o != "everywhere" { - t.Errorf("Expected water water everywhere") - } -} - -func ttpl(tpl string, v map[string]interface{}) (string, error) { - var b bytes.Buffer - tt := template.Must(template.New("t").Parse(tpl)) - err := tt.Execute(&b, v) - return b.String(), err -} - -func TestPathValue(t *testing.T) { - doc := ` -title: "Moby Dick" -chapter: - one: - title: "Loomings" - two: - title: "The Carpet-Bag" - three: - title: "The Spouter Inn" -` - d, err := ReadValues([]byte(doc)) - if err != nil { - t.Fatalf("Failed to parse the White Whale: %s", err) - } - - if v, err := d.PathValue("chapter.one.title"); err != nil { - t.Errorf("Got error instead of title: %s\n%v", err, d) - } else if v != "Loomings" { - t.Errorf("No error but got wrong value for title: %s\n%v", err, d) - } - if _, err := d.PathValue("chapter.one.doesnotexist"); err == nil { - t.Errorf("Non-existent key should return error: %s\n%v", err, d) - } - if _, err := d.PathValue("chapter.doesnotexist.one"); err == nil { - t.Errorf("Non-existent key in middle of path should return error: %s\n%v", err, d) - } - if _, err := d.PathValue(""); err == nil { - t.Error("Asking for the value from an empty path should yield an error") - } - if v, err := d.PathValue("title"); err == nil { - if v != "Moby Dick" { - t.Errorf("Failed to return values for root key title") - } - } -} diff --git a/internal/cli/output/color.go b/internal/cli/output/color.go index 93bbbe56e..e59cdde87 100644 --- a/internal/cli/output/color.go +++ b/internal/cli/output/color.go @@ -19,24 +19,24 @@ package output import ( "github.com/fatih/color" - release "helm.sh/helm/v4/pkg/release/v1" + "helm.sh/helm/v4/pkg/release/common" ) // ColorizeStatus returns a colorized version of the status string based on the status value -func ColorizeStatus(status release.Status, noColor bool) string { +func ColorizeStatus(status common.Status, noColor bool) string { // Disable color if requested if noColor { return status.String() } switch status { - case release.StatusDeployed: + case common.StatusDeployed: return color.GreenString(status.String()) - case release.StatusFailed: + case common.StatusFailed: return color.RedString(status.String()) - case release.StatusPendingInstall, release.StatusPendingUpgrade, release.StatusPendingRollback, release.StatusUninstalling: + case common.StatusPendingInstall, common.StatusPendingUpgrade, common.StatusPendingRollback, common.StatusUninstalling: return color.YellowString(status.String()) - case release.StatusUnknown: + case common.StatusUnknown: return color.RedString(status.String()) default: // For uninstalled, superseded, and any other status diff --git a/internal/cli/output/color_test.go b/internal/cli/output/color_test.go index c84e2c359..3b8de39e8 100644 --- a/internal/cli/output/color_test.go +++ b/internal/cli/output/color_test.go @@ -20,63 +20,63 @@ import ( "strings" "testing" - release "helm.sh/helm/v4/pkg/release/v1" + "helm.sh/helm/v4/pkg/release/common" ) func TestColorizeStatus(t *testing.T) { tests := []struct { name string - status release.Status + status common.Status noColor bool envNoColor string wantColor bool // whether we expect color codes in output }{ { name: "deployed status with color", - status: release.StatusDeployed, + status: common.StatusDeployed, noColor: false, envNoColor: "", wantColor: true, }, { name: "deployed status without color flag", - status: release.StatusDeployed, + status: common.StatusDeployed, noColor: true, envNoColor: "", wantColor: false, }, { name: "deployed status with NO_COLOR env", - status: release.StatusDeployed, + status: common.StatusDeployed, noColor: false, envNoColor: "1", wantColor: false, }, { name: "failed status with color", - status: release.StatusFailed, + status: common.StatusFailed, noColor: false, envNoColor: "", wantColor: true, }, { name: "pending install status with color", - status: release.StatusPendingInstall, + status: common.StatusPendingInstall, noColor: false, envNoColor: "", wantColor: true, }, { name: "unknown status with color", - status: release.StatusUnknown, + status: common.StatusUnknown, noColor: false, envNoColor: "", wantColor: true, }, { name: "superseded status with color", - status: release.StatusSuperseded, + status: common.StatusSuperseded, noColor: false, envNoColor: "", wantColor: false, // superseded doesn't get colored diff --git a/internal/fileutil/fileutil_test.go b/internal/fileutil/fileutil_test.go index 92920d3c4..881fbb49d 100644 --- a/internal/fileutil/fileutil_test.go +++ b/internal/fileutil/fileutil_test.go @@ -20,9 +20,12 @@ import ( "bytes" "os" "path/filepath" + "strings" "testing" ) +// TestAtomicWriteFile tests the happy path of AtomicWriteFile function. +// It verifies that the function correctly writes content to a file with the specified mode. func TestAtomicWriteFile(t *testing.T) { dir := t.TempDir() @@ -55,3 +58,64 @@ func TestAtomicWriteFile(t *testing.T) { mode, gotinfo.Mode()) } } + +// TestAtomicWriteFile_CreateTempError tests the error path when os.CreateTemp fails +func TestAtomicWriteFile_CreateTempError(t *testing.T) { + invalidPath := "/invalid/path/that/does/not/exist/testfile" + + reader := bytes.NewReader([]byte("test content")) + mode := os.FileMode(0644) + + err := AtomicWriteFile(invalidPath, reader, mode) + if err == nil { + t.Error("Expected error when CreateTemp fails, but got nil") + } +} + +// TestAtomicWriteFile_EmptyContent tests with empty content +func TestAtomicWriteFile_EmptyContent(t *testing.T) { + dir := t.TempDir() + testpath := filepath.Join(dir, "empty_helm") + + reader := bytes.NewReader([]byte("")) + mode := os.FileMode(0644) + + err := AtomicWriteFile(testpath, reader, mode) + if err != nil { + t.Errorf("AtomicWriteFile error with empty content: %s", err) + } + + got, err := os.ReadFile(testpath) + if err != nil { + t.Fatal(err) + } + + if len(got) != 0 { + t.Fatalf("expected empty content, got: %s", string(got)) + } +} + +// TestAtomicWriteFile_LargeContent tests with large content +func TestAtomicWriteFile_LargeContent(t *testing.T) { + dir := t.TempDir() + testpath := filepath.Join(dir, "large_test") + + // Create a large content string + largeContent := strings.Repeat("HELM", 1024*1024) + reader := bytes.NewReader([]byte(largeContent)) + mode := os.FileMode(0644) + + err := AtomicWriteFile(testpath, reader, mode) + if err != nil { + t.Errorf("AtomicWriteFile error with large content: %s", err) + } + + got, err := os.ReadFile(testpath) + if err != nil { + t.Fatal(err) + } + + if largeContent != string(got) { + t.Fatalf("expected large content to match, got different length: %d vs %d", len(largeContent), len(got)) + } +} diff --git a/internal/logging/logging.go b/internal/logging/logging.go index 946a211ef..b8faf859e 100644 --- a/internal/logging/logging.go +++ b/internal/logging/logging.go @@ -20,6 +20,7 @@ import ( "context" "log/slog" "os" + "sync/atomic" ) // DebugEnabledFunc is a function type that determines if debug logging is enabled @@ -64,7 +65,7 @@ func (h *DebugCheckHandler) WithGroup(name string) slog.Handler { // NewLogger creates a new logger with dynamic debug checking func NewLogger(debugEnabled DebugEnabledFunc) *slog.Logger { // Create base handler that removes timestamps - baseHandler := slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + baseHandler := slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{ // Always use LevelDebug here to allow all messages through // Our custom handler will do the filtering Level: slog.LevelDebug, @@ -85,3 +86,37 @@ func NewLogger(debugEnabled DebugEnabledFunc) *slog.Logger { return slog.New(dynamicHandler) } + +// LoggerSetterGetter is an interface that can set and get a logger +type LoggerSetterGetter interface { + // SetLogger sets a new slog.Handler + SetLogger(newHandler slog.Handler) + // Logger returns the slog.Logger created from the slog.Handler + Logger() *slog.Logger +} + +type LogHolder struct { + // logger is an atomic.Pointer[slog.Logger] to store the slog.Logger + // We use atomic.Pointer for thread safety + logger atomic.Pointer[slog.Logger] +} + +// Logger returns the logger for the LogHolder. If nil, returns slog.Default(). +func (l *LogHolder) Logger() *slog.Logger { + if lg := l.logger.Load(); lg != nil { + return lg + } + return slog.New(slog.DiscardHandler) // Should never be reached +} + +// SetLogger sets the logger for the LogHolder. If nil, sets the default logger. +func (l *LogHolder) SetLogger(newHandler slog.Handler) { + if newHandler == nil { + l.logger.Store(slog.New(slog.DiscardHandler)) // Assume nil as discarding logs + return + } + l.logger.Store(slog.New(newHandler)) +} + +// Ensure LogHolder implements LoggerSetterGetter +var _ LoggerSetterGetter = &LogHolder{} diff --git a/internal/logging/logging_test.go b/internal/logging/logging_test.go new file mode 100644 index 000000000..75e6c4025 --- /dev/null +++ b/internal/logging/logging_test.go @@ -0,0 +1,115 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package logging + +import ( + "bytes" + "log/slog" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestLogHolder_Logger(t *testing.T) { + t.Run("should return new logger with a then set handler", func(t *testing.T) { + holder := &LogHolder{} + buf := &bytes.Buffer{} + handler := slog.NewTextHandler(buf, &slog.HandlerOptions{Level: slog.LevelDebug}) + + holder.SetLogger(handler) + logger := holder.Logger() + + assert.NotNil(t, logger) + + // Test that the logger works + logger.Info("test message") + assert.Contains(t, buf.String(), "test message") + }) + + t.Run("should return discard - defaultlogger when no handler is set", func(t *testing.T) { + holder := &LogHolder{} + logger := holder.Logger() + + assert.Equal(t, slog.Handler(slog.DiscardHandler), logger.Handler()) + }) +} + +func TestLogHolder_SetLogger(t *testing.T) { + t.Run("sets logger with valid handler", func(t *testing.T) { + holder := &LogHolder{} + buf := &bytes.Buffer{} + handler := slog.NewTextHandler(buf, &slog.HandlerOptions{Level: slog.LevelDebug}) + + holder.SetLogger(handler) + logger := holder.Logger() + + assert.NotNil(t, logger) + + // Compare the handler directly + assert.Equal(t, handler, logger.Handler()) + }) + + t.Run("sets discard logger with nil handler", func(t *testing.T) { + holder := &LogHolder{} + + holder.SetLogger(nil) + logger := holder.Logger() + + assert.NotNil(t, logger) + + assert.Equal(t, slog.Handler(slog.DiscardHandler), logger.Handler()) + }) + + t.Run("can replace existing logger", func(t *testing.T) { + holder := &LogHolder{} + + // Set first logger + buf1 := &bytes.Buffer{} + handler1 := slog.NewTextHandler(buf1, &slog.HandlerOptions{Level: slog.LevelDebug}) + holder.SetLogger(handler1) + + logger1 := holder.Logger() + assert.Equal(t, handler1, logger1.Handler()) + + // Replace with second logger + buf2 := &bytes.Buffer{} + handler2 := slog.NewTextHandler(buf2, &slog.HandlerOptions{Level: slog.LevelDebug}) + holder.SetLogger(handler2) + + logger2 := holder.Logger() + assert.Equal(t, handler2, logger2.Handler()) + }) +} + +func TestLogHolder_InterfaceCompliance(t *testing.T) { + t.Run("implements LoggerSetterGetter interface", func(_ *testing.T) { + var _ LoggerSetterGetter = &LogHolder{} + }) + + t.Run("interface methods work correctly", func(t *testing.T) { + var holder LoggerSetterGetter = &LogHolder{} + + buf := &bytes.Buffer{} + handler := slog.NewTextHandler(buf, &slog.HandlerOptions{Level: slog.LevelDebug}) + + holder.SetLogger(handler) + logger := holder.Logger() + + assert.NotNil(t, logger) + assert.Equal(t, handler, logger.Handler()) + }) +} diff --git a/internal/plugin/config.go b/internal/plugin/config.go index 812dba7f6..e1f491779 100644 --- a/internal/plugin/config.go +++ b/internal/plugin/config.go @@ -16,67 +16,39 @@ limitations under the License. package plugin import ( + "bytes" "fmt" + "reflect" "go.yaml.in/yaml/v3" ) -// Config interface defines the methods that all plugin type configurations must implement +// Config represents an plugin type specific configuration +// It is expected to type assert (cast) the a Config to its expected underlying type (schema.ConfigCLIV1, schema.ConfigGetterV1, etc). type Config interface { - GetType() string Validate() error } -// ConfigCLI represents the configuration for CLI plugins -type ConfigCLI struct { - // Usage is the single-line usage text shown in help - // For recommended syntax, see [spf13/cobra.command.Command] Use field comment: - // https://pkg.go.dev/github.com/spf13/cobra#Command - Usage string `yaml:"usage"` - // ShortHelp is the short description shown in the 'helm help' output - ShortHelp string `yaml:"shortHelp"` - // LongHelp is the long message shown in the 'helm help ' output - LongHelp string `yaml:"longHelp"` - // IgnoreFlags ignores any flags passed in from Helm - IgnoreFlags bool `yaml:"ignoreFlags"` -} - -// ConfigGetter represents the configuration for download plugins -type ConfigGetter struct { - // Protocols are the list of URL schemes supported by this downloader - Protocols []string `yaml:"protocols"` -} - -func (c *ConfigCLI) GetType() string { return "cli/v1" } -func (c *ConfigGetter) GetType() string { return "getter/v1" } - -func (c *ConfigCLI) Validate() error { - // Config validation for CLI plugins - return nil -} +func unmarshaConfig(pluginType string, configData map[string]any) (Config, error) { -func (c *ConfigGetter) Validate() error { - if len(c.Protocols) == 0 { - return fmt.Errorf("getter has no protocols") - } - for i, protocol := range c.Protocols { - if protocol == "" { - return fmt.Errorf("getter has empty protocol at index %d", i) - } + pluginTypeMeta, ok := pluginTypesIndex[pluginType] + if !ok { + return nil, fmt.Errorf("unknown plugin type %q", pluginType) } - return nil -} -func remarshalConfig[T Config](configData map[string]any) (Config, error) { + // TODO: Avoid (yaml) serialization/deserialization for type conversion here + data, err := yaml.Marshal(configData) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to marshel config data (plugin type %s): %w", pluginType, err) } - var config T - if err := yaml.Unmarshal(data, &config); err != nil { + config := reflect.New(pluginTypeMeta.configType) + d := yaml.NewDecoder(bytes.NewReader(data)) + d.KnownFields(true) + if err := d.Decode(config.Interface()); err != nil { return nil, err } - return config, nil + return config.Interface().(Config), nil } diff --git a/internal/plugin/config_test.go b/internal/plugin/config_test.go new file mode 100644 index 000000000..c51b77ff0 --- /dev/null +++ b/internal/plugin/config_test.go @@ -0,0 +1,56 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "helm.sh/helm/v4/internal/plugin/schema" +) + +func TestUnmarshaConfig(t *testing.T) { + // Test unmarshalling a CLI plugin config + { + config, err := unmarshaConfig("cli/v1", map[string]any{ + "usage": "usage string", + "shortHelp": "short help string", + "longHelp": "long help string", + "ignoreFlags": true, + }) + require.NoError(t, err) + + require.IsType(t, &schema.ConfigCLIV1{}, config) + assert.Equal(t, schema.ConfigCLIV1{ + Usage: "usage string", + ShortHelp: "short help string", + LongHelp: "long help string", + IgnoreFlags: true, + }, *(config.(*schema.ConfigCLIV1))) + } + + // Test unmarshalling invalid config data + { + config, err := unmarshaConfig("cli/v1", map[string]any{ + "invalid field": "foo", + }) + require.Error(t, err) + assert.Contains(t, err.Error(), "field not found") + assert.Nil(t, config) + } +} diff --git a/internal/plugin/error.go b/internal/plugin/error.go index 5ace680cb..212460cea 100644 --- a/internal/plugin/error.go +++ b/internal/plugin/error.go @@ -19,8 +19,8 @@ package plugin // - subprocess plugin: child process exit code // - extism plugin: wasm function return code type InvokeExecError struct { - Err error // Underlying error - Code int // Exeit code from plugin code execution + ExitCode int // Exit code from plugin code execution + Err error // Underlying error } // Error implements the error interface diff --git a/internal/plugin/installer/extractor.go b/internal/plugin/installer/extractor.go new file mode 100644 index 000000000..71efebc67 --- /dev/null +++ b/internal/plugin/installer/extractor.go @@ -0,0 +1,195 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package installer // import "helm.sh/helm/v4/internal/plugin/installer" + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "errors" + "fmt" + "io" + "os" + "path" + "path/filepath" + "regexp" + "slices" + "strings" + + securejoin "github.com/cyphar/filepath-securejoin" +) + +// TarGzExtractor extracts gzip compressed tar archives +type TarGzExtractor struct{} + +// Extractor provides an interface for extracting archives +type Extractor interface { + Extract(buffer *bytes.Buffer, targetDir string) error +} + +// Extractors contains a map of suffixes and matching implementations of extractor to return +var Extractors = map[string]Extractor{ + ".tar.gz": &TarGzExtractor{}, + ".tgz": &TarGzExtractor{}, +} + +// Convert a media type to an extractor extension. +// +// This should be refactored in Helm 4, combined with the extension-based mechanism. +func mediaTypeToExtension(mt string) (string, bool) { + switch strings.ToLower(mt) { + case "application/gzip", "application/x-gzip", "application/x-tgz", "application/x-gtar": + return ".tgz", true + case "application/octet-stream": + // Generic binary type - we'll need to check the URL suffix + return "", false + default: + return "", false + } +} + +// NewExtractor creates a new extractor matching the source file name +func NewExtractor(source string) (Extractor, error) { + for suffix, extractor := range Extractors { + if strings.HasSuffix(source, suffix) { + return extractor, nil + } + } + return nil, fmt.Errorf("no extractor implemented yet for %s", source) +} + +// cleanJoin resolves dest as a subpath of root. +// +// This function runs several security checks on the path, generating an error if +// the supplied `dest` looks suspicious or would result in dubious behavior on the +// filesystem. +// +// cleanJoin assumes that any attempt by `dest` to break out of the CWD is an attempt +// to be malicious. (If you don't care about this, use the securejoin-filepath library.) +// It will emit an error if it detects paths that _look_ malicious, operating on the +// assumption that we don't actually want to do anything with files that already +// appear to be nefarious. +// +// - The character `:` is considered illegal because it is a separator on UNIX and a +// drive designator on Windows. +// - The path component `..` is considered suspicious, and therefore illegal +// - The character \ (backslash) is treated as a path separator and is converted to /. +// - Beginning a path with a path separator is illegal +// - Rudimentary symlink protections are offered by SecureJoin. +func cleanJoin(root, dest string) (string, error) { + + // On Windows, this is a drive separator. On UNIX-like, this is the path list separator. + // In neither case do we want to trust a TAR that contains these. + if strings.Contains(dest, ":") { + return "", errors.New("path contains ':', which is illegal") + } + + // The Go tar library does not convert separators for us. + // We assume here, as we do elsewhere, that `\\` means a Windows path. + dest = strings.ReplaceAll(dest, "\\", "/") + + // We want to alert the user that something bad was attempted. Cleaning it + // is not a good practice. + if slices.Contains(strings.Split(dest, "/"), "..") { + return "", errors.New("path contains '..', which is illegal") + } + + // If a path is absolute, the creator of the TAR is doing something shady. + if path.IsAbs(dest) { + return "", errors.New("path is absolute, which is illegal") + } + + // SecureJoin will do some cleaning, as well as some rudimentary checking of symlinks. + // The directory needs to be cleaned prior to passing to SecureJoin or the location may end up + // being wrong or returning an error. This was introduced in v0.4.0. + root = filepath.Clean(root) + newpath, err := securejoin.SecureJoin(root, dest) + if err != nil { + return "", err + } + + return filepath.ToSlash(newpath), nil +} + +// Extract extracts compressed archives +// +// Implements Extractor. +func (g *TarGzExtractor) Extract(buffer *bytes.Buffer, targetDir string) error { + uncompressedStream, err := gzip.NewReader(buffer) + if err != nil { + return err + } + + if err := os.MkdirAll(targetDir, 0755); err != nil { + return err + } + + tarReader := tar.NewReader(uncompressedStream) + for { + header, err := tarReader.Next() + if err == io.EOF { + break + } + if err != nil { + return err + } + + path, err := cleanJoin(targetDir, header.Name) + if err != nil { + return err + } + + switch header.Typeflag { + case tar.TypeDir: + if err := os.MkdirAll(path, 0755); err != nil { + return err + } + case tar.TypeReg: + // Ensure parent directory exists + if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil { + return err + } + outFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode)) + if err != nil { + return err + } + if _, err := io.Copy(outFile, tarReader); err != nil { + outFile.Close() + return err + } + outFile.Close() + // We don't want to process these extension header files. + case tar.TypeXGlobalHeader, tar.TypeXHeader: + continue + default: + return fmt.Errorf("unknown type: %b in %s", header.Typeflag, header.Name) + } + } + return nil +} + +// stripPluginName is a helper that relies on some sort of convention for plugin name (plugin-name-) +func stripPluginName(name string) string { + var strippedName string + for suffix := range Extractors { + if before, ok := strings.CutSuffix(name, suffix); ok { + strippedName = before + break + } + } + re := regexp.MustCompile(`(.*)-[0-9]+\..*`) + return re.ReplaceAllString(strippedName, `$1`) +} diff --git a/internal/plugin/installer/http_installer.go b/internal/plugin/installer/http_installer.go index b68fc059a..bb96314f4 100644 --- a/internal/plugin/installer/http_installer.go +++ b/internal/plugin/installer/http_installer.go @@ -16,22 +16,14 @@ limitations under the License. package installer // import "helm.sh/helm/v4/internal/plugin/installer" import ( - "archive/tar" "bytes" - "compress/gzip" - "errors" "fmt" - "io" "log/slog" "os" - "path" "path/filepath" - "regexp" - "slices" "strings" - securejoin "github.com/cyphar/filepath-securejoin" - + "helm.sh/helm/v4/internal/plugin" "helm.sh/helm/v4/internal/plugin/cache" "helm.sh/helm/v4/internal/third_party/dep/fs" "helm.sh/helm/v4/pkg/cli" @@ -46,45 +38,9 @@ type HTTPInstaller struct { base extractor Extractor getter getter.Getter -} - -// TarGzExtractor extracts gzip compressed tar archives -type TarGzExtractor struct{} - -// Extractor provides an interface for extracting archives -type Extractor interface { - Extract(buffer *bytes.Buffer, targetDir string) error -} - -// Extractors contains a map of suffixes and matching implementations of extractor to return -var Extractors = map[string]Extractor{ - ".tar.gz": &TarGzExtractor{}, - ".tgz": &TarGzExtractor{}, -} - -// Convert a media type to an extractor extension. -// -// This should be refactored in Helm 4, combined with the extension-based mechanism. -func mediaTypeToExtension(mt string) (string, bool) { - switch strings.ToLower(mt) { - case "application/gzip", "application/x-gzip", "application/x-tgz", "application/x-gtar": - return ".tgz", true - case "application/octet-stream": - // Generic binary type - we'll need to check the URL suffix - return "", false - default: - return "", false - } -} - -// NewExtractor creates a new extractor matching the source file name -func NewExtractor(source string) (Extractor, error) { - for suffix, extractor := range Extractors { - if strings.HasSuffix(source, suffix) { - return extractor, nil - } - } - return nil, fmt.Errorf("no extractor implemented yet for %s", source) + // Cached data to avoid duplicate downloads + pluginData []byte + provData []byte } // NewHTTPInstaller creates a new HttpInstaller. @@ -114,30 +70,53 @@ func NewHTTPInstaller(source string) (*HTTPInstaller, error) { return i, nil } -// helper that relies on some sort of convention for plugin name (plugin-name-) -func stripPluginName(name string) string { - var strippedName string - for suffix := range Extractors { - if strings.HasSuffix(name, suffix) { - strippedName = strings.TrimSuffix(name, suffix) - break - } - } - re := regexp.MustCompile(`(.*)-[0-9]+\..*`) - return re.ReplaceAllString(strippedName, `$1`) -} - // Install downloads and extracts the tarball into the cache directory // and installs into the plugin directory. // // Implements Installer. func (i *HTTPInstaller) Install() error { - pluginData, err := i.getter.Get(i.Source) + // Ensure plugin data is cached + if i.pluginData == nil { + pluginData, err := i.getter.Get(i.Source) + if err != nil { + return err + } + i.pluginData = pluginData.Bytes() + } + + // Save the original tarball to plugins directory for verification + // Extract metadata to get the actual plugin name and version + metadata, err := plugin.ExtractTgzPluginMetadata(bytes.NewReader(i.pluginData)) if err != nil { - return err + return fmt.Errorf("failed to extract plugin metadata from tarball: %w", err) + } + filename := fmt.Sprintf("%s-%s.tgz", metadata.Name, metadata.Version) + tarballPath := helmpath.DataPath("plugins", filename) + if err := os.MkdirAll(filepath.Dir(tarballPath), 0755); err != nil { + return fmt.Errorf("failed to create plugins directory: %w", err) + } + if err := os.WriteFile(tarballPath, i.pluginData, 0644); err != nil { + return fmt.Errorf("failed to save tarball: %w", err) } - if err := i.extractor.Extract(pluginData, i.CacheDir); err != nil { + // Ensure prov data is cached if available + if i.provData == nil { + // Try to download .prov file if it exists + provURL := i.Source + ".prov" + if provData, err := i.getter.Get(provURL); err == nil { + i.provData = provData.Bytes() + } + } + + // Save prov file if we have the data + if i.provData != nil { + provPath := tarballPath + ".prov" + if err := os.WriteFile(provPath, i.provData, 0644); err != nil { + slog.Debug("failed to save provenance file", "error", err) + } + } + + if err := i.extractor.Extract(bytes.NewBuffer(i.pluginData), i.CacheDir); err != nil { return fmt.Errorf("extracting files from archive: %w", err) } @@ -175,111 +154,38 @@ func (i HTTPInstaller) Path() string { return helmpath.DataPath("plugins", i.PluginName) } -// cleanJoin resolves dest as a subpath of root. -// -// This function runs several security checks on the path, generating an error if -// the supplied `dest` looks suspicious or would result in dubious behavior on the -// filesystem. -// -// cleanJoin assumes that any attempt by `dest` to break out of the CWD is an attempt -// to be malicious. (If you don't care about this, use the securejoin-filepath library.) -// It will emit an error if it detects paths that _look_ malicious, operating on the -// assumption that we don't actually want to do anything with files that already -// appear to be nefarious. -// -// - The character `:` is considered illegal because it is a separator on UNIX and a -// drive designator on Windows. -// - The path component `..` is considered suspicions, and therefore illegal -// - The character \ (backslash) is treated as a path separator and is converted to /. -// - Beginning a path with a path separator is illegal -// - Rudimentary symlink protects are offered by SecureJoin. -func cleanJoin(root, dest string) (string, error) { - - // On Windows, this is a drive separator. On UNIX-like, this is the path list separator. - // In neither case do we want to trust a TAR that contains these. - if strings.Contains(dest, ":") { - return "", errors.New("path contains ':', which is illegal") - } - - // The Go tar library does not convert separators for us. - // We assume here, as we do elsewhere, that `\\` means a Windows path. - dest = strings.ReplaceAll(dest, "\\", "/") - - // We want to alert the user that something bad was attempted. Cleaning it - // is not a good practice. - if slices.Contains(strings.Split(dest, "/"), "..") { - return "", errors.New("path contains '..', which is illegal") - } - - // If a path is absolute, the creator of the TAR is doing something shady. - if path.IsAbs(dest) { - return "", errors.New("path is absolute, which is illegal") - } - - // SecureJoin will do some cleaning, as well as some rudimentary checking of symlinks. - // The directory needs to be cleaned prior to passing to SecureJoin or the location may end up - // being wrong or returning an error. This was introduced in v0.4.0. - root = filepath.Clean(root) - newpath, err := securejoin.SecureJoin(root, dest) - if err != nil { - return "", err - } - - return filepath.ToSlash(newpath), nil +// SupportsVerification returns true if the HTTP installer can verify plugins +func (i *HTTPInstaller) SupportsVerification() bool { + // Only support verification for tarball URLs + return strings.HasSuffix(i.Source, ".tgz") || strings.HasSuffix(i.Source, ".tar.gz") } -// Extract extracts compressed archives -// -// Implements Extractor. -func (g *TarGzExtractor) Extract(buffer *bytes.Buffer, targetDir string) error { - uncompressedStream, err := gzip.NewReader(buffer) - if err != nil { - return err - } - - if err := os.MkdirAll(targetDir, 0755); err != nil { - return err +// GetVerificationData returns cached plugin and provenance data for verification +func (i *HTTPInstaller) GetVerificationData() (archiveData, provData []byte, filename string, err error) { + if !i.SupportsVerification() { + return nil, nil, "", fmt.Errorf("verification not supported for this source") } - tarReader := tar.NewReader(uncompressedStream) - for { - header, err := tarReader.Next() - if err == io.EOF { - break - } + // Download plugin data once and cache it + if i.pluginData == nil { + data, err := i.getter.Get(i.Source) if err != nil { - return err + return nil, nil, "", fmt.Errorf("failed to download plugin: %w", err) } + i.pluginData = data.Bytes() + } - path, err := cleanJoin(targetDir, header.Name) + // Download prov data once and cache it if available + if i.provData == nil { + provData, err := i.getter.Get(i.Source + ".prov") if err != nil { - return err - } - - switch header.Typeflag { - case tar.TypeDir: - if err := os.MkdirAll(path, 0755); err != nil { - return err - } - case tar.TypeReg: - // Ensure parent directory exists - if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil { - return err - } - outFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode)) - if err != nil { - return err - } - defer outFile.Close() - if _, err := io.Copy(outFile, tarReader); err != nil { - return err - } - // We don't want to process these extension header files. - case tar.TypeXGlobalHeader, tar.TypeXHeader: - continue - default: - return fmt.Errorf("unknown type: %b in %s", header.Typeflag, header.Name) + // If provenance file doesn't exist, set provData to nil + // The verification logic will handle this gracefully + i.provData = nil + } else { + i.provData = provData.Bytes() } } - return nil + + return i.pluginData, i.provData, filepath.Base(i.Source), nil } diff --git a/internal/plugin/installer/http_installer_test.go b/internal/plugin/installer/http_installer_test.go index 453021b76..be40b1b90 100644 --- a/internal/plugin/installer/http_installer_test.go +++ b/internal/plugin/installer/http_installer_test.go @@ -49,7 +49,7 @@ func (t *TestHTTPGetter) Get(_ string, _ ...getter.Option) (*bytes.Buffer, error } // Fake plugin tarball data -var fakePluginB64 = "H4sIAKRj51kAA+3UX0vCUBgGcC9jn+Iwuk3Peza3GeyiUlJQkcogCOzgli7dJm4TvYk+a5+k479UqquUCJ/fLs549sLO2TnvWnJa9aXnjwujYdYLovxMhsPcfnHOLdNkOXthM/IVQQYjg2yyLLJ4kXGhLp5j0z3P41tZksqxmspL3B/O+j/XtZu1y8rdYzkOZRCxduKPk53ny6Wwz/GfIIf1As8lxzGJSmoHNLJZphKHG4YpTCE0wVk3DULfpSJ3DMMqkj3P5JfMYLdX1Vr9Ie/5E5cstcdC8K04iGLX5HaJuKpWL17F0TCIBi5pf/0pjtLhun5j3f9v6r7wfnI/H0eNp9d1/5P6Gez0vzo7wsoxfrAZbTny/o9k6J8z/VkO/LPlWdC1iVpbEEcq5nmeJ13LEtmbV0k2r2PrOs9PuuNglC5rL1Y5S/syXRQmutaNw1BGnnp8Wq3UG51WvX1da3bKtZtCN/R09DwAAAAAAAAAAAAAAAAAAADAb30AoMczDwAoAAA=" +var fakePluginB64 = "H4sIAAAAAAAAA+3SQUvDMBgG4Jz7K0LwapdvSxrwJig6mCKC5xHabBaXdDSt4L+3cQ56mV42ZPg+lw+SF5LwZmXf3OV206/rMGEnIgdG6zTJaDmee4y01FOlZpqGHJGZSsb1qS401sfOtpyz0FTup9xv+2dqNep/N/IP6zdHPSMVXCh1sH8yhtGMDBUFFTL1r4iIcXnUWxzwz/sP1rsrLkbfQGTvro11E4ZlmcucRNZHu04py1OO73OVi2Vbb7td9vp7nXevtvsKRpGVjfc2VMP2xf3t4mH5tHi5mz8ub+bPk9JXIvvr5wMAAAAAAAAAAAAAAAAAAAAAnLVPqwHcXQAoAAA=" func TestStripName(t *testing.T) { if stripPluginName("fake-plugin-0.0.1.tar.gz") != "fake-plugin" { @@ -515,6 +515,7 @@ func TestExtractWithExistingDirectory(t *testing.T) { } func TestExtractPluginInSubdirectory(t *testing.T) { + ensure.HelmHome(t) source := "https://repo.localdomain/plugins/subdir-plugin-1.0.0.tar.gz" tempDir := t.TempDir() diff --git a/internal/plugin/installer/installer.go b/internal/plugin/installer/installer.go index 7900f6745..c7c1a8801 100644 --- a/internal/plugin/installer/installer.go +++ b/internal/plugin/installer/installer.go @@ -17,12 +17,15 @@ package installer import ( "errors" + "fmt" + "log/slog" "net/http" "os" "path/filepath" "strings" "helm.sh/helm/v4/internal/plugin" + "helm.sh/helm/v4/pkg/registry" ) // ErrMissingMetadata indicates that plugin.yaml is missing. @@ -31,6 +34,14 @@ var ErrMissingMetadata = errors.New("plugin metadata (plugin.yaml) missing") // Debug enables verbose output. var Debug bool +// Options contains options for plugin installation. +type Options struct { + // Verify enables signature verification before installation + Verify bool + // Keyring is the path to the keyring for verification + Keyring string +} + // Installer provides an interface for installing helm client plugins. type Installer interface { // Install adds a plugin. @@ -41,40 +52,118 @@ type Installer interface { Update() error } +// Verifier provides an interface for installers that support verification. +type Verifier interface { + // SupportsVerification returns true if this installer can verify plugins + SupportsVerification() bool + // GetVerificationData returns plugin and provenance data for verification + GetVerificationData() (archiveData, provData []byte, filename string, err error) +} + // Install installs a plugin. func Install(i Installer) error { + _, err := InstallWithOptions(i, Options{}) + return err +} + +// VerificationResult contains the result of plugin verification +type VerificationResult struct { + SignedBy []string + Fingerprint string + FileHash string +} + +// InstallWithOptions installs a plugin with options. +func InstallWithOptions(i Installer, opts Options) (*VerificationResult, error) { + if err := os.MkdirAll(filepath.Dir(i.Path()), 0755); err != nil { - return err + return nil, err } if _, pathErr := os.Stat(i.Path()); !os.IsNotExist(pathErr) { - return errors.New("plugin already exists") + slog.Warn("plugin already exists", "path", i.Path(), slog.Any("error", pathErr)) + return nil, errors.New("plugin already exists") + } + + var result *VerificationResult + + // If verification is requested, check if installer supports it + if opts.Verify { + verifier, ok := i.(Verifier) + if !ok || !verifier.SupportsVerification() { + return nil, fmt.Errorf("--verify is only supported for plugin tarballs (.tgz files)") + } + + // Get verification data (works for both memory and file-based installers) + archiveData, provData, filename, err := verifier.GetVerificationData() + if err != nil { + return nil, fmt.Errorf("failed to get verification data: %w", err) + } + + // Check if provenance data exists + if len(provData) == 0 { + // No .prov file found - emit warning but continue installation + fmt.Fprintf(os.Stderr, "WARNING: No provenance file found for plugin. Plugin is not signed and cannot be verified.\n") + } else { + // Provenance data exists - verify the plugin + verification, err := plugin.VerifyPlugin(archiveData, provData, filename, opts.Keyring) + if err != nil { + return nil, fmt.Errorf("plugin verification failed: %w", err) + } + + // Collect verification info + result = &VerificationResult{ + SignedBy: make([]string, 0), + Fingerprint: fmt.Sprintf("%X", verification.SignedBy.PrimaryKey.Fingerprint), + FileHash: verification.FileHash, + } + for name := range verification.SignedBy.Identities { + result.SignedBy = append(result.SignedBy, name) + } + } + } + + if err := i.Install(); err != nil { + return nil, err } - return i.Install() + + return result, nil } // Update updates a plugin. func Update(i Installer) error { if _, pathErr := os.Stat(i.Path()); os.IsNotExist(pathErr) { + slog.Warn("plugin does not exist", "path", i.Path(), slog.Any("error", pathErr)) return errors.New("plugin does not exist") } return i.Update() } // NewForSource determines the correct Installer for the given source. -func NewForSource(source, version string) (Installer, error) { - // Check if source is a local directory - if isLocalReference(source) { - return NewLocalInstaller(source) +func NewForSource(source, version string) (installer Installer, err error) { + if strings.HasPrefix(source, fmt.Sprintf("%s://", registry.OCIScheme)) { + // Source is an OCI registry reference + installer, err = NewOCIInstaller(source) + } else if isLocalReference(source) { + // Source is a local directory + installer, err = NewLocalInstaller(source) } else if isRemoteHTTPArchive(source) { - return NewHTTPInstaller(source) + installer, err = NewHTTPInstaller(source) + } else { + installer, err = NewVCSInstaller(source, version) } - return NewVCSInstaller(source, version) + + if err != nil { + return installer, fmt.Errorf("cannot get information about plugin source %q (if it's a local directory, does it exist?), last error was: %w", source, err) + } + + return } // FindSource determines the correct Installer for the given source. func FindSource(location string) (Installer, error) { installer, err := existingVCSRepo(location) if err != nil && err.Error() == "Cannot detect VCS" { + slog.Warn("cannot get information about plugin source", "location", location, slog.Any("error", err)) return installer, errors.New("cannot get information about plugin source") } return installer, err diff --git a/internal/plugin/installer/local_installer.go b/internal/plugin/installer/local_installer.go index 87b9eaf97..1c8314282 100644 --- a/internal/plugin/installer/local_installer.go +++ b/internal/plugin/installer/local_installer.go @@ -24,17 +24,21 @@ import ( "path/filepath" "strings" + "helm.sh/helm/v4/internal/plugin" "helm.sh/helm/v4/internal/third_party/dep/fs" + "helm.sh/helm/v4/pkg/helmpath" ) -// ErrPluginNotAFolder indicates that the plugin path is not a folder. -var ErrPluginNotAFolder = errors.New("expected plugin to be a folder") +// ErrPluginNotADirectory indicates that the plugin path is not a directory. +var ErrPluginNotADirectory = errors.New("expected plugin to be a directory (containing a file 'plugin.yaml')") // LocalInstaller installs plugins from the filesystem. type LocalInstaller struct { base - isArchive bool - extractor Extractor + isArchive bool + extractor Extractor + pluginData []byte // Cached plugin data + provData []byte // Cached provenance data } // NewLocalInstaller creates a new LocalInstaller. @@ -87,7 +91,7 @@ func (i *LocalInstaller) installFromDirectory() error { return err } if !stat.IsDir() { - return ErrPluginNotAFolder + return ErrPluginNotADirectory } if !isPlugin(i.Source) { @@ -105,6 +109,30 @@ func (i *LocalInstaller) installFromArchive() error { return fmt.Errorf("failed to read archive: %w", err) } + // Copy the original tarball to plugins directory for verification + // Extract metadata to get the actual plugin name and version + metadata, err := plugin.ExtractTgzPluginMetadata(bytes.NewReader(data)) + if err != nil { + return fmt.Errorf("failed to extract plugin metadata from tarball: %w", err) + } + filename := fmt.Sprintf("%s-%s.tgz", metadata.Name, metadata.Version) + tarballPath := helmpath.DataPath("plugins", filename) + if err := os.MkdirAll(filepath.Dir(tarballPath), 0755); err != nil { + return fmt.Errorf("failed to create plugins directory: %w", err) + } + if err := os.WriteFile(tarballPath, data, 0644); err != nil { + return fmt.Errorf("failed to save tarball: %w", err) + } + + // Check for and copy .prov file if it exists + provSource := i.Source + ".prov" + if provData, err := os.ReadFile(provSource); err == nil { + provPath := tarballPath + ".prov" + if err := os.WriteFile(provPath, provData, 0644); err != nil { + slog.Debug("failed to save provenance file", "error", err) + } + } + // Create a temporary directory for extraction tempDir, err := os.MkdirTemp("", "helm-plugin-extract-") if err != nil { @@ -118,31 +146,74 @@ func (i *LocalInstaller) installFromArchive() error { return fmt.Errorf("failed to extract archive: %w", err) } - // Detect where the plugin.yaml actually is - pluginRoot, err := detectPluginRoot(tempDir) - if err != nil { - return err + // Plugin directory should be named after the plugin at the archive root + pluginName := stripPluginName(filepath.Base(i.Source)) + pluginDir := filepath.Join(tempDir, pluginName) + if _, err = os.Stat(filepath.Join(pluginDir, "plugin.yaml")); err != nil { + return fmt.Errorf("plugin.yaml not found in expected directory %s: %w", pluginDir, err) } // Copy to the final destination - slog.Debug("copying", "source", pluginRoot, "path", i.Path()) - return fs.CopyDir(pluginRoot, i.Path()) + slog.Debug("copying", "source", pluginDir, "path", i.Path()) + return fs.CopyDir(pluginDir, i.Path()) +} + +// Update updates a local repository +func (i *LocalInstaller) Update() error { + slog.Debug("local repository is auto-updated") + return nil } -// Path returns the path where the plugin will be installed. -// For archive sources, strips the version from the filename. +// Path is overridden to handle archive plugin names properly func (i *LocalInstaller) Path() string { if i.Source == "" { return "" } + + pluginName := filepath.Base(i.Source) if i.isArchive { - return filepath.Join(i.PluginsDirectory, stripPluginName(filepath.Base(i.Source))) + // Strip archive extension to get plugin name + pluginName = stripPluginName(pluginName) } - return filepath.Join(i.PluginsDirectory, filepath.Base(i.Source)) + + return helmpath.DataPath("plugins", pluginName) } -// Update updates a local repository -func (i *LocalInstaller) Update() error { - slog.Debug("local repository is auto-updated") - return nil +// SupportsVerification returns true if the local installer can verify plugins +func (i *LocalInstaller) SupportsVerification() bool { + // Only support verification for local tarball files + return i.isArchive +} + +// GetVerificationData loads plugin and provenance data from local files for verification +func (i *LocalInstaller) GetVerificationData() (archiveData, provData []byte, filename string, err error) { + if !i.SupportsVerification() { + return nil, nil, "", fmt.Errorf("verification not supported for directories") + } + + // Read and cache the plugin archive file + if i.pluginData == nil { + i.pluginData, err = os.ReadFile(i.Source) + if err != nil { + return nil, nil, "", fmt.Errorf("failed to read plugin file: %w", err) + } + } + + // Read and cache the provenance file if it exists + if i.provData == nil { + provFile := i.Source + ".prov" + i.provData, err = os.ReadFile(provFile) + if err != nil { + if os.IsNotExist(err) { + // If provenance file doesn't exist, set provData to nil + // The verification logic will handle this gracefully + i.provData = nil + } else { + // If file exists but can't be read (permissions, etc), return error + return nil, nil, "", fmt.Errorf("failed to access provenance file %s: %w", provFile, err) + } + } + } + + return i.pluginData, i.provData, filepath.Base(i.Source), nil } diff --git a/internal/plugin/installer/local_installer_test.go b/internal/plugin/installer/local_installer_test.go index 05118e183..2decb695f 100644 --- a/internal/plugin/installer/local_installer_test.go +++ b/internal/plugin/installer/local_installer_test.go @@ -64,7 +64,7 @@ func TestLocalInstallerNotAFolder(t *testing.T) { if err == nil { t.Fatal("expected error") } - if err != ErrPluginNotAFolder { + if err != ErrPluginNotADirectory { t.Fatalf("expected error to equal: %q", err) } } @@ -86,8 +86,8 @@ func TestLocalInstallerTarball(t *testing.T) { Body string Mode int64 }{ - {"plugin.yaml", "name: test-plugin\nversion: 1.0.0\nusage: test\ndescription: test\ncommand: echo", 0644}, - {"bin/test-plugin", "#!/bin/bash\necho test", 0755}, + {"test-plugin/plugin.yaml", "name: test-plugin\napiVersion: v1\ntype: cli/v1\nruntime: subprocess\nversion: 1.0.0\nconfig:\n shortHelp: test\n longHelp: test\nruntimeConfig:\n platformCommand:\n - command: echo", 0644}, + {"test-plugin/bin/test-plugin", "#!/bin/bash\necho test", 0755}, } for _, file := range files { @@ -146,82 +146,3 @@ func TestLocalInstallerTarball(t *testing.T) { t.Fatalf("plugin not found at %s: %v", i.Path(), err) } } - -func TestLocalInstallerTarballWithSubdirectory(t *testing.T) { - ensure.HelmHome(t) - - // Create a test tarball with subdirectory - tempDir := t.TempDir() - tarballPath := filepath.Join(tempDir, "subdir-plugin-1.0.0.tar.gz") - - // Create tarball content - var buf bytes.Buffer - gw := gzip.NewWriter(&buf) - tw := tar.NewWriter(gw) - - files := []struct { - Name string - Body string - Mode int64 - IsDir bool - }{ - {"my-plugin/", "", 0755, true}, - {"my-plugin/plugin.yaml", "name: my-plugin\nversion: 1.0.0\nusage: test\ndescription: test\ncommand: echo", 0644, false}, - {"my-plugin/bin/", "", 0755, true}, - {"my-plugin/bin/my-plugin", "#!/bin/bash\necho test", 0755, false}, - } - - for _, file := range files { - hdr := &tar.Header{ - Name: file.Name, - Mode: file.Mode, - } - if file.IsDir { - hdr.Typeflag = tar.TypeDir - } else { - hdr.Size = int64(len(file.Body)) - } - - if err := tw.WriteHeader(hdr); err != nil { - t.Fatal(err) - } - if !file.IsDir { - if _, err := tw.Write([]byte(file.Body)); err != nil { - t.Fatal(err) - } - } - } - - if err := tw.Close(); err != nil { - t.Fatal(err) - } - if err := gw.Close(); err != nil { - t.Fatal(err) - } - - // Write tarball to file - if err := os.WriteFile(tarballPath, buf.Bytes(), 0644); err != nil { - t.Fatal(err) - } - - // Test installation - i, err := NewForSource(tarballPath, "") - if err != nil { - t.Fatalf("unexpected error: %s", err) - } - - if err := Install(i); err != nil { - t.Fatal(err) - } - - expectedPath := helmpath.DataPath("plugins", "subdir-plugin") - if i.Path() != expectedPath { - t.Fatalf("expected path %q, got %q", expectedPath, i.Path()) - } - - // Verify plugin was installed from subdirectory - pluginYaml := filepath.Join(i.Path(), "plugin.yaml") - if _, err := os.Stat(pluginYaml); err != nil { - t.Fatalf("plugin.yaml not found at %s: %v", pluginYaml, err) - } -} diff --git a/internal/plugin/installer/oci_installer.go b/internal/plugin/installer/oci_installer.go index a96a94ee1..afbb42ca5 100644 --- a/internal/plugin/installer/oci_installer.go +++ b/internal/plugin/installer/oci_installer.go @@ -25,6 +25,7 @@ import ( "os" "path/filepath" + "helm.sh/helm/v4/internal/plugin" "helm.sh/helm/v4/internal/plugin/cache" "helm.sh/helm/v4/internal/third_party/dep/fs" "helm.sh/helm/v4/pkg/cli" @@ -33,6 +34,9 @@ import ( "helm.sh/helm/v4/pkg/registry" ) +// Ensure OCIInstaller implements Verifier +var _ Verifier = (*OCIInstaller)(nil) + // OCIInstaller installs plugins from OCI registries type OCIInstaller struct { CacheDir string @@ -40,6 +44,9 @@ type OCIInstaller struct { base settings *cli.EnvSettings getter getter.Getter + // Cached data to avoid duplicate downloads + pluginData []byte + provData []byte } // NewOCIInstaller creates a new OCIInstaller with optional getter options @@ -79,25 +86,59 @@ func NewOCIInstaller(source string, options ...getter.Option) (*OCIInstaller, er func (i *OCIInstaller) Install() error { slog.Debug("pulling OCI plugin", "source", i.Source) - // Use getter to download the plugin - pluginData, err := i.getter.Get(i.Source) + // Ensure plugin data is cached + if i.pluginData == nil { + pluginData, err := i.getter.Get(i.Source) + if err != nil { + return fmt.Errorf("failed to pull plugin from %s: %w", i.Source, err) + } + i.pluginData = pluginData.Bytes() + } + + // Extract metadata to get the actual plugin name and version + metadata, err := plugin.ExtractTgzPluginMetadata(bytes.NewReader(i.pluginData)) if err != nil { - return fmt.Errorf("failed to pull plugin from %s: %w", i.Source, err) + return fmt.Errorf("failed to extract plugin metadata from tarball: %w", err) } + filename := fmt.Sprintf("%s-%s.tgz", metadata.Name, metadata.Version) - // Create cache directory - if err := os.MkdirAll(i.CacheDir, 0755); err != nil { - return fmt.Errorf("failed to create cache directory: %w", err) + tarballPath := helmpath.DataPath("plugins", filename) + if err := os.MkdirAll(filepath.Dir(tarballPath), 0755); err != nil { + return fmt.Errorf("failed to create plugins directory: %w", err) + } + if err := os.WriteFile(tarballPath, i.pluginData, 0644); err != nil { + return fmt.Errorf("failed to save tarball: %w", err) + } + + // Ensure prov data is cached if available + if i.provData == nil { + // Try to download .prov file if it exists + provSource := i.Source + ".prov" + if provData, err := i.getter.Get(provSource); err == nil { + i.provData = provData.Bytes() + } + } + + // Save prov file if we have the data + if i.provData != nil { + provPath := tarballPath + ".prov" + if err := os.WriteFile(provPath, i.provData, 0644); err != nil { + slog.Debug("failed to save provenance file", "error", err) + } } // Check if this is a gzip compressed file - pluginBytes := pluginData.Bytes() - if len(pluginBytes) < 2 || pluginBytes[0] != 0x1f || pluginBytes[1] != 0x8b { + if len(i.pluginData) < 2 || i.pluginData[0] != 0x1f || i.pluginData[1] != 0x8b { return fmt.Errorf("plugin data is not a gzip compressed archive") } + // Create cache directory + if err := os.MkdirAll(i.CacheDir, 0755); err != nil { + return fmt.Errorf("failed to create cache directory: %w", err) + } + // Extract as gzipped tar - if err := extractTarGz(bytes.NewReader(pluginBytes), i.CacheDir); err != nil { + if err := extractTarGz(bytes.NewReader(i.pluginData), i.CacheDir); err != nil { return fmt.Errorf("failed to extract plugin: %w", err) } @@ -214,3 +255,47 @@ func extractTar(r io.Reader, targetDir string) error { return nil } + +// SupportsVerification returns true since OCI plugins can be verified +func (i *OCIInstaller) SupportsVerification() bool { + return true +} + +// GetVerificationData downloads and caches plugin and provenance data from OCI registry for verification +func (i *OCIInstaller) GetVerificationData() (archiveData, provData []byte, filename string, err error) { + slog.Debug("getting verification data for OCI plugin", "source", i.Source) + + // Download plugin data once and cache it + if i.pluginData == nil { + pluginDataBuffer, err := i.getter.Get(i.Source) + if err != nil { + return nil, nil, "", fmt.Errorf("failed to pull plugin from %s: %w", i.Source, err) + } + i.pluginData = pluginDataBuffer.Bytes() + } + + // Download prov data once and cache it if available + if i.provData == nil { + provSource := i.Source + ".prov" + // Calling getter.Get again is reasonable because: 1. The OCI registry client already optimizes the underlying network calls + // 2. Both calls use the same underlying manifest and memory store 3. The second .prov call is very fast since the data is already pulled + provDataBuffer, err := i.getter.Get(provSource) + if err != nil { + // If provenance file doesn't exist, set provData to nil + // The verification logic will handle this gracefully + i.provData = nil + } else { + i.provData = provDataBuffer.Bytes() + } + } + + // Extract metadata to get the filename + metadata, err := plugin.ExtractTgzPluginMetadata(bytes.NewReader(i.pluginData)) + if err != nil { + return nil, nil, "", fmt.Errorf("failed to extract plugin metadata from tarball: %w", err) + } + filename = fmt.Sprintf("%s-%s.tgz", metadata.Name, metadata.Version) + + slog.Debug("got verification data for OCI plugin", "filename", filename) + return i.pluginData, i.provData, filename, nil +} diff --git a/internal/plugin/installer/oci_installer_test.go b/internal/plugin/installer/oci_installer_test.go index 1ed10ff8e..1280cf97d 100644 --- a/internal/plugin/installer/oci_installer_test.go +++ b/internal/plugin/installer/oci_installer_test.go @@ -34,6 +34,7 @@ import ( "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "helm.sh/helm/v4/internal/test/ensure" "helm.sh/helm/v4/pkg/cli" "helm.sh/helm/v4/pkg/getter" "helm.sh/helm/v4/pkg/helmpath" @@ -125,7 +126,7 @@ func mockOCIRegistryWithArtifactType(t *testing.T, pluginName string) (*httptest Digest: digest.Digest(layerDigest), Size: int64(len(pluginData)), Annotations: map[string]string{ - ocispec.AnnotationTitle: pluginName + ".tgz", // Layer named properly + ocispec.AnnotationTitle: pluginName + "-1.0.0.tgz", // Layer named with version }, }, }, @@ -316,9 +317,8 @@ func TestOCIInstaller_Path(t *testing.T) { } func TestOCIInstaller_Install(t *testing.T) { - // Set up isolated test environment FIRST - testPluginsDir := t.TempDir() - t.Setenv("HELM_PLUGINS", testPluginsDir) + // Set up isolated test environment + ensure.HelmHome(t) pluginName := "test-plugin-basic" server, registryHost := mockOCIRegistryWithArtifactType(t, pluginName) @@ -333,15 +333,10 @@ func TestOCIInstaller_Install(t *testing.T) { t.Fatalf("Expected no error, got %v", err) } - // The OCI installer uses helmpath.DataPath, which now points to our test directory + // The OCI installer uses helmpath.DataPath, which is isolated by ensure.HelmHome(t) actualPath := installer.Path() t.Logf("Installer will use path: %s", actualPath) - // Verify the path is actually in our test directory - if !strings.HasPrefix(actualPath, testPluginsDir) { - t.Fatalf("Expected path %s to be under test directory %s", actualPath, testPluginsDir) - } - // Install the plugin if err := Install(installer); err != nil { t.Fatalf("Expected installation to succeed, got error: %v", err) @@ -399,8 +394,7 @@ func TestOCIInstaller_Install_WithGetterOptions(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { // Set up isolated test environment for each subtest - testPluginsDir := t.TempDir() - t.Setenv("HELM_PLUGINS", testPluginsDir) + ensure.HelmHome(t) server, registryHost := mockOCIRegistryWithArtifactType(t, tc.pluginName) defer server.Close() @@ -440,8 +434,7 @@ func TestOCIInstaller_Install_WithGetterOptions(t *testing.T) { func TestOCIInstaller_Install_AlreadyExists(t *testing.T) { // Set up isolated test environment - testPluginsDir := t.TempDir() - t.Setenv("HELM_PLUGINS", testPluginsDir) + ensure.HelmHome(t) pluginName := "test-plugin-exists" server, registryHost := mockOCIRegistryWithArtifactType(t, pluginName) @@ -474,8 +467,7 @@ func TestOCIInstaller_Install_AlreadyExists(t *testing.T) { func TestOCIInstaller_Update(t *testing.T) { // Set up isolated test environment - testPluginsDir := t.TempDir() - t.Setenv("HELM_PLUGINS", testPluginsDir) + ensure.HelmHome(t) pluginName := "test-plugin-update" server, registryHost := mockOCIRegistryWithArtifactType(t, pluginName) diff --git a/internal/plugin/installer/vcs_installer_test.go b/internal/plugin/installer/vcs_installer_test.go index f024b4b40..d542a0f75 100644 --- a/internal/plugin/installer/vcs_installer_test.go +++ b/internal/plugin/installer/vcs_installer_test.go @@ -83,8 +83,9 @@ func TestVCSInstaller(t *testing.T) { if repo.current != "0.1.1" { t.Fatalf("expected version '0.1.1', got %q", repo.current) } - if i.Path() != helmpath.DataPath("plugins", "helm-env") { - t.Fatalf("expected path '$XDG_CONFIG_HOME/helm/plugins/helm-env', got %q", i.Path()) + expectedPath := helmpath.DataPath("plugins", "helm-env") + if i.Path() != expectedPath { + t.Fatalf("expected path %q, got %q", expectedPath, i.Path()) } // Install again to test plugin exists error diff --git a/internal/plugin/installer/verification_test.go b/internal/plugin/installer/verification_test.go new file mode 100644 index 000000000..22f0a8308 --- /dev/null +++ b/internal/plugin/installer/verification_test.go @@ -0,0 +1,421 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package installer + +import ( + "bytes" + "crypto/sha256" + "fmt" + "io" + "os" + "path/filepath" + "strings" + "testing" + + "helm.sh/helm/v4/internal/plugin" + "helm.sh/helm/v4/internal/test/ensure" +) + +func TestInstallWithOptions_VerifyMissingProvenance(t *testing.T) { + ensure.HelmHome(t) + + // Create a temporary plugin tarball without .prov file + pluginDir := createTestPluginDir(t) + pluginTgz := createTarballFromPluginDir(t, pluginDir) + defer os.Remove(pluginTgz) + + // Create local installer + installer, err := NewLocalInstaller(pluginTgz) + if err != nil { + t.Fatalf("Failed to create installer: %v", err) + } + defer os.RemoveAll(installer.Path()) + + // Capture stderr to check warning message + oldStderr := os.Stderr + r, w, _ := os.Pipe() + os.Stderr = w + + // Install with verification enabled (should warn but succeed) + result, err := InstallWithOptions(installer, Options{Verify: true, Keyring: "dummy"}) + + // Restore stderr and read captured output + w.Close() + os.Stderr = oldStderr + var buf bytes.Buffer + io.Copy(&buf, r) + output := buf.String() + + // Should succeed with nil result (no verification performed) + if err != nil { + t.Fatalf("Expected installation to succeed despite missing .prov file, got error: %v", err) + } + if result != nil { + t.Errorf("Expected nil verification result when .prov file is missing, got: %+v", result) + } + + // Should contain warning message + expectedWarning := "WARNING: No provenance file found for plugin" + if !strings.Contains(output, expectedWarning) { + t.Errorf("Expected warning message '%s' in output, got: %s", expectedWarning, output) + } + + // Plugin should be installed + if _, err := os.Stat(installer.Path()); os.IsNotExist(err) { + t.Errorf("Plugin should be installed at %s", installer.Path()) + } +} + +func TestInstallWithOptions_VerifyWithValidProvenance(t *testing.T) { + ensure.HelmHome(t) + + // Create a temporary plugin tarball with valid .prov file + pluginDir := createTestPluginDir(t) + pluginTgz := createTarballFromPluginDir(t, pluginDir) + + provFile := pluginTgz + ".prov" + createProvFile(t, provFile, pluginTgz, "") + defer os.Remove(provFile) + + // Create keyring with test key (empty for testing) + keyring := createTestKeyring(t) + defer os.Remove(keyring) + + // Create local installer + installer, err := NewLocalInstaller(pluginTgz) + if err != nil { + t.Fatalf("Failed to create installer: %v", err) + } + defer os.RemoveAll(installer.Path()) + + // Install with verification enabled + // This will fail signature verification but pass hash validation + result, err := InstallWithOptions(installer, Options{Verify: true, Keyring: keyring}) + + // Should fail due to invalid signature (empty keyring) but we test that it gets past the hash check + if err == nil { + t.Fatalf("Expected installation to fail with empty keyring") + } + if !strings.Contains(err.Error(), "plugin verification failed") { + t.Errorf("Expected plugin verification failed error, got: %v", err) + } + if result != nil { + t.Errorf("Expected nil verification result when verification fails, got: %+v", result) + } + + // Plugin should not be installed due to verification failure + if _, err := os.Stat(installer.Path()); !os.IsNotExist(err) { + t.Errorf("Plugin should not be installed when verification fails") + } +} + +func TestInstallWithOptions_VerifyWithInvalidProvenance(t *testing.T) { + ensure.HelmHome(t) + + // Create a temporary plugin tarball with invalid .prov file + pluginDir := createTestPluginDir(t) + pluginTgz := createTarballFromPluginDir(t, pluginDir) + defer os.Remove(pluginTgz) + + provFile := pluginTgz + ".prov" + createProvFileInvalidFormat(t, provFile) + defer os.Remove(provFile) + + // Create keyring with test key + keyring := createTestKeyring(t) + defer os.Remove(keyring) + + // Create local installer + installer, err := NewLocalInstaller(pluginTgz) + if err != nil { + t.Fatalf("Failed to create installer: %v", err) + } + defer os.RemoveAll(installer.Path()) + + // Install with verification enabled (should fail) + result, err := InstallWithOptions(installer, Options{Verify: true, Keyring: keyring}) + + // Should fail with verification error + if err == nil { + t.Fatalf("Expected installation with invalid .prov file to fail") + } + if result != nil { + t.Errorf("Expected nil verification result when verification fails, got: %+v", result) + } + + // Should contain verification failure message + expectedError := "plugin verification failed" + if !strings.Contains(err.Error(), expectedError) { + t.Errorf("Expected error message '%s', got: %s", expectedError, err.Error()) + } + + // Plugin should not be installed + if _, err := os.Stat(installer.Path()); !os.IsNotExist(err) { + t.Errorf("Plugin should not be installed when verification fails") + } +} + +func TestInstallWithOptions_NoVerifyRequested(t *testing.T) { + ensure.HelmHome(t) + + // Create a temporary plugin tarball without .prov file + pluginDir := createTestPluginDir(t) + pluginTgz := createTarballFromPluginDir(t, pluginDir) + defer os.Remove(pluginTgz) + + // Create local installer + installer, err := NewLocalInstaller(pluginTgz) + if err != nil { + t.Fatalf("Failed to create installer: %v", err) + } + defer os.RemoveAll(installer.Path()) + + // Install without verification (should succeed without any verification) + result, err := InstallWithOptions(installer, Options{Verify: false}) + + // Should succeed with no verification + if err != nil { + t.Fatalf("Expected installation without verification to succeed, got error: %v", err) + } + if result != nil { + t.Errorf("Expected nil verification result when verification is disabled, got: %+v", result) + } + + // Plugin should be installed + if _, err := os.Stat(installer.Path()); os.IsNotExist(err) { + t.Errorf("Plugin should be installed at %s", installer.Path()) + } +} + +func TestInstallWithOptions_VerifyDirectoryNotSupported(t *testing.T) { + ensure.HelmHome(t) + + // Create a directory-based plugin (not an archive) + pluginDir := createTestPluginDir(t) + + // Create local installer for directory + installer, err := NewLocalInstaller(pluginDir) + if err != nil { + t.Fatalf("Failed to create installer: %v", err) + } + defer os.RemoveAll(installer.Path()) + + // Install with verification should fail (directories don't support verification) + result, err := InstallWithOptions(installer, Options{Verify: true, Keyring: "dummy"}) + + // Should fail with verification not supported error + if err == nil { + t.Fatalf("Expected installation to fail with verification not supported error") + } + if !strings.Contains(err.Error(), "--verify is only supported for plugin tarballs") { + t.Errorf("Expected verification not supported error, got: %v", err) + } + if result != nil { + t.Errorf("Expected nil verification result when verification fails, got: %+v", result) + } +} + +func TestInstallWithOptions_VerifyMismatchedProvenance(t *testing.T) { + ensure.HelmHome(t) + + // Create plugin tarball + pluginDir := createTestPluginDir(t) + pluginTgz := createTarballFromPluginDir(t, pluginDir) + defer os.Remove(pluginTgz) + + provFile := pluginTgz + ".prov" + // Create provenance file with wrong hash (for a different file) + createProvFile(t, provFile, pluginTgz, "sha256:wronghash") + defer os.Remove(provFile) + + // Create keyring with test key + keyring := createTestKeyring(t) + defer os.Remove(keyring) + + // Create local installer + installer, err := NewLocalInstaller(pluginTgz) + if err != nil { + t.Fatalf("Failed to create installer: %v", err) + } + defer os.RemoveAll(installer.Path()) + + // Install with verification should fail due to hash mismatch + result, err := InstallWithOptions(installer, Options{Verify: true, Keyring: keyring}) + + // Should fail with verification error + if err == nil { + t.Fatalf("Expected installation to fail with hash mismatch") + } + if !strings.Contains(err.Error(), "plugin verification failed") { + t.Errorf("Expected plugin verification failed error, got: %v", err) + } + if result != nil { + t.Errorf("Expected nil verification result when verification fails, got: %+v", result) + } +} + +func TestInstallWithOptions_VerifyProvenanceAccessError(t *testing.T) { + ensure.HelmHome(t) + + // Create plugin tarball + pluginDir := createTestPluginDir(t) + pluginTgz := createTarballFromPluginDir(t, pluginDir) + defer os.Remove(pluginTgz) + + // Create a .prov file but make it inaccessible (simulate permission error) + provFile := pluginTgz + ".prov" + if err := os.WriteFile(provFile, []byte("test"), 0000); err != nil { + t.Fatalf("Failed to create inaccessible provenance file: %v", err) + } + defer os.Remove(provFile) + + // Create keyring + keyring := createTestKeyring(t) + defer os.Remove(keyring) + + // Create local installer + installer, err := NewLocalInstaller(pluginTgz) + if err != nil { + t.Fatalf("Failed to create installer: %v", err) + } + defer os.RemoveAll(installer.Path()) + + // Install with verification should fail due to access error + result, err := InstallWithOptions(installer, Options{Verify: true, Keyring: keyring}) + + // Should fail with access error (either at stat level or during verification) + if err == nil { + t.Fatalf("Expected installation to fail with provenance file access error") + } + // The error could be either "failed to access provenance file" or "plugin verification failed" + // depending on when the permission error occurs + if !strings.Contains(err.Error(), "failed to access provenance file") && + !strings.Contains(err.Error(), "plugin verification failed") { + t.Errorf("Expected provenance file access or verification error, got: %v", err) + } + if result != nil { + t.Errorf("Expected nil verification result when verification fails, got: %+v", result) + } +} + +// Helper functions for test setup + +func createTestPluginDir(t *testing.T) string { + t.Helper() + + // Create temporary directory with plugin structure + tmpDir := t.TempDir() + pluginDir := filepath.Join(tmpDir, "test-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatalf("Failed to create plugin directory: %v", err) + } + + // Create plugin.yaml using the standardized v1 format + pluginYaml := `apiVersion: v1 +name: test-plugin +type: cli/v1 +runtime: subprocess +version: 1.0.0 +runtimeConfig: + platformCommand: + - command: echo` + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(pluginYaml), 0644); err != nil { + t.Fatalf("Failed to create plugin.yaml: %v", err) + } + + return pluginDir +} + +func createTarballFromPluginDir(t *testing.T, pluginDir string) string { + t.Helper() + + // Create tarball using the plugin package helper + tmpDir := filepath.Dir(pluginDir) + tgzPath := filepath.Join(tmpDir, "test-plugin-1.0.0.tgz") + tarFile, err := os.Create(tgzPath) + if err != nil { + t.Fatalf("Failed to create tarball file: %v", err) + } + defer tarFile.Close() + + if err := plugin.CreatePluginTarball(pluginDir, "test-plugin", tarFile); err != nil { + t.Fatalf("Failed to create tarball: %v", err) + } + + return tgzPath +} + +func createProvFile(t *testing.T, provFile, pluginTgz, hash string) { + t.Helper() + + var hashStr string + if hash == "" { + // Calculate actual hash of the tarball for realistic testing + data, err := os.ReadFile(pluginTgz) + if err != nil { + t.Fatalf("Failed to read tarball for hashing: %v", err) + } + hashSum := sha256.Sum256(data) + hashStr = fmt.Sprintf("sha256:%x", hashSum) + } else { + // Use provided hash (could be wrong for testing) + hashStr = hash + } + + // Create properly formatted provenance file with specified hash + provContent := fmt.Sprintf(`-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +name: test-plugin +version: 1.0.0 +description: Test plugin for verification +files: + test-plugin-1.0.0.tgz: %s +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAEBCAAGBQJktest... +-----END PGP SIGNATURE----- +`, hashStr) + if err := os.WriteFile(provFile, []byte(provContent), 0644); err != nil { + t.Fatalf("Failed to create provenance file: %v", err) + } +} + +func createProvFileInvalidFormat(t *testing.T, provFile string) { + t.Helper() + + // Create an invalid provenance file (not PGP signed format) + invalidProv := "This is not a valid PGP signed message" + if err := os.WriteFile(provFile, []byte(invalidProv), 0644); err != nil { + t.Fatalf("Failed to create invalid provenance file: %v", err) + } +} + +func createTestKeyring(t *testing.T) string { + t.Helper() + + // Create a temporary keyring file + tmpDir := t.TempDir() + keyringPath := filepath.Join(tmpDir, "pubring.gpg") + + // Create empty keyring for testing + if err := os.WriteFile(keyringPath, []byte{}, 0644); err != nil { + t.Fatalf("Failed to create test keyring: %v", err) + } + + return keyringPath +} diff --git a/internal/plugin/loader.go b/internal/plugin/loader.go index eb05cb722..a58a84126 100644 --- a/internal/plugin/loader.go +++ b/internal/plugin/loader.go @@ -22,7 +22,11 @@ import ( "os" "path/filepath" + extism "github.com/extism/go-sdk" + "github.com/tetratelabs/wazero" "go.yaml.in/yaml/v3" + + "helm.sh/helm/v4/pkg/helmpath" ) func peekAPIVersion(r io.Reader) (string, error) { @@ -101,12 +105,22 @@ type prototypePluginManager struct { runtimes map[string]Runtime } -func newPrototypePluginManager() *prototypePluginManager { +func newPrototypePluginManager() (*prototypePluginManager, error) { + + cc, err := wazero.NewCompilationCacheWithDir(helmpath.CachePath("wazero-build")) + if err != nil { + return nil, fmt.Errorf("failed to create wazero compilation cache: %w", err) + } + return &prototypePluginManager{ runtimes: map[string]Runtime{ "subprocess": &RuntimeSubprocess{}, + "extism/v1": &RuntimeExtismV1{ + HostFunctions: map[string]extism.HostFunction{}, + CompilationCache: cc, + }, }, - } + }, nil } func (pm *prototypePluginManager) RegisterRuntime(runtimeName string, runtime Runtime) { @@ -135,7 +149,10 @@ func LoadDir(dirname string) (Plugin, error) { return nil, fmt.Errorf("failed to load plugin %q: %w", dirname, err) } - pm := newPrototypePluginManager() + pm, err := newPrototypePluginManager() + if err != nil { + return nil, fmt.Errorf("failed to create plugin manager: %w", err) + } return pm.CreatePlugin(dirname, m) } diff --git a/internal/plugin/loader_test.go b/internal/plugin/loader_test.go index 81ef26e02..47c214910 100644 --- a/internal/plugin/loader_test.go +++ b/internal/plugin/loader_test.go @@ -22,6 +22,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "helm.sh/helm/v4/internal/plugin/schema" ) func TestPeekAPIVersion(t *testing.T) { @@ -73,14 +75,14 @@ func TestLoadDir(t *testing.T) { Version: "0.1.0", Type: "cli/v1", Runtime: "subprocess", - Config: &ConfigCLI{ + Config: &schema.ConfigCLIV1{ Usage: usage, ShortHelp: "echo hello message", LongHelp: "description", IgnoreFlags: true, }, RuntimeConfig: &RuntimeConfigSubprocess{ - PlatformCommands: []PlatformCommand{ + PlatformCommand: []PlatformCommand{ {OperatingSystem: "linux", Architecture: "", Command: "sh", Args: []string{"-c", "${HELM_PLUGIN_DIR}/hello.sh"}}, {OperatingSystem: "windows", Architecture: "", Command: "pwsh", Args: []string{"-c", "${HELM_PLUGIN_DIR}/hello.ps1"}}, }, @@ -90,6 +92,7 @@ func TestLoadDir(t *testing.T) { {OperatingSystem: "windows", Architecture: "", Command: "pwsh", Args: []string{"-c", "echo \"installing...\""}}, }, }, + expandHookArgs: apiVersion == "legacy", }, } } @@ -144,14 +147,39 @@ func TestLoadDirGetter(t *testing.T) { Type: "getter/v1", APIVersion: "v1", Runtime: "subprocess", - Config: &ConfigGetter{ + Config: &schema.ConfigGetterV1{ Protocols: []string{"myprotocol", "myprotocols"}, }, RuntimeConfig: &RuntimeConfigSubprocess{ ProtocolCommands: []SubprocessProtocolCommand{ { - Protocols: []string{"myprotocol", "myprotocols"}, - Command: "echo getter", + Protocols: []string{"myprotocol", "myprotocols"}, + PlatformCommand: []PlatformCommand{{Command: "echo getter"}}, + }, + }, + }, + } + + plug, err := LoadDir(dirname) + require.NoError(t, err) + assert.Equal(t, dirname, plug.Dir()) + assert.Equal(t, expect, plug.Metadata()) +} + +func TestPostRenderer(t *testing.T) { + dirname := "testdata/plugdir/good/postrenderer-v1" + + expect := Metadata{ + Name: "postrenderer-v1", + Version: "1.2.3", + Type: "postrenderer/v1", + APIVersion: "v1", + Runtime: "subprocess", + Config: &schema.ConfigPostRendererV1{}, + RuntimeConfig: &RuntimeConfigSubprocess{ + PlatformCommand: []PlatformCommand{ + { + Command: "${HELM_PLUGIN_DIR}/sed-test.sh", }, }, }, @@ -195,13 +223,14 @@ func TestLoadAll(t *testing.T) { plugsMap[p.Metadata().Name] = p } - assert.Len(t, plugsMap, 6) + assert.Len(t, plugsMap, 7) assert.Contains(t, plugsMap, "downloader") assert.Contains(t, plugsMap, "echo-legacy") assert.Contains(t, plugsMap, "echo-v1") assert.Contains(t, plugsMap, "getter") assert.Contains(t, plugsMap, "hello-legacy") assert.Contains(t, plugsMap, "hello-v1") + assert.Contains(t, plugsMap, "postrenderer-v1") } func TestFindPlugins(t *testing.T) { @@ -228,7 +257,7 @@ func TestFindPlugins(t *testing.T) { { name: "normal", plugdirs: "./testdata/plugdir/good", - expected: 6, + expected: 7, }, } for _, c := range cases { diff --git a/internal/plugin/metadata.go b/internal/plugin/metadata.go index 48741474e..111c0599f 100644 --- a/internal/plugin/metadata.go +++ b/internal/plugin/metadata.go @@ -18,6 +18,8 @@ package plugin import ( "errors" "fmt" + + "helm.sh/helm/v4/internal/plugin/schema" ) // Metadata of a plugin, converted from the "on-disk" legacy or v1 plugin.yaml @@ -29,7 +31,7 @@ type Metadata struct { // Name is the name of the plugin Name string - // Type of plugin (eg, cli/v1, getter/v1) + // Type of plugin (eg, cli/v1, getter/v1, postrenderer/v1) Type string // Runtime specifies the runtime type (subprocess, wasm) @@ -121,11 +123,11 @@ func buildLegacyConfig(m MetadataLegacy, pluginType string) Config { for _, d := range m.Downloaders { protocols = append(protocols, d.Protocols...) } - return &ConfigGetter{ + return &schema.ConfigGetterV1{ Protocols: protocols, } case "cli/v1": - return &ConfigCLI{ + return &schema.ConfigCLIV1{ Usage: "", // Legacy plugins don't have Usage field for command syntax ShortHelp: m.Usage, // Map legacy usage to shortHelp LongHelp: m.Description, // Map legacy description to longHelp @@ -142,21 +144,38 @@ func buildLegacyRuntimeConfig(m MetadataLegacy) RuntimeConfig { protocolCommands = make([]SubprocessProtocolCommand, 0, len(m.Downloaders)) for _, d := range m.Downloaders { - protocolCommands = append(protocolCommands, SubprocessProtocolCommand(d)) + protocolCommands = append(protocolCommands, SubprocessProtocolCommand{ + Protocols: d.Protocols, + PlatformCommand: []PlatformCommand{{Command: d.Command}}, + }) + } + } + + platformCommand := m.PlatformCommand + if len(platformCommand) == 0 && len(m.Command) > 0 { + platformCommand = []PlatformCommand{{Command: m.Command}} + } + + platformHooks := m.PlatformHooks + expandHookArgs := true + if len(platformHooks) == 0 && len(m.Hooks) > 0 { + platformHooks = make(PlatformHooks, len(m.Hooks)) + for hookName, hookCommand := range m.Hooks { + platformHooks[hookName] = []PlatformCommand{{Command: "sh", Args: []string{"-c", hookCommand}}} + expandHookArgs = false } } return &RuntimeConfigSubprocess{ - PlatformCommands: m.PlatformCommands, - Command: m.Command, - PlatformHooks: m.PlatformHooks, - Hooks: m.Hooks, + PlatformCommand: platformCommand, + PlatformHooks: platformHooks, ProtocolCommands: protocolCommands, + expandHookArgs: expandHookArgs, } } func fromMetadataV1(mv1 MetadataV1) (*Metadata, error) { - config, err := convertMetadataConfig(mv1.Type, mv1.Config) + config, err := unmarshaConfig(mv1.Type, mv1.Config) if err != nil { return nil, err } @@ -178,26 +197,6 @@ func fromMetadataV1(mv1 MetadataV1) (*Metadata, error) { }, nil } -func convertMetadataConfig(pluginType string, configRaw map[string]any) (Config, error) { - var err error - var config Config - - switch pluginType { - case "cli/v1": - config, err = remarshalConfig[*ConfigCLI](configRaw) - case "getter/v1": - config, err = remarshalConfig[*ConfigGetter](configRaw) - default: - return nil, fmt.Errorf("unsupported plugin type: %s", pluginType) - } - - if err != nil { - return nil, fmt.Errorf("failed to unmarshal config for %s plugin type: %w", pluginType, err) - } - - return config, nil -} - func convertMetdataRuntimeConfig(runtimeType string, runtimeConfigRaw map[string]any) (RuntimeConfig, error) { var runtimeConfig RuntimeConfig var err error @@ -205,6 +204,8 @@ func convertMetdataRuntimeConfig(runtimeType string, runtimeConfigRaw map[string switch runtimeType { case "subprocess": runtimeConfig, err = remarshalRuntimeConfig[*RuntimeConfigSubprocess](runtimeConfigRaw) + case "extism/v1": + runtimeConfig, err = remarshalRuntimeConfig[*RuntimeConfigExtismV1](runtimeConfigRaw) default: return nil, fmt.Errorf("unsupported plugin runtime type: %q", runtimeType) } diff --git a/internal/plugin/metadata_legacy.go b/internal/plugin/metadata_legacy.go index ce9c2f580..a7b245dc0 100644 --- a/internal/plugin/metadata_legacy.go +++ b/internal/plugin/metadata_legacy.go @@ -45,8 +45,8 @@ type MetadataLegacy struct { // Description is a long description shown in places like `helm help` Description string `yaml:"description"` - // PlatformCommands is the plugin command, with a platform selector and support for args. - PlatformCommands []PlatformCommand `yaml:"platformCommand"` + // PlatformCommand is the plugin command, with a platform selector and support for args. + PlatformCommand []PlatformCommand `yaml:"platformCommand"` // Command is the plugin command, as a single string. // DEPRECATED: Use PlatformCommand instead. Removed in subprocess/v1 plugins. @@ -73,7 +73,7 @@ func (m *MetadataLegacy) Validate() error { } m.Usage = sanitizeString(m.Usage) - if len(m.PlatformCommands) > 0 && len(m.Command) > 0 { + if len(m.PlatformCommand) > 0 && len(m.Command) > 0 { return fmt.Errorf("both platformCommand and command are set") } diff --git a/internal/plugin/metadata_test.go b/internal/plugin/metadata_test.go index 810020a67..28bc4cf51 100644 --- a/internal/plugin/metadata_test.go +++ b/internal/plugin/metadata_test.go @@ -25,44 +25,25 @@ func TestValidatePluginData(t *testing.T) { // A mock plugin with no commands mockNoCommand := mockSubprocessCLIPlugin(t, "foo") mockNoCommand.metadata.RuntimeConfig = &RuntimeConfigSubprocess{ - PlatformCommands: []PlatformCommand{}, - PlatformHooks: map[string][]PlatformCommand{}, + PlatformCommand: []PlatformCommand{}, + PlatformHooks: map[string][]PlatformCommand{}, } // A mock plugin with legacy commands mockLegacyCommand := mockSubprocessCLIPlugin(t, "foo") mockLegacyCommand.metadata.RuntimeConfig = &RuntimeConfigSubprocess{ - PlatformCommands: []PlatformCommand{}, - Command: "echo \"mock plugin\"", - PlatformHooks: map[string][]PlatformCommand{}, - Hooks: map[string]string{ - Install: "echo installing...", - }, - } - - // A mock plugin with a command also set - mockWithCommand := mockSubprocessCLIPlugin(t, "foo") - mockWithCommand.metadata.RuntimeConfig = &RuntimeConfigSubprocess{ - PlatformCommands: []PlatformCommand{ - {OperatingSystem: "linux", Architecture: "", Command: "sh", Args: []string{"-c", "echo \"mock plugin\""}}, - }, - Command: "echo \"mock plugin\"", - } - - // A mock plugin with a hooks also set - mockWithHooks := mockSubprocessCLIPlugin(t, "foo") - mockWithHooks.metadata.RuntimeConfig = &RuntimeConfigSubprocess{ - PlatformCommands: []PlatformCommand{ - {OperatingSystem: "linux", Architecture: "", Command: "sh", Args: []string{"-c", "echo \"mock plugin\""}}, + PlatformCommand: []PlatformCommand{ + { + Command: "echo \"mock plugin\"", + }, }, PlatformHooks: map[string][]PlatformCommand{ Install: { - {OperatingSystem: "linux", Architecture: "", Command: "sh", Args: []string{"-c", "echo \"installing...\""}}, + PlatformCommand{ + Command: "echo installing...", + }, }, }, - Hooks: map[string]string{ - Install: "echo installing...", - }, } for i, item := range []struct { @@ -78,8 +59,6 @@ func TestValidatePluginData(t *testing.T) { {false, mockSubprocessCLIPlugin(t, "foo\nbar"), "invalid name"}, // Test newline {true, mockNoCommand, ""}, // Test no command metadata works {true, mockLegacyCommand, ""}, // Test legacy command metadata works - {false, mockWithCommand, "runtime config validation failed: both platformCommand and command are set"}, // Test platformCommand and command both set fails - {false, mockWithHooks, "runtime config validation failed: both platformHooks and hooks are set"}, // Test platformHooks and hooks both set fails } { err := item.plug.Metadata().Validate() if item.pass && err != nil { diff --git a/internal/plugin/metadata_v1.go b/internal/plugin/metadata_v1.go index 654aa8900..81dbc2e20 100644 --- a/internal/plugin/metadata_v1.go +++ b/internal/plugin/metadata_v1.go @@ -27,7 +27,7 @@ type MetadataV1 struct { // Name is the name of the plugin Name string `yaml:"name"` - // Type of plugin (eg, cli/v1, getter/v1) + // Type of plugin (eg, cli/v1, getter/v1, postrenderer/v1) Type string `yaml:"type"` // Runtime specifies the runtime type (subprocess, wasm) diff --git a/internal/plugin/plugin_test.go b/internal/plugin/plugin_test.go index fbebecac4..b6c2245ff 100644 --- a/internal/plugin/plugin_test.go +++ b/internal/plugin/plugin_test.go @@ -17,18 +17,22 @@ package plugin import ( "testing" + + "helm.sh/helm/v4/internal/plugin/schema" ) func mockSubprocessCLIPlugin(t *testing.T, pluginName string) *SubprocessPluginRuntime { t.Helper() rc := RuntimeConfigSubprocess{ - PlatformCommands: []PlatformCommand{ + PlatformCommand: []PlatformCommand{ + {OperatingSystem: "darwin", Architecture: "", Command: "sh", Args: []string{"-c", "echo \"mock plugin\""}}, {OperatingSystem: "linux", Architecture: "", Command: "sh", Args: []string{"-c", "echo \"mock plugin\""}}, {OperatingSystem: "windows", Architecture: "", Command: "pwsh", Args: []string{"-c", "echo \"mock plugin\""}}, }, PlatformHooks: map[string][]PlatformCommand{ Install: { + {OperatingSystem: "darwin", Architecture: "", Command: "sh", Args: []string{"-c", "echo \"installing...\""}}, {OperatingSystem: "linux", Architecture: "", Command: "sh", Args: []string{"-c", "echo \"installing...\""}}, {OperatingSystem: "windows", Architecture: "", Command: "pwsh", Args: []string{"-c", "echo \"installing...\""}}, }, @@ -44,7 +48,7 @@ func mockSubprocessCLIPlugin(t *testing.T, pluginName string) *SubprocessPluginR Type: "cli/v1", APIVersion: "v1", Runtime: "subprocess", - Config: &ConfigCLI{ + Config: &schema.ConfigCLIV1{ Usage: "Mock plugin", ShortHelp: "Mock plugin", LongHelp: "Mock plugin for testing", diff --git a/internal/plugin/plugin_type_registry.go b/internal/plugin/plugin_type_registry.go new file mode 100644 index 000000000..5138422bd --- /dev/null +++ b/internal/plugin/plugin_type_registry.go @@ -0,0 +1,106 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +/* +This file contains a "registry" of supported plugin types. + +It enables "dyanmic" operations on the go type associated with a given plugin type (see: `helm.sh/helm/v4/internal/plugin/schema` package) + +Examples: + +``` + + // Create a new instance of the output message type for a given plugin type: + + pluginType := "cli/v1" // for example + ptm, ok := pluginTypesIndex[pluginType] + if !ok { + return fmt.Errorf("unknown plugin type %q", pluginType) + } + + outputMessageType := reflect.Zero(ptm.outputType).Interface() + +``` + +``` +// Create a new instance of the config type for a given plugin type + + pluginType := "cli/v1" // for example + ptm, ok := pluginTypesIndex[pluginType] + if !ok { + return nil + } + + config := reflect.New(ptm.configType).Interface().(Config) // `config` is variable of type `Config`, with + + // validate + err := config.Validate() + if err != nil { // handle error } + + // assert to concrete type if needed + cliConfig := config.(*schema.ConfigCLIV1) + +``` +*/ + +package plugin + +import ( + "reflect" + + "helm.sh/helm/v4/internal/plugin/schema" +) + +type pluginTypeMeta struct { + pluginType string + inputType reflect.Type + outputType reflect.Type + configType reflect.Type +} + +var pluginTypes = []pluginTypeMeta{ + { + pluginType: "test/v1", + inputType: reflect.TypeFor[schema.InputMessageTestV1](), + outputType: reflect.TypeFor[schema.OutputMessageTestV1](), + configType: reflect.TypeFor[schema.ConfigTestV1](), + }, + { + pluginType: "cli/v1", + inputType: reflect.TypeFor[schema.InputMessageCLIV1](), + outputType: reflect.TypeFor[schema.OutputMessageCLIV1](), + configType: reflect.TypeFor[schema.ConfigCLIV1](), + }, + { + pluginType: "getter/v1", + inputType: reflect.TypeFor[schema.InputMessageGetterV1](), + outputType: reflect.TypeFor[schema.OutputMessageGetterV1](), + configType: reflect.TypeFor[schema.ConfigGetterV1](), + }, + { + pluginType: "postrenderer/v1", + inputType: reflect.TypeFor[schema.InputMessagePostRendererV1](), + outputType: reflect.TypeFor[schema.OutputMessagePostRendererV1](), + configType: reflect.TypeFor[schema.ConfigPostRendererV1](), + }, +} + +var pluginTypesIndex = func() map[string]*pluginTypeMeta { + result := make(map[string]*pluginTypeMeta, len(pluginTypes)) + for _, m := range pluginTypes { + result[m.pluginType] = &m + } + return result +}() diff --git a/internal/plugin/plugin_type_registry_test.go b/internal/plugin/plugin_type_registry_test.go new file mode 100644 index 000000000..22f26262d --- /dev/null +++ b/internal/plugin/plugin_type_registry_test.go @@ -0,0 +1,38 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "reflect" + "testing" + + "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/internal/plugin/schema" +) + +func TestMakeOutputMessage(t *testing.T) { + ptm := pluginTypesIndex["getter/v1"] + outputType := reflect.Zero(ptm.outputType).Interface() + assert.IsType(t, schema.OutputMessageGetterV1{}, outputType) + +} + +func TestMakeConfig(t *testing.T) { + ptm := pluginTypesIndex["getter/v1"] + config := reflect.New(ptm.configType).Interface().(Config) + assert.IsType(t, &schema.ConfigGetterV1{}, config) +} diff --git a/internal/plugin/runtime.go b/internal/plugin/runtime.go index 8add92dea..b2ff0b7ca 100644 --- a/internal/plugin/runtime.go +++ b/internal/plugin/runtime.go @@ -15,7 +15,12 @@ limitations under the License. package plugin -import "go.yaml.in/yaml/v3" +import ( + "fmt" + "strings" + + "go.yaml.in/yaml/v3" +) // Runtime represents a plugin runtime (subprocess, extism, etc) ie. how a plugin should be executed // Runtime is responsible for instantiating plugins that implement the runtime @@ -47,3 +52,33 @@ func remarshalRuntimeConfig[T RuntimeConfig](runtimeData map[string]any) (Runtim return config, nil } + +// parseEnv takes a list of "KEY=value" environment variable strings +// and transforms the result into a map[KEY]=value +// +// - empty input strings are ignored +// - input strings with no value are stored as empty strings +// - duplicate keys overwrite earlier values +func parseEnv(env []string) map[string]string { + result := make(map[string]string, len(env)) + for _, envVar := range env { + parts := strings.SplitN(envVar, "=", 2) + if len(parts) > 0 && parts[0] != "" { + key := parts[0] + var value string + if len(parts) > 1 { + value = parts[1] + } + result[key] = value + } + } + return result +} + +func formatEnv(env map[string]string) []string { + result := make([]string, 0, len(env)) + for key, value := range env { + result = append(result, fmt.Sprintf("%s=%s", key, value)) + } + return result +} diff --git a/internal/plugin/runtime_extismv1.go b/internal/plugin/runtime_extismv1.go new file mode 100644 index 000000000..b5cc79a6f --- /dev/null +++ b/internal/plugin/runtime_extismv1.go @@ -0,0 +1,292 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "context" + "encoding/json" + "fmt" + "log/slog" + "os" + "path/filepath" + "reflect" + + extism "github.com/extism/go-sdk" + "github.com/tetratelabs/wazero" +) + +const ExtismV1WasmBinaryFilename = "plugin.wasm" + +// RuntimeConfigExtismV1Memory exposes the Wasm/Extism memory options for the plugin +type RuntimeConfigExtismV1Memory struct { + // The max amount of pages the plugin can allocate + // One page is 64Kib. e.g. 16 pages would require 1MiB. + // Default is 4 pages (256KiB) + MaxPages uint32 `yaml:"maxPages,omitempty"` + + // The max size of an Extism HTTP response in bytes + // Default is 4096 bytes (4KiB) + MaxHTTPResponseBytes int64 `yaml:"maxHttpResponseBytes,omitempty"` + + // The max size of all Extism vars in bytes + // Default is 4096 bytes (4KiB) + MaxVarBytes int64 `yaml:"maxVarBytes,omitempty"` +} + +// RuntimeConfigExtismV1FileSystem exposes filesystem options for the configuration +// TODO: should Helm expose AllowedPaths? +type RuntimeConfigExtismV1FileSystem struct { + // If specified, a temporary directory will be created and mapped to /tmp in the plugin's filesystem. + // Data written to the directory will be visible on the host filesystem. + // The directory will be removed when the plugin invocation completes. + CreateTempDir bool `yaml:"createTempDir,omitempty"` +} + +// RuntimeConfigExtismV1 defines the user-configurable options the plugin's Extism runtime +// The format loosely follows the Extism Manifest format: https://extism.org/docs/concepts/manifest/ +type RuntimeConfigExtismV1 struct { + // Describes the limits on the memory the plugin may be allocated. + Memory RuntimeConfigExtismV1Memory `yaml:"memory"` + + // The "config" key is a free-form map that can be passed to the plugin. + // The plugin must interpret arbitrary data this map may contain + Config map[string]string `yaml:"config,omitempty"` + + // An optional set of hosts this plugin can communicate with. + // This only has an effect if the plugin makes HTTP requests. + // If not specified, then no hosts are allowed. + AllowedHosts []string `yaml:"allowedHosts,omitempty"` + + FileSystem RuntimeConfigExtismV1FileSystem `yaml:"fileSystem,omitempty"` + + // The timeout in milliseconds for the plugin to execute + Timeout uint64 `yaml:"timeout,omitempty"` + + // HostFunction names exposed in Helm the plugin may access + // see: https://extism.org/docs/concepts/host-functions/ + HostFunctions []string `yaml:"hostFunctions,omitempty"` + + // The name of entry function name to call in the plugin + // Defaults to "helm_plugin_main". + EntryFuncName string `yaml:"entryFuncName,omitempty"` +} + +var _ RuntimeConfig = (*RuntimeConfigExtismV1)(nil) + +func (r *RuntimeConfigExtismV1) Validate() error { + // TODO + return nil +} + +type RuntimeExtismV1 struct { + HostFunctions map[string]extism.HostFunction + CompilationCache wazero.CompilationCache +} + +var _ Runtime = (*RuntimeExtismV1)(nil) + +func (r *RuntimeExtismV1) CreatePlugin(pluginDir string, metadata *Metadata) (Plugin, error) { + + rc, ok := metadata.RuntimeConfig.(*RuntimeConfigExtismV1) + if !ok { + return nil, fmt.Errorf("invalid extism/v1 plugin runtime config type: %T", metadata.RuntimeConfig) + } + + wasmFile := filepath.Join(pluginDir, ExtismV1WasmBinaryFilename) + if _, err := os.Stat(wasmFile); err != nil { + if os.IsNotExist(err) { + return nil, fmt.Errorf("wasm binary missing for extism/v1 plugin: %q", wasmFile) + } + return nil, fmt.Errorf("failed to stat extism/v1 plugin wasm binary %q: %w", wasmFile, err) + } + + return &ExtismV1PluginRuntime{ + metadata: *metadata, + dir: pluginDir, + rc: rc, + r: r, + }, nil +} + +type ExtismV1PluginRuntime struct { + metadata Metadata + dir string + rc *RuntimeConfigExtismV1 + r *RuntimeExtismV1 +} + +var _ Plugin = (*ExtismV1PluginRuntime)(nil) + +func (p *ExtismV1PluginRuntime) Metadata() Metadata { + return p.metadata +} + +func (p *ExtismV1PluginRuntime) Dir() string { + return p.dir +} + +func (p *ExtismV1PluginRuntime) Invoke(ctx context.Context, input *Input) (*Output, error) { + + var tmpDir string + if p.rc.FileSystem.CreateTempDir { + tmpDirInner, err := os.MkdirTemp(os.TempDir(), "helm-plugin-*") + slog.Debug("created plugin temp dir", slog.String("dir", tmpDirInner), slog.String("plugin", p.metadata.Name)) + if err != nil { + return nil, fmt.Errorf("failed to create temp dir for extism compilation cache: %w", err) + } + defer func() { + if err := os.RemoveAll(tmpDir); err != nil { + slog.Warn("failed to remove plugin temp dir", slog.String("dir", tmpDir), slog.String("plugin", p.metadata.Name), slog.String("error", err.Error())) + } + }() + + tmpDir = tmpDirInner + } + + manifest, err := buildManifest(p.dir, tmpDir, p.rc) + if err != nil { + return nil, err + } + + config := buildPluginConfig(input, p.r) + + hostFunctions, err := buildHostFunctions(p.r.HostFunctions, p.rc) + if err != nil { + return nil, err + } + + pe, err := extism.NewPlugin(ctx, manifest, config, hostFunctions) + if err != nil { + return nil, fmt.Errorf("failed to create existing plugin: %w", err) + } + + pe.SetLogger(func(logLevel extism.LogLevel, s string) { + slog.Debug(s, slog.String("level", logLevel.String()), slog.String("plugin", p.metadata.Name)) + }) + + inputData, err := json.Marshal(input.Message) + if err != nil { + return nil, fmt.Errorf("failed to json marshal plugin input message: %T: %w", input.Message, err) + } + + slog.Debug("plugin input", slog.String("plugin", p.metadata.Name), slog.String("inputData", string(inputData))) + + entryFuncName := p.rc.EntryFuncName + if entryFuncName == "" { + entryFuncName = "helm_plugin_main" + } + + exitCode, outputData, err := pe.Call(entryFuncName, inputData) + if err != nil { + return nil, fmt.Errorf("plugin error: %w", err) + } + + if exitCode != 0 { + return nil, &InvokeExecError{ + ExitCode: int(exitCode), + } + } + + slog.Debug("plugin output", slog.String("plugin", p.metadata.Name), slog.Int("exitCode", int(exitCode)), slog.String("outputData", string(outputData))) + + outputMessage := reflect.New(pluginTypesIndex[p.metadata.Type].outputType) + if err := json.Unmarshal(outputData, outputMessage.Interface()); err != nil { + return nil, fmt.Errorf("failed to json marshal plugin output message: %T: %w", outputMessage, err) + } + + output := &Output{ + Message: outputMessage.Elem().Interface(), + } + + return output, nil +} + +func buildManifest(pluginDir string, tmpDir string, rc *RuntimeConfigExtismV1) (extism.Manifest, error) { + wasmFile := filepath.Join(pluginDir, ExtismV1WasmBinaryFilename) + + allowedHosts := rc.AllowedHosts + if allowedHosts == nil { + allowedHosts = []string{} + } + + allowedPaths := map[string]string{} + if tmpDir != "" { + allowedPaths[tmpDir] = "/tmp" + } + + return extism.Manifest{ + Wasm: []extism.Wasm{ + extism.WasmFile{ + Path: wasmFile, + Name: wasmFile, + }, + }, + Memory: &extism.ManifestMemory{ + MaxPages: rc.Memory.MaxPages, + MaxHttpResponseBytes: rc.Memory.MaxHTTPResponseBytes, + MaxVarBytes: rc.Memory.MaxVarBytes, + }, + Config: rc.Config, + AllowedHosts: allowedHosts, + AllowedPaths: allowedPaths, + Timeout: rc.Timeout, + }, nil +} + +func buildPluginConfig(input *Input, r *RuntimeExtismV1) extism.PluginConfig { + mc := wazero.NewModuleConfig(). + WithSysWalltime() + if input.Stdin != nil { + mc = mc.WithStdin(input.Stdin) + } + if input.Stdout != nil { + mc = mc.WithStdout(input.Stdout) + } + if input.Stderr != nil { + mc = mc.WithStderr(input.Stderr) + } + if len(input.Env) > 0 { + env := parseEnv(input.Env) + for k, v := range env { + mc = mc.WithEnv(k, v) + } + } + + config := extism.PluginConfig{ + ModuleConfig: mc, + RuntimeConfig: wazero.NewRuntimeConfigCompiler(). + WithCloseOnContextDone(true). + WithCompilationCache(r.CompilationCache), + EnableWasi: true, + EnableHttpResponseHeaders: true, + } + + return config +} + +func buildHostFunctions(hostFunctions map[string]extism.HostFunction, rc *RuntimeConfigExtismV1) ([]extism.HostFunction, error) { + result := make([]extism.HostFunction, len(rc.HostFunctions)) + for _, fnName := range rc.HostFunctions { + fn, ok := hostFunctions[fnName] + if !ok { + return nil, fmt.Errorf("plugin requested host function %q not found", fnName) + } + + result = append(result, fn) + } + + return result, nil +} diff --git a/internal/plugin/runtime_extismv1_test.go b/internal/plugin/runtime_extismv1_test.go new file mode 100644 index 000000000..8d9c55195 --- /dev/null +++ b/internal/plugin/runtime_extismv1_test.go @@ -0,0 +1,124 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "os" + "os/exec" + "path/filepath" + "testing" + + extism "github.com/extism/go-sdk" + + "helm.sh/helm/v4/internal/plugin/schema" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +type pluginRaw struct { + Metadata Metadata + Dir string +} + +func buildLoadExtismPlugin(t *testing.T, dir string) pluginRaw { + t.Helper() + + pluginFile := filepath.Join(dir, PluginFileName) + + metadataData, err := os.ReadFile(pluginFile) + require.NoError(t, err) + + m, err := loadMetadata(metadataData) + require.NoError(t, err) + require.Equal(t, "extism/v1", m.Runtime, "expected plugin runtime to be extism/v1") + + cmd := exec.Command("make", "-C", dir) + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + require.NoError(t, cmd.Run(), "failed to build plugin in %q", dir) + + return pluginRaw{ + Metadata: *m, + Dir: dir, + } +} + +func TestRuntimeConfigExtismV1Validate(t *testing.T) { + rc := RuntimeConfigExtismV1{} + err := rc.Validate() + assert.NoError(t, err, "expected no error for empty RuntimeConfigExtismV1") +} + +func TestRuntimeExtismV1InvokePlugin(t *testing.T) { + r := RuntimeExtismV1{} + + pr := buildLoadExtismPlugin(t, "testdata/src/extismv1-test") + require.Equal(t, "test/v1", pr.Metadata.Type) + + p, err := r.CreatePlugin(pr.Dir, &pr.Metadata) + + assert.NoError(t, err, "expected no error creating plugin") + assert.NotNil(t, p, "expected plugin to be created") + + output, err := p.Invoke(t.Context(), &Input{ + Message: schema.InputMessageTestV1{ + Name: "Phippy", + }, + }) + require.Nil(t, err) + + msg := output.Message.(schema.OutputMessageTestV1) + assert.Equal(t, "Hello, Phippy! (6)", msg.Greeting) +} + +func TestBuildManifest(t *testing.T) { + rc := &RuntimeConfigExtismV1{ + Memory: RuntimeConfigExtismV1Memory{ + MaxPages: 8, + MaxHTTPResponseBytes: 81920, + MaxVarBytes: 8192, + }, + FileSystem: RuntimeConfigExtismV1FileSystem{ + CreateTempDir: true, + }, + Config: map[string]string{"CONFIG_KEY": "config_value"}, + AllowedHosts: []string{"example.com", "api.example.com"}, + Timeout: 5000, + } + + expected := extism.Manifest{ + Wasm: []extism.Wasm{ + extism.WasmFile{ + Path: "/path/to/plugin/plugin.wasm", + Name: "/path/to/plugin/plugin.wasm", + }, + }, + Memory: &extism.ManifestMemory{ + MaxPages: 8, + MaxHttpResponseBytes: 81920, + MaxVarBytes: 8192, + }, + Config: map[string]string{"CONFIG_KEY": "config_value"}, + AllowedHosts: []string{"example.com", "api.example.com"}, + AllowedPaths: map[string]string{"/tmp/foo": "/tmp"}, + Timeout: 5000, + } + + manifest, err := buildManifest("/path/to/plugin", "/tmp/foo", rc) + require.NoError(t, err) + assert.Equal(t, expected, manifest) +} diff --git a/internal/plugin/runtime_subprocess.go b/internal/plugin/runtime_subprocess.go index 286c1abeb..802732b14 100644 --- a/internal/plugin/runtime_subprocess.go +++ b/internal/plugin/runtime_subprocess.go @@ -16,43 +16,42 @@ limitations under the License. package plugin import ( + "bytes" "context" "fmt" "io" + "log/slog" + "maps" "os" "os/exec" - "syscall" + "slices" "helm.sh/helm/v4/internal/plugin/schema" - "helm.sh/helm/v4/pkg/cli" ) -// SubprocessProtocolCommand maps a given protocol to the getter command used to retrieve artifacts for that protcol +// SubprocessProtocolCommand maps a given protocol to the getter command used to retrieve artifacts for that protocol type SubprocessProtocolCommand struct { // Protocols are the list of schemes from the charts URL. Protocols []string `yaml:"protocols"` - // Command is the executable path with which the plugin performs - // the actual download for the corresponding Protocols - Command string `yaml:"command"` + // PlatformCommand is the platform based command which the plugin performs + // to download for the corresponding getter Protocols. + PlatformCommand []PlatformCommand `yaml:"platformCommand"` } -// RuntimeConfigSubprocess represents configuration for subprocess runtime +// RuntimeConfigSubprocess implements RuntimeConfig for RuntimeSubprocess type RuntimeConfigSubprocess struct { // PlatformCommand is a list containing a plugin command, with a platform selector and support for args. - PlatformCommands []PlatformCommand `yaml:"platformCommand"` - // Command is the plugin command, as a single string. - // DEPRECATED: Use PlatformCommand instead. Remove in Helm 4. - Command string `yaml:"command"` + PlatformCommand []PlatformCommand `yaml:"platformCommand"` // PlatformHooks are commands that will run on plugin events, with a platform selector and support for args. PlatformHooks PlatformHooks `yaml:"platformHooks"` - // Hooks are commands that will run on plugin events, as a single string. - // DEPRECATED: Use PlatformHooks instead. Remove in Helm 4. - Hooks Hooks `yaml:"hooks"` - // ProtocolCommands field is used if the plugin supply downloader mechanism - // for special protocols. - // (This is a compatibility hangover from the old plugin downloader mechanism, which was extended to support multiple - // protocols in a given plugin) + // ProtocolCommands allows the plugin to specify protocol specific commands + // + // Obsolete/deprecated: This is a compatibility hangover from the old plugin downloader mechanism, which was extended + // to support multiple protocols in a given plugin. The command supplied in PlatformCommand should implement protocol + // specific logic by inspecting the download URL ProtocolCommands []SubprocessProtocolCommand `yaml:"protocolCommands,omitempty"` + + expandHookArgs bool } var _ RuntimeConfig = (*RuntimeConfigSubprocess)(nil) @@ -60,33 +59,31 @@ var _ RuntimeConfig = (*RuntimeConfigSubprocess)(nil) func (r *RuntimeConfigSubprocess) GetType() string { return "subprocess" } func (r *RuntimeConfigSubprocess) Validate() error { - if len(r.PlatformCommands) > 0 && len(r.Command) > 0 { - return fmt.Errorf("both platformCommand and command are set") - } - if len(r.PlatformHooks) > 0 && len(r.Hooks) > 0 { - return fmt.Errorf("both platformHooks and hooks are set") - } return nil } -type RuntimeSubprocess struct{} +type RuntimeSubprocess struct { + EnvVars map[string]string +} var _ Runtime = (*RuntimeSubprocess)(nil) -// CreateRuntime implementation for RuntimeConfig +// CreatePlugin implementation for Runtime func (r *RuntimeSubprocess) CreatePlugin(pluginDir string, metadata *Metadata) (Plugin, error) { return &SubprocessPluginRuntime{ metadata: *metadata, pluginDir: pluginDir, RuntimeConfig: *(metadata.RuntimeConfig.(*RuntimeConfigSubprocess)), + EnvVars: maps.Clone(r.EnvVars), }, nil } -// RuntimeSubprocess implements the Runtime interface for subprocess execution +// SubprocessPluginRuntime implements the Plugin interface for subprocess execution type SubprocessPluginRuntime struct { metadata Metadata pluginDir string RuntimeConfig RuntimeConfigSubprocess + EnvVars map[string]string } var _ Plugin = (*SubprocessPluginRuntime)(nil) @@ -105,6 +102,8 @@ func (r *SubprocessPluginRuntime) Invoke(_ context.Context, input *Input) (*Outp return r.runCLI(input) case schema.InputMessageGetterV1: return r.runGetter(input) + case schema.InputMessagePostRendererV1: + return r.runPostrenderer(input) default: return nil, fmt.Errorf("unsupported subprocess plugin type %q", r.metadata.Type) } @@ -114,53 +113,49 @@ func (r *SubprocessPluginRuntime) Invoke(_ context.Context, input *Input) (*Outp // This method allows execution with different command/args than the plugin's default func (r *SubprocessPluginRuntime) InvokeWithEnv(main string, argv []string, env []string, stdin io.Reader, stdout, stderr io.Writer) error { mainCmdExp := os.ExpandEnv(main) - prog := exec.Command(mainCmdExp, argv...) - prog.Env = env - prog.Stdin = stdin - prog.Stdout = stdout - prog.Stderr = stderr - - if err := prog.Run(); err != nil { - if eerr, ok := err.(*exec.ExitError); ok { - os.Stderr.Write(eerr.Stderr) - status := eerr.Sys().(syscall.WaitStatus) - return &InvokeExecError{ - Err: fmt.Errorf("plugin %q exited with error", r.metadata.Name), - Code: status.ExitStatus(), - } - } + cmd := exec.Command(mainCmdExp, argv...) + cmd.Env = slices.Clone(os.Environ()) + cmd.Env = append( + cmd.Env, + fmt.Sprintf("HELM_PLUGIN_NAME=%s", r.metadata.Name), + fmt.Sprintf("HELM_PLUGIN_DIR=%s", r.pluginDir)) + cmd.Env = append(cmd.Env, env...) + + cmd.Stdin = stdin + cmd.Stdout = stdout + cmd.Stderr = stderr + + if err := executeCmd(cmd, r.metadata.Name); err != nil { + return err } + return nil } func (r *SubprocessPluginRuntime) InvokeHook(event string) error { - // Get hook commands for the event - var cmds []PlatformCommand - expandArgs := true - - cmds = r.RuntimeConfig.PlatformHooks[event] - if len(cmds) == 0 && len(r.RuntimeConfig.Hooks) > 0 { - cmd := r.RuntimeConfig.Hooks[event] - if len(cmd) > 0 { - cmds = []PlatformCommand{{Command: "sh", Args: []string{"-c", cmd}}} - expandArgs = false - } - } + cmds := r.RuntimeConfig.PlatformHooks[event] - // If no hook commands are defined, just return successfully if len(cmds) == 0 { return nil } - main, argv, err := PrepareCommands(cmds, expandArgs, []string{}) + env := parseEnv(os.Environ()) + maps.Insert(env, maps.All(r.EnvVars)) + env["HELM_PLUGIN_NAME"] = r.metadata.Name + env["HELM_PLUGIN_DIR"] = r.pluginDir + + main, argv, err := PrepareCommands(cmds, r.RuntimeConfig.expandHookArgs, []string{}, env) if err != nil { return err } - prog := exec.Command(main, argv...) - prog.Stdout, prog.Stderr = os.Stdout, os.Stderr + cmd := exec.Command(main, argv...) + cmd.Env = formatEnv(env) + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr - if err := prog.Run(); err != nil { + slog.Debug("executing plugin hook command", slog.String("pluginName", r.metadata.Name), slog.String("command", cmd.String())) + if err := cmd.Run(); err != nil { if eerr, ok := err.(*exec.ExitError); ok { os.Stderr.Write(eerr.Stderr) return fmt.Errorf("plugin %s hook for %q exited with error", event, r.metadata.Name) @@ -176,10 +171,15 @@ func (r *SubprocessPluginRuntime) InvokeHook(event string) error { func executeCmd(prog *exec.Cmd, pluginName string) error { if err := prog.Run(); err != nil { if eerr, ok := err.(*exec.ExitError); ok { - os.Stderr.Write(eerr.Stderr) + slog.Debug( + "plugin execution failed", + slog.String("pluginName", pluginName), + slog.String("error", err.Error()), + slog.Int("exitCode", eerr.ExitCode()), + slog.String("stderr", string(bytes.TrimSpace(eerr.Stderr)))) return &InvokeExecError{ - Err: fmt.Errorf("plugin %q exited with error", pluginName), - Code: eerr.ExitCode(), + Err: fmt.Errorf("plugin %q exited with error", pluginName), + ExitCode: eerr.ExitCode(), } } @@ -196,34 +196,83 @@ func (r *SubprocessPluginRuntime) runCLI(input *Input) (*Output, error) { extraArgs := input.Message.(schema.InputMessageCLIV1).ExtraArgs - cmds := r.RuntimeConfig.PlatformCommands - if len(cmds) == 0 && len(r.RuntimeConfig.Command) > 0 { - cmds = []PlatformCommand{{Command: r.RuntimeConfig.Command}} - } + cmds := r.RuntimeConfig.PlatformCommand + + env := parseEnv(os.Environ()) + maps.Insert(env, maps.All(r.EnvVars)) + maps.Insert(env, maps.All(parseEnv(input.Env))) + env["HELM_PLUGIN_NAME"] = r.metadata.Name + env["HELM_PLUGIN_DIR"] = r.pluginDir - command, args, err := PrepareCommands(cmds, true, extraArgs) + command, args, err := PrepareCommands(cmds, true, extraArgs, env) if err != nil { return nil, fmt.Errorf("failed to prepare plugin command: %w", err) } - err2 := r.InvokeWithEnv(command, args, input.Env, input.Stdin, input.Stdout, input.Stderr) - if err2 != nil { - return nil, err2 + cmd := exec.Command(command, args...) + cmd.Env = formatEnv(env) + + cmd.Stdin = input.Stdin + cmd.Stdout = input.Stdout + cmd.Stderr = input.Stderr + + slog.Debug("executing plugin command", slog.String("pluginName", r.metadata.Name), slog.String("command", cmd.String())) + if err := executeCmd(cmd, r.metadata.Name); err != nil { + return nil, err } return &Output{ - Message: &schema.OutputMessageCLIV1{}, + Message: schema.OutputMessageCLIV1{}, }, nil } -// SetupPluginEnv prepares os.Env for plugins. It operates on os.Env because -// the plugin subsystem itself needs access to the environment variables -// created here. -func SetupPluginEnv(settings *cli.EnvSettings, name, base string) { // TODO: remove - env := settings.EnvVars() - env["HELM_PLUGIN_NAME"] = name - env["HELM_PLUGIN_DIR"] = base - for key, val := range env { - os.Setenv(key, val) +func (r *SubprocessPluginRuntime) runPostrenderer(input *Input) (*Output, error) { + if _, ok := input.Message.(schema.InputMessagePostRendererV1); !ok { + return nil, fmt.Errorf("plugin %q input message does not implement InputMessagePostRendererV1", r.metadata.Name) + } + + env := parseEnv(os.Environ()) + maps.Insert(env, maps.All(r.EnvVars)) + maps.Insert(env, maps.All(parseEnv(input.Env))) + env["HELM_PLUGIN_NAME"] = r.metadata.Name + env["HELM_PLUGIN_DIR"] = r.pluginDir + + msg := input.Message.(schema.InputMessagePostRendererV1) + cmds := r.RuntimeConfig.PlatformCommand + command, args, err := PrepareCommands(cmds, true, msg.ExtraArgs, env) + if err != nil { + return nil, fmt.Errorf("failed to prepare plugin command: %w", err) } + + cmd := exec.Command( + command, + args...) + + stdin, err := cmd.StdinPipe() + if err != nil { + return nil, err + } + + go func() { + defer stdin.Close() + io.Copy(stdin, msg.Manifests) + }() + + postRendered := &bytes.Buffer{} + stderr := &bytes.Buffer{} + + cmd.Env = formatEnv(env) + cmd.Stdout = postRendered + cmd.Stderr = stderr + + slog.Debug("executing plugin command", slog.String("pluginName", r.metadata.Name), slog.String("command", cmd.String())) + if err := executeCmd(cmd, r.metadata.Name); err != nil { + return nil, err + } + + return &Output{ + Message: schema.OutputMessagePostRendererV1{ + Manifests: postRendered, + }, + }, nil } diff --git a/internal/plugin/runtime_subprocess_getter.go b/internal/plugin/runtime_subprocess_getter.go index 6f9bfea91..6a41b149f 100644 --- a/internal/plugin/runtime_subprocess_getter.go +++ b/internal/plugin/runtime_subprocess_getter.go @@ -18,11 +18,12 @@ package plugin import ( "bytes" "fmt" + "log/slog" + "maps" "os" "os/exec" "path/filepath" "slices" - "strings" "helm.sh/helm/v4/internal/plugin/schema" ) @@ -55,37 +56,44 @@ func (r *SubprocessPluginRuntime) runGetter(input *Input) (*Output, error) { return nil, fmt.Errorf("no downloader found for protocol %q", msg.Protocol) } - commands := strings.Split(d.Command, " ") - args := append( - commands[1:], + env := parseEnv(os.Environ()) + maps.Insert(env, maps.All(r.EnvVars)) + maps.Insert(env, maps.All(parseEnv(input.Env))) + env["HELM_PLUGIN_NAME"] = r.metadata.Name + env["HELM_PLUGIN_DIR"] = r.pluginDir + env["HELM_PLUGIN_USERNAME"] = msg.Options.Username + env["HELM_PLUGIN_PASSWORD"] = msg.Options.Password + env["HELM_PLUGIN_PASS_CREDENTIALS_ALL"] = fmt.Sprintf("%t", msg.Options.PassCredentialsAll) + + command, args, err := PrepareCommands(d.PlatformCommand, false, []string{}, env) + if err != nil { + return nil, fmt.Errorf("failed to prepare commands for protocol %q: %w", msg.Protocol, err) + } + + args = append( + args, msg.Options.CertFile, msg.Options.KeyFile, msg.Options.CAFile, msg.Href) - // TODO should we append to input.Env too? - env := append( - os.Environ(), - fmt.Sprintf("HELM_PLUGIN_USERNAME=%s", msg.Options.Username), - fmt.Sprintf("HELM_PLUGIN_PASSWORD=%s", msg.Options.Password), - fmt.Sprintf("HELM_PLUGIN_PASS_CREDENTIALS_ALL=%t", msg.Options.PassCredentialsAll)) - - // TODO should we pass along input.Stdout? buf := bytes.Buffer{} // subprocess getters are expected to write content to stdout - pluginCommand := filepath.Join(r.pluginDir, commands[0]) - prog := exec.Command( + pluginCommand := filepath.Join(r.pluginDir, command) + cmd := exec.Command( pluginCommand, args...) - prog.Env = env - prog.Stdout = &buf - prog.Stderr = os.Stderr - if err := executeCmd(prog, r.metadata.Name); err != nil { + cmd.Env = formatEnv(env) + cmd.Stdout = &buf + cmd.Stderr = os.Stderr + + slog.Debug("executing plugin command", slog.String("pluginName", r.metadata.Name), slog.String("command", cmd.String())) + if err := executeCmd(cmd, r.metadata.Name); err != nil { return nil, err } return &Output{ - Message: &schema.OutputMessageGetterV1{ + Message: schema.OutputMessageGetterV1{ Data: buf.Bytes(), }, }, nil diff --git a/internal/plugin/runtime_subprocess_test.go b/internal/plugin/runtime_subprocess_test.go index 9d932816d..ed251d28b 100644 --- a/internal/plugin/runtime_subprocess_test.go +++ b/internal/plugin/runtime_subprocess_test.go @@ -16,49 +16,69 @@ limitations under the License. package plugin import ( + "fmt" "os" "path/filepath" "testing" - "helm.sh/helm/v4/pkg/cli" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "go.yaml.in/yaml/v3" + + "helm.sh/helm/v4/internal/plugin/schema" ) -func TestSetupEnv(t *testing.T) { - name := "pequod" - base := filepath.Join("testdata/helmhome/helm/plugins", name) - - s := cli.New() - s.PluginsDirectory = "testdata/helmhome/helm/plugins" - - SetupPluginEnv(s, name, base) - for _, tt := range []struct { - name, expect string - }{ - {"HELM_PLUGIN_NAME", name}, - {"HELM_PLUGIN_DIR", base}, - } { - if got := os.Getenv(tt.name); got != tt.expect { - t.Errorf("Expected $%s=%q, got %q", tt.name, tt.expect, got) - } +func mockSubprocessCLIPluginErrorExit(t *testing.T, pluginName string, exitCode uint8) *SubprocessPluginRuntime { + t.Helper() + + rc := RuntimeConfigSubprocess{ + PlatformCommand: []PlatformCommand{ + {Command: "sh", Args: []string{"-c", fmt.Sprintf("echo \"mock plugin $@\"; exit %d", exitCode)}}, + }, + } + + pluginDir := t.TempDir() + + md := Metadata{ + Name: pluginName, + Version: "v0.1.2", + Type: "cli/v1", + APIVersion: "v1", + Runtime: "subprocess", + Config: &schema.ConfigCLIV1{ + Usage: "Mock plugin", + ShortHelp: "Mock plugin", + LongHelp: "Mock plugin for testing", + IgnoreFlags: false, + }, + RuntimeConfig: &rc, } -} -func TestSetupEnvWithSpace(t *testing.T) { - name := "sureshdsk" - base := filepath.Join("testdata/helm home/helm/plugins", name) - - s := cli.New() - s.PluginsDirectory = "testdata/helm home/helm/plugins" - - SetupPluginEnv(s, name, base) - for _, tt := range []struct { - name, expect string - }{ - {"HELM_PLUGIN_NAME", name}, - {"HELM_PLUGIN_DIR", base}, - } { - if got := os.Getenv(tt.name); got != tt.expect { - t.Errorf("Expected $%s=%q, got %q", tt.name, tt.expect, got) - } + data, err := yaml.Marshal(md) + require.NoError(t, err) + os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), data, 0o644) + + return &SubprocessPluginRuntime{ + metadata: md, + pluginDir: pluginDir, + RuntimeConfig: rc, } } + +func TestSubprocessPluginRuntime(t *testing.T) { + p := mockSubprocessCLIPluginErrorExit(t, "foo", 56) + + output, err := p.Invoke(t.Context(), &Input{ + Message: schema.InputMessageCLIV1{ + ExtraArgs: []string{"arg1", "arg2"}, + // Env: []string{"FOO=bar"}, + }, + }) + + require.Error(t, err) + ieerr, ok := err.(*InvokeExecError) + require.True(t, ok, "expected InvokeExecError, got %T", err) + assert.Equal(t, 56, ieerr.ExitCode) + + assert.Nil(t, output) +} diff --git a/internal/plugin/runtime_test.go b/internal/plugin/runtime_test.go new file mode 100644 index 000000000..f8fe481c1 --- /dev/null +++ b/internal/plugin/runtime_test.go @@ -0,0 +1,100 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestParseEnv(t *testing.T) { + type testCase struct { + env []string + expected map[string]string + } + + testCases := map[string]testCase{ + "empty": { + env: []string{}, + expected: map[string]string{}, + }, + "single": { + env: []string{"KEY=value"}, + expected: map[string]string{"KEY": "value"}, + }, + "multiple": { + env: []string{"KEY1=value1", "KEY2=value2"}, + expected: map[string]string{"KEY1": "value1", "KEY2": "value2"}, + }, + "no_value": { + env: []string{"KEY1=value1", "KEY2="}, + expected: map[string]string{"KEY1": "value1", "KEY2": ""}, + }, + "duplicate_keys": { + env: []string{"KEY=value1", "KEY=value2"}, + expected: map[string]string{"KEY": "value2"}, // last value should overwrite + }, + "empty_strings": { + env: []string{"", "KEY=value", ""}, + expected: map[string]string{"KEY": "value"}, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + result := parseEnv(tc.env) + assert.Equal(t, tc.expected, result) + }) + } +} + +func TestFormatEnv(t *testing.T) { + type testCase struct { + env map[string]string + expected []string + } + + testCases := map[string]testCase{ + "empty": { + env: map[string]string{}, + expected: []string{}, + }, + "single": { + env: map[string]string{"KEY": "value"}, + expected: []string{"KEY=value"}, + }, + "multiple": { + env: map[string]string{"KEY1": "value1", "KEY2": "value2"}, + expected: []string{"KEY1=value1", "KEY2=value2"}, + }, + "empty_key": { + env: map[string]string{"": "value1", "KEY2": "value2"}, + expected: []string{"=value1", "KEY2=value2"}, + }, + "empty_value": { + env: map[string]string{"KEY1": "value1", "KEY2": "", "KEY3": "value3"}, + expected: []string{"KEY1=value1", "KEY2=", "KEY3=value3"}, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + result := formatEnv(tc.env) + assert.ElementsMatch(t, tc.expected, result) + }) + } +} diff --git a/internal/plugin/schema/cli.go b/internal/plugin/schema/cli.go index 3976d3737..2282580f5 100644 --- a/internal/plugin/schema/cli.go +++ b/internal/plugin/schema/cli.go @@ -15,15 +15,31 @@ package schema import ( "bytes" - - "helm.sh/helm/v4/pkg/cli" ) type InputMessageCLIV1 struct { - ExtraArgs []string `json:"extraArgs"` - Settings *cli.EnvSettings `json:"settings"` + ExtraArgs []string `json:"extraArgs"` } type OutputMessageCLIV1 struct { Data *bytes.Buffer `json:"data"` } + +// ConfigCLIV1 represents the configuration for CLI plugins +type ConfigCLIV1 struct { + // Usage is the single-line usage text shown in help + // For recommended syntax, see [spf13/cobra.command.Command] Use field comment: + // https://pkg.go.dev/github.com/spf13/cobra#Command + Usage string `yaml:"usage"` + // ShortHelp is the short description shown in the 'helm help' output + ShortHelp string `yaml:"shortHelp"` + // LongHelp is the long message shown in the 'helm help ' output + LongHelp string `yaml:"longHelp"` + // IgnoreFlags ignores any flags passed in from Helm + IgnoreFlags bool `yaml:"ignoreFlags"` +} + +func (c *ConfigCLIV1) Validate() error { + // Config validation for CLI plugins + return nil +} diff --git a/internal/plugin/schema/doc.go b/internal/plugin/schema/doc.go new file mode 100644 index 000000000..4b3fe5d49 --- /dev/null +++ b/internal/plugin/schema/doc.go @@ -0,0 +1,18 @@ +/* + Copyright The Helm Authors. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +/* + + */ + +package schema diff --git a/internal/plugin/schema/getter.go b/internal/plugin/schema/getter.go index f9840008e..2c5e81df1 100644 --- a/internal/plugin/schema/getter.go +++ b/internal/plugin/schema/getter.go @@ -14,10 +14,11 @@ package schema import ( + "fmt" "time" ) -// TODO: can we generate these plugin input/outputs? +// TODO: can we generate these plugin input/output messages? type GetterOptionsV1 struct { URL string @@ -45,3 +46,21 @@ type InputMessageGetterV1 struct { type OutputMessageGetterV1 struct { Data []byte `json:"data"` } + +// ConfigGetterV1 represents the configuration for download plugins +type ConfigGetterV1 struct { + // Protocols are the list of URL schemes supported by this downloader + Protocols []string `yaml:"protocols"` +} + +func (c *ConfigGetterV1) Validate() error { + if len(c.Protocols) == 0 { + return fmt.Errorf("getter has no protocols") + } + for i, protocol := range c.Protocols { + if protocol == "" { + return fmt.Errorf("getter has empty protocol at index %d", i) + } + } + return nil +} diff --git a/internal/plugin/schema/postrenderer.go b/internal/plugin/schema/postrenderer.go new file mode 100644 index 000000000..ef51a8a61 --- /dev/null +++ b/internal/plugin/schema/postrenderer.go @@ -0,0 +1,38 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package schema + +import ( + "bytes" +) + +// InputMessagePostRendererV1 implements Input.Message +type InputMessagePostRendererV1 struct { + Manifests *bytes.Buffer `json:"manifests"` + // from CLI --post-renderer-args + ExtraArgs []string `json:"extraArgs"` +} + +type OutputMessagePostRendererV1 struct { + Manifests *bytes.Buffer `json:"manifests"` +} + +type ConfigPostRendererV1 struct{} + +func (c *ConfigPostRendererV1) Validate() error { + return nil +} diff --git a/internal/plugin/schema/test.go b/internal/plugin/schema/test.go new file mode 100644 index 000000000..97efa0fde --- /dev/null +++ b/internal/plugin/schema/test.go @@ -0,0 +1,28 @@ +/* + Copyright The Helm Authors. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package schema + +type InputMessageTestV1 struct { + Name string +} + +type OutputMessageTestV1 struct { + Greeting string +} + +type ConfigTestV1 struct{} + +func (c *ConfigTestV1) Validate() error { + return nil +} diff --git a/internal/plugin/sign.go b/internal/plugin/sign.go new file mode 100644 index 000000000..6b8aafd3e --- /dev/null +++ b/internal/plugin/sign.go @@ -0,0 +1,156 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "errors" + "fmt" + "io" + "os" + "path/filepath" + + "sigs.k8s.io/yaml" + + "helm.sh/helm/v4/pkg/provenance" +) + +// SignPlugin signs a plugin using the SHA256 hash of the tarball data. +// +// This is used when packaging and signing a plugin from tarball data. +// It creates a signature that includes the tarball hash and plugin metadata, +// allowing verification of the original tarball later. +func SignPlugin(tarballData []byte, filename string, signer *provenance.Signatory) (string, error) { + // Extract plugin metadata from tarball data + pluginMeta, err := ExtractTgzPluginMetadata(bytes.NewReader(tarballData)) + if err != nil { + return "", fmt.Errorf("failed to extract plugin metadata: %w", err) + } + + // Marshal plugin metadata to YAML bytes + metadataBytes, err := yaml.Marshal(pluginMeta) + if err != nil { + return "", fmt.Errorf("failed to marshal plugin metadata: %w", err) + } + + // Use the generic provenance signing function + return signer.ClearSign(tarballData, filename, metadataBytes) +} + +// ExtractTgzPluginMetadata extracts plugin metadata from a gzipped tarball reader +func ExtractTgzPluginMetadata(r io.Reader) (*Metadata, error) { + gzr, err := gzip.NewReader(r) + if err != nil { + return nil, err + } + defer gzr.Close() + + tr := tar.NewReader(gzr) + for { + header, err := tr.Next() + if err == io.EOF { + break + } + if err != nil { + return nil, err + } + + // Look for plugin.yaml file + if filepath.Base(header.Name) == "plugin.yaml" { + data, err := io.ReadAll(tr) + if err != nil { + return nil, err + } + + // Parse the plugin metadata + metadata, err := loadMetadata(data) + if err != nil { + return nil, err + } + + return metadata, nil + } + } + + return nil, errors.New("plugin.yaml not found in tarball") +} + +// parsePluginMessageBlock parses a signed message block to extract plugin metadata and checksums +func parsePluginMessageBlock(data []byte) (*Metadata, *provenance.SumCollection, error) { + sc := &provenance.SumCollection{} + + // We only need the checksums for verification, not the full metadata + if err := provenance.ParseMessageBlock(data, nil, sc); err != nil { + return nil, sc, err + } + return nil, sc, nil +} + +// CreatePluginTarball creates a gzipped tarball from a plugin directory +func CreatePluginTarball(sourceDir, pluginName string, w io.Writer) error { + gzw := gzip.NewWriter(w) + defer gzw.Close() + + tw := tar.NewWriter(gzw) + defer tw.Close() + + // Use the plugin name as the base directory in the tarball + baseDir := pluginName + + // Walk the directory tree + return filepath.Walk(sourceDir, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + // Create header + header, err := tar.FileInfoHeader(info, "") + if err != nil { + return err + } + + // Update the name to be relative to the source directory + relPath, err := filepath.Rel(sourceDir, path) + if err != nil { + return err + } + + // Include the base directory name in the tarball + header.Name = filepath.Join(baseDir, relPath) + + // Write header + if err := tw.WriteHeader(header); err != nil { + return err + } + + // If it's a regular file, write its content + if info.Mode().IsRegular() { + file, err := os.Open(path) + if err != nil { + return err + } + defer file.Close() + + if _, err := io.Copy(tw, file); err != nil { + return err + } + } + + return nil + }) +} diff --git a/internal/plugin/sign_test.go b/internal/plugin/sign_test.go new file mode 100644 index 000000000..fce2dbeb3 --- /dev/null +++ b/internal/plugin/sign_test.go @@ -0,0 +1,98 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "os" + "path/filepath" + "strings" + "testing" + + "helm.sh/helm/v4/pkg/provenance" +) + +func TestSignPlugin(t *testing.T) { + // Create a test plugin directory + tempDir := t.TempDir() + pluginDir := filepath.Join(tempDir, "test-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatal(err) + } + + // Create a plugin.yaml file + pluginYAML := `apiVersion: v1 +name: test-plugin +type: cli/v1 +runtime: subprocess +version: 1.0.0 +runtimeConfig: + platformCommand: + - command: echo` + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(pluginYAML), 0644); err != nil { + t.Fatal(err) + } + + // Create a tarball + tarballPath := filepath.Join(tempDir, "test-plugin.tgz") + tarFile, err := os.Create(tarballPath) + if err != nil { + t.Fatal(err) + } + if err := CreatePluginTarball(pluginDir, "test-plugin", tarFile); err != nil { + tarFile.Close() + t.Fatal(err) + } + tarFile.Close() + + // Create a test key for signing + keyring := "../../pkg/cmd/testdata/helm-test-key.secret" + signer, err := provenance.NewFromKeyring(keyring, "helm-test") + if err != nil { + t.Fatal(err) + } + if err := signer.DecryptKey(func(_ string) ([]byte, error) { + return []byte(""), nil + }); err != nil { + t.Fatal(err) + } + + // Read the tarball data + tarballData, err := os.ReadFile(tarballPath) + if err != nil { + t.Fatalf("failed to read tarball: %v", err) + } + + // Sign the plugin tarball + sig, err := SignPlugin(tarballData, filepath.Base(tarballPath), signer) + if err != nil { + t.Fatalf("failed to sign plugin: %v", err) + } + + // Verify the signature contains the expected content + if !strings.Contains(sig, "-----BEGIN PGP SIGNED MESSAGE-----") { + t.Error("signature does not contain PGP header") + } + + // Verify the tarball hash is in the signature + expectedHash, err := provenance.DigestFile(tarballPath) + if err != nil { + t.Fatal(err) + } + // The signature should contain the tarball hash + if !strings.Contains(sig, "sha256:"+expectedHash) { + t.Errorf("signature does not contain expected tarball hash: sha256:%s", expectedHash) + } +} diff --git a/internal/plugin/signing_info.go b/internal/plugin/signing_info.go new file mode 100644 index 000000000..61ee9cd15 --- /dev/null +++ b/internal/plugin/signing_info.go @@ -0,0 +1,178 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "crypto/sha256" + "fmt" + "io" + "os" + "path/filepath" + "strings" + + "github.com/ProtonMail/go-crypto/openpgp/clearsign" //nolint + + "helm.sh/helm/v4/pkg/helmpath" +) + +// SigningInfo contains information about a plugin's signing status +type SigningInfo struct { + // Status can be: + // - "local dev": Plugin is a symlink (development mode) + // - "unsigned": No provenance file found + // - "invalid provenance": Provenance file is malformed + // - "mismatched provenance": Provenance file does not match the installed tarball + // - "signed": Valid signature exists for the installed tarball + Status string + IsSigned bool // True if plugin has a valid signature (even if not verified against keyring) +} + +// GetPluginSigningInfo returns signing information for an installed plugin +func GetPluginSigningInfo(metadata Metadata) (*SigningInfo, error) { + pluginName := metadata.Name + pluginDir := helmpath.DataPath("plugins", pluginName) + + // Check if plugin directory exists + fi, err := os.Lstat(pluginDir) + if err != nil { + return nil, fmt.Errorf("plugin %s not found: %w", pluginName, err) + } + + // Check if it's a symlink (local development) + if fi.Mode()&os.ModeSymlink != 0 { + return &SigningInfo{ + Status: "local dev", + IsSigned: false, + }, nil + } + + // Find the exact tarball file for this plugin + pluginsDir := helmpath.DataPath("plugins") + tarballPath := filepath.Join(pluginsDir, fmt.Sprintf("%s-%s.tgz", metadata.Name, metadata.Version)) + if _, err := os.Stat(tarballPath); err != nil { + return &SigningInfo{ + Status: "unsigned", + IsSigned: false, + }, nil + } + + // Check for .prov file associated with the tarball + provFile := tarballPath + ".prov" + provData, err := os.ReadFile(provFile) + if err != nil { + if os.IsNotExist(err) { + return &SigningInfo{ + Status: "unsigned", + IsSigned: false, + }, nil + } + return nil, fmt.Errorf("failed to read provenance file: %w", err) + } + + // Parse the provenance file to check validity + block, _ := clearsign.Decode(provData) + if block == nil { + return &SigningInfo{ + Status: "invalid provenance", + IsSigned: false, + }, nil + } + + // Check if provenance matches the actual tarball + blockContent := string(block.Plaintext) + if !validateProvenanceHash(blockContent, tarballPath) { + return &SigningInfo{ + Status: "mismatched provenance", + IsSigned: false, + }, nil + } + + // We have a provenance file that is valid for this plugin + // Without a keyring, we can't verify the signature, but we know: + // 1. A .prov file exists + // 2. It's a valid clearsigned document (cryptographically signed) + // 3. The provenance contains valid checksums + return &SigningInfo{ + Status: "signed", + IsSigned: true, + }, nil +} + +func validateProvenanceHash(blockContent string, tarballPath string) bool { + // Parse provenance to get the expected hash + _, sums, err := parsePluginMessageBlock([]byte(blockContent)) + if err != nil { + return false + } + + // Must have file checksums + if len(sums.Files) == 0 { + return false + } + + // Calculate actual hash of the tarball + actualHash, err := calculateFileHash(tarballPath) + if err != nil { + return false + } + + // Check if the actual hash matches the expected hash in the provenance + for filename, expectedHash := range sums.Files { + if strings.Contains(filename, filepath.Base(tarballPath)) && expectedHash == actualHash { + return true + } + } + + return false +} + +// calculateFileHash calculates the SHA256 hash of a file +func calculateFileHash(filePath string) (string, error) { + file, err := os.Open(filePath) + if err != nil { + return "", err + } + defer file.Close() + + hasher := sha256.New() + if _, err := io.Copy(hasher, file); err != nil { + return "", err + } + + return fmt.Sprintf("sha256:%x", hasher.Sum(nil)), nil +} + +// GetSigningInfoForPlugins returns signing info for multiple plugins +func GetSigningInfoForPlugins(plugins []Plugin) map[string]*SigningInfo { + result := make(map[string]*SigningInfo) + + for _, p := range plugins { + m := p.Metadata() + + info, err := GetPluginSigningInfo(m) + if err != nil { + // If there's an error, treat as unsigned + result[m.Name] = &SigningInfo{ + Status: "unknown", + IsSigned: false, + } + } else { + result[m.Name] = info + } + } + + return result +} diff --git a/internal/plugin/subprocess_commands.go b/internal/plugin/subprocess_commands.go index d979f98e3..e21ec2bab 100644 --- a/internal/plugin/subprocess_commands.go +++ b/internal/plugin/subprocess_commands.go @@ -77,13 +77,15 @@ func getPlatformCommand(cmds []PlatformCommand) ([]string, []string) { // returns the main command and an args array. // // The result is suitable to pass to exec.Command. -func PrepareCommands(cmds []PlatformCommand, expandArgs bool, extraArgs []string) (string, []string, error) { +func PrepareCommands(cmds []PlatformCommand, expandArgs bool, extraArgs []string, env map[string]string) (string, []string, error) { cmdParts, args := getPlatformCommand(cmds) if len(cmdParts) == 0 || cmdParts[0] == "" { return "", nil, fmt.Errorf("no plugin command is applicable") } - main := os.ExpandEnv(cmdParts[0]) + main := os.Expand(cmdParts[0], func(key string) string { + return env[key] + }) baseArgs := []string{} if len(cmdParts) > 1 { for _, cmdPart := range cmdParts[1:] { diff --git a/internal/plugin/subprocess_commands_test.go b/internal/plugin/subprocess_commands_test.go index 3cb9325ab..c1eba7a55 100644 --- a/internal/plugin/subprocess_commands_test.go +++ b/internal/plugin/subprocess_commands_test.go @@ -27,14 +27,15 @@ func TestPrepareCommand(t *testing.T) { cmdMain := "sh" cmdArgs := []string{"-c", "echo \"test\""} - platformCommands := []PlatformCommand{ + platformCommand := []PlatformCommand{ {OperatingSystem: "no-os", Architecture: "no-arch", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, {OperatingSystem: runtime.GOOS, Architecture: "no-arch", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, {OperatingSystem: runtime.GOOS, Architecture: "", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, {OperatingSystem: runtime.GOOS, Architecture: runtime.GOARCH, Command: cmdMain, Args: cmdArgs}, } - cmd, args, err := PrepareCommands(platformCommands, true, []string{}) + env := map[string]string{} + cmd, args, err := PrepareCommands(platformCommand, true, []string{}, env) if err != nil { t.Fatal(err) } @@ -50,7 +51,7 @@ func TestPrepareCommandExtraArgs(t *testing.T) { cmdMain := "sh" cmdArgs := []string{"-c", "echo \"test\""} - platformCommands := []PlatformCommand{ + platformCommand := []PlatformCommand{ {OperatingSystem: "no-os", Architecture: "no-arch", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, {OperatingSystem: runtime.GOOS, Architecture: runtime.GOARCH, Command: cmdMain, Args: cmdArgs}, {OperatingSystem: runtime.GOOS, Architecture: "no-arch", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, @@ -91,7 +92,9 @@ func TestPrepareCommandExtraArgs(t *testing.T) { if tc.ignoreFlags { testExtraArgs = []string{} } - cmd, args, err := PrepareCommands(platformCommands, true, testExtraArgs) + + env := map[string]string{} + cmd, args, err := PrepareCommands(platformCommand, true, testExtraArgs, env) if err != nil { t.Fatal(err) } @@ -112,7 +115,8 @@ func TestPrepareCommands(t *testing.T) { {OperatingSystem: runtime.GOOS, Architecture: "", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, } - cmd, args, err := PrepareCommands(cmds, true, []string{}) + env := map[string]string{} + cmd, args, err := PrepareCommands(cmds, true, []string{}, env) if err != nil { t.Fatal(err) } @@ -138,7 +142,8 @@ func TestPrepareCommandsExtraArgs(t *testing.T) { expectedArgs := append(cmdArgs, extraArgs...) - cmd, args, err := PrepareCommands(cmds, true, extraArgs) + env := map[string]string{} + cmd, args, err := PrepareCommands(cmds, true, extraArgs, env) if err != nil { t.Fatal(err) } @@ -160,7 +165,8 @@ func TestPrepareCommandsNoArch(t *testing.T) { {OperatingSystem: runtime.GOOS, Architecture: "no-arch", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, } - cmd, args, err := PrepareCommands(cmds, true, []string{}) + env := map[string]string{} + cmd, args, err := PrepareCommands(cmds, true, []string{}, env) if err != nil { t.Fatal(err) } @@ -182,7 +188,8 @@ func TestPrepareCommandsNoOsNoArch(t *testing.T) { {OperatingSystem: runtime.GOOS, Architecture: "no-arch", Command: "pwsh", Args: []string{"-c", "echo \"error\""}}, } - cmd, args, err := PrepareCommands(cmds, true, []string{}) + env := map[string]string{} + cmd, args, err := PrepareCommands(cmds, true, []string{}, env) if err != nil { t.Fatal(err) } @@ -201,7 +208,8 @@ func TestPrepareCommandsNoMatch(t *testing.T) { {OperatingSystem: "no-os", Architecture: runtime.GOARCH, Command: "sh", Args: []string{"-c", "echo \"test\""}}, } - if _, _, err := PrepareCommands(cmds, true, []string{}); err == nil { + env := map[string]string{} + if _, _, err := PrepareCommands(cmds, true, []string{}, env); err == nil { t.Fatalf("Expected error to be returned") } } @@ -209,7 +217,8 @@ func TestPrepareCommandsNoMatch(t *testing.T) { func TestPrepareCommandsNoCommands(t *testing.T) { cmds := []PlatformCommand{} - if _, _, err := PrepareCommands(cmds, true, []string{}); err == nil { + env := map[string]string{} + if _, _, err := PrepareCommands(cmds, true, []string{}, env); err == nil { t.Fatalf("Expected error to be returned") } } @@ -224,7 +233,8 @@ func TestPrepareCommandsExpand(t *testing.T) { expectedArgs := []string{"-c", "echo \"test\""} - cmd, args, err := PrepareCommands(cmds, true, []string{}) + env := map[string]string{} + cmd, args, err := PrepareCommands(cmds, true, []string{}, env) if err != nil { t.Fatal(err) } @@ -244,7 +254,8 @@ func TestPrepareCommandsNoExpand(t *testing.T) { {OperatingSystem: "", Architecture: "", Command: cmdMain, Args: cmdArgs}, } - cmd, args, err := PrepareCommands(cmds, false, []string{}) + env := map[string]string{} + cmd, args, err := PrepareCommands(cmds, false, []string{}, env) if err != nil { t.Fatal(err) } diff --git a/internal/plugin/testdata/plugdir/bad/duplicate-entries-v1/plugin.yaml b/internal/plugin/testdata/plugdir/bad/duplicate-entries-v1/plugin.yaml index 030ae6aca..344141121 100644 --- a/internal/plugin/testdata/plugdir/bad/duplicate-entries-v1/plugin.yaml +++ b/internal/plugin/testdata/plugdir/bad/duplicate-entries-v1/plugin.yaml @@ -9,8 +9,11 @@ config: description ignoreFlags: true runtimeConfig: - command: "echo hello" - hooks: - install: "echo installing..." - hooks: - install: "echo installing something different" + platformCommand: + - command: "echo hello" + platformHooks: + install: + - command: "echo installing..." + platformHooks: + install: + - command: "echo installing something different" diff --git a/internal/plugin/testdata/plugdir/good/getter/plugin.yaml b/internal/plugin/testdata/plugdir/good/getter/plugin.yaml index cfe80fbdc..7bdee9bde 100644 --- a/internal/plugin/testdata/plugdir/good/getter/plugin.yaml +++ b/internal/plugin/testdata/plugdir/good/getter/plugin.yaml @@ -10,7 +10,8 @@ config: - "myprotocols" runtimeConfig: protocolCommands: - - command: "echo getter" + - platformCommand: + - command: "echo getter" protocols: - "myprotocol" - "myprotocols" diff --git a/internal/plugin/testdata/plugdir/good/postrenderer-v1/plugin.yaml b/internal/plugin/testdata/plugdir/good/postrenderer-v1/plugin.yaml new file mode 100644 index 000000000..30f1599b4 --- /dev/null +++ b/internal/plugin/testdata/plugdir/good/postrenderer-v1/plugin.yaml @@ -0,0 +1,8 @@ +name: "postrenderer-v1" +version: "1.2.3" +type: postrenderer/v1 +apiVersion: v1 +runtime: subprocess +runtimeConfig: + platformCommand: + - command: "${HELM_PLUGIN_DIR}/sed-test.sh" diff --git a/internal/plugin/testdata/plugdir/good/postrenderer-v1/sed-test.sh b/internal/plugin/testdata/plugdir/good/postrenderer-v1/sed-test.sh new file mode 100755 index 000000000..a016e398f --- /dev/null +++ b/internal/plugin/testdata/plugdir/good/postrenderer-v1/sed-test.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if [ $# -eq 0 ]; then + sed s/FOOTEST/BARTEST/g <&0 +else + sed s/FOOTEST/"$*"/g <&0 +fi diff --git a/internal/plugin/testdata/src/extismv1-test/.gitignore b/internal/plugin/testdata/src/extismv1-test/.gitignore new file mode 100644 index 000000000..ef7d91fbb --- /dev/null +++ b/internal/plugin/testdata/src/extismv1-test/.gitignore @@ -0,0 +1 @@ +plugin.wasm diff --git a/internal/plugin/testdata/src/extismv1-test/Makefile b/internal/plugin/testdata/src/extismv1-test/Makefile new file mode 100644 index 000000000..24da1f371 --- /dev/null +++ b/internal/plugin/testdata/src/extismv1-test/Makefile @@ -0,0 +1,12 @@ + +.DEFAULT: build +.PHONY: build test vet + +.PHONY: plugin.wasm +plugin.wasm: + GOOS=wasip1 GOARCH=wasm go build -buildmode=c-shared -o plugin.wasm . + +build: plugin.wasm + +vet: + GOOS=wasip1 GOARCH=wasm go vet ./... diff --git a/internal/plugin/testdata/src/extismv1-test/go.mod b/internal/plugin/testdata/src/extismv1-test/go.mod new file mode 100644 index 000000000..baed75fab --- /dev/null +++ b/internal/plugin/testdata/src/extismv1-test/go.mod @@ -0,0 +1,5 @@ +module helm.sh/helm/v4/internal/plugin/src/extismv1-test + +go 1.25.0 + +require github.com/extism/go-pdk v1.1.3 diff --git a/internal/plugin/testdata/src/extismv1-test/go.sum b/internal/plugin/testdata/src/extismv1-test/go.sum new file mode 100644 index 000000000..c15d38292 --- /dev/null +++ b/internal/plugin/testdata/src/extismv1-test/go.sum @@ -0,0 +1,2 @@ +github.com/extism/go-pdk v1.1.3 h1:hfViMPWrqjN6u67cIYRALZTZLk/enSPpNKa+rZ9X2SQ= +github.com/extism/go-pdk v1.1.3/go.mod h1:Gz+LIU/YCKnKXhgge8yo5Yu1F/lbv7KtKFkiCSzW/P4= diff --git a/internal/plugin/testdata/src/extismv1-test/main.go b/internal/plugin/testdata/src/extismv1-test/main.go new file mode 100644 index 000000000..31c739a5b --- /dev/null +++ b/internal/plugin/testdata/src/extismv1-test/main.go @@ -0,0 +1,68 @@ +package main + +import ( + _ "embed" + "fmt" + "os" + + pdk "github.com/extism/go-pdk" +) + +type InputMessageTestV1 struct { + Name string +} + +type OutputMessageTestV1 struct { + Greeting string +} + +type ConfigTestV1 struct{} + +func runGetterPluginImpl(input InputMessageTestV1) (*OutputMessageTestV1, error) { + name := input.Name + + greeting := fmt.Sprintf("Hello, %s! (%d)", name, len(name)) + err := os.WriteFile("/tmp/greeting.txt", []byte(greeting), 0o600) + if err != nil { + return nil, fmt.Errorf("failed to write temp file: %w", err) + } + return &OutputMessageTestV1{ + Greeting: greeting, + }, nil +} + +func RunGetterPlugin() error { + var input InputMessageTestV1 + if err := pdk.InputJSON(&input); err != nil { + return fmt.Errorf("failed to parse input json: %w", err) + } + + pdk.Log(pdk.LogDebug, fmt.Sprintf("Received input: %+v", input)) + output, err := runGetterPluginImpl(input) + if err != nil { + pdk.Log(pdk.LogError, fmt.Sprintf("failed: %s", err.Error())) + return err + } + + pdk.Log(pdk.LogDebug, fmt.Sprintf("Sending output: %+v", output)) + if err := pdk.OutputJSON(output); err != nil { + return fmt.Errorf("failed to write output json: %w", err) + } + + return nil +} + +//go:wasmexport helm_plugin_main +func HelmPlugin() uint32 { + pdk.Log(pdk.LogDebug, "running example-extism-getter plugin") + + if err := RunGetterPlugin(); err != nil { + pdk.Log(pdk.LogError, err.Error()) + pdk.SetError(err) + return 1 + } + + return 0 +} + +func main() {} diff --git a/internal/plugin/testdata/src/extismv1-test/plugin.yaml b/internal/plugin/testdata/src/extismv1-test/plugin.yaml new file mode 100644 index 000000000..fea1e3f66 --- /dev/null +++ b/internal/plugin/testdata/src/extismv1-test/plugin.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +type: test/v1 +name: extismv1-test +version: 0.1.0 +runtime: extism/v1 +runtimeConfig: + fileSystem: + createTempDir: true \ No newline at end of file diff --git a/internal/plugin/verify.go b/internal/plugin/verify.go new file mode 100644 index 000000000..760a56e67 --- /dev/null +++ b/internal/plugin/verify.go @@ -0,0 +1,39 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "path/filepath" + + "helm.sh/helm/v4/pkg/provenance" +) + +// VerifyPlugin verifies plugin data against a signature using data in memory. +func VerifyPlugin(archiveData, provData []byte, filename, keyring string) (*provenance.Verification, error) { + // Create signatory from keyring + sig, err := provenance.NewFromKeyring(keyring, "") + if err != nil { + return nil, err + } + + // Use the new VerifyData method directly + return sig.Verify(archiveData, provData, filename) +} + +// isTarball checks if a file has a tarball extension +func IsTarball(filename string) bool { + return filepath.Ext(filename) == ".gz" || filepath.Ext(filename) == ".tgz" +} diff --git a/internal/plugin/verify_test.go b/internal/plugin/verify_test.go new file mode 100644 index 000000000..9c907788f --- /dev/null +++ b/internal/plugin/verify_test.go @@ -0,0 +1,214 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package plugin + +import ( + "os" + "path/filepath" + "testing" + + "helm.sh/helm/v4/pkg/provenance" +) + +const testKeyFile = "../../pkg/cmd/testdata/helm-test-key.secret" +const testPubFile = "../../pkg/cmd/testdata/helm-test-key.pub" + +const testPluginYAML = `apiVersion: v1 +name: test-plugin +type: cli/v1 +runtime: subprocess +version: 1.0.0 +runtimeConfig: + platformCommand: + - command: echo` + +func TestVerifyPlugin(t *testing.T) { + // Create a test plugin and sign it + tempDir := t.TempDir() + + // Create plugin directory + pluginDir := filepath.Join(tempDir, "verify-test-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatal(err) + } + + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(testPluginYAML), 0644); err != nil { + t.Fatal(err) + } + + // Create tarball + tarballPath := filepath.Join(tempDir, "verify-test-plugin.tar.gz") + tarFile, err := os.Create(tarballPath) + if err != nil { + t.Fatal(err) + } + + if err := CreatePluginTarball(pluginDir, "test-plugin", tarFile); err != nil { + tarFile.Close() + t.Fatal(err) + } + tarFile.Close() + + // Sign the plugin with source directory + signer, err := provenance.NewFromKeyring(testKeyFile, "helm-test") + if err != nil { + t.Fatal(err) + } + if err := signer.DecryptKey(func(_ string) ([]byte, error) { + return []byte(""), nil + }); err != nil { + t.Fatal(err) + } + + // Read the tarball data + tarballData, err := os.ReadFile(tarballPath) + if err != nil { + t.Fatal(err) + } + + sig, err := SignPlugin(tarballData, filepath.Base(tarballPath), signer) + if err != nil { + t.Fatal(err) + } + + // Write the signature to .prov file + provFile := tarballPath + ".prov" + if err := os.WriteFile(provFile, []byte(sig), 0644); err != nil { + t.Fatal(err) + } + + // Read the files for verification + archiveData, err := os.ReadFile(tarballPath) + if err != nil { + t.Fatal(err) + } + + provData, err := os.ReadFile(provFile) + if err != nil { + t.Fatal(err) + } + + // Now verify the plugin + verification, err := VerifyPlugin(archiveData, provData, filepath.Base(tarballPath), testPubFile) + if err != nil { + t.Fatalf("Failed to verify plugin: %v", err) + } + + // Check verification results + if verification.SignedBy == nil { + t.Error("SignedBy is nil") + } + + if verification.FileName != "verify-test-plugin.tar.gz" { + t.Errorf("Expected filename 'verify-test-plugin.tar.gz', got %s", verification.FileName) + } + + if verification.FileHash == "" { + t.Error("FileHash is empty") + } +} + +func TestVerifyPluginBadSignature(t *testing.T) { + tempDir := t.TempDir() + + // Create a plugin tarball + pluginDir := filepath.Join(tempDir, "bad-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatal(err) + } + + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(testPluginYAML), 0644); err != nil { + t.Fatal(err) + } + + tarballPath := filepath.Join(tempDir, "bad-plugin.tar.gz") + tarFile, err := os.Create(tarballPath) + if err != nil { + t.Fatal(err) + } + + if err := CreatePluginTarball(pluginDir, "test-plugin", tarFile); err != nil { + tarFile.Close() + t.Fatal(err) + } + tarFile.Close() + + // Create a bad signature (just some text) + badSig := `-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +This is not a real signature +-----BEGIN PGP SIGNATURE----- + +InvalidSignatureData + +-----END PGP SIGNATURE-----` + + provFile := tarballPath + ".prov" + if err := os.WriteFile(provFile, []byte(badSig), 0644); err != nil { + t.Fatal(err) + } + + // Read the files + archiveData, err := os.ReadFile(tarballPath) + if err != nil { + t.Fatal(err) + } + + provData, err := os.ReadFile(provFile) + if err != nil { + t.Fatal(err) + } + + // Try to verify - should fail + _, err = VerifyPlugin(archiveData, provData, filepath.Base(tarballPath), testPubFile) + if err == nil { + t.Error("Expected verification to fail with bad signature") + } +} + +func TestVerifyPluginMissingProvenance(t *testing.T) { + tempDir := t.TempDir() + tarballPath := filepath.Join(tempDir, "no-prov.tar.gz") + + // Create a minimal tarball + if err := os.WriteFile(tarballPath, []byte("dummy"), 0644); err != nil { + t.Fatal(err) + } + + // Read the tarball data + archiveData, err := os.ReadFile(tarballPath) + if err != nil { + t.Fatal(err) + } + + // Try to verify with empty provenance data + _, err = VerifyPlugin(archiveData, nil, filepath.Base(tarballPath), testPubFile) + if err == nil { + t.Error("Expected verification to fail with empty provenance data") + } +} + +func TestVerifyPluginMalformedData(t *testing.T) { + // Test with malformed tarball data - should fail + malformedData := []byte("not a tarball") + provData := []byte("fake provenance") + + _, err := VerifyPlugin(malformedData, provData, "malformed.tar.gz", testPubFile) + if err == nil { + t.Error("Expected malformed data verification to fail, but it succeeded") + } +} diff --git a/internal/resolver/resolver.go b/internal/resolver/resolver.go index 13dcd2ce9..3efe94f10 100644 --- a/internal/resolver/resolver.go +++ b/internal/resolver/resolver.go @@ -33,7 +33,7 @@ import ( "helm.sh/helm/v4/pkg/helmpath" "helm.sh/helm/v4/pkg/provenance" "helm.sh/helm/v4/pkg/registry" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) // Resolver resolves dependencies from semantic version ranges to a particular version. diff --git a/internal/sympath/walk.go b/internal/sympath/walk.go index f67b9f1b9..812bb68ce 100644 --- a/internal/sympath/walk.go +++ b/internal/sympath/walk.go @@ -70,7 +70,7 @@ func symwalk(path string, info os.FileInfo, walkFn filepath.WalkFunc) error { if err != nil { return fmt.Errorf("error evaluating symlink %s: %w", path, err) } - //This log message is to highlight a symlink that is being used within a chart, symlinks can be used for nefarious reasons. + // This log message is to highlight a symlink that is being used within a chart, symlinks can be used for nefarious reasons. slog.Info("found symbolic link in path. Contents of linked file included and used", "path", path, "resolved", resolved) if info, err = os.Lstat(resolved); err != nil { return err diff --git a/internal/tlsutil/tls.go b/internal/tlsutil/tls.go index 645834c29..88f26d47b 100644 --- a/internal/tlsutil/tls.go +++ b/internal/tlsutil/tls.go @@ -26,16 +26,16 @@ import ( ) type TLSConfigOptions struct { - insecureSkipTLSverify bool + insecureSkipTLSVerify bool certPEMBlock, keyPEMBlock []byte caPEMBlock []byte } type TLSConfigOption func(options *TLSConfigOptions) error -func WithInsecureSkipVerify(insecureSkipTLSverify bool) TLSConfigOption { +func WithInsecureSkipVerify(insecureSkipTLSVerify bool) TLSConfigOption { return func(options *TLSConfigOptions) error { - options.insecureSkipTLSverify = insecureSkipTLSverify + options.insecureSkipTLSVerify = insecureSkipTLSVerify return nil } @@ -97,7 +97,7 @@ func NewTLSConfig(options ...TLSConfigOption) (*tls.Config, error) { } config := tls.Config{ - InsecureSkipVerify: to.insecureSkipTLSverify, + InsecureSkipVerify: to.insecureSkipTLSVerify, } if len(to.certPEMBlock) > 0 && len(to.keyPEMBlock) > 0 { diff --git a/internal/tlsutil/tls_test.go b/internal/tlsutil/tls_test.go index 3d7e75c86..f16eb218f 100644 --- a/internal/tlsutil/tls_test.go +++ b/internal/tlsutil/tls_test.go @@ -42,11 +42,11 @@ func TestNewTLSConfig(t *testing.T) { certFile := testfile(t, testCertFile) keyFile := testfile(t, testKeyFile) caCertFile := testfile(t, testCaCertFile) - insecureSkipTLSverify := false + insecureSkipTLSVerify := false { cfg, err := NewTLSConfig( - WithInsecureSkipVerify(insecureSkipTLSverify), + WithInsecureSkipVerify(insecureSkipTLSVerify), WithCertKeyPairFiles(certFile, keyFile), WithCAFile(caCertFile), ) @@ -66,7 +66,7 @@ func TestNewTLSConfig(t *testing.T) { } { cfg, err := NewTLSConfig( - WithInsecureSkipVerify(insecureSkipTLSverify), + WithInsecureSkipVerify(insecureSkipTLSVerify), WithCAFile(caCertFile), ) if err != nil { @@ -86,7 +86,7 @@ func TestNewTLSConfig(t *testing.T) { { cfg, err := NewTLSConfig( - WithInsecureSkipVerify(insecureSkipTLSverify), + WithInsecureSkipVerify(insecureSkipTLSVerify), WithCertKeyPairFiles(certFile, keyFile), ) if err != nil { diff --git a/internal/version/version.go b/internal/version/version.go index aa64e618f..b7f2436a1 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -18,6 +18,7 @@ package version // import "helm.sh/helm/v4/internal/version" import ( "flag" + "fmt" "runtime" "strings" ) @@ -37,6 +38,11 @@ var ( gitCommit = "" // gitTreeState is the state of the git tree gitTreeState = "" + + // The Kubernetes version can be set by LDFLAGS. In order to do that the value + // must be a string. + kubeClientVersionMajor = "" + kubeClientVersionMinor = "" ) // BuildInfo describes the compile time information. @@ -49,6 +55,8 @@ type BuildInfo struct { GitTreeState string `json:"git_tree_state,omitempty"` // GoVersion is the version of the Go compiler used. GoVersion string `json:"go_version,omitempty"` + // KubeClientVersion is the version of client-go Helm was build with + KubeClientVersion string `json:"kube_client_version"` } // GetVersion returns the semver string of the version @@ -67,10 +75,11 @@ func GetUserAgent() string { // Get returns build info func Get() BuildInfo { v := BuildInfo{ - Version: GetVersion(), - GitCommit: gitCommit, - GitTreeState: gitTreeState, - GoVersion: runtime.Version(), + Version: GetVersion(), + GitCommit: gitCommit, + GitTreeState: gitTreeState, + GoVersion: runtime.Version(), + KubeClientVersion: fmt.Sprintf("v%s.%s", kubeClientVersionMajor, kubeClientVersionMinor), } // HACK(bacongobbler): strip out GoVersion during a test run for consistent test output diff --git a/pkg/action/action.go b/pkg/action/action.go index 42dc56c96..9555006be 100644 --- a/pkg/action/action.go +++ b/pkg/action/action.go @@ -30,6 +30,7 @@ import ( "strings" "sync" "text/template" + "time" "k8s.io/apimachinery/pkg/api/meta" "k8s.io/cli-runtime/pkg/genericclioptions" @@ -39,17 +40,19 @@ import ( "sigs.k8s.io/kustomize/kyaml/kio" kyaml "sigs.k8s.io/kustomize/kyaml/yaml" + "helm.sh/helm/v4/internal/logging" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/engine" "helm.sh/helm/v4/pkg/kube" - "helm.sh/helm/v4/pkg/postrender" + "helm.sh/helm/v4/pkg/postrenderer" "helm.sh/helm/v4/pkg/registry" - releaseutil "helm.sh/helm/v4/pkg/release/util" + ri "helm.sh/helm/v4/pkg/release" release "helm.sh/helm/v4/pkg/release/v1" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" "helm.sh/helm/v4/pkg/storage" "helm.sh/helm/v4/pkg/storage/driver" - "helm.sh/helm/v4/pkg/time" ) // Timestamper is a function capable of producing a timestamp.Timestamper. @@ -69,6 +72,21 @@ var ( errPending = errors.New("another operation (install/upgrade/rollback) is in progress") ) +type DryRunStrategy string + +const ( + // DryRunNone indicates the client will make all mutating calls + DryRunNone DryRunStrategy = "none" + + // DryRunClient, or client-side dry-run, indicates the client will avoid + // making calls to the server + DryRunClient DryRunStrategy = "client" + + // DryRunServer, or server-side dry-run, indicates the client will send + // calls to the APIServer with the dry-run parameter to prevent persisting changes + DryRunServer DryRunStrategy = "server" +) + // Configuration injects the dependencies that all actions share. type Configuration struct { // RESTClientGetter is an interface that loads Kubernetes clients. @@ -84,7 +102,7 @@ type Configuration struct { RegistryClient *registry.Client // Capabilities describes the capabilities of the Kubernetes cluster. - Capabilities *chartutil.Capabilities + Capabilities *common.Capabilities // CustomTemplateFuncs is defined by users to provide custom template funcs CustomTemplateFuncs template.FuncMap @@ -92,7 +110,32 @@ type Configuration struct { // HookOutputFunc called with container name and returns and expects writer that will receive the log output. HookOutputFunc func(namespace, pod, container string) io.Writer + // Mutex is an exclusive lock for concurrent access to the action mutex sync.Mutex + + // Embed a LogHolder to provide logger functionality + logging.LogHolder +} + +type ConfigurationOption func(c *Configuration) + +// Override the default logging handler +// If unspecified, the default logger will be used +func ConfigurationSetLogger(h slog.Handler) ConfigurationOption { + return func(c *Configuration) { + c.SetLogger(h) + } +} + +func NewConfiguration(options ...ConfigurationOption) *Configuration { + c := &Configuration{} + c.SetLogger(slog.Default().Handler()) + + for _, o := range options { + o(c) + } + + return c } const ( @@ -176,7 +219,7 @@ func splitAndDeannotate(postrendered string) (map[string]string, error) { // TODO: As part of the refactor the duplicate code in cmd/helm/template.go should be removed // // This code has to do with writing files to disk. -func (cfg *Configuration) renderResources(ch *chart.Chart, values chartutil.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrender.PostRenderer, interactWithRemote, enableDNS, hideSecret bool) ([]*release.Hook, *bytes.Buffer, string, error) { +func (cfg *Configuration) renderResources(ch *chart.Chart, values common.Values, releaseName, outputDir string, subNotes, useReleaseName, includeCrds bool, pr postrenderer.PostRenderer, interactWithRemote, enableDNS, hideSecret bool) ([]*release.Hook, *bytes.Buffer, string, error) { var hs []*release.Hook b := bytes.NewBuffer(nil) @@ -337,7 +380,7 @@ type RESTClientGetter interface { } // capabilities builds a Capabilities from discovery information. -func (cfg *Configuration) getCapabilities() (*chartutil.Capabilities, error) { +func (cfg *Configuration) getCapabilities() (*common.Capabilities, error) { if cfg.Capabilities != nil { return cfg.Capabilities, nil } @@ -359,21 +402,21 @@ func (cfg *Configuration) getCapabilities() (*chartutil.Capabilities, error) { apiVersions, err := GetVersionSet(dc) if err != nil { if discovery.IsGroupDiscoveryFailedError(err) { - slog.Warn("the kubernetes server has an orphaned API service", slog.Any("error", err)) - slog.Warn("to fix this, kubectl delete apiservice ") + cfg.Logger().Warn("the kubernetes server has an orphaned API service", slog.Any("error", err)) + cfg.Logger().Warn("to fix this, kubectl delete apiservice ") } else { return nil, fmt.Errorf("could not get apiVersions from Kubernetes: %w", err) } } - cfg.Capabilities = &chartutil.Capabilities{ + cfg.Capabilities = &common.Capabilities{ APIVersions: apiVersions, - KubeVersion: chartutil.KubeVersion{ + KubeVersion: common.KubeVersion{ Version: kubeVersion.GitVersion, Major: kubeVersion.Major, Minor: kubeVersion.Minor, }, - HelmVersion: chartutil.DefaultCapabilities.HelmVersion, + HelmVersion: common.DefaultCapabilities.HelmVersion, } return cfg.Capabilities, nil } @@ -396,7 +439,7 @@ func (cfg *Configuration) Now() time.Time { return Timestamper() } -func (cfg *Configuration) releaseContent(name string, version int) (*release.Release, error) { +func (cfg *Configuration) releaseContent(name string, version int) (ri.Releaser, error) { if err := chartutil.ValidateReleaseName(name); err != nil { return nil, fmt.Errorf("releaseContent: Release name is invalid: %s", name) } @@ -409,10 +452,10 @@ func (cfg *Configuration) releaseContent(name string, version int) (*release.Rel } // GetVersionSet retrieves a set of available k8s API versions -func GetVersionSet(client discovery.ServerResourcesInterface) (chartutil.VersionSet, error) { +func GetVersionSet(client discovery.ServerResourcesInterface) (common.VersionSet, error) { groups, resources, err := client.ServerGroupsAndResources() if err != nil && !discovery.IsGroupDiscoveryFailedError(err) { - return chartutil.DefaultVersionSet, fmt.Errorf("could not get apiVersions from Kubernetes: %w", err) + return common.DefaultVersionSet, fmt.Errorf("could not get apiVersions from Kubernetes: %w", err) } // FIXME: The Kubernetes test fixture for cli appears to always return nil @@ -420,7 +463,7 @@ func GetVersionSet(client discovery.ServerResourcesInterface) (chartutil.Version // return the default API list. This is also a safe value to return in any // other odd-ball case. if len(groups) == 0 && len(resources) == 0 { - return chartutil.DefaultVersionSet, nil + return common.DefaultVersionSet, nil } versionMap := make(map[string]interface{}) @@ -453,19 +496,20 @@ func GetVersionSet(client discovery.ServerResourcesInterface) (chartutil.Version versions = append(versions, k) } - return chartutil.VersionSet(versions), nil + return common.VersionSet(versions), nil } // recordRelease with an update operation in case reuse has been set. func (cfg *Configuration) recordRelease(r *release.Release) { if err := cfg.Releases.Update(r); err != nil { - slog.Warn("failed to update release", "name", r.Name, "revision", r.Version, slog.Any("error", err)) + cfg.Logger().Warn("failed to update release", "name", r.Name, "revision", r.Version, slog.Any("error", err)) } } // Init initializes the action configuration func (cfg *Configuration) Init(getter genericclioptions.RESTClientGetter, namespace, helmDriver string) error { kc := kube.New(getter) + kc.SetLogger(cfg.Logger().Handler()) lazyClient := &lazyClient{ namespace: namespace, @@ -476,9 +520,11 @@ func (cfg *Configuration) Init(getter genericclioptions.RESTClientGetter, namesp switch helmDriver { case "secret", "secrets", "": d := driver.NewSecrets(newSecretClient(lazyClient)) + d.SetLogger(cfg.Logger().Handler()) store = storage.Init(d) case "configmap", "configmaps": d := driver.NewConfigMaps(newConfigMapClient(lazyClient)) + d.SetLogger(cfg.Logger().Handler()) store = storage.Init(d) case "memory": var d *driver.Memory @@ -493,6 +539,7 @@ func (cfg *Configuration) Init(getter genericclioptions.RESTClientGetter, namesp if d == nil { d = driver.NewMemory() } + d.SetLogger(cfg.Logger().Handler()) d.SetNamespace(namespace) store = storage.Init(d) case "sql": @@ -503,6 +550,7 @@ func (cfg *Configuration) Init(getter genericclioptions.RESTClientGetter, namesp if err != nil { return fmt.Errorf("unable to instantiate SQL driver: %w", err) } + d.SetLogger(cfg.Logger().Handler()) store = storage.Init(d) default: return fmt.Errorf("unknown driver %q", helmDriver) @@ -520,3 +568,20 @@ func (cfg *Configuration) Init(getter genericclioptions.RESTClientGetter, namesp func (cfg *Configuration) SetHookOutputFunc(hookOutputFunc func(_, _, _ string) io.Writer) { cfg.HookOutputFunc = hookOutputFunc } + +func determineReleaseSSApplyMethod(serverSideApply bool) release.ApplyMethod { + if serverSideApply { + return release.ApplyMethodServerSideApply + } + return release.ApplyMethodClientSideApply +} + +// isDryRun returns true if the strategy is set to run as a DryRun +func isDryRun(strategy DryRunStrategy) bool { + return strategy == DryRunClient || strategy == DryRunServer +} + +// interactWithServer determine whether or not to interact with a remote Kubernetes server +func interactWithServer(strategy DryRunStrategy) bool { + return strategy == DryRunNone || strategy == DryRunServer +} diff --git a/pkg/action/action_test.go b/pkg/action/action_test.go index 43cf94622..b77a462f5 100644 --- a/pkg/action/action_test.go +++ b/pkg/action/action_test.go @@ -24,21 +24,22 @@ import ( "log/slog" "strings" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" fakeclientset "k8s.io/client-go/kubernetes/fake" "helm.sh/helm/v4/internal/logging" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/kube" kubefake "helm.sh/helm/v4/pkg/kube/fake" "helm.sh/helm/v4/pkg/registry" + rcommon "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" "helm.sh/helm/v4/pkg/storage" "helm.sh/helm/v4/pkg/storage/driver" - "helm.sh/helm/v4/pkg/time" ) var verbose = flag.Bool("test.log", false, "enable test logging (debug by default)") @@ -64,7 +65,7 @@ func actionConfigFixtureWithDummyResources(t *testing.T, dummyResources kube.Res return &Configuration{ Releases: storage.Init(driver.NewMemory()), KubeClient: &kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, DummyResources: dummyResources}, - Capabilities: chartutil.DefaultCapabilities, + Capabilities: common.DefaultCapabilities, RegistryClient: registryClient, } } @@ -122,14 +123,15 @@ type chartOptions struct { type chartOption func(*chartOptions) func buildChart(opts ...chartOption) *chart.Chart { - defaultTemplates := []*chart.File{ - {Name: "templates/hello", Data: []byte("hello: world")}, - {Name: "templates/hooks", Data: []byte(manifestWithHook)}, + modTime := time.Now() + defaultTemplates := []*common.File{ + {Name: "templates/hello", ModTime: modTime, Data: []byte("hello: world")}, + {Name: "templates/hooks", ModTime: modTime, Data: []byte(manifestWithHook)}, } return buildChartWithTemplates(defaultTemplates, opts...) } -func buildChartWithTemplates(templates []*chart.File, opts ...chartOption) *chart.Chart { +func buildChartWithTemplates(templates []*common.File, opts ...chartOption) *chart.Chart { c := &chartOptions{ Chart: &chart.Chart{ // TODO: This should be more complete. @@ -179,9 +181,10 @@ func withValues(values map[string]interface{}) chartOption { func withNotes(notes string) chartOption { return func(opts *chartOptions) { - opts.Templates = append(opts.Templates, &chart.File{ - Name: "templates/NOTES.txt", - Data: []byte(notes), + opts.Templates = append(opts.Templates, &common.File{ + Name: "templates/NOTES.txt", + ModTime: time.Now(), + Data: []byte(notes), }) } } @@ -200,12 +203,13 @@ func withMetadataDependency(dependency chart.Dependency) chartOption { func withSampleTemplates() chartOption { return func(opts *chartOptions) { - sampleTemplates := []*chart.File{ + modTime := time.Now() + sampleTemplates := []*common.File{ // This adds basic templates and partials. - {Name: "templates/goodbye", Data: []byte("goodbye: world")}, - {Name: "templates/empty", Data: []byte("")}, - {Name: "templates/with-partials", Data: []byte(`hello: {{ template "_planet" . }}`)}, - {Name: "templates/partials/_planet", Data: []byte(`{{define "_planet"}}Earth{{end}}`)}, + {Name: "templates/goodbye", ModTime: modTime, Data: []byte("goodbye: world")}, + {Name: "templates/empty", ModTime: modTime, Data: []byte("")}, + {Name: "templates/with-partials", ModTime: modTime, Data: []byte(`hello: {{ template "_planet" . }}`)}, + {Name: "templates/partials/_planet", ModTime: modTime, Data: []byte(`{{define "_planet"}}Earth{{end}}`)}, } opts.Templates = append(opts.Templates, sampleTemplates...) } @@ -213,20 +217,21 @@ func withSampleTemplates() chartOption { func withSampleSecret() chartOption { return func(opts *chartOptions) { - sampleSecret := &chart.File{Name: "templates/secret.yaml", Data: []byte("apiVersion: v1\nkind: Secret\n")} + sampleSecret := &common.File{Name: "templates/secret.yaml", ModTime: time.Now(), Data: []byte("apiVersion: v1\nkind: Secret\n")} opts.Templates = append(opts.Templates, sampleSecret) } } func withSampleIncludingIncorrectTemplates() chartOption { return func(opts *chartOptions) { - sampleTemplates := []*chart.File{ + modTime := time.Now() + sampleTemplates := []*common.File{ // This adds basic templates and partials. - {Name: "templates/goodbye", Data: []byte("goodbye: world")}, - {Name: "templates/empty", Data: []byte("")}, - {Name: "templates/incorrect", Data: []byte("{{ .Values.bad.doh }}")}, - {Name: "templates/with-partials", Data: []byte(`hello: {{ template "_planet" . }}`)}, - {Name: "templates/partials/_planet", Data: []byte(`{{define "_planet"}}Earth{{end}}`)}, + {Name: "templates/goodbye", ModTime: modTime, Data: []byte("goodbye: world")}, + {Name: "templates/empty", ModTime: modTime, Data: []byte("")}, + {Name: "templates/incorrect", ModTime: modTime, Data: []byte("{{ .Values.bad.doh }}")}, + {Name: "templates/with-partials", ModTime: modTime, Data: []byte(`hello: {{ template "_planet" . }}`)}, + {Name: "templates/partials/_planet", ModTime: modTime, Data: []byte(`{{define "_planet"}}Earth{{end}}`)}, } opts.Templates = append(opts.Templates, sampleTemplates...) } @@ -234,8 +239,8 @@ func withSampleIncludingIncorrectTemplates() chartOption { func withMultipleManifestTemplate() chartOption { return func(opts *chartOptions) { - sampleTemplates := []*chart.File{ - {Name: "templates/rbac", Data: []byte(rbacManifests)}, + sampleTemplates := []*common.File{ + {Name: "templates/rbac", ModTime: time.Now(), Data: []byte(rbacManifests)}, } opts.Templates = append(opts.Templates, sampleTemplates...) } @@ -249,10 +254,10 @@ func withKube(version string) chartOption { // releaseStub creates a release stub, complete with the chartStub as its chart. func releaseStub() *release.Release { - return namedReleaseStub("angry-panda", release.StatusDeployed) + return namedReleaseStub("angry-panda", rcommon.StatusDeployed) } -func namedReleaseStub(name string, status release.Status) *release.Release { +func namedReleaseStub(name string, status rcommon.Status) *release.Release { now := time.Now() return &release.Release{ Name: name, @@ -343,7 +348,7 @@ func TestConfiguration_Init(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - cfg := &Configuration{} + cfg := NewConfiguration() actualErr := cfg.Init(nil, "default", tt.helmDriver) if tt.expectErr { @@ -851,8 +856,8 @@ func TestRenderResources_PostRenderer_MergeError(t *testing.T) { Name: "test-chart", Version: "0.1.0", }, - Templates: []*chart.File{ - {Name: "templates/invalid", Data: []byte("invalid: yaml: content:")}, + Templates: []*common.File{ + {Name: "templates/invalid", ModTime: time.Now(), Data: []byte("invalid: yaml: content:")}, }, } values := map[string]interface{}{} @@ -946,3 +951,20 @@ func TestRenderResources_NoPostRenderer(t *testing.T) { assert.NotNil(t, buf) assert.Equal(t, "", notes) } + +func TestDetermineReleaseSSAApplyMethod(t *testing.T) { + assert.Equal(t, release.ApplyMethodClientSideApply, determineReleaseSSApplyMethod(false)) + assert.Equal(t, release.ApplyMethodServerSideApply, determineReleaseSSApplyMethod(true)) +} + +func TestIsDryRun(t *testing.T) { + assert.False(t, isDryRun(DryRunNone)) + assert.True(t, isDryRun(DryRunClient)) + assert.True(t, isDryRun(DryRunServer)) +} + +func TestInteractWithServer(t *testing.T) { + assert.True(t, interactWithServer(DryRunNone)) + assert.False(t, interactWithServer(DryRunClient)) + assert.True(t, interactWithServer(DryRunServer)) +} diff --git a/pkg/action/dependency.go b/pkg/action/dependency.go index 03c370c8e..b12887bde 100644 --- a/pkg/action/dependency.go +++ b/pkg/action/dependency.go @@ -43,7 +43,7 @@ type Dependency struct { CertFile string KeyFile string CaFile string - InsecureSkipTLSverify bool + InsecureSkipTLSVerify bool PlainHTTP bool } diff --git a/pkg/action/get.go b/pkg/action/get.go index dbe5f4cb3..b5e7c194b 100644 --- a/pkg/action/get.go +++ b/pkg/action/get.go @@ -17,7 +17,7 @@ limitations under the License. package action import ( - release "helm.sh/helm/v4/pkg/release/v1" + release "helm.sh/helm/v4/pkg/release" ) // Get is the action for checking a given release's information. @@ -38,7 +38,7 @@ func NewGet(cfg *Configuration) *Get { } // Run executes 'helm get' against the given release. -func (g *Get) Run(name string) (*release.Release, error) { +func (g *Get) Run(name string) (release.Releaser, error) { if err := g.cfg.KubeClient.IsReachable(); err != nil { return nil, err } diff --git a/pkg/action/get_metadata.go b/pkg/action/get_metadata.go index 4cb77361a..5312dac7f 100644 --- a/pkg/action/get_metadata.go +++ b/pkg/action/get_metadata.go @@ -17,11 +17,15 @@ limitations under the License. package action import ( + "errors" + "log/slog" "sort" "strings" "time" + ci "helm.sh/helm/v4/pkg/chart" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/release" ) // GetMetadata is the action for checking a given release's metadata. @@ -41,12 +45,13 @@ type Metadata struct { // Annotations are fetched from the Chart.yaml file Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"` // Labels of the release which are stored in driver metadata fields storage - Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"` - Dependencies []*chart.Dependency `json:"dependencies,omitempty" yaml:"dependencies,omitempty"` - Namespace string `json:"namespace" yaml:"namespace"` - Revision int `json:"revision" yaml:"revision"` - Status string `json:"status" yaml:"status"` - DeployedAt string `json:"deployedAt" yaml:"deployedAt"` + Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"` + Dependencies []ci.Dependency `json:"dependencies,omitempty" yaml:"dependencies,omitempty"` + Namespace string `json:"namespace" yaml:"namespace"` + Revision int `json:"revision" yaml:"revision"` + Status string `json:"status" yaml:"status"` + DeployedAt string `json:"deployedAt" yaml:"deployedAt"` + ApplyMethod string `json:"applyMethod,omitempty" yaml:"applyMethod,omitempty"` } // NewGetMetadata creates a new GetMetadata object with the given configuration. @@ -67,18 +72,40 @@ func (g *GetMetadata) Run(name string) (*Metadata, error) { return nil, err } + rac, err := release.NewAccessor(rel) + if err != nil { + return nil, err + } + ac, err := ci.NewAccessor(rac.Chart()) + if err != nil { + return nil, err + } + + charti := rac.Chart() + + var chrt *chart.Chart + switch c := charti.(type) { + case *chart.Chart: + chrt = c + case chart.Chart: + chrt = &c + default: + return nil, errors.New("invalid chart apiVersion") + } + return &Metadata{ - Name: rel.Name, - Chart: rel.Chart.Metadata.Name, - Version: rel.Chart.Metadata.Version, - AppVersion: rel.Chart.Metadata.AppVersion, - Dependencies: rel.Chart.Metadata.Dependencies, - Annotations: rel.Chart.Metadata.Annotations, - Labels: rel.Labels, - Namespace: rel.Namespace, - Revision: rel.Version, - Status: rel.Info.Status.String(), - DeployedAt: rel.Info.LastDeployed.Format(time.RFC3339), + Name: rac.Name(), + Chart: chrt.Metadata.Name, + Version: chrt.Metadata.Version, + AppVersion: chrt.Metadata.AppVersion, + Dependencies: ac.MetaDependencies(), + Annotations: chrt.Metadata.Annotations, + Labels: rac.Labels(), + Namespace: rac.Namespace(), + Revision: rac.Version(), + Status: rac.Status(), + DeployedAt: rac.DeployedAt().Format(time.RFC3339), + ApplyMethod: rac.ApplyMethod(), }, nil } @@ -86,7 +113,13 @@ func (g *GetMetadata) Run(name string) (*Metadata, error) { func (m *Metadata) FormattedDepNames() string { depsNames := make([]string, 0, len(m.Dependencies)) for _, dep := range m.Dependencies { - depsNames = append(depsNames, dep.Name) + ac, err := ci.NewDependencyAccessor(dep) + if err != nil { + slog.Error("unable to access dependency metadata", "error", err) + continue + } + depsNames = append(depsNames, ac.Name()) + } sort.StringSlice(depsNames).Sort() diff --git a/pkg/action/get_metadata_test.go b/pkg/action/get_metadata_test.go index 6ceb34951..cd5988d8e 100644 --- a/pkg/action/get_metadata_test.go +++ b/pkg/action/get_metadata_test.go @@ -25,21 +25,13 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + ci "helm.sh/helm/v4/pkg/chart" chart "helm.sh/helm/v4/pkg/chart/v2" kubefake "helm.sh/helm/v4/pkg/kube/fake" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" ) -// unreachableKubeClient is a test client that always returns an error for IsReachable -type unreachableKubeClient struct { - kubefake.PrintingKubeClient -} - -func (u *unreachableKubeClient) IsReachable() error { - return errors.New("connection refused") -} - func TestNewGetMetadata(t *testing.T) { cfg := actionConfigFixture(t) client := NewGetMetadata(cfg) @@ -54,12 +46,12 @@ func TestGetMetadata_Run_BasicMetadata(t *testing.T) { client := NewGetMetadata(cfg) releaseName := "test-release" - deployedTime := helmtime.Now() + deployedTime := time.Now() rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, LastDeployed: deployedTime, }, Chart: &chart.Chart{ @@ -73,7 +65,8 @@ func TestGetMetadata_Run_BasicMetadata(t *testing.T) { Namespace: "default", } - cfg.Releases.Create(rel) + err := cfg.Releases.Create(rel) + require.NoError(t, err) result, err := client.Run(releaseName) require.NoError(t, err) @@ -95,7 +88,7 @@ func TestGetMetadata_Run_WithDependencies(t *testing.T) { client := NewGetMetadata(cfg) releaseName := "test-release" - deployedTime := helmtime.Now() + deployedTime := time.Now() dependencies := []*chart.Dependency{ { @@ -113,7 +106,7 @@ func TestGetMetadata_Run_WithDependencies(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, LastDeployed: deployedTime, }, Chart: &chart.Chart{ @@ -133,13 +126,18 @@ func TestGetMetadata_Run_WithDependencies(t *testing.T) { result, err := client.Run(releaseName) require.NoError(t, err) + dep0, err := ci.NewDependencyAccessor(result.Dependencies[0]) + require.NoError(t, err) + dep1, err := ci.NewDependencyAccessor(result.Dependencies[1]) + require.NoError(t, err) + assert.Equal(t, releaseName, result.Name) assert.Equal(t, "test-chart", result.Chart) assert.Equal(t, "1.0.0", result.Version) - assert.Equal(t, dependencies, result.Dependencies) + assert.Equal(t, convertDeps(dependencies), result.Dependencies) assert.Len(t, result.Dependencies, 2) - assert.Equal(t, "mysql", result.Dependencies[0].Name) - assert.Equal(t, "redis", result.Dependencies[1].Name) + assert.Equal(t, "mysql", dep0.Name()) + assert.Equal(t, "redis", dep1.Name()) } func TestGetMetadata_Run_WithDependenciesAliases(t *testing.T) { @@ -147,7 +145,7 @@ func TestGetMetadata_Run_WithDependenciesAliases(t *testing.T) { client := NewGetMetadata(cfg) releaseName := "test-release" - deployedTime := helmtime.Now() + deployedTime := time.Now() dependencies := []*chart.Dependency{ { @@ -167,7 +165,7 @@ func TestGetMetadata_Run_WithDependenciesAliases(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, LastDeployed: deployedTime, }, Chart: &chart.Chart{ @@ -187,15 +185,20 @@ func TestGetMetadata_Run_WithDependenciesAliases(t *testing.T) { result, err := client.Run(releaseName) require.NoError(t, err) + dep0, err := ci.NewDependencyAccessor(result.Dependencies[0]) + require.NoError(t, err) + dep1, err := ci.NewDependencyAccessor(result.Dependencies[1]) + require.NoError(t, err) + assert.Equal(t, releaseName, result.Name) assert.Equal(t, "test-chart", result.Chart) assert.Equal(t, "1.0.0", result.Version) - assert.Equal(t, dependencies, result.Dependencies) + assert.Equal(t, convertDeps(dependencies), result.Dependencies) assert.Len(t, result.Dependencies, 2) - assert.Equal(t, "mysql", result.Dependencies[0].Name) - assert.Equal(t, "database", result.Dependencies[0].Alias) - assert.Equal(t, "redis", result.Dependencies[1].Name) - assert.Equal(t, "cache", result.Dependencies[1].Alias) + assert.Equal(t, "mysql", dep0.Name()) + assert.Equal(t, "database", dep0.Alias()) + assert.Equal(t, "redis", dep1.Name()) + assert.Equal(t, "cache", dep1.Alias()) } func TestGetMetadata_Run_WithMixedDependencies(t *testing.T) { @@ -203,7 +206,7 @@ func TestGetMetadata_Run_WithMixedDependencies(t *testing.T) { client := NewGetMetadata(cfg) releaseName := "test-release" - deployedTime := helmtime.Now() + deployedTime := time.Now() dependencies := []*chart.Dependency{ { @@ -233,7 +236,7 @@ func TestGetMetadata_Run_WithMixedDependencies(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, LastDeployed: deployedTime, }, Chart: &chart.Chart{ @@ -253,23 +256,32 @@ func TestGetMetadata_Run_WithMixedDependencies(t *testing.T) { result, err := client.Run(releaseName) require.NoError(t, err) + dep0, err := ci.NewDependencyAccessor(result.Dependencies[0]) + require.NoError(t, err) + dep1, err := ci.NewDependencyAccessor(result.Dependencies[1]) + require.NoError(t, err) + dep2, err := ci.NewDependencyAccessor(result.Dependencies[2]) + require.NoError(t, err) + dep3, err := ci.NewDependencyAccessor(result.Dependencies[3]) + require.NoError(t, err) + assert.Equal(t, releaseName, result.Name) assert.Equal(t, "test-chart", result.Chart) assert.Equal(t, "1.0.0", result.Version) - assert.Equal(t, dependencies, result.Dependencies) + assert.Equal(t, convertDeps(dependencies), result.Dependencies) assert.Len(t, result.Dependencies, 4) // Verify dependencies with aliases - assert.Equal(t, "mysql", result.Dependencies[0].Name) - assert.Equal(t, "database", result.Dependencies[0].Alias) - assert.Equal(t, "redis", result.Dependencies[2].Name) - assert.Equal(t, "cache", result.Dependencies[2].Alias) + assert.Equal(t, "mysql", dep0.Name()) + assert.Equal(t, "database", dep0.Alias()) + assert.Equal(t, "redis", dep2.Name()) + assert.Equal(t, "cache", dep2.Alias()) // Verify dependencies without aliases - assert.Equal(t, "nginx", result.Dependencies[1].Name) - assert.Equal(t, "", result.Dependencies[1].Alias) - assert.Equal(t, "postgresql", result.Dependencies[3].Name) - assert.Equal(t, "", result.Dependencies[3].Alias) + assert.Equal(t, "nginx", dep1.Name()) + assert.Equal(t, "", dep1.Alias()) + assert.Equal(t, "postgresql", dep3.Name()) + assert.Equal(t, "", dep3.Alias()) } func TestGetMetadata_Run_WithAnnotations(t *testing.T) { @@ -277,7 +289,7 @@ func TestGetMetadata_Run_WithAnnotations(t *testing.T) { client := NewGetMetadata(cfg) releaseName := "test-release" - deployedTime := helmtime.Now() + deployedTime := time.Now() annotations := map[string]string{ "helm.sh/hook": "pre-install", @@ -288,7 +300,7 @@ func TestGetMetadata_Run_WithAnnotations(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, LastDeployed: deployedTime, }, Chart: &chart.Chart{ @@ -322,13 +334,13 @@ func TestGetMetadata_Run_SpecificVersion(t *testing.T) { client.Version = 2 releaseName := "test-release" - deployedTime := helmtime.Now() + deployedTime := time.Now() rel1 := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusSuperseded, - LastDeployed: helmtime.Time{Time: deployedTime.Time.Add(-time.Hour)}, + Status: common.StatusSuperseded, + LastDeployed: deployedTime.Add(-time.Hour), }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ @@ -344,7 +356,7 @@ func TestGetMetadata_Run_SpecificVersion(t *testing.T) { rel2 := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, LastDeployed: deployedTime, }, Chart: &chart.Chart{ @@ -378,22 +390,22 @@ func TestGetMetadata_Run_DifferentStatuses(t *testing.T) { testCases := []struct { name string - status release.Status + status common.Status expected string }{ - {"deployed", release.StatusDeployed, "deployed"}, - {"failed", release.StatusFailed, "failed"}, - {"uninstalled", release.StatusUninstalled, "uninstalled"}, - {"pending-install", release.StatusPendingInstall, "pending-install"}, - {"pending-upgrade", release.StatusPendingUpgrade, "pending-upgrade"}, - {"pending-rollback", release.StatusPendingRollback, "pending-rollback"}, - {"superseded", release.StatusSuperseded, "superseded"}, + {"deployed", common.StatusDeployed, "deployed"}, + {"failed", common.StatusFailed, "failed"}, + {"uninstalled", common.StatusUninstalled, "uninstalled"}, + {"pending-install", common.StatusPendingInstall, "pending-install"}, + {"pending-upgrade", common.StatusPendingUpgrade, "pending-upgrade"}, + {"pending-rollback", common.StatusPendingRollback, "pending-rollback"}, + {"superseded", common.StatusSuperseded, "superseded"}, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { releaseName := "test-release-" + tc.name - deployedTime := helmtime.Now() + deployedTime := time.Now() rel := &release.Release{ Name: releaseName, @@ -424,9 +436,9 @@ func TestGetMetadata_Run_DifferentStatuses(t *testing.T) { func TestGetMetadata_Run_UnreachableKubeClient(t *testing.T) { cfg := actionConfigFixture(t) - cfg.KubeClient = &unreachableKubeClient{ - PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, - } + failingKubeClient := kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, DummyResources: nil} + failingKubeClient.ConnectionError = errors.New("connection refused") + cfg.KubeClient = &failingKubeClient client := NewGetMetadata(cfg) @@ -449,12 +461,12 @@ func TestGetMetadata_Run_EmptyAppVersion(t *testing.T) { client := NewGetMetadata(cfg) releaseName := "test-release" - deployedTime := helmtime.Now() + deployedTime := time.Now() rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, LastDeployed: deployedTime, }, Chart: &chart.Chart{ @@ -525,8 +537,9 @@ func TestMetadata_FormattedDepNames(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { + deps := convertDeps(tc.dependencies) metadata := &Metadata{ - Dependencies: tc.dependencies, + Dependencies: deps, } result := metadata.FormattedDepNames() @@ -535,6 +548,14 @@ func TestMetadata_FormattedDepNames(t *testing.T) { } } +func convertDeps(deps []*chart.Dependency) []ci.Dependency { + var newDeps = make([]ci.Dependency, len(deps)) + for i, c := range deps { + newDeps[i] = c + } + return newDeps +} + func TestMetadata_FormattedDepNames_WithComplexDependencies(t *testing.T) { dependencies := []*chart.Dependency{ { @@ -556,8 +577,9 @@ func TestMetadata_FormattedDepNames_WithComplexDependencies(t *testing.T) { }, } + deps := convertDeps(dependencies) metadata := &Metadata{ - Dependencies: dependencies, + Dependencies: deps, } result := metadata.FormattedDepNames() @@ -607,8 +629,9 @@ func TestMetadata_FormattedDepNames_WithAliases(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { + deps := convertDeps(tc.dependencies) metadata := &Metadata{ - Dependencies: tc.dependencies, + Dependencies: deps, } result := metadata.FormattedDepNames() @@ -619,7 +642,7 @@ func TestMetadata_FormattedDepNames_WithAliases(t *testing.T) { func TestGetMetadata_Labels(t *testing.T) { rel := releaseStub() - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed customLabels := map[string]string{"key1": "value1", "key2": "value2"} rel.Labels = customLabels diff --git a/pkg/action/get_values.go b/pkg/action/get_values.go index 18b8b4838..6475a140b 100644 --- a/pkg/action/get_values.go +++ b/pkg/action/get_values.go @@ -17,7 +17,11 @@ limitations under the License. package action import ( - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "fmt" + + "helm.sh/helm/v4/pkg/chart/common/util" + release "helm.sh/helm/v4/pkg/release" + rspb "helm.sh/helm/v4/pkg/release/v1" ) // GetValues is the action for checking a given release's values. @@ -43,14 +47,19 @@ func (g *GetValues) Run(name string) (map[string]interface{}, error) { return nil, err } - rel, err := g.cfg.releaseContent(name, g.Version) + reli, err := g.cfg.releaseContent(name, g.Version) + if err != nil { + return nil, err + } + + rel, err := releaserToV1Release(reli) if err != nil { return nil, err } // If the user wants all values, compute the values and return. if g.AllValues { - cfg, err := chartutil.CoalesceValues(rel.Chart, rel.Config) + cfg, err := util.CoalesceValues(rel.Chart, rel.Config) if err != nil { return nil, err } @@ -58,3 +67,18 @@ func (g *GetValues) Run(name string) (map[string]interface{}, error) { } return rel.Config, nil } + +// releaserToV1Release is a helper function to convert a v1 release passed by interface +// into the type object. +func releaserToV1Release(rel release.Releaser) (*rspb.Release, error) { + switch r := rel.(type) { + case rspb.Release: + return &r, nil + case *rspb.Release: + return r, nil + case nil: + return nil, nil + default: + return nil, fmt.Errorf("unsupported release type: %T", rel) + } +} diff --git a/pkg/action/get_values_test.go b/pkg/action/get_values_test.go index ec785b5c7..8e6588454 100644 --- a/pkg/action/get_values_test.go +++ b/pkg/action/get_values_test.go @@ -17,6 +17,7 @@ limitations under the License. package action import ( + "errors" "io" "testing" @@ -25,6 +26,7 @@ import ( chart "helm.sh/helm/v4/pkg/chart/v2" kubefake "helm.sh/helm/v4/pkg/kube/fake" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" ) @@ -57,7 +59,7 @@ func TestGetValues_Run_UserConfigOnly(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ @@ -111,7 +113,7 @@ func TestGetValues_Run_AllValues(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ @@ -146,7 +148,7 @@ func TestGetValues_Run_EmptyValues(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ @@ -168,9 +170,9 @@ func TestGetValues_Run_EmptyValues(t *testing.T) { func TestGetValues_Run_UnreachableKubeClient(t *testing.T) { cfg := actionConfigFixture(t) - cfg.KubeClient = &unreachableKubeClient{ - PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, - } + failingKubeClient := kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, DummyResources: nil} + failingKubeClient.ConnectionError = errors.New("connection refused") + cfg.KubeClient = &failingKubeClient client := NewGetValues(cfg) @@ -197,7 +199,7 @@ func TestGetValues_Run_NilConfig(t *testing.T) { rel := &release.Release{ Name: releaseName, Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ diff --git a/pkg/action/history.go b/pkg/action/history.go index d7af1d6a4..90307c79b 100644 --- a/pkg/action/history.go +++ b/pkg/action/history.go @@ -17,12 +17,10 @@ limitations under the License. package action import ( - "log/slog" - "fmt" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - release "helm.sh/helm/v4/pkg/release/v1" + release "helm.sh/helm/v4/pkg/release" ) // History is the action for checking the release's ledger. @@ -46,7 +44,7 @@ func NewHistory(cfg *Configuration) *History { } // Run executes 'helm history' against the given release. -func (h *History) Run(name string) ([]*release.Release, error) { +func (h *History) Run(name string) ([]release.Releaser, error) { if err := h.cfg.KubeClient.IsReachable(); err != nil { return nil, err } @@ -55,6 +53,6 @@ func (h *History) Run(name string) ([]*release.Release, error) { return nil, fmt.Errorf("release name is invalid: %s", name) } - slog.Debug("getting history for release", "release", name) + h.cfg.Logger().Debug("getting history for release", "release", name) return h.cfg.Releases.History(name) } diff --git a/pkg/action/hooks.go b/pkg/action/hooks.go index 275a1bf52..1e4fec9bd 100644 --- a/pkg/action/hooks.go +++ b/pkg/action/hooks.go @@ -29,11 +29,10 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" release "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" ) // execHook executes all of the hooks for the given hook event. -func (cfg *Configuration) execHook(rl *release.Release, hook release.HookEvent, waitStrategy kube.WaitStrategy, timeout time.Duration) error { +func (cfg *Configuration) execHook(rl *release.Release, hook release.HookEvent, waitStrategy kube.WaitStrategy, timeout time.Duration, serverSideApply bool) error { executingHooks := []*release.Hook{} for _, h := range rl.Hooks { @@ -62,7 +61,7 @@ func (cfg *Configuration) execHook(rl *release.Release, hook release.HookEvent, // Record the time at which the hook was applied to the cluster h.LastRun = release.HookExecution{ - StartedAt: helmtime.Now(), + StartedAt: time.Now(), Phase: release.HookPhaseRunning, } cfg.recordRelease(rl) @@ -75,8 +74,8 @@ func (cfg *Configuration) execHook(rl *release.Release, hook release.HookEvent, // Create hook resources if _, err := cfg.KubeClient.Create( resources, - kube.ClientCreateOptionServerSideApply(false, false)); err != nil { - h.LastRun.CompletedAt = helmtime.Now() + kube.ClientCreateOptionServerSideApply(serverSideApply, false)); err != nil { + h.LastRun.CompletedAt = time.Now() h.LastRun.Phase = release.HookPhaseFailed return fmt.Errorf("warning: Hook %s %s failed: %w", hook, h.Path, err) } @@ -88,7 +87,7 @@ func (cfg *Configuration) execHook(rl *release.Release, hook release.HookEvent, // Watch hook resources until they have completed err = waiter.WatchUntilReady(resources, timeout) // Note the time of success/failure - h.LastRun.CompletedAt = helmtime.Now() + h.LastRun.CompletedAt = time.Now() // Mark hook as succeeded or failed if err != nil { h.LastRun.Phase = release.HookPhaseFailed @@ -155,7 +154,7 @@ func (cfg *Configuration) deleteHookByPolicy(h *release.Hook, policy release.Hoo if err != nil { return fmt.Errorf("unable to build kubernetes object for deleting hook %s: %w", h.Path, err) } - _, errs := cfg.KubeClient.Delete(resources) + _, errs := cfg.KubeClient.Delete(resources, metav1.DeletePropagationBackground) if len(errs) > 0 { return joinErrors(errs, "; ") } @@ -224,16 +223,12 @@ func (cfg *Configuration) outputLogsByPolicy(h *release.Hook, releaseNamespace s } func (cfg *Configuration) outputContainerLogsForListOptions(namespace string, listOptions metav1.ListOptions) error { - // TODO Helm 4: Remove this check when GetPodList and OutputContainerLogsForPodList are moved from InterfaceLogs to Interface - if kubeClient, ok := cfg.KubeClient.(kube.InterfaceLogs); ok { - podList, err := kubeClient.GetPodList(namespace, listOptions) - if err != nil { - return err - } - err = kubeClient.OutputContainerLogsForPodList(podList, namespace, cfg.HookOutputFunc) + podList, err := cfg.KubeClient.GetPodList(namespace, listOptions) + if err != nil { return err } - return nil + + return cfg.KubeClient.OutputContainerLogsForPodList(podList, namespace, cfg.HookOutputFunc) } func (cfg *Configuration) deriveNamespace(h *release.Hook, namespace string) (string, error) { diff --git a/pkg/action/hooks_test.go b/pkg/action/hooks_test.go index ad1de2c59..02b70dda1 100644 --- a/pkg/action/hooks_test.go +++ b/pkg/action/hooks_test.go @@ -21,18 +21,20 @@ import ( "fmt" "io" "reflect" + "strings" "testing" "time" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/cli-runtime/pkg/resource" - chart "helm.sh/helm/v4/pkg/chart/v2" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/chart/common" "helm.sh/helm/v4/pkg/kube" kubefake "helm.sh/helm/v4/pkg/kube/fake" + rcommon "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" "helm.sh/helm/v4/pkg/storage" "helm.sh/helm/v4/pkg/storage/driver" @@ -113,15 +115,15 @@ spec: } func convertHooksToCommaSeparated(hookDefinitions []release.HookOutputLogPolicy) string { - var commaSeparated string + var commaSeparated strings.Builder for i, policy := range hookDefinitions { if i+1 == len(hookDefinitions) { - commaSeparated += policy.String() + commaSeparated.WriteString(policy.String()) } else { - commaSeparated += policy.String() + "," + commaSeparated.WriteString(policy.String() + ",") } } - return commaSeparated + return commaSeparated.String() } func TestInstallRelease_HookOutputLogsOnFailure(t *testing.T) { @@ -178,16 +180,19 @@ func runInstallForHooksWithSuccess(t *testing.T, manifest, expectedNamespace str outBuffer := &bytes.Buffer{} instAction.cfg.KubeClient = &kubefake.PrintingKubeClient{Out: io.Discard, LogOutput: outBuffer} - templates := []*chart.File{ - {Name: "templates/hello", Data: []byte("hello: world")}, - {Name: "templates/hooks", Data: []byte(manifest)}, + modTime := time.Now() + templates := []*common.File{ + {Name: "templates/hello", ModTime: modTime, Data: []byte("hello: world")}, + {Name: "templates/hooks", ModTime: modTime, Data: []byte(manifest)}, } vals := map[string]interface{}{} - res, err := instAction.Run(buildChartWithTemplates(templates), vals) + resi, err := instAction.Run(buildChartWithTemplates(templates), vals) + is.NoError(err) + res, err := releaserToV1Release(resi) is.NoError(err) is.Equal(expectedOutput, outBuffer.String()) - is.Equal(release.StatusDeployed, res.Info.Status) + is.Equal(rcommon.StatusDeployed, res.Info.Status) } func runInstallForHooksWithFailure(t *testing.T, manifest, expectedNamespace string, shouldOutput bool) { @@ -205,17 +210,20 @@ func runInstallForHooksWithFailure(t *testing.T, manifest, expectedNamespace str outBuffer := &bytes.Buffer{} failingClient.PrintingKubeClient = kubefake.PrintingKubeClient{Out: io.Discard, LogOutput: outBuffer} - templates := []*chart.File{ - {Name: "templates/hello", Data: []byte("hello: world")}, - {Name: "templates/hooks", Data: []byte(manifest)}, + modTime := time.Now() + templates := []*common.File{ + {Name: "templates/hello", ModTime: modTime, Data: []byte("hello: world")}, + {Name: "templates/hooks", ModTime: modTime, Data: []byte(manifest)}, } vals := map[string]interface{}{} - res, err := instAction.Run(buildChartWithTemplates(templates), vals) + resi, err := instAction.Run(buildChartWithTemplates(templates), vals) is.Error(err) + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "failed pre-install") is.Equal(expectedOutput, outBuffer.String()) - is.Equal(release.StatusFailed, res.Info.Status) + is.Equal(rcommon.StatusFailed, res.Info.Status) } type HookFailedError struct{} @@ -259,7 +267,7 @@ func (h *HookFailingKubeWaiter) WatchUntilReady(resources kube.ResourceList, _ t return nil } -func (h *HookFailingKubeClient) Delete(resources kube.ResourceList) (*kube.Result, []error) { +func (h *HookFailingKubeClient) Delete(resources kube.ResourceList, deletionPropagation metav1.DeletionPropagation) (*kube.Result, []error) { for _, res := range resources { h.deleteRecord = append(h.deleteRecord, resource.Info{ Name: res.Name, @@ -267,7 +275,7 @@ func (h *HookFailingKubeClient) Delete(resources kube.ResourceList) (*kube.Resul }) } - return h.PrintingKubeClient.Delete(resources) + return h.PrintingKubeClient.Delete(resources, deletionPropagation) } func (h *HookFailingKubeClient) GetWaiter(strategy kube.WaitStrategy) (kube.Waiter, error) { @@ -382,10 +390,11 @@ data: configuration := &Configuration{ Releases: storage.Init(driver.NewMemory()), KubeClient: kubeClient, - Capabilities: chartutil.DefaultCapabilities, + Capabilities: common.DefaultCapabilities, } - err := configuration.execHook(&tc.inputRelease, hookEvent, kube.StatusWatcherStrategy, 600) + serverSideApply := true + err := configuration.execHook(&tc.inputRelease, hookEvent, kube.StatusWatcherStrategy, 600, serverSideApply) if !reflect.DeepEqual(kubeClient.deleteRecord, tc.expectedDeleteRecord) { t.Fatalf("Got unexpected delete record, expected: %#v, but got: %#v", kubeClient.deleteRecord, tc.expectedDeleteRecord) @@ -401,3 +410,35 @@ data: }) } } + +func TestConfiguration_hookSetDeletePolicy(t *testing.T) { + tests := map[string]struct { + policies []release.HookDeletePolicy + expected []release.HookDeletePolicy + }{ + "no polices specified result in the default policy": { + policies: nil, + expected: []release.HookDeletePolicy{ + release.HookBeforeHookCreation, + }, + }, + "unknown policy is untouched": { + policies: []release.HookDeletePolicy{ + release.HookDeletePolicy("never"), + }, + expected: []release.HookDeletePolicy{ + release.HookDeletePolicy("never"), + }, + }, + } + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + cfg := &Configuration{} + h := &release.Hook{ + DeletePolicies: tt.policies, + } + cfg.hookSetDeletePolicy(h) + assert.Equal(t, tt.expected, h.DeletePolicies) + }) + } +} diff --git a/pkg/action/install.go b/pkg/action/install.go index 8f76eee7b..9008c06ec 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -26,10 +26,10 @@ import ( "log/slog" "net/url" "os" - "path" "path/filepath" "strings" "sync" + "sync/atomic" "text/template" "time" @@ -41,6 +41,9 @@ import ( "k8s.io/cli-runtime/pkg/resource" "sigs.k8s.io/yaml" + ci "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" chart "helm.sh/helm/v4/pkg/chart/v2" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/cli" @@ -48,11 +51,13 @@ import ( "helm.sh/helm/v4/pkg/getter" "helm.sh/helm/v4/pkg/kube" kubefake "helm.sh/helm/v4/pkg/kube/fake" - "helm.sh/helm/v4/pkg/postrender" + "helm.sh/helm/v4/pkg/postrenderer" "helm.sh/helm/v4/pkg/registry" - releaseutil "helm.sh/helm/v4/pkg/release/util" + ri "helm.sh/helm/v4/pkg/release" + rcommon "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" - "helm.sh/helm/v4/pkg/repo" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" + "helm.sh/helm/v4/pkg/repo/v1" "helm.sh/helm/v4/pkg/storage" "helm.sh/helm/v4/pkg/storage/driver" ) @@ -71,14 +76,19 @@ type Install struct { ChartPathOptions - ClientOnly bool // ForceReplace will, if set to `true`, ignore certain warnings and perform the install anyway. // // This should be used with caution. - ForceReplace bool + ForceReplace bool + // ForceConflicts causes server-side apply to force conflicts ("Overwrite value, become sole manager") + // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/#conflicts + ForceConflicts bool + // ServerSideApply when true (default) will enable changes to be applied via Kubernetes server-side apply + // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/ + ServerSideApply bool CreateNamespace bool - DryRun bool - DryRunOption string + // DryRunStrategy can be set to prepare, but not execute the operation and whether or not to interact with the remote cluster + DryRunStrategy DryRunStrategy // HideSecret can be set to true when DryRun is enabled in order to hide // Kubernetes Secrets in the output. It cannot be used outside of DryRun. HideSecret bool @@ -107,8 +117,8 @@ type Install struct { // KubeVersion allows specifying a custom kubernetes version to use and // APIVersions allows a manual set of supported API Versions to be passed // (for things like templating). These are ignored if ClientOnly is false - KubeVersion *chartutil.KubeVersion - APIVersions chartutil.VersionSet + KubeVersion *common.KubeVersion + APIVersions common.VersionSet // Used by helm template to render charts with .Release.IsUpgrade. Ignored if Dry-Run is false IsUpgrade bool // Enable DNS lookups when rendering templates @@ -118,9 +128,10 @@ type Install struct { UseReleaseName bool // TakeOwnership will ignore the check for helm annotations and take ownership of the resources. TakeOwnership bool - PostRenderer postrender.PostRenderer + PostRenderer postrenderer.PostRenderer // Lock to control raceconditions when the process receives a SIGTERM - Lock sync.Mutex + Lock sync.Mutex + goroutineCount atomic.Int32 } // ChartPathOptions captures common options used for controlling chart paths @@ -128,7 +139,7 @@ type ChartPathOptions struct { CaFile string // --ca-file CertFile string // --cert-file KeyFile string // --key-file - InsecureSkipTLSverify bool // --insecure-skip-verify + InsecureSkipTLSVerify bool // --insecure-skip-verify PlainHTTP bool // --plain-http Keyring string // --keyring Password string // --password @@ -146,7 +157,9 @@ type ChartPathOptions struct { // NewInstall creates a new Install object with the given configuration. func NewInstall(cfg *Configuration) *Install { in := &Install{ - cfg: cfg, + cfg: cfg, + ServerSideApply: true, + DryRunStrategy: DryRunNone, } in.registryClient = cfg.RegistryClient @@ -176,11 +189,11 @@ func (i *Install) installCRDs(crds []chart.CRD) error { // Send them to Kube if _, err := i.cfg.KubeClient.Create( res, - kube.ClientCreateOptionServerSideApply(false, false)); err != nil { + kube.ClientCreateOptionServerSideApply(i.ServerSideApply, i.ForceConflicts)); err != nil { // If the error is CRD already exists, continue. if apierrors.IsAlreadyExists(err) { crdName := res[0].Name - slog.Debug("CRD is already present. Skipping", "crd", crdName) + i.cfg.Logger().Debug("CRD is already present. Skipping", "crd", crdName) continue } return fmt.Errorf("failed to install CRD %s: %w", obj.Name, err) @@ -208,7 +221,7 @@ func (i *Install) installCRDs(crds []chart.CRD) error { return err } - slog.Debug("clearing discovery cache") + i.cfg.Logger().Debug("clearing discovery cache") discoveryClient.Invalidate() _, _ = discoveryClient.ServerGroups() @@ -221,7 +234,7 @@ func (i *Install) installCRDs(crds []chart.CRD) error { return err } if resettable, ok := restMapper.(meta.ResettableRESTMapper); ok { - slog.Debug("clearing REST mapper cache") + i.cfg.Logger().Debug("clearing REST mapper cache") resettable.Reset() } } @@ -232,7 +245,7 @@ func (i *Install) installCRDs(crds []chart.CRD) error { // // If DryRun is set to true, this will prepare the release, but not install it -func (i *Install) Run(chrt *chart.Chart, vals map[string]interface{}) (*release.Release, error) { +func (i *Install) Run(chrt ci.Charter, vals map[string]interface{}) (ri.Releaser, error) { ctx := context.Background() return i.RunWithContext(ctx, chrt, vals) } @@ -241,51 +254,55 @@ func (i *Install) Run(chrt *chart.Chart, vals map[string]interface{}) (*release. // // When the task is cancelled through ctx, the function returns and the install // proceeds in the background. -func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals map[string]interface{}) (*release.Release, error) { - // Check reachability of cluster unless in client-only mode (e.g. `helm template` without `--validate`) - if !i.ClientOnly { +func (i *Install) RunWithContext(ctx context.Context, ch ci.Charter, vals map[string]interface{}) (ri.Releaser, error) { + var chrt *chart.Chart + switch c := ch.(type) { + case *chart.Chart: + chrt = c + case chart.Chart: + chrt = &c + default: + return nil, errors.New("invalid chart apiVersion") + } + + if interactWithServer(i.DryRunStrategy) { if err := i.cfg.KubeClient.IsReachable(); err != nil { - slog.Error(fmt.Sprintf("cluster reachability check failed: %v", err)) + i.cfg.Logger().Error(fmt.Sprintf("cluster reachability check failed: %v", err)) return nil, fmt.Errorf("cluster reachability check failed: %w", err) } } // HideSecret must be used with dry run. Otherwise, return an error. - if !i.isDryRun() && i.HideSecret { - slog.Error("hiding Kubernetes secrets requires a dry-run mode") + if !isDryRun(i.DryRunStrategy) && i.HideSecret { + i.cfg.Logger().Error("hiding Kubernetes secrets requires a dry-run mode") return nil, errors.New("hiding Kubernetes secrets requires a dry-run mode") } if err := i.availableName(); err != nil { - slog.Error("release name check failed", slog.Any("error", err)) + i.cfg.Logger().Error("release name check failed", slog.Any("error", err)) return nil, fmt.Errorf("release name check failed: %w", err) } if err := chartutil.ProcessDependencies(chrt, vals); err != nil { - slog.Error("chart dependencies processing failed", slog.Any("error", err)) + i.cfg.Logger().Error("chart dependencies processing failed", slog.Any("error", err)) return nil, fmt.Errorf("chart dependencies processing failed: %w", err) } - var interactWithRemote bool - if !i.isDryRun() || i.DryRunOption == "server" || i.DryRunOption == "none" || i.DryRunOption == "false" { - interactWithRemote = true - } - // Pre-install anything in the crd/ directory. We do this before Helm // contacts the upstream server and builds the capabilities object. - if crds := chrt.CRDObjects(); !i.ClientOnly && !i.SkipCRDs && len(crds) > 0 { + if crds := chrt.CRDObjects(); interactWithServer(i.DryRunStrategy) && !i.SkipCRDs && len(crds) > 0 { // On dry run, bail here - if i.isDryRun() { - slog.Warn("This chart or one of its subcharts contains CRDs. Rendering may fail or contain inaccuracies.") + if isDryRun(i.DryRunStrategy) { + i.cfg.Logger().Warn("This chart or one of its subcharts contains CRDs. Rendering may fail or contain inaccuracies.") } else if err := i.installCRDs(crds); err != nil { return nil, err } } - if i.ClientOnly { + if !interactWithServer(i.DryRunStrategy) { // Add mock objects in here so it doesn't use Kube API server // NOTE(bacongobbler): used for `helm template` - i.cfg.Capabilities = chartutil.DefaultCapabilities.Copy() + i.cfg.Capabilities = common.DefaultCapabilities.Copy() if i.KubeVersion != nil { i.cfg.Capabilities.KubeVersion = *i.KubeVersion } @@ -295,8 +312,8 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma mem := driver.NewMemory() mem.SetNamespace(i.Namespace) i.cfg.Releases = storage.Init(mem) - } else if !i.ClientOnly && len(i.APIVersions) > 0 { - slog.Debug("API Version list given outside of client only mode, this list will be ignored") + } else if interactWithServer(i.DryRunStrategy) && len(i.APIVersions) > 0 { + i.cfg.Logger().Debug("API Version list given outside of client only mode, this list will be ignored") } // Make sure if RollbackOnFailure is set, that wait is set as well. This makes it so @@ -311,15 +328,15 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // special case for helm template --is-upgrade - isUpgrade := i.IsUpgrade && i.isDryRun() - options := chartutil.ReleaseOptions{ + isUpgrade := i.IsUpgrade && isDryRun(i.DryRunStrategy) + options := common.ReleaseOptions{ Name: i.ReleaseName, Namespace: i.Namespace, Revision: 1, IsInstall: !isUpgrade, IsUpgrade: isUpgrade, } - valuesToRender, err := chartutil.ToRenderValuesWithSchemaValidation(chrt, vals, options, caps, i.SkipSchemaValidation) + valuesToRender, err := util.ToRenderValuesWithSchemaValidation(chrt, vals, options, caps, i.SkipSchemaValidation) if err != nil { return nil, err } @@ -331,20 +348,20 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma rel := i.createRelease(chrt, vals, i.Labels) var manifestDoc *bytes.Buffer - rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, interactWithRemote, i.EnableDNS, i.HideSecret) + rel.Hooks, manifestDoc, rel.Info.Notes, err = i.cfg.renderResources(chrt, valuesToRender, i.ReleaseName, i.OutputDir, i.SubNotes, i.UseReleaseName, i.IncludeCRDs, i.PostRenderer, interactWithServer(i.DryRunStrategy), i.EnableDNS, i.HideSecret) // Even for errors, attach this if available if manifestDoc != nil { rel.Manifest = manifestDoc.String() } // Check error from render if err != nil { - rel.SetStatus(release.StatusFailed, fmt.Sprintf("failed to render resource: %s", err.Error())) + rel.SetStatus(rcommon.StatusFailed, fmt.Sprintf("failed to render resource: %s", err.Error())) // Return a release with partial data so that the client can show debugging information. return rel, err } // Mark this release as in-progress - rel.SetStatus(release.StatusPendingInstall, "Initial install underway") + rel.SetStatus(rcommon.StatusPendingInstall, "Initial install underway") var toBeAdopted kube.ResourceList resources, err := i.cfg.KubeClient.Build(bytes.NewBufferString(rel.Manifest), !i.DisableOpenAPIValidation) @@ -364,7 +381,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma // we'll end up in a state where we will delete those resources upon // deleting the release because the manifest will be pointing at that // resource - if !i.ClientOnly && !isUpgrade && len(resources) > 0 { + if interactWithServer(i.DryRunStrategy) && !isUpgrade && len(resources) > 0 { if i.TakeOwnership { toBeAdopted, err = requireAdoption(resources) } else { @@ -376,7 +393,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } // Bail out here if it is a dry run - if i.isDryRun() { + if isDryRun(i.DryRunStrategy) { rel.Info.Description = "Dry run complete" return rel, nil } @@ -404,7 +421,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } if _, err := i.cfg.KubeClient.Create( resourceList, - kube.ClientCreateOptionServerSideApply(false, false)); err != nil && !apierrors.IsAlreadyExists(err) { + kube.ClientCreateOptionServerSideApply(i.ServerSideApply, false)); err != nil && !apierrors.IsAlreadyExists(err) { return nil, err } } @@ -416,8 +433,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma } } - // Store the release in history before continuing (new in Helm 3). We always know - // that this is a create operation. + // Store the release in history before continuing. We always know that this is a create operation if err := i.cfg.Releases.Create(rel); err != nil { // We could try to recover gracefully here, but since nothing has been installed // yet, this is probably safer than trying to continue when we know storage is @@ -440,8 +456,10 @@ func (i *Install) performInstallCtx(ctx context.Context, rel *release.Release, t resultChan := make(chan Msg, 1) go func() { + i.goroutineCount.Add(1) rel, err := i.performInstall(rel, toBeAdopted, resources) resultChan <- Msg{rel, err} + i.goroutineCount.Add(-1) }() select { case <-ctx.Done(): @@ -452,19 +470,16 @@ func (i *Install) performInstallCtx(ctx context.Context, rel *release.Release, t } } -// isDryRun returns true if Upgrade is set to run as a DryRun -func (i *Install) isDryRun() bool { - if i.DryRun || i.DryRunOption == "client" || i.DryRunOption == "server" || i.DryRunOption == "true" { - return true - } - return false +// getGoroutineCount return the number of running routines +func (i *Install) getGoroutineCount() int32 { + return i.goroutineCount.Load() } func (i *Install) performInstall(rel *release.Release, toBeAdopted kube.ResourceList, resources kube.ResourceList) (*release.Release, error) { var err error // pre-install hooks if !i.DisableHooks { - if err := i.cfg.execHook(rel, release.HookPreInstall, i.WaitStrategy, i.Timeout); err != nil { + if err := i.cfg.execHook(rel, release.HookPreInstall, i.WaitStrategy, i.Timeout, i.ServerSideApply); err != nil { return rel, fmt.Errorf("failed pre-install: %s", err) } } @@ -475,15 +490,16 @@ func (i *Install) performInstall(rel *release.Release, toBeAdopted kube.Resource if len(toBeAdopted) == 0 && len(resources) > 0 { _, err = i.cfg.KubeClient.Create( resources, - kube.ClientCreateOptionServerSideApply(false, false)) + kube.ClientCreateOptionServerSideApply(i.ServerSideApply, false)) } else if len(resources) > 0 { - updateThreeWayMergeForUnstructured := i.TakeOwnership + updateThreeWayMergeForUnstructured := i.TakeOwnership && !i.ServerSideApply // Use three-way merge when taking ownership (and not using server-side apply) _, err = i.cfg.KubeClient.Update( toBeAdopted, resources, - kube.ClientUpdateOptionServerSideApply(false, false), + kube.ClientUpdateOptionForceReplace(i.ForceReplace), + kube.ClientUpdateOptionServerSideApply(i.ServerSideApply, i.ForceConflicts), kube.ClientUpdateOptionThreeWayMergeForUnstructured(updateThreeWayMergeForUnstructured), - kube.ClientUpdateOptionForceReplace(i.ForceReplace)) + kube.ClientUpdateOptionUpgradeClientSideFieldManager(true)) } if err != nil { return rel, err @@ -504,15 +520,15 @@ func (i *Install) performInstall(rel *release.Release, toBeAdopted kube.Resource } if !i.DisableHooks { - if err := i.cfg.execHook(rel, release.HookPostInstall, i.WaitStrategy, i.Timeout); err != nil { + if err := i.cfg.execHook(rel, release.HookPostInstall, i.WaitStrategy, i.Timeout, i.ServerSideApply); err != nil { return rel, fmt.Errorf("failed post-install: %s", err) } } if len(i.Description) > 0 { - rel.SetStatus(release.StatusDeployed, i.Description) + rel.SetStatus(rcommon.StatusDeployed, i.Description) } else { - rel.SetStatus(release.StatusDeployed, "Install complete") + rel.SetStatus(rcommon.StatusDeployed, "Install complete") } // This is a tricky case. The release has been created, but the result @@ -523,20 +539,21 @@ func (i *Install) performInstall(rel *release.Release, toBeAdopted kube.Resource // One possible strategy would be to do a timed retry to see if we can get // this stored in the future. if err := i.recordRelease(rel); err != nil { - slog.Error("failed to record the release", slog.Any("error", err)) + i.cfg.Logger().Error("failed to record the release", slog.Any("error", err)) } return rel, nil } func (i *Install) failRelease(rel *release.Release, err error) (*release.Release, error) { - rel.SetStatus(release.StatusFailed, fmt.Sprintf("Release %q failed: %s", i.ReleaseName, err.Error())) + rel.SetStatus(rcommon.StatusFailed, fmt.Sprintf("Release %q failed: %s", i.ReleaseName, err.Error())) if i.RollbackOnFailure { - slog.Debug("install failed and rollback-on-failure is set, uninstalling release", "release", i.ReleaseName) + i.cfg.Logger().Debug("install failed and rollback-on-failure is set, uninstalling release", "release", i.ReleaseName) uninstall := NewUninstall(i.cfg) uninstall.DisableHooks = i.DisableHooks uninstall.KeepHistory = false uninstall.Timeout = i.Timeout + uninstall.WaitStrategy = i.WaitStrategy if _, uninstallErr := uninstall.Run(i.ReleaseName); uninstallErr != nil { return rel, fmt.Errorf("an error occurred while uninstalling the release. original install error: %w: %w", err, uninstallErr) } @@ -561,7 +578,7 @@ func (i *Install) availableName() error { return fmt.Errorf("release name %q: %w", start, err) } // On dry run, bail here - if i.isDryRun() { + if isDryRun(i.DryRunStrategy) { return nil } @@ -569,19 +586,48 @@ func (i *Install) availableName() error { if err != nil || len(h) < 1 { return nil } - releaseutil.Reverse(h, releaseutil.SortByRevision) - rel := h[0] - if st := rel.Info.Status; i.Replace && (st == release.StatusUninstalled || st == release.StatusFailed) { + hl, err := releaseListToV1List(h) + if err != nil { + return err + } + + releaseutil.Reverse(hl, releaseutil.SortByRevision) + rel := hl[0] + + if st := rel.Info.Status; i.Replace && (st == rcommon.StatusUninstalled || st == rcommon.StatusFailed) { return nil } return errors.New("cannot reuse a name that is still in use") } +func releaseListToV1List(ls []ri.Releaser) ([]*release.Release, error) { + rls := make([]*release.Release, 0, len(ls)) + for _, val := range ls { + rel, err := releaserToV1Release(val) + if err != nil { + return nil, err + } + rls = append(rls, rel) + } + + return rls, nil +} + +func releaseV1ListToReleaserList(ls []*release.Release) ([]ri.Releaser, error) { + rls := make([]ri.Releaser, 0, len(ls)) + for _, val := range ls { + rls = append(rls, val) + } + + return rls, nil +} + // createRelease creates a new release object func (i *Install) createRelease(chrt *chart.Chart, rawVals map[string]interface{}, labels map[string]string) *release.Release { ts := i.cfg.Now() - return &release.Release{ + + r := &release.Release{ Name: i.ReleaseName, Namespace: i.Namespace, Chart: chrt, @@ -589,11 +635,14 @@ func (i *Install) createRelease(chrt *chart.Chart, rawVals map[string]interface{ Info: &release.Info{ FirstDeployed: ts, LastDeployed: ts, - Status: release.StatusUnknown, + Status: rcommon.StatusUnknown, }, - Version: 1, - Labels: labels, + Version: 1, + Labels: labels, + ApplyMethod: string(determineReleaseSSApplyMethod(i.ServerSideApply)), } + + return r } // recordRelease with an update operation in case reuse has been set. @@ -612,20 +661,24 @@ func (i *Install) replaceRelease(rel *release.Release) error { // No releases exist for this name, so we can return early return nil } + hl, err := releaseListToV1List(hist) + if err != nil { + return err + } - releaseutil.Reverse(hist, releaseutil.SortByRevision) - last := hist[0] + releaseutil.Reverse(hl, releaseutil.SortByRevision) + last := hl[0] // Update version to the next available rel.Version = last.Version + 1 // Do not change the status of a failed release. - if last.Info.Status == release.StatusFailed { + if last.Info.Status == rcommon.StatusFailed { return nil } // For any other status, mark it as superseded and store the old record - last.SetStatus(release.StatusSuperseded, "superseded by new release") + last.SetStatus(rcommon.StatusSuperseded, "superseded by new release") return i.recordRelease(last) } @@ -664,7 +717,7 @@ func createOrOpenFile(filename string, appendData bool) (*os.File, error) { // check if the directory exists to create file. creates if doesn't exist func ensureDirectoryForFile(file string) error { - baseDir := path.Dir(file) + baseDir := filepath.Dir(file) _, err := os.Stat(baseDir) if err != nil && !errors.Is(err, fs.ErrNotExist) { return err @@ -739,17 +792,30 @@ func TemplateName(nameTemplate string) (string, error) { } // CheckDependencies checks the dependencies for a chart. -func CheckDependencies(ch *chart.Chart, reqs []*chart.Dependency) error { +func CheckDependencies(ch ci.Charter, reqs []ci.Dependency) error { + ac, err := ci.NewAccessor(ch) + if err != nil { + return err + } + var missing []string OUTER: for _, r := range reqs { - for _, d := range ch.Dependencies() { - if d.Name() == r.Name { + rac, err := ci.NewDependencyAccessor(r) + if err != nil { + return err + } + for _, d := range ac.Dependencies() { + dac, err := ci.NewAccessor(d) + if err != nil { + return err + } + if dac.Name() == rac.Name() { continue OUTER } } - missing = append(missing, r.Name) + missing = append(missing, rac.Name()) } if len(missing) > 0 { @@ -782,7 +848,7 @@ func urlEqual(u1, u2 *url.URL) bool { // This does not ensure that the chart is well-formed; only that the requested filename exists. // // Order of resolution: -// - relative to current working directory +// - relative to current working directory when --repo flag is not presented // - if path is absolute or begins with '.', error out here // - URL // @@ -795,20 +861,22 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( name = strings.TrimSpace(name) version := strings.TrimSpace(c.Version) - if _, err := os.Stat(name); err == nil { - abs, err := filepath.Abs(name) - if err != nil { - return abs, err - } - if c.Verify { - if _, err := downloader.VerifyChart(abs, abs+".prov", c.Keyring); err != nil { - return "", err + if c.RepoURL == "" { + if _, err := os.Stat(name); err == nil { + abs, err := filepath.Abs(name) + if err != nil { + return abs, err + } + if c.Verify { + if _, err := downloader.VerifyChart(abs, abs+".prov", c.Keyring); err != nil { + return "", err + } } + return abs, nil + } + if filepath.IsAbs(name) || strings.HasPrefix(name, ".") { + return name, fmt.Errorf("path %q not found", name) } - return abs, nil - } - if filepath.IsAbs(name) || strings.HasPrefix(name, ".") { - return name, fmt.Errorf("path %q not found", name) } dl := downloader.ChartDownloader{ @@ -818,7 +886,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( Options: []getter.Option{ getter.WithPassCredentialsAll(c.PassCredentialsAll), getter.WithTLSClientConfig(c.CertFile, c.KeyFile, c.CaFile), - getter.WithInsecureSkipVerifyTLS(c.InsecureSkipTLSverify), + getter.WithInsecureSkipVerifyTLS(c.InsecureSkipTLSVerify), getter.WithPlainHTTP(c.PlainHTTP), getter.WithBasicAuth(c.Username, c.Password), }, @@ -843,7 +911,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( repo.WithChartVersion(version), repo.WithClientTLS(c.CertFile, c.KeyFile, c.CaFile), repo.WithUsernamePassword(c.Username, c.Password), - repo.WithInsecureSkipTLSverify(c.InsecureSkipTLSverify), + repo.WithInsecureSkipTLSVerify(c.InsecureSkipTLSVerify), repo.WithPassCredentialsAll(c.PassCredentialsAll), ) if err != nil { diff --git a/pkg/action/install_test.go b/pkg/action/install_test.go index f567b3df4..9f04f40d4 100644 --- a/pkg/action/install_test.go +++ b/pkg/action/install_test.go @@ -28,7 +28,6 @@ import ( "os" "path/filepath" "regexp" - "runtime" "strings" "testing" "time" @@ -45,13 +44,12 @@ import ( "k8s.io/client-go/rest/fake" "helm.sh/helm/v4/internal/test" - chart "helm.sh/helm/v4/pkg/chart/v2" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/chart/common" "helm.sh/helm/v4/pkg/kube" kubefake "helm.sh/helm/v4/pkg/kube/fake" + rcommon "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" "helm.sh/helm/v4/pkg/storage/driver" - helmtime "helm.sh/helm/v4/pkg/time" ) type nameTemplateTestCase struct { @@ -133,14 +131,19 @@ func TestInstallRelease(t *testing.T) { instAction := installAction(t) vals := map[string]interface{}{} ctx, done := context.WithCancel(t.Context()) - res, err := instAction.RunWithContext(ctx, buildChart(), vals) + resi, err := instAction.RunWithContext(ctx, buildChart(), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) is.Equal(res.Name, "test-install-release", "Expected release name.") is.Equal(res.Namespace, "spaced") - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) + is.NoError(err) + + rel, err := releaserToV1Release(r) is.NoError(err) is.Len(rel.Hooks, 1) @@ -159,7 +162,9 @@ func TestInstallRelease(t *testing.T) { time.Sleep(time.Millisecond * 100) lastRelease, err := instAction.cfg.Releases.Last(rel.Name) req.NoError(err) - is.Equal(lastRelease.Info.Status, release.StatusDeployed) + lrel, err := releaserToV1Release(lastRelease) + is.NoError(err) + is.Equal(lrel.Info.Status, rcommon.StatusDeployed) } func TestInstallReleaseWithTakeOwnership_ResourceNotOwned(t *testing.T) { @@ -178,12 +183,17 @@ func TestInstallReleaseWithTakeOwnership_ResourceNotOwned(t *testing.T) { config := actionConfigFixtureWithDummyResources(t, createDummyResourceList(false)) instAction := installActionWithConfig(config) instAction.TakeOwnership = true - res, err := instAction.Run(buildChart(), nil) + resi, err := instAction.Run(buildChart(), nil) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) + is.NoError(err) + + rel, err := releaserToV1Release(r) is.NoError(err) is.Equal(rel.Info.Description, "Install complete") @@ -196,11 +206,16 @@ func TestInstallReleaseWithTakeOwnership_ResourceOwned(t *testing.T) { config := actionConfigFixtureWithDummyResources(t, createDummyResourceList(true)) instAction := installActionWithConfig(config) instAction.TakeOwnership = false - res, err := instAction.Run(buildChart(), nil) + resi, err := instAction.Run(buildChart(), nil) if err != nil { t.Fatalf("Failed install: %s", err) } - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) + res, err := releaserToV1Release(resi) + is.NoError(err) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) + is.NoError(err) + + rel, err := releaserToV1Release(r) is.NoError(err) is.Equal(rel.Info.Description, "Install complete") @@ -230,14 +245,19 @@ func TestInstallReleaseWithValues(t *testing.T) { "simpleKey": "simpleValue", }, } - res, err := instAction.Run(buildChart(withSampleValues()), userVals) + resi, err := instAction.Run(buildChart(withSampleValues()), userVals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) is.Equal(res.Name, "test-install-release", "Expected release name.") is.Equal(res.Namespace, "spaced") - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) + is.NoError(err) + + rel, err := releaserToV1Release(r) is.NoError(err) is.Len(rel.Hooks, 1) @@ -252,16 +272,6 @@ func TestInstallReleaseWithValues(t *testing.T) { is.Equal(expectedUserValues, rel.Config) } -func TestInstallReleaseClientOnly(t *testing.T) { - is := assert.New(t) - instAction := installAction(t) - instAction.ClientOnly = true - instAction.Run(buildChart(), nil) // disregard output - - is.Equal(instAction.cfg.Capabilities, chartutil.DefaultCapabilities) - is.Equal(instAction.cfg.KubeClient, &kubefake.PrintingKubeClient{Out: io.Discard}) -} - func TestInstallRelease_NoName(t *testing.T) { instAction := installAction(t) instAction.ReleaseName = "" @@ -278,15 +288,19 @@ func TestInstallRelease_WithNotes(t *testing.T) { instAction := installAction(t) instAction.ReleaseName = "with-notes" vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(withNotes("note here")), vals) + resi, err := instAction.Run(buildChart(withNotes("note here")), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) is.Equal(res.Name, "with-notes") is.Equal(res.Namespace, "spaced") - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) + is.NoError(err) + rel, err := releaserToV1Release(r) is.NoError(err) is.Len(rel.Hooks, 1) is.Equal(rel.Hooks[0].Manifest, manifestWithHook) @@ -305,12 +319,16 @@ func TestInstallRelease_WithNotesRendered(t *testing.T) { instAction := installAction(t) instAction.ReleaseName = "with-notes" vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(withNotes("got-{{.Release.Name}}")), vals) + resi, err := instAction.Run(buildChart(withNotes("got-{{.Release.Name}}")), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) + is.NoError(err) + rel, err := releaserToV1Release(r) is.NoError(err) expectedNotes := fmt.Sprintf("got-%s", res.Name) @@ -324,14 +342,18 @@ func TestInstallRelease_WithChartAndDependencyParentNotes(t *testing.T) { instAction := installAction(t) instAction.ReleaseName = "with-notes" vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(withNotes("parent"), withDependency(withNotes("child"))), vals) + resi, err := instAction.Run(buildChart(withNotes("parent"), withDependency(withNotes("child"))), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) - is.Equal("with-notes", rel.Name) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) is.NoError(err) + rel, err := releaserToV1Release(r) + is.NoError(err) + is.Equal("with-notes", rel.Name) is.Equal("parent", rel.Info.Notes) is.Equal(rel.Info.Description, "Install complete") } @@ -343,14 +365,18 @@ func TestInstallRelease_WithChartAndDependencyAllNotes(t *testing.T) { instAction.ReleaseName = "with-notes" instAction.SubNotes = true vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(withNotes("parent"), withDependency(withNotes("child"))), vals) + resi, err := instAction.Run(buildChart(withNotes("parent"), withDependency(withNotes("child"))), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) - rel, err := instAction.cfg.Releases.Get(res.Name, res.Version) - is.Equal("with-notes", rel.Name) + r, err := instAction.cfg.Releases.Get(res.Name, res.Version) is.NoError(err) + rel, err := releaserToV1Release(r) + is.NoError(err) + is.Equal("with-notes", rel.Name) // test run can return as either 'parent\nchild' or 'child\nparent' if !strings.Contains(rel.Info.Notes, "parent") && !strings.Contains(rel.Info.Notes, "child") { t.Fatalf("Expected 'parent\nchild' or 'child\nparent', got '%s'", rel.Info.Notes) @@ -358,27 +384,32 @@ func TestInstallRelease_WithChartAndDependencyAllNotes(t *testing.T) { is.Equal(rel.Info.Description, "Install complete") } -func TestInstallRelease_DryRun(t *testing.T) { - is := assert.New(t) - instAction := installAction(t) - instAction.DryRun = true - vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(withSampleTemplates()), vals) - if err != nil { - t.Fatalf("Failed install: %s", err) - } +func TestInstallRelease_DryRunClient(t *testing.T) { + for _, dryRunStrategy := range []DryRunStrategy{DryRunClient, DryRunServer} { + is := assert.New(t) + instAction := installAction(t) + instAction.DryRunStrategy = dryRunStrategy - is.Contains(res.Manifest, "---\n# Source: hello/templates/hello\nhello: world") - is.Contains(res.Manifest, "---\n# Source: hello/templates/goodbye\ngoodbye: world") - is.Contains(res.Manifest, "hello: Earth") - is.NotContains(res.Manifest, "hello: {{ template \"_planet\" . }}") - is.NotContains(res.Manifest, "empty") + vals := map[string]interface{}{} + resi, err := instAction.Run(buildChart(withSampleTemplates()), vals) + if err != nil { + t.Fatalf("Failed install: %s", err) + } + res, err := releaserToV1Release(resi) + is.NoError(err) - _, err = instAction.cfg.Releases.Get(res.Name, res.Version) - is.Error(err) - is.Len(res.Hooks, 1) - is.True(res.Hooks[0].LastRun.CompletedAt.IsZero(), "expect hook to not be marked as run") - is.Equal(res.Info.Description, "Dry run complete") + is.Contains(res.Manifest, "---\n# Source: hello/templates/hello\nhello: world") + is.Contains(res.Manifest, "---\n# Source: hello/templates/goodbye\ngoodbye: world") + is.Contains(res.Manifest, "hello: Earth") + is.NotContains(res.Manifest, "hello: {{ template \"_planet\" . }}") + is.NotContains(res.Manifest, "empty") + + _, err = instAction.cfg.Releases.Get(res.Name, res.Version) + is.Error(err) + is.Len(res.Hooks, 1) + is.True(res.Hooks[0].LastRun.CompletedAt.IsZero(), "expect hook to not be marked as run") + is.Equal(res.Info.Description, "Dry run complete") + } } func TestInstallRelease_DryRunHiddenSecret(t *testing.T) { @@ -386,12 +417,14 @@ func TestInstallRelease_DryRunHiddenSecret(t *testing.T) { instAction := installAction(t) // First perform a normal dry-run with the secret and confirm its presence. - instAction.DryRun = true + instAction.DryRunStrategy = DryRunClient vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(withSampleSecret(), withSampleTemplates()), vals) + resi, err := instAction.Run(buildChart(withSampleSecret(), withSampleTemplates()), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Manifest, "---\n# Source: hello/templates/secret.yaml\napiVersion: v1\nkind: Secret") _, err = instAction.cfg.Releases.Get(res.Name, res.Version) @@ -401,10 +434,12 @@ func TestInstallRelease_DryRunHiddenSecret(t *testing.T) { // Perform a dry-run where the secret should not be present instAction.HideSecret = true vals = map[string]interface{}{} - res2, err := instAction.Run(buildChart(withSampleSecret(), withSampleTemplates()), vals) + res2i, err := instAction.Run(buildChart(withSampleSecret(), withSampleTemplates()), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res2, err := releaserToV1Release(res2i) + is.NoError(err) is.NotContains(res2.Manifest, "---\n# Source: hello/templates/secret.yaml\napiVersion: v1\nkind: Secret") @@ -413,7 +448,7 @@ func TestInstallRelease_DryRunHiddenSecret(t *testing.T) { is.Equal(res2.Info.Description, "Dry run complete") // Ensure there is an error when HideSecret True but not in a dry-run mode - instAction.DryRun = false + instAction.DryRunStrategy = DryRunNone vals = map[string]interface{}{} _, err = instAction.Run(buildChart(withSampleSecret(), withSampleTemplates()), vals) if err == nil { @@ -425,19 +460,22 @@ func TestInstallRelease_DryRunHiddenSecret(t *testing.T) { func TestInstallRelease_DryRun_Lookup(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = true + instAction.DryRunStrategy = DryRunNone vals := map[string]interface{}{} mockChart := buildChart(withSampleTemplates()) - mockChart.Templates = append(mockChart.Templates, &chart.File{ - Name: "templates/lookup", - Data: []byte(`goodbye: {{ lookup "v1" "Namespace" "" "___" }}`), + mockChart.Templates = append(mockChart.Templates, &common.File{ + Name: "templates/lookup", + ModTime: time.Now(), + Data: []byte(`goodbye: {{ lookup "v1" "Namespace" "" "___" }}`), }) - res, err := instAction.Run(mockChart, vals) + resi, err := instAction.Run(mockChart, vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Manifest, "goodbye: map[]") } @@ -445,7 +483,7 @@ func TestInstallRelease_DryRun_Lookup(t *testing.T) { func TestInstallReleaseIncorrectTemplate_DryRun(t *testing.T) { is := assert.New(t) instAction := installAction(t) - instAction.DryRun = true + instAction.DryRunStrategy = DryRunNone vals := map[string]interface{}{} _, err := instAction.Run(buildChart(withSampleIncludingIncorrectTemplates()), vals) expectedErr := `hello/templates/incorrect:1:10 @@ -454,9 +492,7 @@ func TestInstallReleaseIncorrectTemplate_DryRun(t *testing.T) { if err == nil { t.Fatalf("Install should fail containing error: %s", expectedErr) } - if err != nil { - is.Contains(err.Error(), expectedErr) - } + is.Contains(err.Error(), expectedErr) } func TestInstallRelease_NoHooks(t *testing.T) { @@ -467,10 +503,12 @@ func TestInstallRelease_NoHooks(t *testing.T) { instAction.cfg.Releases.Create(releaseStub()) vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(), vals) + resi, err := instAction.Run(buildChart(), vals) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) is.True(res.Hooks[0].LastRun.CompletedAt.IsZero(), "hooks should not run with no-hooks") } @@ -486,11 +524,13 @@ func TestInstallRelease_FailedHooks(t *testing.T) { failer.PrintingKubeClient = kubefake.PrintingKubeClient{Out: io.Discard, LogOutput: outBuffer} vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(), vals) + resi, err := instAction.Run(buildChart(), vals) is.Error(err) + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "failed post-install") is.Equal("", outBuffer.String()) - is.Equal(release.StatusFailed, res.Info.Status) + is.Equal(rcommon.StatusFailed, res.Info.Status) } func TestInstallRelease_ReplaceRelease(t *testing.T) { @@ -499,21 +539,25 @@ func TestInstallRelease_ReplaceRelease(t *testing.T) { instAction.Replace = true rel := releaseStub() - rel.Info.Status = release.StatusUninstalled + rel.Info.Status = rcommon.StatusUninstalled instAction.cfg.Releases.Create(rel) instAction.ReleaseName = rel.Name vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(), vals) + resi, err := instAction.Run(buildChart(), vals) + is.NoError(err) + res, err := releaserToV1Release(resi) is.NoError(err) // This should have been auto-incremented is.Equal(2, res.Version) is.Equal(res.Name, rel.Name) - getres, err := instAction.cfg.Releases.Get(rel.Name, res.Version) + r, err := instAction.cfg.Releases.Get(rel.Name, res.Version) + is.NoError(err) + getres, err := releaserToV1Release(r) is.NoError(err) - is.Equal(getres.Info.Status, release.StatusDeployed) + is.Equal(getres.Info.Status, rcommon.StatusDeployed) } func TestInstallRelease_KubeVersion(t *testing.T) { @@ -541,14 +585,16 @@ func TestInstallRelease_Wait(t *testing.T) { instAction.WaitStrategy = kube.StatusWatcherStrategy vals := map[string]interface{}{} - goroutines := runtime.NumGoroutine() + goroutines := instAction.getGoroutineCount() - res, err := instAction.Run(buildChart(), vals) + resi, err := instAction.Run(buildChart(), vals) is.Error(err) + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "I timed out") - is.Equal(res.Info.Status, release.StatusFailed) + is.Equal(res.Info.Status, rcommon.StatusFailed) - is.Equal(goroutines, runtime.NumGoroutine()) + is.Equal(goroutines, instAction.getGoroutineCount()) } func TestInstallRelease_Wait_Interrupted(t *testing.T) { is := assert.New(t) @@ -563,15 +609,15 @@ func TestInstallRelease_Wait_Interrupted(t *testing.T) { ctx, cancel := context.WithCancel(t.Context()) time.AfterFunc(time.Second, cancel) - goroutines := runtime.NumGoroutine() + goroutines := instAction.getGoroutineCount() _, err := instAction.RunWithContext(ctx, buildChart(), vals) is.Error(err) is.Contains(err.Error(), "context canceled") - is.Equal(goroutines+1, runtime.NumGoroutine()) // installation goroutine still is in background - time.Sleep(10 * time.Second) // wait for goroutine to finish - is.Equal(goroutines, runtime.NumGoroutine()) + is.Equal(goroutines+1, instAction.getGoroutineCount()) // installation goroutine still is in background + time.Sleep(10 * time.Second) // wait for goroutine to finish + is.Equal(goroutines, instAction.getGoroutineCount()) } func TestInstallRelease_WaitForJobs(t *testing.T) { is := assert.New(t) @@ -584,10 +630,12 @@ func TestInstallRelease_WaitForJobs(t *testing.T) { instAction.WaitForJobs = true vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(), vals) + resi, err := instAction.Run(buildChart(), vals) is.Error(err) + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "I timed out") - is.Equal(res.Info.Status, release.StatusFailed) + is.Equal(res.Info.Status, rcommon.StatusFailed) } func TestInstallRelease_RollbackOnFailure(t *testing.T) { @@ -605,11 +653,13 @@ func TestInstallRelease_RollbackOnFailure(t *testing.T) { instAction.DisableHooks = true vals := map[string]interface{}{} - res, err := instAction.Run(buildChart(), vals) + resi, err := instAction.Run(buildChart(), vals) is.Error(err) is.Contains(err.Error(), "I timed out") is.Contains(err.Error(), "rollback-on-failure") + res, err := releaserToV1Release(resi) + is.NoError(err) // Now make sure it isn't in storage anymore _, err = instAction.cfg.Releases.Get(res.Name, res.Version) is.Error(err) @@ -647,21 +697,23 @@ func TestInstallRelease_RollbackOnFailure_Interrupted(t *testing.T) { ctx, cancel := context.WithCancel(t.Context()) time.AfterFunc(time.Second, cancel) - goroutines := runtime.NumGoroutine() + goroutines := instAction.getGoroutineCount() - res, err := instAction.RunWithContext(ctx, buildChart(), vals) + resi, err := instAction.RunWithContext(ctx, buildChart(), vals) is.Error(err) is.Contains(err.Error(), "context canceled") is.Contains(err.Error(), "rollback-on-failure") is.Contains(err.Error(), "uninstalled") + res, err := releaserToV1Release(resi) + is.NoError(err) // Now make sure it isn't in storage anymore _, err = instAction.cfg.Releases.Get(res.Name, res.Version) is.Error(err) is.Equal(err, driver.ErrReleaseNotFound) - is.Equal(goroutines+1, runtime.NumGoroutine()) // installation goroutine still is in background - time.Sleep(10 * time.Second) // wait for goroutine to finish - is.Equal(goroutines, runtime.NumGoroutine()) + is.Equal(goroutines+1, instAction.getGoroutineCount()) // installation goroutine still is in background + time.Sleep(10 * time.Second) // wait for goroutine to finish + is.Equal(goroutines, instAction.getGoroutineCount()) } func TestNameTemplate(t *testing.T) { @@ -860,32 +912,32 @@ func TestNameAndChartGenerateName(t *testing.T) { { "local filepath", "./chart", - fmt.Sprintf("chart-%d", helmtime.Now().Unix()), + fmt.Sprintf("chart-%d", time.Now().Unix()), }, { "dot filepath", ".", - fmt.Sprintf("chart-%d", helmtime.Now().Unix()), + fmt.Sprintf("chart-%d", time.Now().Unix()), }, { "empty filepath", "", - fmt.Sprintf("chart-%d", helmtime.Now().Unix()), + fmt.Sprintf("chart-%d", time.Now().Unix()), }, { "packaged chart", "chart.tgz", - fmt.Sprintf("chart-%d", helmtime.Now().Unix()), + fmt.Sprintf("chart-%d", time.Now().Unix()), }, { "packaged chart with .tar.gz extension", "chart.tar.gz", - fmt.Sprintf("chart-%d", helmtime.Now().Unix()), + fmt.Sprintf("chart-%d", time.Now().Unix()), }, { "packaged chart with local extension", "./chart.tgz", - fmt.Sprintf("chart-%d", helmtime.Now().Unix()), + fmt.Sprintf("chart-%d", time.Now().Unix()), }, } @@ -911,10 +963,12 @@ func TestInstallWithLabels(t *testing.T) { "key1": "val1", "key2": "val2", } - res, err := instAction.Run(buildChart(), nil) + resi, err := instAction.Run(buildChart(), nil) if err != nil { t.Fatalf("Failed install: %s", err) } + res, err := releaserToV1Release(resi) + is.NoError(err) is.Equal(instAction.Labels, res.Labels) } @@ -998,3 +1052,19 @@ func TestUrlEqual(t *testing.T) { }) } } + +func TestInstallRun_UnreachableKubeClient(t *testing.T) { + config := actionConfigFixture(t) + failingKubeClient := kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, DummyResources: nil} + failingKubeClient.ConnectionError = errors.New("connection refused") + config.KubeClient = &failingKubeClient + + instAction := NewInstall(config) + ctx, done := context.WithCancel(t.Context()) + chrt := buildChart() + res, err := instAction.RunWithContext(ctx, chrt, nil) + + done() + assert.Nil(t, res) + assert.ErrorContains(t, err, "connection refused") +} diff --git a/pkg/action/lint.go b/pkg/action/lint.go index 7b3c00ad2..208fd4637 100644 --- a/pkg/action/lint.go +++ b/pkg/action/lint.go @@ -22,9 +22,10 @@ import ( "path/filepath" "strings" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/v2/lint" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint" - "helm.sh/helm/v4/pkg/lint/support" ) // Lint is the action for checking that the semantics of a chart are well-formed. @@ -36,7 +37,7 @@ type Lint struct { WithSubcharts bool Quiet bool SkipSchemaValidation bool - KubeVersion *chartutil.KubeVersion + KubeVersion *common.KubeVersion } // LintResult is the result of Lint @@ -86,7 +87,7 @@ func HasWarningsOrErrors(result *LintResult) bool { return len(result.Errors) > 0 } -func lintChart(path string, vals map[string]interface{}, namespace string, kubeVersion *chartutil.KubeVersion, skipSchemaValidation bool) (support.Linter, error) { +func lintChart(path string, vals map[string]interface{}, namespace string, kubeVersion *common.KubeVersion, skipSchemaValidation bool) (support.Linter, error) { var chartPath string linter := support.Linter{} diff --git a/pkg/action/list.go b/pkg/action/list.go index 82500582f..06727bd9a 100644 --- a/pkg/action/list.go +++ b/pkg/action/list.go @@ -22,8 +22,9 @@ import ( "k8s.io/apimachinery/pkg/labels" - releaseutil "helm.sh/helm/v4/pkg/release/util" + ri "helm.sh/helm/v4/pkg/release" release "helm.sh/helm/v4/pkg/release/v1" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" ) // ListStates represents zero or more status codes that a list item may have set @@ -139,13 +140,13 @@ type List struct { // NewList constructs a new *List func NewList(cfg *Configuration) *List { return &List{ - StateMask: ListDeployed | ListFailed, + StateMask: ListAll, cfg: cfg, } } // Run executes the list command, returning a set of matches. -func (l *List) Run() ([]*release.Release, error) { +func (l *List) Run() ([]ri.Releaser, error) { if err := l.cfg.KubeClient.IsReachable(); err != nil { return nil, err } @@ -159,9 +160,13 @@ func (l *List) Run() ([]*release.Release, error) { } } - results, err := l.cfg.Releases.List(func(rel *release.Release) bool { + results, err := l.cfg.Releases.List(func(rel ri.Releaser) bool { + r, err := releaserToV1Release(rel) + if err != nil { + return false + } // Skip anything that doesn't match the filter. - if filter != nil && !filter.MatchString(rel.Name) { + if filter != nil && !filter.MatchString(r.Name) { return false } @@ -176,30 +181,35 @@ func (l *List) Run() ([]*release.Release, error) { return results, nil } + rresults, err := releaseListToV1List(results) + if err != nil { + return nil, err + } + // by definition, superseded releases are never shown if // only the latest releases are returned. so if requested statemask // is _only_ ListSuperseded, skip the latest release filter if l.StateMask != ListSuperseded { - results = filterLatestReleases(results) + rresults = filterLatestReleases(rresults) } // State mask application must occur after filtering to // latest releases, otherwise outdated entries can be returned - results = l.filterStateMask(results) + rresults = l.filterStateMask(rresults) // Skip anything that doesn't match the selector selectorObj, err := labels.Parse(l.Selector) if err != nil { return nil, err } - results = l.filterSelector(results, selectorObj) + rresults = l.filterSelector(rresults, selectorObj) // Unfortunately, we have to sort before truncating, which can incur substantial overhead - l.sort(results) + l.sort(rresults) // Guard on offset - if l.Offset >= len(results) { - return []*release.Release{}, nil + if l.Offset >= len(rresults) { + return releaseV1ListToReleaserList([]*release.Release{}) } // Calculate the limit and offset, and then truncate results if necessary. @@ -208,12 +218,12 @@ func (l *List) Run() ([]*release.Release, error) { limit = l.Limit } last := l.Offset + limit - if l := len(results); l < last { + if l := len(rresults); l < last { last = l } - results = results[l.Offset:last] + rresults = rresults[l.Offset:last] - return results, err + return releaseV1ListToReleaserList(rresults) } // sort is an in-place sort where order is based on the value of a.Sort @@ -317,7 +327,7 @@ func (l *List) SetStateMask() { // Apply a default if state == 0 { - state = ListDeployed | ListFailed + state = ListAll } l.StateMask = state diff --git a/pkg/action/list_test.go b/pkg/action/list_test.go index b6f89fa1e..643bcea42 100644 --- a/pkg/action/list_test.go +++ b/pkg/action/list_test.go @@ -17,10 +17,15 @@ limitations under the License. package action import ( + "errors" + "io" "testing" "github.com/stretchr/testify/assert" + kubefake "helm.sh/helm/v4/pkg/kube/fake" + ri "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" "helm.sh/helm/v4/pkg/storage" ) @@ -93,8 +98,11 @@ func TestList_Sort(t *testing.T) { lister := newListFixture(t) lister.Sort = ByNameDesc // Other sorts are tested elsewhere makeMeSomeReleases(t, lister.cfg.Releases) - list, err := lister.Run() + l, err := lister.Run() + is.NoError(err) + list, err := releaseListToV1List(l) is.NoError(err) + is.Len(list, 3) is.Equal("two", list[0].Name) is.Equal("three", list[1].Name) @@ -106,7 +114,9 @@ func TestList_Limit(t *testing.T) { lister := newListFixture(t) lister.Limit = 2 makeMeSomeReleases(t, lister.cfg.Releases) - list, err := lister.Run() + l, err := lister.Run() + is.NoError(err) + list, err := releaseListToV1List(l) is.NoError(err) is.Len(list, 2) // Lex order means one, three, two @@ -119,7 +129,9 @@ func TestList_BigLimit(t *testing.T) { lister := newListFixture(t) lister.Limit = 20 makeMeSomeReleases(t, lister.cfg.Releases) - list, err := lister.Run() + l, err := lister.Run() + is.NoError(err) + list, err := releaseListToV1List(l) is.NoError(err) is.Len(list, 3) @@ -135,7 +147,9 @@ func TestList_LimitOffset(t *testing.T) { lister.Limit = 2 lister.Offset = 1 makeMeSomeReleases(t, lister.cfg.Releases) - list, err := lister.Run() + l, err := lister.Run() + is.NoError(err) + list, err := releaseListToV1List(l) is.NoError(err) is.Len(list, 2) @@ -165,23 +179,45 @@ func TestList_StateMask(t *testing.T) { is := assert.New(t) lister := newListFixture(t) makeMeSomeReleases(t, lister.cfg.Releases) - one, err := lister.cfg.Releases.Get("one", 1) + oner, err := lister.cfg.Releases.Get("one", 1) is.NoError(err) - one.SetStatus(release.StatusUninstalled, "uninstalled") + + var one release.Release + switch v := oner.(type) { + case release.Release: + one = v + case *release.Release: + one = *v + default: + t.Fatal("unsupported release type") + } + + one.SetStatus(common.StatusUninstalled, "uninstalled") err = lister.cfg.Releases.Update(one) is.NoError(err) res, err := lister.Run() is.NoError(err) - is.Len(res, 2) - is.Equal("three", res[0].Name) - is.Equal("two", res[1].Name) + is.Len(res, 3) + + ac0, err := ri.NewAccessor(res[0]) + is.NoError(err) + ac1, err := ri.NewAccessor(res[1]) + is.NoError(err) + ac2, err := ri.NewAccessor(res[2]) + is.NoError(err) + + is.Equal("one", ac0.Name()) + is.Equal("three", ac1.Name()) + is.Equal("two", ac2.Name()) lister.StateMask = ListUninstalled res, err = lister.Run() is.NoError(err) is.Len(res, 1) - is.Equal("one", res[0].Name) + ac0, err = ri.NewAccessor(res[0]) + is.NoError(err) + is.Equal("one", ac0.Name()) lister.StateMask |= ListDeployed res, err = lister.Run() @@ -203,28 +239,30 @@ func TestList_StateMaskWithStaleRevisions(t *testing.T) { // "dirty" release should _not_ be present as most recent // release is deployed despite failed release in past - is.Equal("failed", res[0].Name) + ac0, err := ri.NewAccessor(res[0]) + is.NoError(err) + is.Equal("failed", ac0.Name()) } func makeMeSomeReleasesWithStaleFailure(t *testing.T, store *storage.Storage) { t.Helper() - one := namedReleaseStub("clean", release.StatusDeployed) + one := namedReleaseStub("clean", common.StatusDeployed) one.Namespace = "default" one.Version = 1 - two := namedReleaseStub("dirty", release.StatusDeployed) + two := namedReleaseStub("dirty", common.StatusDeployed) two.Namespace = "default" two.Version = 1 - three := namedReleaseStub("dirty", release.StatusFailed) + three := namedReleaseStub("dirty", common.StatusFailed) three.Namespace = "default" three.Version = 2 - four := namedReleaseStub("dirty", release.StatusDeployed) + four := namedReleaseStub("dirty", common.StatusDeployed) four.Namespace = "default" four.Version = 3 - five := namedReleaseStub("failed", release.StatusFailed) + five := namedReleaseStub("failed", common.StatusFailed) five.Namespace = "default" five.Version = 1 @@ -248,7 +286,9 @@ func TestList_Filter(t *testing.T) { res, err := lister.Run() is.NoError(err) is.Len(res, 1) - is.Equal("three", res[0].Name) + ac0, err := ri.NewAccessor(res[0]) + is.NoError(err) + is.Equal("three", ac0.Name()) } func TestList_FilterFailsCompile(t *testing.T) { @@ -367,3 +407,16 @@ func TestSelectorList(t *testing.T) { assert.ElementsMatch(t, expectedFilteredList, res) }) } + +func TestListRun_UnreachableKubeClient(t *testing.T) { + config := actionConfigFixture(t) + failingKubeClient := kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, DummyResources: nil} + failingKubeClient.ConnectionError = errors.New("connection refused") + config.KubeClient = &failingKubeClient + + lister := NewList(config) + result, err := lister.Run() + + assert.Nil(t, result) + assert.ErrorContains(t, err, "connection refused") +} diff --git a/pkg/action/package.go b/pkg/action/package.go index e57ce4921..963883707 100644 --- a/pkg/action/package.go +++ b/pkg/action/package.go @@ -21,12 +21,16 @@ import ( "errors" "fmt" "os" + "path/filepath" "syscall" "github.com/Masterminds/semver/v3" "golang.org/x/term" + "sigs.k8s.io/yaml" - "helm.sh/helm/v4/pkg/chart/v2/loader" + ci "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/loader" + chart "helm.sh/helm/v4/pkg/chart/v2" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/provenance" ) @@ -53,7 +57,7 @@ type Package struct { CertFile string KeyFile string CaFile string - InsecureSkipTLSverify bool + InsecureSkipTLSVerify bool } const ( @@ -67,7 +71,21 @@ func NewPackage() *Package { // Run executes 'helm package' against the given chart and returns the path to the packaged chart. func (p *Package) Run(path string, _ map[string]interface{}) (string, error) { - ch, err := loader.LoadDir(path) + chrt, err := loader.LoadDir(path) + if err != nil { + return "", err + } + var ch *chart.Chart + switch c := chrt.(type) { + case *chart.Chart: + ch = c + case chart.Chart: + ch = &c + default: + return "", errors.New("invalid chart apiVersion") + } + + ac, err := ci.NewAccessor(ch) if err != nil { return "", err } @@ -85,7 +103,7 @@ func (p *Package) Run(path string, _ map[string]interface{}) (string, error) { ch.Metadata.AppVersion = p.AppVersion } - if reqs := ch.Metadata.Dependencies; reqs != nil { + if reqs := ac.MetaDependencies(); reqs != nil { if err := CheckDependencies(ch, reqs); err != nil { return "", err } @@ -143,7 +161,35 @@ func (p *Package) Clearsign(filename string) error { return err } - sig, err := signer.ClearSign(filename) + // Load the chart archive to extract metadata + chrt, err := loader.LoadFile(filename) + if err != nil { + return fmt.Errorf("failed to load chart for signing: %w", err) + } + var ch *chart.Chart + switch c := chrt.(type) { + case *chart.Chart: + ch = c + case chart.Chart: + ch = &c + default: + return errors.New("invalid chart apiVersion") + } + + // Marshal chart metadata to YAML bytes + metadataBytes, err := yaml.Marshal(ch.Metadata) + if err != nil { + return fmt.Errorf("failed to marshal chart metadata: %w", err) + } + + // Read the chart archive file + archiveData, err := os.ReadFile(filename) + if err != nil { + return fmt.Errorf("failed to read chart archive: %w", err) + } + + // Use the generic provenance signing function + sig, err := signer.ClearSign(archiveData, filepath.Base(filename), metadataBytes) if err != nil { return err } diff --git a/pkg/action/pull.go b/pkg/action/pull.go index c1f77e44c..dd051167b 100644 --- a/pkg/action/pull.go +++ b/pkg/action/pull.go @@ -27,7 +27,7 @@ import ( "helm.sh/helm/v4/pkg/downloader" "helm.sh/helm/v4/pkg/getter" "helm.sh/helm/v4/pkg/registry" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) // Pull is the action for checking a given release's information. @@ -82,7 +82,7 @@ func (p *Pull) Run(chartRef string) (string, error) { getter.WithBasicAuth(p.Username, p.Password), getter.WithPassCredentialsAll(p.PassCredentialsAll), getter.WithTLSClientConfig(p.CertFile, p.KeyFile, p.CaFile), - getter.WithInsecureSkipVerifyTLS(p.InsecureSkipTLSverify), + getter.WithInsecureSkipVerifyTLS(p.InsecureSkipTLSVerify), getter.WithPlainHTTP(p.PlainHTTP), }, RegistryClient: p.cfg.RegistryClient, @@ -124,7 +124,7 @@ func (p *Pull) Run(chartRef string) (string, error) { repo.WithChartVersion(p.Version), repo.WithClientTLS(p.CertFile, p.KeyFile, p.CaFile), repo.WithUsernamePassword(p.Username, p.Password), - repo.WithInsecureSkipTLSverify(p.InsecureSkipTLSverify), + repo.WithInsecureSkipTLSVerify(p.InsecureSkipTLSVerify), repo.WithPassCredentialsAll(p.PassCredentialsAll), ) if err != nil { diff --git a/pkg/action/push.go b/pkg/action/push.go index 35472415c..0c7148f65 100644 --- a/pkg/action/push.go +++ b/pkg/action/push.go @@ -35,7 +35,7 @@ type Push struct { certFile string keyFile string caFile string - insecureSkipTLSverify bool + insecureSkipTLSVerify bool plainHTTP bool out io.Writer } @@ -62,7 +62,7 @@ func WithTLSClientConfig(certFile, keyFile, caFile string) PushOpt { // WithInsecureSkipTLSVerify determines if a TLS Certificate will be checked func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) PushOpt { return func(p *Push) { - p.insecureSkipTLSverify = insecureSkipTLSVerify + p.insecureSkipTLSVerify = insecureSkipTLSVerify } } @@ -98,7 +98,7 @@ func (p *Push) Run(chartRef string, remote string) (string, error) { Pushers: pusher.All(p.Settings), Options: []pusher.Option{ pusher.WithTLSClientConfig(p.certFile, p.keyFile, p.caFile), - pusher.WithInsecureSkipTLSVerify(p.insecureSkipTLSverify), + pusher.WithInsecureSkipTLSVerify(p.insecureSkipTLSVerify), pusher.WithPlainHTTP(p.plainHTTP), }, } diff --git a/pkg/action/release_testing.go b/pkg/action/release_testing.go index b5f6fe712..b649579f4 100644 --- a/pkg/action/release_testing.go +++ b/pkg/action/release_testing.go @@ -28,6 +28,7 @@ import ( chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/kube" + ri "helm.sh/helm/v4/pkg/release" release "helm.sh/helm/v4/pkg/release/v1" ) @@ -45,7 +46,6 @@ type ReleaseTesting struct { // Used for fetching logs from test pods Namespace string Filters map[string][]string - HideNotes bool } // NewReleaseTesting creates a new ReleaseTesting object with the given configuration. @@ -57,7 +57,7 @@ func NewReleaseTesting(cfg *Configuration) *ReleaseTesting { } // Run executes 'helm test' against the given release. -func (r *ReleaseTesting) Run(name string) (*release.Release, error) { +func (r *ReleaseTesting) Run(name string) (ri.Releaser, error) { if err := r.cfg.KubeClient.IsReachable(); err != nil { return nil, err } @@ -67,7 +67,12 @@ func (r *ReleaseTesting) Run(name string) (*release.Release, error) { } // finds the non-deleted release with the given name - rel, err := r.cfg.Releases.Last(name) + reli, err := r.cfg.Releases.Last(name) + if err != nil { + return reli, err + } + + rel, err := releaserToV1Release(reli) if err != nil { return rel, err } @@ -96,7 +101,8 @@ func (r *ReleaseTesting) Run(name string) (*release.Release, error) { rel.Hooks = executingHooks } - if err := r.cfg.execHook(rel, release.HookTest, kube.StatusWatcherStrategy, r.Timeout); err != nil { + serverSideApply := rel.ApplyMethod == string(release.ApplyMethodServerSideApply) + if err := r.cfg.execHook(rel, release.HookTest, kube.StatusWatcherStrategy, r.Timeout, serverSideApply); err != nil { rel.Hooks = append(skippedHooks, rel.Hooks...) r.cfg.Releases.Update(rel) return rel, err diff --git a/pkg/action/resource_policy.go b/pkg/action/resource_policy.go index b72e94124..fcea98ad6 100644 --- a/pkg/action/resource_policy.go +++ b/pkg/action/resource_policy.go @@ -20,7 +20,7 @@ import ( "strings" "helm.sh/helm/v4/pkg/kube" - releaseutil "helm.sh/helm/v4/pkg/release/util" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" ) func filterManifestsToKeep(manifests []releaseutil.Manifest) (keep, remaining []releaseutil.Manifest) { diff --git a/pkg/action/rollback.go b/pkg/action/rollback.go index dd1f8c390..cd160dfec 100644 --- a/pkg/action/rollback.go +++ b/pkg/action/rollback.go @@ -19,14 +19,15 @@ package action import ( "bytes" "fmt" - "log/slog" "strings" "time" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/kube" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" ) // Rollback is the action for rolling back to a given release. @@ -40,19 +41,29 @@ type Rollback struct { WaitStrategy kube.WaitStrategy WaitForJobs bool DisableHooks bool - DryRun bool + // DryRunStrategy can be set to prepare, but not execute the operation and whether or not to interact with the remote cluster + DryRunStrategy DryRunStrategy // ForceReplace will, if set to `true`, ignore certain warnings and perform the rollback anyway. // // This should be used with caution. - ForceReplace bool - CleanupOnFail bool - MaxHistory int // MaxHistory limits the maximum number of revisions saved per release + ForceReplace bool + // ForceConflicts causes server-side apply to force conflicts ("Overwrite value, become sole manager") + // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/#conflicts + ForceConflicts bool + // ServerSideApply enables changes to be applied via Kubernetes server-side apply + // Can be the string: "true", "false" or "auto" + // When "auto", sever-side usage will be based upon the releases previous usage + // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/ + ServerSideApply string + CleanupOnFail bool + MaxHistory int // MaxHistory limits the maximum number of revisions saved per release } // NewRollback creates a new Rollback object with the given configuration. func NewRollback(cfg *Configuration) *Rollback { return &Rollback{ - cfg: cfg, + cfg: cfg, + DryRunStrategy: DryRunNone, } } @@ -64,26 +75,26 @@ func (r *Rollback) Run(name string) error { r.cfg.Releases.MaxHistory = r.MaxHistory - slog.Debug("preparing rollback", "name", name) - currentRelease, targetRelease, err := r.prepareRollback(name) + r.cfg.Logger().Debug("preparing rollback", "name", name) + currentRelease, targetRelease, serverSideApply, err := r.prepareRollback(name) if err != nil { return err } - if !r.DryRun { - slog.Debug("creating rolled back release", "name", name) + if !isDryRun(r.DryRunStrategy) { + r.cfg.Logger().Debug("creating rolled back release", "name", name) if err := r.cfg.Releases.Create(targetRelease); err != nil { return err } } - slog.Debug("performing rollback", "name", name) - if _, err := r.performRollback(currentRelease, targetRelease); err != nil { + r.cfg.Logger().Debug("performing rollback", "name", name) + if _, err := r.performRollback(currentRelease, targetRelease, serverSideApply); err != nil { return err } - if !r.DryRun { - slog.Debug("updating status for rolled back release", "name", name) + if !isDryRun(r.DryRunStrategy) { + r.cfg.Logger().Debug("updating status for rolled back release", "name", name) if err := r.cfg.Releases.Update(targetRelease); err != nil { return err } @@ -93,18 +104,23 @@ func (r *Rollback) Run(name string) error { // prepareRollback finds the previous release and prepares a new release object with // the previous release's configuration -func (r *Rollback) prepareRollback(name string) (*release.Release, *release.Release, error) { +func (r *Rollback) prepareRollback(name string) (*release.Release, *release.Release, bool, error) { if err := chartutil.ValidateReleaseName(name); err != nil { - return nil, nil, fmt.Errorf("prepareRollback: Release name is invalid: %s", name) + return nil, nil, false, fmt.Errorf("prepareRollback: Release name is invalid: %s", name) } if r.Version < 0 { - return nil, nil, errInvalidRevision + return nil, nil, false, errInvalidRevision + } + + currentReleasei, err := r.cfg.Releases.Last(name) + if err != nil { + return nil, nil, false, err } - currentRelease, err := r.cfg.Releases.Last(name) + currentRelease, err := releaserToV1Release(currentReleasei) if err != nil { - return nil, nil, err + return nil, nil, false, err } previousVersion := r.Version @@ -114,12 +130,16 @@ func (r *Rollback) prepareRollback(name string) (*release.Release, *release.Rele historyReleases, err := r.cfg.Releases.History(name) if err != nil { - return nil, nil, err + return nil, nil, false, err } // Check if the history version to be rolled back exists previousVersionExist := false - for _, historyRelease := range historyReleases { + for _, historyReleasei := range historyReleases { + historyRelease, err := releaserToV1Release(historyReleasei) + if err != nil { + return nil, nil, false, err + } version := historyRelease.Version if previousVersion == version { previousVersionExist = true @@ -127,14 +147,23 @@ func (r *Rollback) prepareRollback(name string) (*release.Release, *release.Rele } } if !previousVersionExist { - return nil, nil, fmt.Errorf("release has no %d version", previousVersion) + return nil, nil, false, fmt.Errorf("release has no %d version", previousVersion) } - slog.Debug("rolling back", "name", name, "currentVersion", currentRelease.Version, "targetVersion", previousVersion) + r.cfg.Logger().Debug("rolling back", "name", name, "currentVersion", currentRelease.Version, "targetVersion", previousVersion) + + previousReleasei, err := r.cfg.Releases.Get(name, previousVersion) + if err != nil { + return nil, nil, false, err + } + previousRelease, err := releaserToV1Release(previousReleasei) + if err != nil { + return nil, nil, false, err + } - previousRelease, err := r.cfg.Releases.Get(name, previousVersion) + serverSideApply, err := getUpgradeServerSideValue(r.ServerSideApply, previousRelease.ApplyMethod) if err != nil { - return nil, nil, err + return nil, nil, false, err } // Store a new release object with previous release's configuration @@ -145,25 +174,26 @@ func (r *Rollback) prepareRollback(name string) (*release.Release, *release.Rele Config: previousRelease.Config, Info: &release.Info{ FirstDeployed: currentRelease.Info.FirstDeployed, - LastDeployed: helmtime.Now(), - Status: release.StatusPendingRollback, + LastDeployed: time.Now(), + Status: common.StatusPendingRollback, Notes: previousRelease.Info.Notes, // Because we lose the reference to previous version elsewhere, we set the // message here, and only override it later if we experience failure. Description: fmt.Sprintf("Rollback to %d", previousVersion), }, - Version: currentRelease.Version + 1, - Labels: previousRelease.Labels, - Manifest: previousRelease.Manifest, - Hooks: previousRelease.Hooks, + Version: currentRelease.Version + 1, + Labels: previousRelease.Labels, + Manifest: previousRelease.Manifest, + Hooks: previousRelease.Hooks, + ApplyMethod: string(determineReleaseSSApplyMethod(serverSideApply)), } - return currentRelease, targetRelease, nil + return currentRelease, targetRelease, serverSideApply, nil } -func (r *Rollback) performRollback(currentRelease, targetRelease *release.Release) (*release.Release, error) { - if r.DryRun { - slog.Debug("dry run", "name", targetRelease.Name) +func (r *Rollback) performRollback(currentRelease, targetRelease *release.Release, serverSideApply bool) (*release.Release, error) { + if isDryRun(r.DryRunStrategy) { + r.cfg.Logger().Debug("dry run", "name", targetRelease.Name) return targetRelease, nil } @@ -177,15 +207,16 @@ func (r *Rollback) performRollback(currentRelease, targetRelease *release.Releas } // pre-rollback hooks + if !r.DisableHooks { - if err := r.cfg.execHook(targetRelease, release.HookPreRollback, r.WaitStrategy, r.Timeout); err != nil { + if err := r.cfg.execHook(targetRelease, release.HookPreRollback, r.WaitStrategy, r.Timeout, serverSideApply); err != nil { return targetRelease, err } } else { - slog.Debug("rollback hooks disabled", "name", targetRelease.Name) + r.cfg.Logger().Debug("rollback hooks disabled", "name", targetRelease.Name) } - // It is safe to use "force" here because these are resources currently rendered by the chart. + // It is safe to use "forceOwnership" here because these are resources currently rendered by the chart. err = target.Visit(setMetadataVisitor(targetRelease.Name, targetRelease.Namespace, true)) if err != nil { return targetRelease, fmt.Errorf("unable to set metadata visitor from target release: %w", err) @@ -193,44 +224,46 @@ func (r *Rollback) performRollback(currentRelease, targetRelease *release.Releas results, err := r.cfg.KubeClient.Update( current, target, - kube.ClientUpdateOptionServerSideApply(false, false), - kube.ClientUpdateOptionForceReplace(r.ForceReplace)) + kube.ClientUpdateOptionForceReplace(r.ForceReplace), + kube.ClientUpdateOptionServerSideApply(serverSideApply, r.ForceConflicts), + kube.ClientUpdateOptionThreeWayMergeForUnstructured(false), + kube.ClientUpdateOptionUpgradeClientSideFieldManager(true)) if err != nil { msg := fmt.Sprintf("Rollback %q failed: %s", targetRelease.Name, err) - slog.Warn(msg) - currentRelease.Info.Status = release.StatusSuperseded - targetRelease.Info.Status = release.StatusFailed + r.cfg.Logger().Warn(msg) + currentRelease.Info.Status = common.StatusSuperseded + targetRelease.Info.Status = common.StatusFailed targetRelease.Info.Description = msg r.cfg.recordRelease(currentRelease) r.cfg.recordRelease(targetRelease) if r.CleanupOnFail { - slog.Debug("cleanup on fail set, cleaning up resources", "count", len(results.Created)) - _, errs := r.cfg.KubeClient.Delete(results.Created) + r.cfg.Logger().Debug("cleanup on fail set, cleaning up resources", "count", len(results.Created)) + _, errs := r.cfg.KubeClient.Delete(results.Created, metav1.DeletePropagationBackground) if errs != nil { return targetRelease, fmt.Errorf( "an error occurred while cleaning up resources. original rollback error: %w", fmt.Errorf("unable to cleanup resources: %w", joinErrors(errs, ", "))) } - slog.Debug("resource cleanup complete") + r.cfg.Logger().Debug("resource cleanup complete") } return targetRelease, err } waiter, err := r.cfg.KubeClient.GetWaiter(r.WaitStrategy) if err != nil { - return nil, fmt.Errorf("unable to set metadata visitor from target release: %w", err) + return nil, fmt.Errorf("unable to get waiter: %w", err) } if r.WaitForJobs { if err := waiter.WaitWithJobs(target, r.Timeout); err != nil { - targetRelease.SetStatus(release.StatusFailed, fmt.Sprintf("Release %q failed: %s", targetRelease.Name, err.Error())) + targetRelease.SetStatus(common.StatusFailed, fmt.Sprintf("Release %q failed: %s", targetRelease.Name, err.Error())) r.cfg.recordRelease(currentRelease) r.cfg.recordRelease(targetRelease) return targetRelease, fmt.Errorf("release %s failed: %w", targetRelease.Name, err) } } else { if err := waiter.Wait(target, r.Timeout); err != nil { - targetRelease.SetStatus(release.StatusFailed, fmt.Sprintf("Release %q failed: %s", targetRelease.Name, err.Error())) + targetRelease.SetStatus(common.StatusFailed, fmt.Sprintf("Release %q failed: %s", targetRelease.Name, err.Error())) r.cfg.recordRelease(currentRelease) r.cfg.recordRelease(targetRelease) return targetRelease, fmt.Errorf("release %s failed: %w", targetRelease.Name, err) @@ -239,7 +272,7 @@ func (r *Rollback) performRollback(currentRelease, targetRelease *release.Releas // post-rollback hooks if !r.DisableHooks { - if err := r.cfg.execHook(targetRelease, release.HookPostRollback, r.WaitStrategy, r.Timeout); err != nil { + if err := r.cfg.execHook(targetRelease, release.HookPostRollback, r.WaitStrategy, r.Timeout, serverSideApply); err != nil { return targetRelease, err } } @@ -249,13 +282,17 @@ func (r *Rollback) performRollback(currentRelease, targetRelease *release.Releas return nil, err } // Supersede all previous deployments, see issue #2941. - for _, rel := range deployed { - slog.Debug("superseding previous deployment", "version", rel.Version) - rel.Info.Status = release.StatusSuperseded + for _, reli := range deployed { + rel, err := releaserToV1Release(reli) + if err != nil { + return nil, err + } + r.cfg.Logger().Debug("superseding previous deployment", "version", rel.Version) + rel.Info.Status = common.StatusSuperseded r.cfg.recordRelease(rel) } - targetRelease.Info.Status = release.StatusDeployed + targetRelease.Info.Status = common.StatusDeployed return targetRelease, nil } diff --git a/pkg/action/show.go b/pkg/action/show.go index 6d6e10d24..4195d69a5 100644 --- a/pkg/action/show.go +++ b/pkg/action/show.go @@ -24,6 +24,7 @@ import ( "k8s.io/cli-runtime/pkg/printers" "sigs.k8s.io/yaml" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/chart/v2/loader" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" @@ -140,7 +141,7 @@ func (s *Show) Run(chartpath string) (string, error) { return out.String(), nil } -func findReadme(files []*chart.File) (file *chart.File) { +func findReadme(files []*common.File) (file *common.File) { for _, file := range files { for _, n := range readmeFileNames { if file == nil { diff --git a/pkg/action/show_test.go b/pkg/action/show_test.go index 67eba2338..f3b767fca 100644 --- a/pkg/action/show_test.go +++ b/pkg/action/show_test.go @@ -18,24 +18,27 @@ package action import ( "testing" + "time" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" ) func TestShow(t *testing.T) { config := actionConfigFixture(t) client := NewShow(ShowAll, config) + modTime := time.Now() client.chart = &chart.Chart{ Metadata: &chart.Metadata{Name: "alpine"}, - Files: []*chart.File{ - {Name: "README.md", Data: []byte("README\n")}, - {Name: "crds/ignoreme.txt", Data: []byte("error")}, - {Name: "crds/foo.yaml", Data: []byte("---\nfoo\n")}, - {Name: "crds/bar.json", Data: []byte("---\nbar\n")}, - {Name: "crds/baz.yaml", Data: []byte("baz\n")}, + Files: []*common.File{ + {Name: "README.md", ModTime: modTime, Data: []byte("README\n")}, + {Name: "crds/ignoreme.txt", ModTime: modTime, Data: []byte("error")}, + {Name: "crds/foo.yaml", ModTime: modTime, Data: []byte("---\nfoo\n")}, + {Name: "crds/bar.json", ModTime: modTime, Data: []byte("---\nbar\n")}, + {Name: "crds/baz.yaml", ModTime: modTime, Data: []byte("baz\n")}, }, - Raw: []*chart.File{ - {Name: "values.yaml", Data: []byte("VALUES\n")}, + Raw: []*common.File{ + {Name: "values.yaml", ModTime: modTime, Data: []byte("VALUES\n")}, }, Values: map[string]interface{}{}, } @@ -103,13 +106,14 @@ func TestShowValuesByJsonPathFormat(t *testing.T) { func TestShowCRDs(t *testing.T) { config := actionConfigFixture(t) client := NewShow(ShowCRDs, config) + modTime := time.Now() client.chart = &chart.Chart{ Metadata: &chart.Metadata{Name: "alpine"}, - Files: []*chart.File{ - {Name: "crds/ignoreme.txt", Data: []byte("error")}, - {Name: "crds/foo.yaml", Data: []byte("---\nfoo\n")}, - {Name: "crds/bar.json", Data: []byte("---\nbar\n")}, - {Name: "crds/baz.yaml", Data: []byte("baz\n")}, + Files: []*common.File{ + {Name: "crds/ignoreme.txt", ModTime: modTime, Data: []byte("error")}, + {Name: "crds/foo.yaml", ModTime: modTime, Data: []byte("---\nfoo\n")}, + {Name: "crds/bar.json", ModTime: modTime, Data: []byte("---\nbar\n")}, + {Name: "crds/baz.yaml", ModTime: modTime, Data: []byte("baz\n")}, }, } @@ -136,12 +140,13 @@ baz func TestShowNoReadme(t *testing.T) { config := actionConfigFixture(t) client := NewShow(ShowAll, config) + modTime := time.Now() client.chart = &chart.Chart{ Metadata: &chart.Metadata{Name: "alpine"}, - Files: []*chart.File{ - {Name: "crds/ignoreme.txt", Data: []byte("error")}, - {Name: "crds/foo.yaml", Data: []byte("---\nfoo\n")}, - {Name: "crds/bar.json", Data: []byte("---\nbar\n")}, + Files: []*common.File{ + {Name: "crds/ignoreme.txt", ModTime: modTime, Data: []byte("error")}, + {Name: "crds/foo.yaml", ModTime: modTime, Data: []byte("---\nfoo\n")}, + {Name: "crds/bar.json", ModTime: modTime, Data: []byte("---\nbar\n")}, }, } diff --git a/pkg/action/status.go b/pkg/action/status.go index 509c52cd9..2e6a1992c 100644 --- a/pkg/action/status.go +++ b/pkg/action/status.go @@ -18,10 +18,9 @@ package action import ( "bytes" - "errors" "helm.sh/helm/v4/pkg/kube" - release "helm.sh/helm/v4/pkg/release/v1" + ri "helm.sh/helm/v4/pkg/release" ) // Status is the action for checking the deployment status of releases. @@ -45,38 +44,40 @@ func NewStatus(cfg *Configuration) *Status { } // Run executes 'helm status' against the given release. -func (s *Status) Run(name string) (*release.Release, error) { +func (s *Status) Run(name string) (ri.Releaser, error) { if err := s.cfg.KubeClient.IsReachable(); err != nil { return nil, err } - rel, err := s.cfg.releaseContent(name, s.Version) + reli, err := s.cfg.releaseContent(name, s.Version) if err != nil { return nil, err } - if kubeClient, ok := s.cfg.KubeClient.(kube.InterfaceResources); ok { - var resources kube.ResourceList - if s.ShowResourcesTable { - resources, err = kubeClient.BuildTable(bytes.NewBufferString(rel.Manifest), false) - if err != nil { - return nil, err - } - } else { - resources, err = s.cfg.KubeClient.Build(bytes.NewBufferString(rel.Manifest), false) - if err != nil { - return nil, err - } - } + rel, err := releaserToV1Release(reli) + if err != nil { + return nil, err + } - resp, err := kubeClient.Get(resources, true) + var resources kube.ResourceList + if s.ShowResourcesTable { + resources, err = s.cfg.KubeClient.BuildTable(bytes.NewBufferString(rel.Manifest), false) if err != nil { return nil, err } + } else { + resources, err = s.cfg.KubeClient.Build(bytes.NewBufferString(rel.Manifest), false) + if err != nil { + return nil, err + } + } - rel.Info.Resources = resp - - return rel, nil + resp, err := s.cfg.KubeClient.Get(resources, true) + if err != nil { + return nil, err } - return nil, errors.New("unable to get kubeClient with interface InterfaceResources") + + rel.Info.Resources = resp + + return rel, nil } diff --git a/pkg/action/uninstall.go b/pkg/action/uninstall.go index 163af290e..0cb31be43 100644 --- a/pkg/action/uninstall.go +++ b/pkg/action/uninstall.go @@ -27,10 +27,11 @@ import ( chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/kube" - releaseutil "helm.sh/helm/v4/pkg/release/util" + releasei "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" "helm.sh/helm/v4/pkg/storage/driver" - helmtime "helm.sh/helm/v4/pkg/time" ) // Uninstall is the action for uninstalling releases. @@ -57,7 +58,7 @@ func NewUninstall(cfg *Configuration) *Uninstall { } // Run uninstalls the given release. -func (u *Uninstall) Run(name string) (*release.UninstallReleaseResponse, error) { +func (u *Uninstall) Run(name string) (*releasei.UninstallReleaseResponse, error) { if err := u.cfg.KubeClient.IsReachable(); err != nil { return nil, err } @@ -68,69 +69,80 @@ func (u *Uninstall) Run(name string) (*release.UninstallReleaseResponse, error) } if u.DryRun { - r, err := u.cfg.releaseContent(name, 0) + ri, err := u.cfg.releaseContent(name, 0) + if err != nil { if u.IgnoreNotFound && errors.Is(err, driver.ErrReleaseNotFound) { return nil, nil } - return &release.UninstallReleaseResponse{}, err + return &releasei.UninstallReleaseResponse{}, err + } + r, err := releaserToV1Release(ri) + if err != nil { + return nil, err } - return &release.UninstallReleaseResponse{Release: r}, nil + return &releasei.UninstallReleaseResponse{Release: r}, nil } if err := chartutil.ValidateReleaseName(name); err != nil { return nil, fmt.Errorf("uninstall: Release name is invalid: %s", name) } - rels, err := u.cfg.Releases.History(name) + relsi, err := u.cfg.Releases.History(name) if err != nil { if u.IgnoreNotFound { return nil, nil } return nil, fmt.Errorf("uninstall: Release not loaded: %s: %w", name, err) } - if len(rels) < 1 { + if len(relsi) < 1 { return nil, errMissingRelease } + rels, err := releaseListToV1List(relsi) + if err != nil { + return nil, err + } + releaseutil.SortByRevision(rels) rel := rels[len(rels)-1] // TODO: Are there any cases where we want to force a delete even if it's // already marked deleted? - if rel.Info.Status == release.StatusUninstalled { + if rel.Info.Status == common.StatusUninstalled { if !u.KeepHistory { if err := u.purgeReleases(rels...); err != nil { return nil, fmt.Errorf("uninstall: Failed to purge the release: %w", err) } - return &release.UninstallReleaseResponse{Release: rel}, nil + return &releasei.UninstallReleaseResponse{Release: rel}, nil } return nil, fmt.Errorf("the release named %q is already deleted", name) } - slog.Debug("uninstall: deleting release", "name", name) - rel.Info.Status = release.StatusUninstalling - rel.Info.Deleted = helmtime.Now() + u.cfg.Logger().Debug("uninstall: deleting release", "name", name) + rel.Info.Status = common.StatusUninstalling + rel.Info.Deleted = time.Now() rel.Info.Description = "Deletion in progress (or silently failed)" - res := &release.UninstallReleaseResponse{Release: rel} + res := &releasei.UninstallReleaseResponse{Release: rel} if !u.DisableHooks { - if err := u.cfg.execHook(rel, release.HookPreDelete, u.WaitStrategy, u.Timeout); err != nil { + serverSideApply := true + if err := u.cfg.execHook(rel, release.HookPreDelete, u.WaitStrategy, u.Timeout, serverSideApply); err != nil { return res, err } } else { - slog.Debug("delete hooks disabled", "release", name) + u.cfg.Logger().Debug("delete hooks disabled", "release", name) } // From here on out, the release is currently considered to be in StatusUninstalling // state. if err := u.cfg.Releases.Update(rel); err != nil { - slog.Debug("uninstall: Failed to store updated release", slog.Any("error", err)) + u.cfg.Logger().Debug("uninstall: Failed to store updated release", slog.Any("error", err)) } deletedResources, kept, errs := u.deleteRelease(rel) if errs != nil { - slog.Debug("uninstall: Failed to delete release", slog.Any("error", errs)) + u.cfg.Logger().Debug("uninstall: Failed to delete release", slog.Any("error", errs)) return nil, fmt.Errorf("failed to delete release: %s", name) } @@ -144,12 +156,13 @@ func (u *Uninstall) Run(name string) (*release.UninstallReleaseResponse, error) } if !u.DisableHooks { - if err := u.cfg.execHook(rel, release.HookPostDelete, u.WaitStrategy, u.Timeout); err != nil { + serverSideApply := true + if err := u.cfg.execHook(rel, release.HookPostDelete, u.WaitStrategy, u.Timeout, serverSideApply); err != nil { errs = append(errs, err) } } - rel.Info.Status = release.StatusUninstalled + rel.Info.Status = common.StatusUninstalled if len(u.Description) > 0 { rel.Info.Description = u.Description } else { @@ -157,7 +170,7 @@ func (u *Uninstall) Run(name string) (*release.UninstallReleaseResponse, error) } if !u.KeepHistory { - slog.Debug("purge requested", "release", name) + u.cfg.Logger().Debug("purge requested", "release", name) err := u.purgeReleases(rels...) if err != nil { errs = append(errs, fmt.Errorf("uninstall: Failed to purge the release: %w", err)) @@ -172,7 +185,7 @@ func (u *Uninstall) Run(name string) (*release.UninstallReleaseResponse, error) } if err := u.cfg.Releases.Update(rel); err != nil { - slog.Debug("uninstall: Failed to store updated release", slog.Any("error", err)) + u.cfg.Logger().Debug("uninstall: Failed to store updated release", slog.Any("error", err)) } if len(errs) > 0 { @@ -244,11 +257,7 @@ func (u *Uninstall) deleteRelease(rel *release.Release) (kube.ResourceList, stri return nil, "", []error{fmt.Errorf("unable to build kubernetes objects for delete: %w", err)} } if len(resources) > 0 { - if kubeClient, ok := u.cfg.KubeClient.(kube.InterfaceDeletionPropagation); ok { - _, errs = kubeClient.DeleteWithPropagationPolicy(resources, parseCascadingFlag(u.DeletionPropagation)) - return resources, kept, errs - } - _, errs = u.cfg.KubeClient.Delete(resources) + _, errs = u.cfg.KubeClient.Delete(resources, parseCascadingFlag(u.DeletionPropagation)) } return resources, kept, errs } diff --git a/pkg/action/uninstall_test.go b/pkg/action/uninstall_test.go index 44bd66d96..fba1e391f 100644 --- a/pkg/action/uninstall_test.go +++ b/pkg/action/uninstall_test.go @@ -17,14 +17,17 @@ limitations under the License. package action import ( + "errors" "fmt" + "io" "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "helm.sh/helm/v4/pkg/kube" kubefake "helm.sh/helm/v4/pkg/kube/fake" - release "helm.sh/helm/v4/pkg/release/v1" + "helm.sh/helm/v4/pkg/release/common" ) func uninstallAction(t *testing.T) *Uninstall { @@ -113,10 +116,12 @@ func TestUninstallRelease_Wait(t *testing.T) { failer := unAction.cfg.KubeClient.(*kubefake.FailingKubeClient) failer.WaitForDeleteError = fmt.Errorf("U timed out") unAction.cfg.KubeClient = failer - res, err := unAction.Run(rel.Name) + resi, err := unAction.Run(rel.Name) is.Error(err) is.Contains(err.Error(), "U timed out") - is.Equal(res.Release.Info.Status, release.StatusUninstalled) + res, err := releaserToV1Release(resi.Release) + is.NoError(err) + is.Equal(res.Info.Status, common.StatusUninstalled) } func TestUninstallRelease_Cascade(t *testing.T) { @@ -143,10 +148,24 @@ func TestUninstallRelease_Cascade(t *testing.T) { }` unAction.cfg.Releases.Create(rel) failer := unAction.cfg.KubeClient.(*kubefake.FailingKubeClient) - failer.DeleteWithPropagationError = fmt.Errorf("Uninstall with cascade failed") + failer.DeleteError = fmt.Errorf("Uninstall with cascade failed") failer.BuildDummy = true unAction.cfg.KubeClient = failer _, err := unAction.Run(rel.Name) - is.Error(err) + require.Error(t, err) is.Contains(err.Error(), "failed to delete release: come-fail-away") } + +func TestUninstallRun_UnreachableKubeClient(t *testing.T) { + t.Helper() + config := actionConfigFixture(t) + failingKubeClient := kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, DummyResources: nil} + failingKubeClient.ConnectionError = errors.New("connection refused") + config.KubeClient = &failingKubeClient + + client := NewUninstall(config) + result, err := client.Run("") + + assert.Nil(t, result) + assert.ErrorContains(t, err, "connection refused") +} diff --git a/pkg/action/upgrade.go b/pkg/action/upgrade.go index 065fa804e..57a4a0272 100644 --- a/pkg/action/upgrade.go +++ b/pkg/action/upgrade.go @@ -26,15 +26,21 @@ import ( "sync" "time" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/cli-runtime/pkg/resource" - chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" + chartv2 "helm.sh/helm/v4/pkg/chart/v2" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/kube" - "helm.sh/helm/v4/pkg/postrender" + "helm.sh/helm/v4/pkg/postrenderer" "helm.sh/helm/v4/pkg/registry" - releaseutil "helm.sh/helm/v4/pkg/release/util" + ri "helm.sh/helm/v4/pkg/release" + rcommon "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" "helm.sh/helm/v4/pkg/storage/driver" ) @@ -70,10 +76,8 @@ type Upgrade struct { WaitForJobs bool // DisableHooks disables hook processing if set to true. DisableHooks bool - // DryRun controls whether the operation is prepared, but not executed. - DryRun bool - // DryRunOption controls whether the operation is prepared, but not executed with options on whether or not to interact with the remote cluster. - DryRunOption string + // DryRunStrategy can be set to prepare, but not execute the operation and whether or not to interact with the remote cluster + DryRunStrategy DryRunStrategy // HideSecret can be set to true when DryRun is enabled in order to hide // Kubernetes Secrets in the output. It cannot be used outside of DryRun. HideSecret bool @@ -81,6 +85,14 @@ type Upgrade struct { // // This should be used with caution. ForceReplace bool + // ForceConflicts causes server-side apply to force conflicts ("Overwrite value, become sole manager") + // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/#conflicts + ForceConflicts bool + // ServerSideApply enables changes to be applied via Kubernetes server-side apply + // Can be the string: "true", "false" or "auto" + // When "auto", sever-side usage will be based upon the releases previous usage + // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/ + ServerSideApply string // ResetValues will reset the values to the chart's built-ins rather than merging with existing. ResetValues bool // ReuseValues will reuse the user's last supplied values. @@ -106,7 +118,7 @@ type Upgrade struct { // // If this is non-nil, then after templates are rendered, they will be sent to the // post renderer before sending to the Kubernetes API server. - PostRenderer postrender.PostRenderer + PostRenderer postrenderer.PostRenderer // DisableOpenAPIValidation controls whether OpenAPI validation is enforced. DisableOpenAPIValidation bool // Get missing dependencies @@ -127,7 +139,9 @@ type resultMessage struct { // NewUpgrade creates a new Upgrade object with the given configuration. func NewUpgrade(cfg *Configuration) *Upgrade { up := &Upgrade{ - cfg: cfg, + cfg: cfg, + ServerSideApply: "auto", + DryRunStrategy: DryRunNone, } up.registryClient = cfg.RegistryClient @@ -140,17 +154,27 @@ func (u *Upgrade) SetRegistryClient(client *registry.Client) { } // Run executes the upgrade on the given release. -func (u *Upgrade) Run(name string, chart *chart.Chart, vals map[string]interface{}) (*release.Release, error) { +func (u *Upgrade) Run(name string, chart chart.Charter, vals map[string]interface{}) (ri.Releaser, error) { ctx := context.Background() return u.RunWithContext(ctx, name, chart, vals) } // RunWithContext executes the upgrade on the given release with context. -func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart.Chart, vals map[string]interface{}) (*release.Release, error) { +func (u *Upgrade) RunWithContext(ctx context.Context, name string, ch chart.Charter, vals map[string]interface{}) (ri.Releaser, error) { if err := u.cfg.KubeClient.IsReachable(); err != nil { return nil, err } + var chrt *chartv2.Chart + switch c := ch.(type) { + case *chartv2.Chart: + chrt = c + case chartv2.Chart: + chrt = &c + default: + return nil, errors.New("invalid chart apiVersion") + } + // Make sure wait is set if RollbackOnFailure. This makes it so // the user doesn't have to specify both if u.WaitStrategy == kube.HookOnlyStrategy && u.RollbackOnFailure { @@ -161,23 +185,23 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. return nil, fmt.Errorf("release name is invalid: %s", name) } - slog.Debug("preparing upgrade", "name", name) - currentRelease, upgradedRelease, err := u.prepareUpgrade(name, chart, vals) + u.cfg.Logger().Debug("preparing upgrade", "name", name) + currentRelease, upgradedRelease, serverSideApply, err := u.prepareUpgrade(name, chrt, vals) if err != nil { return nil, err } u.cfg.Releases.MaxHistory = u.MaxHistory - slog.Debug("performing update", "name", name) - res, err := u.performUpgrade(ctx, currentRelease, upgradedRelease) + u.cfg.Logger().Debug("performing update", "name", name) + res, err := u.performUpgrade(ctx, currentRelease, upgradedRelease, serverSideApply) if err != nil { return res, err } // Do not update for dry runs - if !u.isDryRun() { - slog.Debug("updating status for upgraded release", "name", name) + if !isDryRun(u.DryRunStrategy) { + u.cfg.Logger().Debug("updating status for upgraded release", "name", name) if err := u.cfg.Releases.Update(upgradedRelease); err != nil { return res, err } @@ -186,72 +210,75 @@ func (u *Upgrade) RunWithContext(ctx context.Context, name string, chart *chart. return res, nil } -// isDryRun returns true if Upgrade is set to run as a DryRun -func (u *Upgrade) isDryRun() bool { - if u.DryRun || u.DryRunOption == "client" || u.DryRunOption == "server" || u.DryRunOption == "true" { - return true - } - return false -} - // prepareUpgrade builds an upgraded release for an upgrade operation. -func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[string]interface{}) (*release.Release, *release.Release, error) { +func (u *Upgrade) prepareUpgrade(name string, chart *chartv2.Chart, vals map[string]interface{}) (*release.Release, *release.Release, bool, error) { if chart == nil { - return nil, nil, errMissingChart + return nil, nil, false, errMissingChart } // HideSecret must be used with dry run. Otherwise, return an error. - if !u.isDryRun() && u.HideSecret { - return nil, nil, errors.New("hiding Kubernetes secrets requires a dry-run mode") + if !isDryRun(u.DryRunStrategy) && u.HideSecret { + return nil, nil, false, errors.New("hiding Kubernetes secrets requires a dry-run mode") } // finds the last non-deleted release with the given name - lastRelease, err := u.cfg.Releases.Last(name) + lastReleasei, err := u.cfg.Releases.Last(name) if err != nil { // to keep existing behavior of returning the "%q has no deployed releases" error when an existing release does not exist if errors.Is(err, driver.ErrReleaseNotFound) { - return nil, nil, driver.NewErrNoDeployedReleases(name) + return nil, nil, false, driver.NewErrNoDeployedReleases(name) } - return nil, nil, err + return nil, nil, false, err + } + + lastRelease, err := releaserToV1Release(lastReleasei) + if err != nil { + return nil, nil, false, err } // Concurrent `helm upgrade`s will either fail here with `errPending` or when creating the release with "already exists". This should act as a pessimistic lock. if lastRelease.Info.Status.IsPending() { - return nil, nil, errPending + return nil, nil, false, errPending } var currentRelease *release.Release - if lastRelease.Info.Status == release.StatusDeployed { + if lastRelease.Info.Status == rcommon.StatusDeployed { // no need to retrieve the last deployed release from storage as the last release is deployed currentRelease = lastRelease } else { // finds the deployed release with the given name - currentRelease, err = u.cfg.Releases.Deployed(name) + currentReleasei, err := u.cfg.Releases.Deployed(name) + var cerr error + currentRelease, cerr = releaserToV1Release(currentReleasei) + if cerr != nil { + return nil, nil, false, err + } if err != nil { if errors.Is(err, driver.ErrNoDeployedReleases) && - (lastRelease.Info.Status == release.StatusFailed || lastRelease.Info.Status == release.StatusSuperseded) { + (lastRelease.Info.Status == rcommon.StatusFailed || lastRelease.Info.Status == rcommon.StatusSuperseded) { currentRelease = lastRelease } else { - return nil, nil, err + return nil, nil, false, err } } + } // determine if values will be reused vals, err = u.reuseValues(chart, currentRelease, vals) if err != nil { - return nil, nil, err + return nil, nil, false, err } if err := chartutil.ProcessDependencies(chart, vals); err != nil { - return nil, nil, err + return nil, nil, false, err } // Increment revision count. This is passed to templates, and also stored on // the release object. revision := lastRelease.Version + 1 - options := chartutil.ReleaseOptions{ + options := common.ReleaseOptions{ Name: name, Namespace: currentRelease.Namespace, Revision: revision, @@ -260,28 +287,29 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin caps, err := u.cfg.getCapabilities() if err != nil { - return nil, nil, err + return nil, nil, false, err } - valuesToRender, err := chartutil.ToRenderValuesWithSchemaValidation(chart, vals, options, caps, u.SkipSchemaValidation) + valuesToRender, err := util.ToRenderValuesWithSchemaValidation(chart, vals, options, caps, u.SkipSchemaValidation) if err != nil { - return nil, nil, err + return nil, nil, false, err } - // Determine whether or not to interact with remote - var interactWithRemote bool - if !u.isDryRun() || u.DryRunOption == "server" || u.DryRunOption == "none" || u.DryRunOption == "false" { - interactWithRemote = true - } - - hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, interactWithRemote, u.EnableDNS, u.HideSecret) + hooks, manifestDoc, notesTxt, err := u.cfg.renderResources(chart, valuesToRender, "", "", u.SubNotes, false, false, u.PostRenderer, interactWithServer(u.DryRunStrategy), u.EnableDNS, u.HideSecret) if err != nil { - return nil, nil, err + return nil, nil, false, err } if driver.ContainsSystemLabels(u.Labels) { - return nil, nil, fmt.Errorf("user supplied labels contains system reserved label name. System labels: %+v", driver.GetSystemLabels()) + return nil, nil, false, fmt.Errorf("user supplied labels contains system reserved label name. System labels: %+v", driver.GetSystemLabels()) + } + + serverSideApply, err := getUpgradeServerSideValue(u.ServerSideApply, lastRelease.ApplyMethod) + if err != nil { + return nil, nil, false, err } + u.cfg.Logger().Debug("determined release apply method", slog.Bool("server_side_apply", serverSideApply), slog.String("previous_release_apply_method", lastRelease.ApplyMethod)) + // Store an upgraded release. upgradedRelease := &release.Release{ Name: name, @@ -291,23 +319,24 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin Info: &release.Info{ FirstDeployed: currentRelease.Info.FirstDeployed, LastDeployed: Timestamper(), - Status: release.StatusPendingUpgrade, + Status: rcommon.StatusPendingUpgrade, Description: "Preparing upgrade", // This should be overwritten later. }, - Version: revision, - Manifest: manifestDoc.String(), - Hooks: hooks, - Labels: mergeCustomLabels(lastRelease.Labels, u.Labels), + Version: revision, + Manifest: manifestDoc.String(), + Hooks: hooks, + Labels: mergeCustomLabels(lastRelease.Labels, u.Labels), + ApplyMethod: string(determineReleaseSSApplyMethod(serverSideApply)), } if len(notesTxt) > 0 { upgradedRelease.Info.Notes = notesTxt } err = validateManifest(u.cfg.KubeClient, manifestDoc.Bytes(), !u.DisableOpenAPIValidation) - return currentRelease, upgradedRelease, err + return currentRelease, upgradedRelease, serverSideApply, err } -func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedRelease *release.Release) (*release.Release, error) { +func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedRelease *release.Release, serverSideApply bool) (*release.Release, error) { current, err := u.cfg.KubeClient.Build(bytes.NewBufferString(originalRelease.Manifest), false) if err != nil { // Checking for removed Kubernetes API error so can provide a more informative error message to the user @@ -361,9 +390,8 @@ func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedR return nil }) - // Run if it is a dry run - if u.isDryRun() { - slog.Debug("dry run for release", "name", upgradedRelease.Name) + if isDryRun(u.DryRunStrategy) { + u.cfg.Logger().Debug("dry run for release", "name", upgradedRelease.Name) if len(u.Description) > 0 { upgradedRelease.Info.Description = u.Description } else { @@ -372,7 +400,7 @@ func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedR return upgradedRelease, nil } - slog.Debug("creating upgraded release", "name", upgradedRelease.Name) + u.cfg.Logger().Debug("creating upgraded release", "name", upgradedRelease.Name) if err := u.cfg.Releases.Create(upgradedRelease); err != nil { return nil, err } @@ -380,8 +408,9 @@ func (u *Upgrade) performUpgrade(ctx context.Context, originalRelease, upgradedR ctxChan := make(chan resultMessage) doneChan := make(chan interface{}) defer close(doneChan) - go u.releasingUpgrade(rChan, upgradedRelease, current, target, originalRelease) + go u.releasingUpgrade(rChan, upgradedRelease, current, target, originalRelease, serverSideApply) go u.handleContext(ctx, doneChan, ctxChan, upgradedRelease) + select { case result := <-rChan: return result.r, result.e @@ -414,23 +443,30 @@ func (u *Upgrade) handleContext(ctx context.Context, done chan interface{}, c ch return } } -func (u *Upgrade) releasingUpgrade(c chan<- resultMessage, upgradedRelease *release.Release, current kube.ResourceList, target kube.ResourceList, originalRelease *release.Release) { + +func isReleaseApplyMethodClientSideApply(applyMethod string) bool { + return applyMethod == "" || applyMethod == string(release.ApplyMethodClientSideApply) +} + +func (u *Upgrade) releasingUpgrade(c chan<- resultMessage, upgradedRelease *release.Release, current kube.ResourceList, target kube.ResourceList, originalRelease *release.Release, serverSideApply bool) { // pre-upgrade hooks if !u.DisableHooks { - if err := u.cfg.execHook(upgradedRelease, release.HookPreUpgrade, u.WaitStrategy, u.Timeout); err != nil { + if err := u.cfg.execHook(upgradedRelease, release.HookPreUpgrade, u.WaitStrategy, u.Timeout, serverSideApply); err != nil { u.reportToPerformUpgrade(c, upgradedRelease, kube.ResourceList{}, fmt.Errorf("pre-upgrade hooks failed: %s", err)) return } } else { - slog.Debug("upgrade hooks disabled", "name", upgradedRelease.Name) + u.cfg.Logger().Debug("upgrade hooks disabled", "name", upgradedRelease.Name) } + upgradeClientSideFieldManager := isReleaseApplyMethodClientSideApply(originalRelease.ApplyMethod) && serverSideApply // Update client-side field manager if transitioning from client-side to server-side apply results, err := u.cfg.KubeClient.Update( current, target, - kube.ClientUpdateOptionServerSideApply(false, false), - kube.ClientUpdateOptionForceReplace(u.ForceReplace)) + kube.ClientUpdateOptionForceReplace(u.ForceReplace), + kube.ClientUpdateOptionServerSideApply(serverSideApply, u.ForceConflicts), + kube.ClientUpdateOptionUpgradeClientSideFieldManager(upgradeClientSideFieldManager)) if err != nil { u.cfg.recordRelease(originalRelease) u.reportToPerformUpgrade(c, upgradedRelease, results.Created, err) @@ -459,16 +495,16 @@ func (u *Upgrade) releasingUpgrade(c chan<- resultMessage, upgradedRelease *rele // post-upgrade hooks if !u.DisableHooks { - if err := u.cfg.execHook(upgradedRelease, release.HookPostUpgrade, u.WaitStrategy, u.Timeout); err != nil { + if err := u.cfg.execHook(upgradedRelease, release.HookPostUpgrade, u.WaitStrategy, u.Timeout, serverSideApply); err != nil { u.reportToPerformUpgrade(c, upgradedRelease, results.Created, fmt.Errorf("post-upgrade hooks failed: %s", err)) return } } - originalRelease.Info.Status = release.StatusSuperseded + originalRelease.Info.Status = rcommon.StatusSuperseded u.cfg.recordRelease(originalRelease) - upgradedRelease.Info.Status = release.StatusDeployed + upgradedRelease.Info.Status = rcommon.StatusDeployed if len(u.Description) > 0 { upgradedRelease.Info.Description = u.Description } else { @@ -479,14 +515,14 @@ func (u *Upgrade) releasingUpgrade(c chan<- resultMessage, upgradedRelease *rele func (u *Upgrade) failRelease(rel *release.Release, created kube.ResourceList, err error) (*release.Release, error) { msg := fmt.Sprintf("Upgrade %q failed: %s", rel.Name, err) - slog.Warn("upgrade failed", "name", rel.Name, slog.Any("error", err)) + u.cfg.Logger().Warn("upgrade failed", "name", rel.Name, slog.Any("error", err)) - rel.Info.Status = release.StatusFailed + rel.Info.Status = rcommon.StatusFailed rel.Info.Description = msg u.cfg.recordRelease(rel) if u.CleanupOnFail && len(created) > 0 { - slog.Debug("cleanup on fail set", "cleaning_resources", len(created)) - _, errs := u.cfg.KubeClient.Delete(created) + u.cfg.Logger().Debug("cleanup on fail set", "cleaning_resources", len(created)) + _, errs := u.cfg.KubeClient.Delete(created, metav1.DeletePropagationBackground) if errs != nil { return rel, fmt.Errorf( "an error occurred while cleaning up resources. original upgrade error: %w: %w", @@ -497,11 +533,11 @@ func (u *Upgrade) failRelease(rel *release.Release, created kube.ResourceList, e ), ) } - slog.Debug("resource cleanup complete") + u.cfg.Logger().Debug("resource cleanup complete") } if u.RollbackOnFailure { - slog.Debug("Upgrade failed and rollback-on-failure is set, rolling back to previous successful release") + u.cfg.Logger().Debug("Upgrade failed and rollback-on-failure is set, rolling back to previous successful release") // As a protection, get the last successful release before rollback. // If there are no successful releases, bail out @@ -511,12 +547,16 @@ func (u *Upgrade) failRelease(rel *release.Release, created kube.ResourceList, e return rel, fmt.Errorf("an error occurred while finding last successful release. original upgrade error: %w: %w", err, herr) } + fullHistoryV1, herr := releaseListToV1List(fullHistory) + if herr != nil { + return nil, herr + } // There isn't a way to tell if a previous release was successful, but // generally failed releases do not get superseded unless the next // release is successful, so this should be relatively safe filteredHistory := releaseutil.FilterFunc(func(r *release.Release) bool { - return r.Info.Status == release.StatusSuperseded || r.Info.Status == release.StatusDeployed - }).Filter(fullHistory) + return r.Info.Status == rcommon.StatusSuperseded || r.Info.Status == rcommon.StatusDeployed + }).Filter(fullHistoryV1) if len(filteredHistory) == 0 { return rel, fmt.Errorf("unable to find a previously successful release when attempting to rollback. original upgrade error: %w", err) } @@ -525,12 +565,12 @@ func (u *Upgrade) failRelease(rel *release.Release, created kube.ResourceList, e rollin := NewRollback(u.cfg) rollin.Version = filteredHistory[0].Version - if u.WaitStrategy == kube.HookOnlyStrategy { - rollin.WaitStrategy = kube.StatusWatcherStrategy - } + rollin.WaitStrategy = u.WaitStrategy rollin.WaitForJobs = u.WaitForJobs rollin.DisableHooks = u.DisableHooks rollin.ForceReplace = u.ForceReplace + rollin.ForceConflicts = u.ForceConflicts + rollin.ServerSideApply = u.ServerSideApply rollin.Timeout = u.Timeout if rollErr := rollin.Run(rel.Name); rollErr != nil { return rel, fmt.Errorf("an error occurred while rolling back the release. original upgrade error: %w: %w", err, rollErr) @@ -549,24 +589,24 @@ func (u *Upgrade) failRelease(rel *release.Release, created kube.ResourceList, e // // This is skipped if the u.ResetValues flag is set, in which case the // request values are not altered. -func (u *Upgrade) reuseValues(chart *chart.Chart, current *release.Release, newVals map[string]interface{}) (map[string]interface{}, error) { +func (u *Upgrade) reuseValues(chart *chartv2.Chart, current *release.Release, newVals map[string]interface{}) (map[string]interface{}, error) { if u.ResetValues { // If ResetValues is set, we completely ignore current.Config. - slog.Debug("resetting values to the chart's original version") + u.cfg.Logger().Debug("resetting values to the chart's original version") return newVals, nil } // If the ReuseValues flag is set, we always copy the old values over the new config's values. if u.ReuseValues { - slog.Debug("reusing the old release's values") + u.cfg.Logger().Debug("reusing the old release's values") // We have to regenerate the old coalesced values: - oldVals, err := chartutil.CoalesceValues(current.Chart, current.Config) + oldVals, err := util.CoalesceValues(current.Chart, current.Config) if err != nil { return nil, fmt.Errorf("failed to rebuild old values: %w", err) } - newVals = chartutil.CoalesceTables(newVals, current.Config) + newVals = util.CoalesceTables(newVals, current.Config) chart.Values = oldVals @@ -575,15 +615,15 @@ func (u *Upgrade) reuseValues(chart *chart.Chart, current *release.Release, newV // If the ResetThenReuseValues flag is set, we use the new chart's values, but we copy the old config's values over the new config's values. if u.ResetThenReuseValues { - slog.Debug("merging values from old release to new values") + u.cfg.Logger().Debug("merging values from old release to new values") - newVals = chartutil.CoalesceTables(newVals, current.Config) + newVals = util.CoalesceTables(newVals, current.Config) return newVals, nil } if len(newVals) == 0 && len(current.Config) > 0 { - slog.Debug("copying values from old release", "name", current.Name, "version", current.Version) + u.cfg.Logger().Debug("copying values from old release", "name", current.Name, "version", current.Version) newVals = current.Config } return newVals, nil @@ -608,3 +648,16 @@ func mergeCustomLabels(current, desired map[string]string) map[string]string { } return labels } + +func getUpgradeServerSideValue(serverSideOption string, releaseApplyMethod string) (bool, error) { + switch serverSideOption { + case "auto": + return releaseApplyMethod == "ssa", nil + case "false": + return false, nil + case "true": + return true, nil + default: + return false, fmt.Errorf("invalid/unknown release server-side apply method: %s", serverSideOption) + } +} diff --git a/pkg/action/upgrade_test.go b/pkg/action/upgrade_test.go index 8ec727671..e1eac3f9f 100644 --- a/pkg/action/upgrade_test.go +++ b/pkg/action/upgrade_test.go @@ -18,7 +18,9 @@ package action import ( "context" + "errors" "fmt" + "io" "reflect" "testing" "time" @@ -31,8 +33,8 @@ import ( "github.com/stretchr/testify/require" kubefake "helm.sh/helm/v4/pkg/kube/fake" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" ) func upgradeAction(t *testing.T) *Upgrade { @@ -51,24 +53,28 @@ func TestUpgradeRelease_Success(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "previous-release" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed req.NoError(upAction.cfg.Releases.Create(rel)) upAction.WaitStrategy = kube.StatusWatcherStrategy vals := map[string]interface{}{} ctx, done := context.WithCancel(t.Context()) - res, err := upAction.RunWithContext(ctx, rel.Name, buildChart(), vals) - done() + resi, err := upAction.RunWithContext(ctx, rel.Name, buildChart(), vals) req.NoError(err) - is.Equal(res.Info.Status, release.StatusDeployed) + res, err := releaserToV1Release(resi) + is.NoError(err) + is.Equal(res.Info.Status, common.StatusDeployed) + done() // Detecting previous bug where context termination after successful release // caused release to fail. time.Sleep(time.Millisecond * 100) - lastRelease, err := upAction.cfg.Releases.Last(rel.Name) + lastReleasei, err := upAction.cfg.Releases.Last(rel.Name) req.NoError(err) - is.Equal(lastRelease.Info.Status, release.StatusDeployed) + lastRelease, err := releaserToV1Release(lastReleasei) + req.NoError(err) + is.Equal(lastRelease.Info.Status, common.StatusDeployed) } func TestUpgradeRelease_Wait(t *testing.T) { @@ -78,7 +84,7 @@ func TestUpgradeRelease_Wait(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "come-fail-away" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) failer := upAction.cfg.KubeClient.(*kubefake.FailingKubeClient) @@ -87,10 +93,12 @@ func TestUpgradeRelease_Wait(t *testing.T) { upAction.WaitStrategy = kube.StatusWatcherStrategy vals := map[string]interface{}{} - res, err := upAction.Run(rel.Name, buildChart(), vals) + resi, err := upAction.Run(rel.Name, buildChart(), vals) req.Error(err) + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "I timed out") - is.Equal(res.Info.Status, release.StatusFailed) + is.Equal(res.Info.Status, common.StatusFailed) } func TestUpgradeRelease_WaitForJobs(t *testing.T) { @@ -100,7 +108,7 @@ func TestUpgradeRelease_WaitForJobs(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "come-fail-away" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) failer := upAction.cfg.KubeClient.(*kubefake.FailingKubeClient) @@ -110,10 +118,12 @@ func TestUpgradeRelease_WaitForJobs(t *testing.T) { upAction.WaitForJobs = true vals := map[string]interface{}{} - res, err := upAction.Run(rel.Name, buildChart(), vals) + resi, err := upAction.Run(rel.Name, buildChart(), vals) req.Error(err) + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "I timed out") - is.Equal(res.Info.Status, release.StatusFailed) + is.Equal(res.Info.Status, common.StatusFailed) } func TestUpgradeRelease_CleanupOnFail(t *testing.T) { @@ -123,7 +133,7 @@ func TestUpgradeRelease_CleanupOnFail(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "come-fail-away" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) failer := upAction.cfg.KubeClient.(*kubefake.FailingKubeClient) @@ -134,11 +144,13 @@ func TestUpgradeRelease_CleanupOnFail(t *testing.T) { upAction.CleanupOnFail = true vals := map[string]interface{}{} - res, err := upAction.Run(rel.Name, buildChart(), vals) + resi, err := upAction.Run(rel.Name, buildChart(), vals) req.Error(err) is.NotContains(err.Error(), "unable to cleanup resources") + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "I timed out") - is.Equal(res.Info.Status, release.StatusFailed) + is.Equal(res.Info.Status, common.StatusFailed) } func TestUpgradeRelease_RollbackOnFailure(t *testing.T) { @@ -150,7 +162,7 @@ func TestUpgradeRelease_RollbackOnFailure(t *testing.T) { rel := releaseStub() rel.Name = "nuketown" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) failer := upAction.cfg.KubeClient.(*kubefake.FailingKubeClient) @@ -160,23 +172,27 @@ func TestUpgradeRelease_RollbackOnFailure(t *testing.T) { upAction.RollbackOnFailure = true vals := map[string]interface{}{} - res, err := upAction.Run(rel.Name, buildChart(), vals) + resi, err := upAction.Run(rel.Name, buildChart(), vals) req.Error(err) is.Contains(err.Error(), "arming key removed") is.Contains(err.Error(), "rollback-on-failure") + res, err := releaserToV1Release(resi) + is.NoError(err) // Now make sure it is actually upgraded - updatedRes, err := upAction.cfg.Releases.Get(res.Name, 3) + updatedResi, err := upAction.cfg.Releases.Get(res.Name, 3) + is.NoError(err) + updatedRes, err := releaserToV1Release(updatedResi) is.NoError(err) // Should have rolled back to the previous - is.Equal(updatedRes.Info.Status, release.StatusDeployed) + is.Equal(updatedRes.Info.Status, common.StatusDeployed) }) t.Run("rollback-on-failure uninstall fails", func(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "fallout" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) failer := upAction.cfg.KubeClient.(*kubefake.FailingKubeClient) @@ -217,7 +233,7 @@ func TestUpgradeRelease_ReuseValues(t *testing.T) { rel := releaseStub() rel.Name = "nuketown" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed rel.Config = existingValues err := upAction.cfg.Releases.Create(rel) @@ -225,18 +241,23 @@ func TestUpgradeRelease_ReuseValues(t *testing.T) { upAction.ReuseValues = true // setting newValues and upgrading - res, err := upAction.Run(rel.Name, buildChart(), newValues) + resi, err := upAction.Run(rel.Name, buildChart(), newValues) + is.NoError(err) + res, err := releaserToV1Release(resi) is.NoError(err) // Now make sure it is actually upgraded - updatedRes, err := upAction.cfg.Releases.Get(res.Name, 2) + updatedResi, err := upAction.cfg.Releases.Get(res.Name, 2) is.NoError(err) - if updatedRes == nil { + if updatedResi == nil { is.Fail("Updated Release is nil") return } - is.Equal(release.StatusDeployed, updatedRes.Info.Status) + updatedRes, err := releaserToV1Release(updatedResi) + is.NoError(err) + + is.Equal(common.StatusDeployed, updatedRes.Info.Status) is.Equal(expectedValues, updatedRes.Config) }) @@ -258,7 +279,7 @@ func TestUpgradeRelease_ReuseValues(t *testing.T) { withValues(chartDefaultValues), withMetadataDependency(dependency), ) - now := helmtime.Now() + now := time.Now() existingValues := map[string]interface{}{ "subchart": map[string]interface{}{ "enabled": false, @@ -269,7 +290,7 @@ func TestUpgradeRelease_ReuseValues(t *testing.T) { Info: &release.Info{ FirstDeployed: now, LastDeployed: now, - Status: release.StatusDeployed, + Status: common.StatusDeployed, Description: "Named Release Stub", }, Chart: sampleChart, @@ -287,18 +308,23 @@ func TestUpgradeRelease_ReuseValues(t *testing.T) { withMetadataDependency(dependency), ) // reusing values and upgrading - res, err := upAction.Run(rel.Name, sampleChartWithSubChart, map[string]interface{}{}) + resi, err := upAction.Run(rel.Name, sampleChartWithSubChart, map[string]interface{}{}) + is.NoError(err) + res, err := releaserToV1Release(resi) is.NoError(err) // Now get the upgraded release - updatedRes, err := upAction.cfg.Releases.Get(res.Name, 2) + updatedResi, err := upAction.cfg.Releases.Get(res.Name, 2) is.NoError(err) - if updatedRes == nil { + if updatedResi == nil { is.Fail("Updated Release is nil") return } - is.Equal(release.StatusDeployed, updatedRes.Info.Status) + updatedRes, err := releaserToV1Release(updatedResi) + is.NoError(err) + + is.Equal(common.StatusDeployed, updatedRes.Info.Status) is.Equal(0, len(updatedRes.Chart.Dependencies()), "expected 0 dependencies") expectedValues := map[string]interface{}{ @@ -338,7 +364,7 @@ func TestUpgradeRelease_ResetThenReuseValues(t *testing.T) { rel := releaseStub() rel.Name = "nuketown" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed rel.Config = existingValues err := upAction.cfg.Releases.Create(rel) @@ -346,18 +372,23 @@ func TestUpgradeRelease_ResetThenReuseValues(t *testing.T) { upAction.ResetThenReuseValues = true // setting newValues and upgrading - res, err := upAction.Run(rel.Name, buildChart(withValues(newChartValues)), newValues) + resi, err := upAction.Run(rel.Name, buildChart(withValues(newChartValues)), newValues) + is.NoError(err) + res, err := releaserToV1Release(resi) is.NoError(err) // Now make sure it is actually upgraded - updatedRes, err := upAction.cfg.Releases.Get(res.Name, 2) + updatedResi, err := upAction.cfg.Releases.Get(res.Name, 2) is.NoError(err) - if updatedRes == nil { + if updatedResi == nil { is.Fail("Updated Release is nil") return } - is.Equal(release.StatusDeployed, updatedRes.Info.Status) + updatedRes, err := releaserToV1Release(updatedResi) + is.NoError(err) + + is.Equal(common.StatusDeployed, updatedRes.Info.Status) is.Equal(expectedValues, updatedRes.Config) is.Equal(newChartValues, updatedRes.Chart.Values) }) @@ -369,11 +400,11 @@ func TestUpgradeRelease_Pending(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "come-fail-away" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) rel2 := releaseStub() rel2.Name = "come-fail-away" - rel2.Info.Status = release.StatusPendingUpgrade + rel2.Info.Status = common.StatusPendingUpgrade rel2.Version = 2 upAction.cfg.Releases.Create(rel2) @@ -390,7 +421,7 @@ func TestUpgradeRelease_Interrupted_Wait(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "interrupted-release" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) failer := upAction.cfg.KubeClient.(*kubefake.FailingKubeClient) @@ -402,11 +433,13 @@ func TestUpgradeRelease_Interrupted_Wait(t *testing.T) { ctx, cancel := context.WithCancel(t.Context()) time.AfterFunc(time.Second, cancel) - res, err := upAction.RunWithContext(ctx, rel.Name, buildChart(), vals) + resi, err := upAction.RunWithContext(ctx, rel.Name, buildChart(), vals) req.Error(err) + res, err := releaserToV1Release(resi) + is.NoError(err) is.Contains(res.Info.Description, "Upgrade \"interrupted-release\" failed: context canceled") - is.Equal(res.Info.Status, release.StatusFailed) + is.Equal(res.Info.Status, common.StatusFailed) } func TestUpgradeRelease_Interrupted_RollbackOnFailure(t *testing.T) { @@ -417,7 +450,7 @@ func TestUpgradeRelease_Interrupted_RollbackOnFailure(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "interrupted-release" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed upAction.cfg.Releases.Create(rel) failer := upAction.cfg.KubeClient.(*kubefake.FailingKubeClient) @@ -429,16 +462,19 @@ func TestUpgradeRelease_Interrupted_RollbackOnFailure(t *testing.T) { ctx, cancel := context.WithCancel(t.Context()) time.AfterFunc(time.Second, cancel) - res, err := upAction.RunWithContext(ctx, rel.Name, buildChart(), vals) + resi, err := upAction.RunWithContext(ctx, rel.Name, buildChart(), vals) req.Error(err) is.Contains(err.Error(), "release interrupted-release failed, and has been rolled back due to rollback-on-failure being set: context canceled") - + res, err := releaserToV1Release(resi) + is.NoError(err) // Now make sure it is actually upgraded - updatedRes, err := upAction.cfg.Releases.Get(res.Name, 3) + updatedResi, err := upAction.cfg.Releases.Get(res.Name, 3) + is.NoError(err) + updatedRes, err := releaserToV1Release(updatedResi) is.NoError(err) // Should have rolled back to the previous - is.Equal(updatedRes.Info.Status, release.StatusDeployed) + is.Equal(updatedRes.Info.Status, common.StatusDeployed) } func TestMergeCustomLabels(t *testing.T) { @@ -467,7 +503,7 @@ func TestUpgradeRelease_Labels(t *testing.T) { "key1": "val1", "key2": "val2.1", } - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed err := upAction.cfg.Releases.Create(rel) is.NoError(err) @@ -478,29 +514,35 @@ func TestUpgradeRelease_Labels(t *testing.T) { "key3": "val3", } // setting newValues and upgrading - res, err := upAction.Run(rel.Name, buildChart(), nil) + resi, err := upAction.Run(rel.Name, buildChart(), nil) + is.NoError(err) + res, err := releaserToV1Release(resi) is.NoError(err) // Now make sure it is actually upgraded and labels were merged - updatedRes, err := upAction.cfg.Releases.Get(res.Name, 2) + updatedResi, err := upAction.cfg.Releases.Get(res.Name, 2) is.NoError(err) - if updatedRes == nil { + if updatedResi == nil { is.Fail("Updated Release is nil") return } - is.Equal(release.StatusDeployed, updatedRes.Info.Status) + updatedRes, err := releaserToV1Release(updatedResi) + is.NoError(err) + is.Equal(common.StatusDeployed, updatedRes.Info.Status) is.Equal(mergeCustomLabels(rel.Labels, upAction.Labels), updatedRes.Labels) // Now make sure it is suppressed release still contains original labels - initialRes, err := upAction.cfg.Releases.Get(res.Name, 1) + initialResi, err := upAction.cfg.Releases.Get(res.Name, 1) is.NoError(err) - if initialRes == nil { + if initialResi == nil { is.Fail("Updated Release is nil") return } - is.Equal(initialRes.Info.Status, release.StatusSuperseded) + initialRes, err := releaserToV1Release(initialResi) + is.NoError(err) + is.Equal(initialRes.Info.Status, common.StatusSuperseded) is.Equal(initialRes.Labels, rel.Labels) } @@ -515,7 +557,7 @@ func TestUpgradeRelease_SystemLabels(t *testing.T) { "key1": "val1", "key2": "val2.1", } - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed err := upAction.cfg.Releases.Create(rel) is.NoError(err) @@ -541,22 +583,26 @@ func TestUpgradeRelease_DryRun(t *testing.T) { upAction := upgradeAction(t) rel := releaseStub() rel.Name = "previous-release" - rel.Info.Status = release.StatusDeployed + rel.Info.Status = common.StatusDeployed req.NoError(upAction.cfg.Releases.Create(rel)) - upAction.DryRun = true + upAction.DryRunStrategy = DryRunClient vals := map[string]interface{}{} ctx, done := context.WithCancel(t.Context()) - res, err := upAction.RunWithContext(ctx, rel.Name, buildChart(withSampleSecret()), vals) + resi, err := upAction.RunWithContext(ctx, rel.Name, buildChart(withSampleSecret()), vals) done() req.NoError(err) - is.Equal(release.StatusPendingUpgrade, res.Info.Status) + res, err := releaserToV1Release(resi) + is.NoError(err) + is.Equal(common.StatusPendingUpgrade, res.Info.Status) is.Contains(res.Manifest, "kind: Secret") - lastRelease, err := upAction.cfg.Releases.Last(rel.Name) + lastReleasei, err := upAction.cfg.Releases.Last(rel.Name) req.NoError(err) - is.Equal(lastRelease.Info.Status, release.StatusDeployed) + lastRelease, err := releaserToV1Release(lastReleasei) + req.NoError(err) + is.Equal(lastRelease.Info.Status, common.StatusDeployed) is.Equal(1, lastRelease.Version) // Test the case for hiding the secret to ensure it is not displayed @@ -564,19 +610,23 @@ func TestUpgradeRelease_DryRun(t *testing.T) { vals = map[string]interface{}{} ctx, done = context.WithCancel(t.Context()) - res, err = upAction.RunWithContext(ctx, rel.Name, buildChart(withSampleSecret()), vals) + resi, err = upAction.RunWithContext(ctx, rel.Name, buildChart(withSampleSecret()), vals) done() req.NoError(err) - is.Equal(release.StatusPendingUpgrade, res.Info.Status) + res, err = releaserToV1Release(resi) + is.NoError(err) + is.Equal(common.StatusPendingUpgrade, res.Info.Status) is.NotContains(res.Manifest, "kind: Secret") - lastRelease, err = upAction.cfg.Releases.Last(rel.Name) + lastReleasei, err = upAction.cfg.Releases.Last(rel.Name) + req.NoError(err) + lastRelease, err = releaserToV1Release(lastReleasei) req.NoError(err) - is.Equal(lastRelease.Info.Status, release.StatusDeployed) + is.Equal(lastRelease.Info.Status, common.StatusDeployed) is.Equal(1, lastRelease.Version) // Ensure in a dry run mode when using HideSecret - upAction.DryRun = false + upAction.DryRunStrategy = DryRunNone vals = map[string]interface{}{} ctx, done = context.WithCancel(t.Context()) @@ -584,3 +634,124 @@ func TestUpgradeRelease_DryRun(t *testing.T) { done() req.Error(err) } + +func TestGetUpgradeServerSideValue(t *testing.T) { + tests := []struct { + name string + actionServerSideOption string + releaseApplyMethod string + expectedServerSideApply bool + }{ + { + name: "action ssa auto / release csa", + actionServerSideOption: "auto", + releaseApplyMethod: "csa", + expectedServerSideApply: false, + }, + { + name: "action ssa auto / release ssa", + actionServerSideOption: "auto", + releaseApplyMethod: "ssa", + expectedServerSideApply: true, + }, + { + name: "action ssa auto / release empty", + actionServerSideOption: "auto", + releaseApplyMethod: "", + expectedServerSideApply: false, + }, + { + name: "action ssa true / release csa", + actionServerSideOption: "true", + releaseApplyMethod: "csa", + expectedServerSideApply: true, + }, + { + name: "action ssa true / release ssa", + actionServerSideOption: "true", + releaseApplyMethod: "ssa", + expectedServerSideApply: true, + }, + { + name: "action ssa true / release 'unknown'", + actionServerSideOption: "true", + releaseApplyMethod: "foo", + expectedServerSideApply: true, + }, + { + name: "action ssa true / release empty", + actionServerSideOption: "true", + releaseApplyMethod: "", + expectedServerSideApply: true, + }, + { + name: "action ssa false / release csa", + actionServerSideOption: "false", + releaseApplyMethod: "ssa", + expectedServerSideApply: false, + }, + { + name: "action ssa false / release ssa", + actionServerSideOption: "false", + releaseApplyMethod: "ssa", + expectedServerSideApply: false, + }, + { + name: "action ssa false / release 'unknown'", + actionServerSideOption: "false", + releaseApplyMethod: "foo", + expectedServerSideApply: false, + }, + { + name: "action ssa false / release empty", + actionServerSideOption: "false", + releaseApplyMethod: "ssa", + expectedServerSideApply: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + serverSideApply, err := getUpgradeServerSideValue(tt.actionServerSideOption, tt.releaseApplyMethod) + assert.Nil(t, err) + assert.Equal(t, tt.expectedServerSideApply, serverSideApply) + }) + } + + testsError := []struct { + name string + actionServerSideOption string + releaseApplyMethod string + expectedErrorMsg string + }{ + { + name: "action invalid option", + actionServerSideOption: "invalid", + releaseApplyMethod: "ssa", + expectedErrorMsg: "invalid/unknown release server-side apply method: invalid", + }, + } + + for _, tt := range testsError { + t.Run(tt.name, func(t *testing.T) { + _, err := getUpgradeServerSideValue(tt.actionServerSideOption, tt.releaseApplyMethod) + assert.ErrorContains(t, err, tt.expectedErrorMsg) + }) + } + +} + +func TestUpgradeRun_UnreachableKubeClient(t *testing.T) { + t.Helper() + config := actionConfigFixture(t) + failingKubeClient := kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}, DummyResources: nil} + failingKubeClient.ConnectionError = errors.New("connection refused") + config.KubeClient = &failingKubeClient + + client := NewUpgrade(config) + vals := map[string]interface{}{} + result, err := client.Run("", buildChart(), vals) + + assert.Nil(t, result) + assert.ErrorContains(t, err, "connection refused") +} diff --git a/pkg/action/verify.go b/pkg/action/verify.go index ca2f4fa63..6e4562f61 100644 --- a/pkg/action/verify.go +++ b/pkg/action/verify.go @@ -28,7 +28,6 @@ import ( // It provides the implementation of 'helm verify'. type Verify struct { Keyring string - Out string } // NewVerify creates a new Verify object with the given configuration. @@ -37,23 +36,18 @@ func NewVerify() *Verify { } // Run executes 'helm verify'. -func (v *Verify) Run(chartfile string) error { +func (v *Verify) Run(chartfile string) (string, error) { var out strings.Builder p, err := downloader.VerifyChart(chartfile, chartfile+".prov", v.Keyring) if err != nil { - return err + return "", err } for name := range p.SignedBy.Identities { - fmt.Fprintf(&out, "Signed by: %v\n", name) + _, _ = fmt.Fprintf(&out, "Signed by: %v\n", name) } - fmt.Fprintf(&out, "Using Key With Fingerprint: %X\n", p.SignedBy.PrimaryKey.Fingerprint) - fmt.Fprintf(&out, "Chart Hash Verified: %s\n", p.FileHash) + _, _ = fmt.Fprintf(&out, "Using Key With Fingerprint: %X\n", p.SignedBy.PrimaryKey.Fingerprint) + _, _ = fmt.Fprintf(&out, "Chart Hash Verified: %s\n", p.FileHash) - // TODO(mattfarina): The output is set as a property rather than returned - // to maintain the Go API. In Helm v4 this function should return the out - // and the property on the struct can be removed. - v.Out = out.String() - - return nil + return out.String(), err } diff --git a/pkg/chart/common.go b/pkg/chart/common.go new file mode 100644 index 000000000..8080f3dc8 --- /dev/null +++ b/pkg/chart/common.go @@ -0,0 +1,243 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chart + +import ( + "errors" + "fmt" + "log/slog" + "reflect" + "strings" + + v3chart "helm.sh/helm/v4/internal/chart/v3" + common "helm.sh/helm/v4/pkg/chart/common" + v2chart "helm.sh/helm/v4/pkg/chart/v2" +) + +var NewAccessor func(chrt Charter) (Accessor, error) = NewDefaultAccessor //nolint:revive + +func NewDefaultAccessor(chrt Charter) (Accessor, error) { + switch v := chrt.(type) { + case v2chart.Chart: + return &v2Accessor{&v}, nil + case *v2chart.Chart: + return &v2Accessor{v}, nil + case v3chart.Chart: + return &v3Accessor{&v}, nil + case *v3chart.Chart: + return &v3Accessor{v}, nil + default: + return nil, errors.New("unsupported chart type") + } +} + +type v2Accessor struct { + chrt *v2chart.Chart +} + +func (r *v2Accessor) Name() string { + return r.chrt.Metadata.Name +} + +func (r *v2Accessor) IsRoot() bool { + return r.chrt.IsRoot() +} + +func (r *v2Accessor) MetadataAsMap() map[string]interface{} { + var ret map[string]interface{} + if r.chrt.Metadata == nil { + return ret + } + + ret, err := structToMap(r.chrt.Metadata) + if err != nil { + slog.Error("error converting metadata to map", "error", err) + } + return ret +} + +func (r *v2Accessor) Files() []*common.File { + return r.chrt.Files +} + +func (r *v2Accessor) Templates() []*common.File { + return r.chrt.Templates +} + +func (r *v2Accessor) ChartFullPath() string { + return r.chrt.ChartFullPath() +} + +func (r *v2Accessor) IsLibraryChart() bool { + return strings.EqualFold(r.chrt.Metadata.Type, "library") +} + +func (r *v2Accessor) Dependencies() []Charter { + var deps = make([]Charter, len(r.chrt.Dependencies())) + for i, c := range r.chrt.Dependencies() { + deps[i] = c + } + return deps +} + +func (r *v2Accessor) MetaDependencies() []Dependency { + var deps = make([]Dependency, len(r.chrt.Metadata.Dependencies)) + for i, c := range r.chrt.Metadata.Dependencies { + deps[i] = c + } + return deps +} + +func (r *v2Accessor) Values() map[string]interface{} { + return r.chrt.Values +} + +func (r *v2Accessor) Schema() []byte { + return r.chrt.Schema +} + +func (r *v2Accessor) Deprecated() bool { + return r.chrt.Metadata.Deprecated +} + +type v3Accessor struct { + chrt *v3chart.Chart +} + +func (r *v3Accessor) Name() string { + return r.chrt.Metadata.Name +} + +func (r *v3Accessor) IsRoot() bool { + return r.chrt.IsRoot() +} + +func (r *v3Accessor) MetadataAsMap() map[string]interface{} { + var ret map[string]interface{} + if r.chrt.Metadata == nil { + return ret + } + + ret, err := structToMap(r.chrt.Metadata) + if err != nil { + slog.Error("error converting metadata to map", "error", err) + } + return ret +} + +func (r *v3Accessor) Files() []*common.File { + return r.chrt.Files +} + +func (r *v3Accessor) Templates() []*common.File { + return r.chrt.Templates +} + +func (r *v3Accessor) ChartFullPath() string { + return r.chrt.ChartFullPath() +} + +func (r *v3Accessor) IsLibraryChart() bool { + return strings.EqualFold(r.chrt.Metadata.Type, "library") +} + +func (r *v3Accessor) Dependencies() []Charter { + var deps = make([]Charter, len(r.chrt.Dependencies())) + for i, c := range r.chrt.Dependencies() { + deps[i] = c + } + return deps +} + +func (r *v3Accessor) MetaDependencies() []Dependency { + var deps = make([]Dependency, len(r.chrt.Dependencies())) + for i, c := range r.chrt.Metadata.Dependencies { + deps[i] = c + } + return deps +} + +func (r *v3Accessor) Values() map[string]interface{} { + return r.chrt.Values +} + +func (r *v3Accessor) Schema() []byte { + return r.chrt.Schema +} + +func (r *v3Accessor) Deprecated() bool { + return r.chrt.Metadata.Deprecated +} + +func structToMap(obj interface{}) (map[string]interface{}, error) { + objValue := reflect.ValueOf(obj) + + // If the value is a pointer, dereference it + if objValue.Kind() == reflect.Ptr { + objValue = objValue.Elem() + } + + // Check if the input is a struct + if objValue.Kind() != reflect.Struct { + return nil, fmt.Errorf("input must be a struct or a pointer to a struct") + } + + result := make(map[string]interface{}) + objType := objValue.Type() + + for i := 0; i < objValue.NumField(); i++ { + field := objType.Field(i) + value := objValue.Field(i) + + switch value.Kind() { + case reflect.Struct: + nestedMap, err := structToMap(value.Interface()) + if err != nil { + return nil, err + } + result[field.Name] = nestedMap + case reflect.Ptr: + // Recurse for pointers by dereferencing + if value.IsNil() { + result[field.Name] = nil + } else { + nestedMap, err := structToMap(value.Interface()) + if err != nil { + return nil, err + } + result[field.Name] = nestedMap + } + case reflect.Slice: + sliceOfMaps := make([]interface{}, value.Len()) + for j := 0; j < value.Len(); j++ { + sliceElement := value.Index(j) + if sliceElement.Kind() == reflect.Struct || sliceElement.Kind() == reflect.Ptr { + nestedMap, err := structToMap(sliceElement.Interface()) + if err != nil { + return nil, err + } + sliceOfMaps[j] = nestedMap + } else { + sliceOfMaps[j] = sliceElement.Interface() + } + } + result[field.Name] = sliceOfMaps + default: + result[field.Name] = value.Interface() + } + } + return result, nil +} diff --git a/pkg/chart/v2/util/capabilities.go b/pkg/chart/common/capabilities.go similarity index 99% rename from pkg/chart/v2/util/capabilities.go rename to pkg/chart/common/capabilities.go index 19d62c5e3..355c3978a 100644 --- a/pkg/chart/v2/util/capabilities.go +++ b/pkg/chart/common/capabilities.go @@ -13,7 +13,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util +package common import ( "fmt" diff --git a/pkg/chart/v2/util/capabilities_test.go b/pkg/chart/common/capabilities_test.go similarity index 99% rename from pkg/chart/v2/util/capabilities_test.go rename to pkg/chart/common/capabilities_test.go index e5513b3fd..bf32b1f3f 100644 --- a/pkg/chart/v2/util/capabilities_test.go +++ b/pkg/chart/common/capabilities_test.go @@ -13,7 +13,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util +package common import ( "testing" diff --git a/pkg/chart/v2/util/errors.go b/pkg/chart/common/errors.go similarity index 98% rename from pkg/chart/v2/util/errors.go rename to pkg/chart/common/errors.go index a175b9758..b0a2d650e 100644 --- a/pkg/chart/v2/util/errors.go +++ b/pkg/chart/common/errors.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util +package common import ( "fmt" diff --git a/pkg/chart/v2/util/errors_test.go b/pkg/chart/common/errors_test.go similarity index 98% rename from pkg/chart/v2/util/errors_test.go rename to pkg/chart/common/errors_test.go index b8ae86384..06b3b054c 100644 --- a/pkg/chart/v2/util/errors_test.go +++ b/pkg/chart/common/errors_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util +package common import ( "testing" diff --git a/internal/chart/v3/file.go b/pkg/chart/common/file.go similarity index 88% rename from internal/chart/v3/file.go rename to pkg/chart/common/file.go index ba04e106d..1068bf450 100644 --- a/internal/chart/v3/file.go +++ b/pkg/chart/common/file.go @@ -13,7 +13,9 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v3 +package common + +import "time" // File represents a file as a name/value pair. // @@ -24,4 +26,6 @@ type File struct { Name string `json:"name"` // Data is the template as byte data. Data []byte `json:"data"` + // ModTime is the file's mod-time + ModTime time.Time `json:"modtime,omitzero"` } diff --git a/pkg/chart/v2/util/testdata/coleridge.yaml b/pkg/chart/common/testdata/coleridge.yaml similarity index 100% rename from pkg/chart/v2/util/testdata/coleridge.yaml rename to pkg/chart/common/testdata/coleridge.yaml diff --git a/internal/chart/v3/util/coalesce.go b/pkg/chart/common/util/coalesce.go similarity index 81% rename from internal/chart/v3/util/coalesce.go rename to pkg/chart/common/util/coalesce.go index caea2e119..5bfa1c608 100644 --- a/internal/chart/v3/util/coalesce.go +++ b/pkg/chart/common/util/coalesce.go @@ -23,7 +23,8 @@ import ( "github.com/mitchellh/copystructure" - chart "helm.sh/helm/v4/internal/chart/v3" + chart "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/common" ) func concatPrefix(a, b string) string { @@ -42,7 +43,7 @@ func concatPrefix(a, b string) string { // - Scalar values and arrays are replaced, maps are merged // - A chart has access to all of the variables for it, as well as all of // the values destined for its dependencies. -func CoalesceValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) { +func CoalesceValues(chrt chart.Charter, vals map[string]interface{}) (common.Values, error) { valsCopy, err := copyValues(vals) if err != nil { return vals, err @@ -64,7 +65,7 @@ func CoalesceValues(chrt *chart.Chart, vals map[string]interface{}) (Values, err // Retaining Nils is useful when processes early in a Helm action or business // logic need to retain them for when Coalescing will happen again later in the // business logic. -func MergeValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) { +func MergeValues(chrt chart.Charter, vals map[string]interface{}) (common.Values, error) { valsCopy, err := copyValues(vals) if err != nil { return vals, err @@ -72,7 +73,7 @@ func MergeValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) return coalesce(log.Printf, chrt, valsCopy, "", true) } -func copyValues(vals map[string]interface{}) (Values, error) { +func copyValues(vals map[string]interface{}) (common.Values, error) { v, err := copystructure.Copy(vals) if err != nil { return vals, err @@ -96,28 +97,36 @@ type printFn func(format string, v ...interface{}) // Note, the merge argument specifies whether this is being used by MergeValues // or CoalesceValues. Coalescing removes null values and their keys in some // situations while merging keeps the null values. -func coalesce(printf printFn, ch *chart.Chart, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { +func coalesce(printf printFn, ch chart.Charter, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { coalesceValues(printf, ch, dest, prefix, merge) return coalesceDeps(printf, ch, dest, prefix, merge) } // coalesceDeps coalesces the dependencies of the given chart. -func coalesceDeps(printf printFn, chrt *chart.Chart, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { - for _, subchart := range chrt.Dependencies() { - if c, ok := dest[subchart.Name()]; !ok { +func coalesceDeps(printf printFn, chrt chart.Charter, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { + ch, err := chart.NewAccessor(chrt) + if err != nil { + return dest, err + } + for _, subchart := range ch.Dependencies() { + sub, err := chart.NewAccessor(subchart) + if err != nil { + return dest, err + } + if c, ok := dest[sub.Name()]; !ok { // If dest doesn't already have the key, create it. - dest[subchart.Name()] = make(map[string]interface{}) + dest[sub.Name()] = make(map[string]interface{}) } else if !istable(c) { - return dest, fmt.Errorf("type mismatch on %s: %t", subchart.Name(), c) + return dest, fmt.Errorf("type mismatch on %s: %t", sub.Name(), c) } - if dv, ok := dest[subchart.Name()]; ok { + if dv, ok := dest[sub.Name()]; ok { dvmap := dv.(map[string]interface{}) - subPrefix := concatPrefix(prefix, chrt.Metadata.Name) + subPrefix := concatPrefix(prefix, ch.Name()) // Get globals out of dest and merge them into dvmap. coalesceGlobals(printf, dvmap, dest, subPrefix, merge) // Now coalesce the rest of the values. var err error - dest[subchart.Name()], err = coalesce(printf, subchart, dvmap, subPrefix, merge) + dest[sub.Name()], err = coalesce(printf, subchart, dvmap, subPrefix, merge) if err != nil { return dest, err } @@ -132,17 +141,17 @@ func coalesceDeps(printf printFn, chrt *chart.Chart, dest map[string]interface{} func coalesceGlobals(printf printFn, dest, src map[string]interface{}, prefix string, _ bool) { var dg, sg map[string]interface{} - if destglob, ok := dest[GlobalKey]; !ok { + if destglob, ok := dest[common.GlobalKey]; !ok { dg = make(map[string]interface{}) } else if dg, ok = destglob.(map[string]interface{}); !ok { - printf("warning: skipping globals because destination %s is not a table.", GlobalKey) + printf("warning: skipping globals because destination %s is not a table.", common.GlobalKey) return } - if srcglob, ok := src[GlobalKey]; !ok { + if srcglob, ok := src[common.GlobalKey]; !ok { sg = make(map[string]interface{}) } else if sg, ok = srcglob.(map[string]interface{}); !ok { - printf("warning: skipping globals because source %s is not a table.", GlobalKey) + printf("warning: skipping globals because source %s is not a table.", common.GlobalKey) return } @@ -178,7 +187,7 @@ func coalesceGlobals(printf printFn, dest, src map[string]interface{}, prefix st dg[key] = val } } - dest[GlobalKey] = dg + dest[common.GlobalKey] = dg } func copyMap(src map[string]interface{}) map[string]interface{} { @@ -190,13 +199,18 @@ func copyMap(src map[string]interface{}) map[string]interface{} { // coalesceValues builds up a values map for a particular chart. // // Values in v will override the values in the chart. -func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, prefix string, merge bool) { - subPrefix := concatPrefix(prefix, c.Metadata.Name) +func coalesceValues(printf printFn, c chart.Charter, v map[string]interface{}, prefix string, merge bool) { + ch, err := chart.NewAccessor(c) + if err != nil { + return + } + + subPrefix := concatPrefix(prefix, ch.Name()) // Using c.Values directly when coalescing a table can cause problems where // the original c.Values is altered. Creating a deep copy stops the problem. // This section is fault-tolerant as there is no ability to return an error. - valuesCopy, err := copystructure.Copy(c.Values) + valuesCopy, err := copystructure.Copy(ch.Values()) var vc map[string]interface{} var ok bool if err != nil { @@ -205,7 +219,7 @@ func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, pr // wrong with c.Values. In this case we will use c.Values and report // an error. printf("warning: unable to copy values, err: %s", err) - vc = c.Values + vc = ch.Values() } else { vc, ok = valuesCopy.(map[string]interface{}) if !ok { @@ -213,7 +227,7 @@ func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, pr // it cannot be treated as map[string]interface{} there is something // strangely wrong. Log it and use c.Values printf("warning: unable to convert values copy to values type") - vc = c.Values + vc = ch.Values() } } @@ -250,9 +264,17 @@ func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, pr } } -func childChartMergeTrue(chrt *chart.Chart, key string, merge bool) bool { - for _, subchart := range chrt.Dependencies() { - if subchart.Name() == key { +func childChartMergeTrue(chrt chart.Charter, key string, merge bool) bool { + ch, err := chart.NewAccessor(chrt) + if err != nil { + return merge + } + for _, subchart := range ch.Dependencies() { + sub, err := chart.NewAccessor(subchart) + if err != nil { + return merge + } + if sub.Name() == key { return true } } @@ -306,3 +328,9 @@ func coalesceTablesFullKey(printf printFn, dst, src map[string]interface{}, pref } return dst } + +// istable is a special-purpose function to see if the present thing matches the definition of a YAML table. +func istable(v interface{}) bool { + _, ok := v.(map[string]interface{}) + return ok +} diff --git a/pkg/chart/v2/util/coalesce_test.go b/pkg/chart/common/util/coalesce_test.go similarity index 97% rename from pkg/chart/v2/util/coalesce_test.go rename to pkg/chart/common/util/coalesce_test.go index e2c45a435..871bfa8da 100644 --- a/pkg/chart/v2/util/coalesce_test.go +++ b/pkg/chart/common/util/coalesce_test.go @@ -17,13 +17,16 @@ limitations under the License. package util import ( + "bytes" "encoding/json" "fmt" "maps" "testing" + "text/template" "github.com/stretchr/testify/assert" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" ) @@ -136,7 +139,7 @@ func TestCoalesceValues(t *testing.T) { }, ) - vals, err := ReadValues(testCoalesceValuesYaml) + vals, err := common.ReadValues(testCoalesceValuesYaml) if err != nil { t.Fatal(err) } @@ -144,7 +147,7 @@ func TestCoalesceValues(t *testing.T) { // taking a copy of the values before passing it // to CoalesceValues as argument, so that we can // use it for asserting later - valsCopy := make(Values, len(vals)) + valsCopy := make(common.Values, len(vals)) maps.Copy(valsCopy, vals) v, err := CoalesceValues(c, vals) @@ -238,6 +241,13 @@ func TestCoalesceValues(t *testing.T) { is.Equal(valsCopy, vals) } +func ttpl(tpl string, v map[string]interface{}) (string, error) { + var b bytes.Buffer + tt := template.Must(template.New("t").Parse(tpl)) + err := tt.Execute(&b, v) + return b.String(), err +} + func TestMergeValues(t *testing.T) { is := assert.New(t) @@ -294,7 +304,7 @@ func TestMergeValues(t *testing.T) { }, ) - vals, err := ReadValues(testCoalesceValuesYaml) + vals, err := common.ReadValues(testCoalesceValuesYaml) if err != nil { t.Fatal(err) } @@ -302,7 +312,7 @@ func TestMergeValues(t *testing.T) { // taking a copy of the values before passing it // to MergeValues as argument, so that we can // use it for asserting later - valsCopy := make(Values, len(vals)) + valsCopy := make(common.Values, len(vals)) maps.Copy(valsCopy, vals) v, err := MergeValues(c, vals) diff --git a/pkg/chart/v2/util/jsonschema.go b/pkg/chart/common/util/jsonschema.go similarity index 69% rename from pkg/chart/v2/util/jsonschema.go rename to pkg/chart/common/util/jsonschema.go index 72e133363..649bbecac 100644 --- a/pkg/chart/v2/util/jsonschema.go +++ b/pkg/chart/common/util/jsonschema.go @@ -24,13 +24,15 @@ import ( "log/slog" "net/http" "strings" + "sync" "time" "github.com/santhosh-tekuri/jsonschema/v6" "helm.sh/helm/v4/internal/version" - chart "helm.sh/helm/v4/pkg/chart/v2" + chart "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/common" ) // HTTPURLLoader implements a loader for HTTP/HTTPS URLs @@ -71,11 +73,15 @@ func newHTTPURLLoader() *HTTPURLLoader { } // ValidateAgainstSchema checks that values does not violate the structure laid out in schema -func ValidateAgainstSchema(chrt *chart.Chart, values map[string]interface{}) error { +func ValidateAgainstSchema(ch chart.Charter, values map[string]interface{}) error { + chrt, err := chart.NewAccessor(ch) + if err != nil { + return err + } var sb strings.Builder - if chrt.Schema != nil { + if chrt.Schema() != nil { slog.Debug("chart name", "chart-name", chrt.Name()) - err := ValidateAgainstSingleSchema(values, chrt.Schema) + err := ValidateAgainstSingleSchema(values, chrt.Schema()) if err != nil { sb.WriteString(fmt.Sprintf("%s:\n", chrt.Name())) sb.WriteString(err.Error()) @@ -84,7 +90,26 @@ func ValidateAgainstSchema(chrt *chart.Chart, values map[string]interface{}) err slog.Debug("number of dependencies in the chart", "dependencies", len(chrt.Dependencies())) // For each dependency, recursively call this function with the coalesced values for _, subchart := range chrt.Dependencies() { - subchartValues := values[subchart.Name()].(map[string]interface{}) + sub, err := chart.NewAccessor(subchart) + if err != nil { + return err + } + + raw, exists := values[sub.Name()] + if !exists || raw == nil { + // No values provided for this subchart; nothing to validate + continue + } + + subchartValues, ok := raw.(map[string]any) + if !ok { + sb.WriteString(fmt.Sprintf( + "%s:\ninvalid type for values: expected object (map), got %T\n", + sub.Name(), raw, + )) + continue + } + if err := ValidateAgainstSchema(subchart, subchartValues); err != nil { sb.WriteString(err.Error()) } @@ -98,7 +123,7 @@ func ValidateAgainstSchema(chrt *chart.Chart, values map[string]interface{}) err } // ValidateAgainstSingleSchema checks that values does not violate the structure laid out in this schema -func ValidateAgainstSingleSchema(values Values, schemaJSON []byte) (reterr error) { +func ValidateAgainstSingleSchema(values common.Values, schemaJSON []byte) (reterr error) { defer func() { if r := recover(); r != nil { reterr = fmt.Errorf("unable to validate schema: %s", r) @@ -118,6 +143,7 @@ func ValidateAgainstSingleSchema(values Values, schemaJSON []byte) (reterr error "file": jsonschema.FileLoader{}, "http": newHTTPURLLoader(), "https": newHTTPURLLoader(), + "urn": urnLoader{}, } compiler := jsonschema.NewCompiler() @@ -140,6 +166,35 @@ func ValidateAgainstSingleSchema(values Values, schemaJSON []byte) (reterr error return nil } +// URNResolverFunc allows SDK to plug a URN resolver. It must return a +// schema document compatible with the validator (e.g., result of +// jsonschema.UnmarshalJSON). +type URNResolverFunc func(urn string) (any, error) + +// URNResolver is the default resolver used by the URN loader. By default it +// returns a clear error. +var URNResolver URNResolverFunc = func(urn string) (any, error) { + return nil, fmt.Errorf("URN not resolved: %s", urn) +} + +// urnLoader implements resolution for the urn: scheme by delegating to +// URNResolver. If unresolved, it logs a warning and returns a permissive +// boolean-true schema to avoid hard failures (back-compat behavior). +type urnLoader struct{} + +// warnedURNs ensures we log the unresolved-URN warning only once per URN. +var warnedURNs sync.Map + +func (l urnLoader) Load(urlStr string) (any, error) { + if doc, err := URNResolver(urlStr); err == nil && doc != nil { + return doc, nil + } + if _, loaded := warnedURNs.LoadOrStore(urlStr, struct{}{}); !loaded { + slog.Warn("unresolved URN reference ignored; using permissive schema", "urn", urlStr) + } + return jsonschema.UnmarshalJSON(strings.NewReader("true")) +} + // Note, JSONSchemaValidationError is used to wrap the error from the underlying // validation package so that Helm has a clean interface and the validation package // could be replaced without changing the Helm SDK API. diff --git a/pkg/chart/v2/util/jsonschema_test.go b/pkg/chart/common/util/jsonschema_test.go similarity index 68% rename from pkg/chart/v2/util/jsonschema_test.go rename to pkg/chart/common/util/jsonschema_test.go index cd95b7faf..834b1faf6 100644 --- a/pkg/chart/v2/util/jsonschema_test.go +++ b/pkg/chart/common/util/jsonschema_test.go @@ -23,11 +23,12 @@ import ( "strings" "testing" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" ) func TestValidateAgainstSingleSchema(t *testing.T) { - values, err := ReadValuesFile("./testdata/test-values.yaml") + values, err := common.ReadValuesFile("./testdata/test-values.yaml") if err != nil { t.Fatalf("Error reading YAML file: %s", err) } @@ -42,7 +43,7 @@ func TestValidateAgainstSingleSchema(t *testing.T) { } func TestValidateAgainstInvalidSingleSchema(t *testing.T) { - values, err := ReadValuesFile("./testdata/test-values.yaml") + values, err := common.ReadValuesFile("./testdata/test-values.yaml") if err != nil { t.Fatalf("Error reading YAML file: %s", err) } @@ -66,7 +67,7 @@ func TestValidateAgainstInvalidSingleSchema(t *testing.T) { } func TestValidateAgainstSingleSchemaNegative(t *testing.T) { - values, err := ReadValuesFile("./testdata/test-values-negative.yaml") + values, err := common.ReadValuesFile("./testdata/test-values-negative.yaml") if err != nil { t.Fatalf("Error reading YAML file: %s", err) } @@ -285,3 +286,106 @@ func TestHTTPURLLoader_Load(t *testing.T) { } }) } + +// Test that an unresolved URN $ref is soft-ignored and validation succeeds. +// it mimics the behavior of Helm 3.18.4 +func TestValidateAgainstSingleSchema_UnresolvedURN_Ignored(t *testing.T) { + schema := []byte(`{ + "$schema": "https://json-schema.org/draft-07/schema#", + "$ref": "urn:example:helm:schemas:v1:helm-schema-validation-conditions:v1/helmSchemaValidation-true" + }`) + vals := map[string]interface{}{"any": "value"} + if err := ValidateAgainstSingleSchema(vals, schema); err != nil { + t.Fatalf("expected no error when URN unresolved is ignored, got: %v", err) + } +} + +// Non-regression tests for https://github.com/helm/helm/issues/31202 +// Ensure ValidateAgainstSchema does not panic when: +// - subchart key is missing +// - subchart value is nil +// - subchart value has an invalid type + +func TestValidateAgainstSchema_MissingSubchartValues_NoPanic(t *testing.T) { + subchartJSON := []byte(subchartSchema) + subchart := &chart.Chart{ + Metadata: &chart.Metadata{Name: "subchart"}, + Schema: subchartJSON, + } + chrt := &chart.Chart{ + Metadata: &chart.Metadata{Name: "chrt"}, + } + chrt.AddDependency(subchart) + + // No "subchart" key present in values + vals := map[string]any{ + "name": "John", + } + + defer func() { + if r := recover(); r != nil { + t.Fatalf("ValidateAgainstSchema panicked (missing subchart values): %v", r) + } + }() + + if err := ValidateAgainstSchema(chrt, vals); err != nil { + t.Fatalf("expected no error when subchart values are missing, got: %v", err) + } +} + +func TestValidateAgainstSchema_SubchartNil_NoPanic(t *testing.T) { + subchartJSON := []byte(subchartSchema) + subchart := &chart.Chart{ + Metadata: &chart.Metadata{Name: "subchart"}, + Schema: subchartJSON, + } + chrt := &chart.Chart{ + Metadata: &chart.Metadata{Name: "chrt"}, + } + chrt.AddDependency(subchart) + + // "subchart" key present but nil + vals := map[string]any{ + "name": "John", + "subchart": nil, + } + + defer func() { + if r := recover(); r != nil { + t.Fatalf("ValidateAgainstSchema panicked (nil subchart values): %v", r) + } + }() + + if err := ValidateAgainstSchema(chrt, vals); err != nil { + t.Fatalf("expected no error when subchart values are nil, got: %v", err) + } +} + +func TestValidateAgainstSchema_InvalidSubchartValuesType_NoPanic(t *testing.T) { + subchartJSON := []byte(subchartSchema) + subchart := &chart.Chart{ + Metadata: &chart.Metadata{Name: "subchart"}, + Schema: subchartJSON, + } + chrt := &chart.Chart{ + Metadata: &chart.Metadata{Name: "chrt"}, + } + chrt.AddDependency(subchart) + + // "subchart" is the wrong type (string instead of map) + vals := map[string]any{ + "name": "John", + "subchart": "oops", + } + + defer func() { + if r := recover(); r != nil { + t.Fatalf("ValidateAgainstSchema panicked (invalid subchart values type): %v", r) + } + }() + + // We expect a non-nil error (invalid type), but crucially no panic. + if err := ValidateAgainstSchema(chrt, vals); err == nil { + t.Fatalf("expected an error when subchart values have invalid type, got nil") + } +} diff --git a/pkg/chart/v2/util/testdata/test-values-invalid.schema.json b/pkg/chart/common/util/testdata/test-values-invalid.schema.json similarity index 100% rename from pkg/chart/v2/util/testdata/test-values-invalid.schema.json rename to pkg/chart/common/util/testdata/test-values-invalid.schema.json diff --git a/pkg/chart/v2/util/testdata/test-values-negative.yaml b/pkg/chart/common/util/testdata/test-values-negative.yaml similarity index 100% rename from pkg/chart/v2/util/testdata/test-values-negative.yaml rename to pkg/chart/common/util/testdata/test-values-negative.yaml diff --git a/pkg/chart/v2/util/testdata/test-values.schema.json b/pkg/chart/common/util/testdata/test-values.schema.json similarity index 100% rename from pkg/chart/v2/util/testdata/test-values.schema.json rename to pkg/chart/common/util/testdata/test-values.schema.json diff --git a/pkg/chart/v2/util/testdata/test-values.yaml b/pkg/chart/common/util/testdata/test-values.yaml similarity index 100% rename from pkg/chart/v2/util/testdata/test-values.yaml rename to pkg/chart/common/util/testdata/test-values.yaml diff --git a/pkg/chart/common/util/values.go b/pkg/chart/common/util/values.go new file mode 100644 index 000000000..85cb29012 --- /dev/null +++ b/pkg/chart/common/util/values.go @@ -0,0 +1,70 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + "fmt" + + "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/common" +) + +// ToRenderValues composes the struct from the data coming from the Releases, Charts and Values files +// +// This takes both ReleaseOptions and Capabilities to merge into the render values. +func ToRenderValues(chrt chart.Charter, chrtVals map[string]interface{}, options common.ReleaseOptions, caps *common.Capabilities) (common.Values, error) { + return ToRenderValuesWithSchemaValidation(chrt, chrtVals, options, caps, false) +} + +// ToRenderValuesWithSchemaValidation composes the struct from the data coming from the Releases, Charts and Values files +// +// This takes both ReleaseOptions and Capabilities to merge into the render values. +func ToRenderValuesWithSchemaValidation(chrt chart.Charter, chrtVals map[string]interface{}, options common.ReleaseOptions, caps *common.Capabilities, skipSchemaValidation bool) (common.Values, error) { + if caps == nil { + caps = common.DefaultCapabilities + } + accessor, err := chart.NewAccessor(chrt) + if err != nil { + return nil, err + } + top := map[string]interface{}{ + "Chart": accessor.MetadataAsMap(), + "Capabilities": caps, + "Release": map[string]interface{}{ + "Name": options.Name, + "Namespace": options.Namespace, + "IsUpgrade": options.IsUpgrade, + "IsInstall": options.IsInstall, + "Revision": options.Revision, + "Service": "Helm", + }, + } + + vals, err := CoalesceValues(chrt, chrtVals) + if err != nil { + return common.Values(top), err + } + + if !skipSchemaValidation { + if err := ValidateAgainstSchema(chrt, vals); err != nil { + return top, fmt.Errorf("values don't meet the specifications of the schema(s) in the following chart(s):\n%w", err) + } + } + + top["Values"] = vals + return top, nil +} diff --git a/pkg/chart/common/util/values_test.go b/pkg/chart/common/util/values_test.go new file mode 100644 index 000000000..706d3cfda --- /dev/null +++ b/pkg/chart/common/util/values_test.go @@ -0,0 +1,112 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + "testing" + "time" + + "helm.sh/helm/v4/pkg/chart/common" + chart "helm.sh/helm/v4/pkg/chart/v2" +) + +func TestToRenderValues(t *testing.T) { + + chartValues := map[string]interface{}{ + "name": "al Rashid", + "where": map[string]interface{}{ + "city": "Basrah", + "title": "caliph", + }, + } + + overrideValues := map[string]interface{}{ + "name": "Haroun", + "where": map[string]interface{}{ + "city": "Baghdad", + "date": "809 CE", + }, + } + + c := &chart.Chart{ + Metadata: &chart.Metadata{Name: "test"}, + Templates: []*common.File{}, + Values: chartValues, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: time.Now(), Data: []byte("1,001 Nights")}, + }, + } + c.AddDependency(&chart.Chart{ + Metadata: &chart.Metadata{Name: "where"}, + }) + + o := common.ReleaseOptions{ + Name: "Seven Voyages", + Namespace: "default", + Revision: 1, + IsInstall: true, + } + + res, err := ToRenderValuesWithSchemaValidation(c, overrideValues, o, nil, false) + if err != nil { + t.Fatal(err) + } + + // Ensure that the top-level values are all set. + metamap := res["Chart"].(map[string]interface{}) + if name := metamap["Name"]; name.(string) != "test" { + t.Errorf("Expected chart name 'test', got %q", name) + } + relmap := res["Release"].(map[string]interface{}) + if name := relmap["Name"]; name.(string) != "Seven Voyages" { + t.Errorf("Expected release name 'Seven Voyages', got %q", name) + } + if namespace := relmap["Namespace"]; namespace.(string) != "default" { + t.Errorf("Expected namespace 'default', got %q", namespace) + } + if revision := relmap["Revision"]; revision.(int) != 1 { + t.Errorf("Expected revision '1', got %d", revision) + } + if relmap["IsUpgrade"].(bool) { + t.Error("Expected upgrade to be false.") + } + if !relmap["IsInstall"].(bool) { + t.Errorf("Expected install to be true.") + } + if !res["Capabilities"].(*common.Capabilities).APIVersions.Has("v1") { + t.Error("Expected Capabilities to have v1 as an API") + } + if res["Capabilities"].(*common.Capabilities).KubeVersion.Major != "1" { + t.Error("Expected Capabilities to have a Kube version") + } + + vals := res["Values"].(common.Values) + if vals["name"] != "Haroun" { + t.Errorf("Expected 'Haroun', got %q (%v)", vals["name"], vals) + } + where := vals["where"].(map[string]interface{}) + expects := map[string]string{ + "city": "Baghdad", + "date": "809 CE", + "title": "caliph", + } + for field, expect := range expects { + if got := where[field]; got != expect { + t.Errorf("Expected %q, got %q (%v)", expect, got, where) + } + } +} diff --git a/pkg/chart/v2/util/values.go b/pkg/chart/common/values.go similarity index 74% rename from pkg/chart/v2/util/values.go rename to pkg/chart/common/values.go index 6850e8b9b..94958a779 100644 --- a/pkg/chart/v2/util/values.go +++ b/pkg/chart/common/values.go @@ -14,18 +14,15 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util +package common import ( "errors" - "fmt" "io" "os" "strings" "sigs.k8s.io/yaml" - - chart "helm.sh/helm/v4/pkg/chart/v2" ) // GlobalKey is the name of the Values key that is used for storing global vars. @@ -131,48 +128,6 @@ type ReleaseOptions struct { IsInstall bool } -// ToRenderValues composes the struct from the data coming from the Releases, Charts and Values files -// -// This takes both ReleaseOptions and Capabilities to merge into the render values. -func ToRenderValues(chrt *chart.Chart, chrtVals map[string]interface{}, options ReleaseOptions, caps *Capabilities) (Values, error) { - return ToRenderValuesWithSchemaValidation(chrt, chrtVals, options, caps, false) -} - -// ToRenderValuesWithSchemaValidation composes the struct from the data coming from the Releases, Charts and Values files -// -// This takes both ReleaseOptions and Capabilities to merge into the render values. -func ToRenderValuesWithSchemaValidation(chrt *chart.Chart, chrtVals map[string]interface{}, options ReleaseOptions, caps *Capabilities, skipSchemaValidation bool) (Values, error) { - if caps == nil { - caps = DefaultCapabilities - } - top := map[string]interface{}{ - "Chart": chrt.Metadata, - "Capabilities": caps, - "Release": map[string]interface{}{ - "Name": options.Name, - "Namespace": options.Namespace, - "IsUpgrade": options.IsUpgrade, - "IsInstall": options.IsInstall, - "Revision": options.Revision, - "Service": "Helm", - }, - } - - vals, err := CoalesceValues(chrt, chrtVals) - if err != nil { - return top, err - } - - if !skipSchemaValidation { - if err := ValidateAgainstSchema(chrt, vals); err != nil { - return top, fmt.Errorf("values don't meet the specifications of the schema(s) in the following chart(s):\n%w", err) - } - } - - top["Values"] = vals - return top, nil -} - // istable is a special-purpose function to see if the present thing matches the definition of a YAML table. func istable(v interface{}) bool { _, ok := v.(map[string]interface{}) diff --git a/pkg/chart/v2/util/values_test.go b/pkg/chart/common/values_test.go similarity index 66% rename from pkg/chart/v2/util/values_test.go rename to pkg/chart/common/values_test.go index 1a25fafb8..3cceeb2b5 100644 --- a/pkg/chart/v2/util/values_test.go +++ b/pkg/chart/common/values_test.go @@ -14,15 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util +package common import ( "bytes" "fmt" "testing" "text/template" - - chart "helm.sh/helm/v4/pkg/chart/v2" ) func TestReadValues(t *testing.T) { @@ -66,92 +64,6 @@ water: } } -func TestToRenderValues(t *testing.T) { - - chartValues := map[string]interface{}{ - "name": "al Rashid", - "where": map[string]interface{}{ - "city": "Basrah", - "title": "caliph", - }, - } - - overrideValues := map[string]interface{}{ - "name": "Haroun", - "where": map[string]interface{}{ - "city": "Baghdad", - "date": "809 CE", - }, - } - - c := &chart.Chart{ - Metadata: &chart.Metadata{Name: "test"}, - Templates: []*chart.File{}, - Values: chartValues, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, - }, - } - c.AddDependency(&chart.Chart{ - Metadata: &chart.Metadata{Name: "where"}, - }) - - o := ReleaseOptions{ - Name: "Seven Voyages", - Namespace: "default", - Revision: 1, - IsInstall: true, - } - - res, err := ToRenderValuesWithSchemaValidation(c, overrideValues, o, nil, false) - if err != nil { - t.Fatal(err) - } - - // Ensure that the top-level values are all set. - if name := res["Chart"].(*chart.Metadata).Name; name != "test" { - t.Errorf("Expected chart name 'test', got %q", name) - } - relmap := res["Release"].(map[string]interface{}) - if name := relmap["Name"]; name.(string) != "Seven Voyages" { - t.Errorf("Expected release name 'Seven Voyages', got %q", name) - } - if namespace := relmap["Namespace"]; namespace.(string) != "default" { - t.Errorf("Expected namespace 'default', got %q", namespace) - } - if revision := relmap["Revision"]; revision.(int) != 1 { - t.Errorf("Expected revision '1', got %d", revision) - } - if relmap["IsUpgrade"].(bool) { - t.Error("Expected upgrade to be false.") - } - if !relmap["IsInstall"].(bool) { - t.Errorf("Expected install to be true.") - } - if !res["Capabilities"].(*Capabilities).APIVersions.Has("v1") { - t.Error("Expected Capabilities to have v1 as an API") - } - if res["Capabilities"].(*Capabilities).KubeVersion.Major != "1" { - t.Error("Expected Capabilities to have a Kube version") - } - - vals := res["Values"].(Values) - if vals["name"] != "Haroun" { - t.Errorf("Expected 'Haroun', got %q (%v)", vals["name"], vals) - } - where := vals["where"].(map[string]interface{}) - expects := map[string]string{ - "city": "Baghdad", - "date": "809 CE", - "title": "caliph", - } - for field, expect := range expects { - if got := where[field]; got != expect { - t.Errorf("Expected %q, got %q (%v)", expect, got, where) - } - } -} - func TestReadValuesFile(t *testing.T) { data, err := ReadValuesFile("./testdata/coleridge.yaml") if err != nil { diff --git a/pkg/chart/dependency.go b/pkg/chart/dependency.go new file mode 100644 index 000000000..864fe6d2c --- /dev/null +++ b/pkg/chart/dependency.go @@ -0,0 +1,64 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chart + +import ( + "errors" + + v3chart "helm.sh/helm/v4/internal/chart/v3" + v2chart "helm.sh/helm/v4/pkg/chart/v2" +) + +var NewDependencyAccessor func(dep Dependency) (DependencyAccessor, error) = NewDefaultDependencyAccessor //nolint:revive + +func NewDefaultDependencyAccessor(dep Dependency) (DependencyAccessor, error) { + switch v := dep.(type) { + case v2chart.Dependency: + return &v2DependencyAccessor{&v}, nil + case *v2chart.Dependency: + return &v2DependencyAccessor{v}, nil + case v3chart.Dependency: + return &v3DependencyAccessor{&v}, nil + case *v3chart.Dependency: + return &v3DependencyAccessor{v}, nil + default: + return nil, errors.New("unsupported chart dependency type") + } +} + +type v2DependencyAccessor struct { + dep *v2chart.Dependency +} + +func (r *v2DependencyAccessor) Name() string { + return r.dep.Name +} + +func (r *v2DependencyAccessor) Alias() string { + return r.dep.Alias +} + +type v3DependencyAccessor struct { + dep *v3chart.Dependency +} + +func (r *v3DependencyAccessor) Name() string { + return r.dep.Name +} + +func (r *v3DependencyAccessor) Alias() string { + return r.dep.Alias +} diff --git a/pkg/chart/v2/file.go b/pkg/chart/interfaces.go similarity index 51% rename from pkg/chart/v2/file.go rename to pkg/chart/interfaces.go index a2eeb0fcd..4001bc548 100644 --- a/pkg/chart/v2/file.go +++ b/pkg/chart/interfaces.go @@ -13,15 +13,32 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v2 - -// File represents a file as a name/value pair. -// -// By convention, name is a relative path within the scope of the chart's -// base directory. -type File struct { - // Name is the path-like name of the template. - Name string `json:"name"` - // Data is the template as byte data. - Data []byte `json:"data"` +package chart + +import ( + common "helm.sh/helm/v4/pkg/chart/common" +) + +type Charter interface{} + +type Dependency interface{} + +type Accessor interface { + Name() string + IsRoot() bool + MetadataAsMap() map[string]interface{} + Files() []*common.File + Templates() []*common.File + ChartFullPath() string + IsLibraryChart() bool + Dependencies() []Charter + MetaDependencies() []Dependency + Values() map[string]interface{} + Schema() []byte + Deprecated() bool +} + +type DependencyAccessor interface { + Name() string + Alias() string } diff --git a/pkg/chart/loader/archive/archive.go b/pkg/chart/loader/archive/archive.go new file mode 100644 index 000000000..c6875db3f --- /dev/null +++ b/pkg/chart/loader/archive/archive.go @@ -0,0 +1,197 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// archive provides utility functions for working with Helm chart archive files +package archive + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "errors" + "fmt" + "io" + "net/http" + "os" + "path" + "regexp" + "strings" + "time" +) + +// MaxDecompressedChartSize is the maximum size of a chart archive that will be +// decompressed. This is the decompressed size of all the files. +// The default value is 100 MiB. +var MaxDecompressedChartSize int64 = 100 * 1024 * 1024 // Default 100 MiB + +// MaxDecompressedFileSize is the size of the largest file that Helm will attempt to load. +// The size of the file is the decompressed version of it when it is stored in an archive. +var MaxDecompressedFileSize int64 = 5 * 1024 * 1024 // Default 5 MiB + +var drivePathPattern = regexp.MustCompile(`^[a-zA-Z]:/`) + +var utf8bom = []byte{0xEF, 0xBB, 0xBF} + +// BufferedFile represents an archive file buffered for later processing. +type BufferedFile struct { + Name string + ModTime time.Time + Data []byte +} + +// LoadArchiveFiles reads in files out of an archive into memory. This function +// performs important path security checks and should always be used before +// expanding a tarball +func LoadArchiveFiles(in io.Reader) ([]*BufferedFile, error) { + unzipped, err := gzip.NewReader(in) + if err != nil { + return nil, err + } + defer unzipped.Close() + + files := []*BufferedFile{} + tr := tar.NewReader(unzipped) + remainingSize := MaxDecompressedChartSize + for { + b := bytes.NewBuffer(nil) + hd, err := tr.Next() + if err == io.EOF { + break + } + if err != nil { + return nil, err + } + + if hd.FileInfo().IsDir() { + // Use this instead of hd.Typeflag because we don't have to do any + // inference chasing. + continue + } + + switch hd.Typeflag { + // We don't want to process these extension header files. + case tar.TypeXGlobalHeader, tar.TypeXHeader: + continue + } + + // Archive could contain \ if generated on Windows + delimiter := "/" + if strings.ContainsRune(hd.Name, '\\') { + delimiter = "\\" + } + + parts := strings.Split(hd.Name, delimiter) + n := strings.Join(parts[1:], delimiter) + + // Normalize the path to the / delimiter + n = strings.ReplaceAll(n, delimiter, "/") + + if path.IsAbs(n) { + return nil, errors.New("chart illegally contains absolute paths") + } + + n = path.Clean(n) + if n == "." { + // In this case, the original path was relative when it should have been absolute. + return nil, fmt.Errorf("chart illegally contains content outside the base directory: %q", hd.Name) + } + if strings.HasPrefix(n, "..") { + return nil, errors.New("chart illegally references parent directory") + } + + // In some particularly arcane acts of path creativity, it is possible to intermix + // UNIX and Windows style paths in such a way that you produce a result of the form + // c:/foo even after all the built-in absolute path checks. So we explicitly check + // for this condition. + if drivePathPattern.MatchString(n) { + return nil, errors.New("chart contains illegally named files") + } + + if parts[0] == "Chart.yaml" { + return nil, errors.New("chart yaml not in base directory") + } + + if hd.Size > remainingSize { + return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize) + } + + if hd.Size > MaxDecompressedFileSize { + return nil, fmt.Errorf("decompressed chart file %q is larger than the maximum file size %d", hd.Name, MaxDecompressedFileSize) + } + + limitedReader := io.LimitReader(tr, remainingSize) + + bytesWritten, err := io.Copy(b, limitedReader) + if err != nil { + return nil, err + } + + remainingSize -= bytesWritten + // When the bytesWritten are less than the file size it means the limit reader ended + // copying early. Here we report that error. This is important if the last file extracted + // is the one that goes over the limit. It assumes the Size stored in the tar header + // is correct, something many applications do. + if bytesWritten < hd.Size || remainingSize <= 0 { + return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize) + } + + data := bytes.TrimPrefix(b.Bytes(), utf8bom) + + files = append(files, &BufferedFile{Name: n, ModTime: hd.ModTime, Data: data}) + b.Reset() + } + + if len(files) == 0 { + return nil, errors.New("no files in chart archive") + } + return files, nil +} + +// ensureArchive's job is to return an informative error if the file does not appear to be a gzipped archive. +// +// Sometimes users will provide a values.yaml for an argument where a chart is expected. One common occurrence +// of this is invoking `helm template values.yaml mychart` which would otherwise produce a confusing error +// if we didn't check for this. +func EnsureArchive(name string, raw *os.File) error { + defer raw.Seek(0, 0) // reset read offset to allow archive loading to proceed. + + // Check the file format to give us a chance to provide the user with more actionable feedback. + buffer := make([]byte, 512) + _, err := raw.Read(buffer) + if err != nil && err != io.EOF { + return fmt.Errorf("file '%s' cannot be read: %s", name, err) + } + + // Helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject. + // Fix for: https://github.com/helm/helm/issues/12261 + if contentType := http.DetectContentType(buffer); contentType != "application/x-gzip" && !isGZipApplication(buffer) { + // TODO: Is there a way to reliably test if a file content is YAML? ghodss/yaml accepts a wide + // variety of content (Makefile, .zshrc) as valid YAML without errors. + + // Wrong content type. Let's check if it's yaml and give an extra hint? + if strings.HasSuffix(name, ".yml") || strings.HasSuffix(name, ".yaml") { + return fmt.Errorf("file '%s' seems to be a YAML file, but expected a gzipped archive", name) + } + return fmt.Errorf("file '%s' does not appear to be a gzipped archive; got '%s'", name, contentType) + } + return nil +} + +// isGZipApplication checks whether the archive is of the application/x-gzip type. +func isGZipApplication(data []byte) bool { + sig := []byte("\x1F\x8B\x08") + return bytes.HasPrefix(data, sig) +} diff --git a/internal/chart/v3/loader/archive_test.go b/pkg/chart/loader/archive/archive_test.go similarity index 99% rename from internal/chart/v3/loader/archive_test.go rename to pkg/chart/loader/archive/archive_test.go index d16c47563..2fe09e9b2 100644 --- a/internal/chart/v3/loader/archive_test.go +++ b/pkg/chart/loader/archive/archive_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package loader +package archive import ( "archive/tar" diff --git a/pkg/chart/loader/load.go b/pkg/chart/loader/load.go new file mode 100644 index 000000000..7a5ddbca9 --- /dev/null +++ b/pkg/chart/loader/load.go @@ -0,0 +1,163 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package loader + +import ( + "compress/gzip" + "errors" + "fmt" + "os" + "path/filepath" + + "sigs.k8s.io/yaml" + + c3 "helm.sh/helm/v4/internal/chart/v3" + c3load "helm.sh/helm/v4/internal/chart/v3/loader" + "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/loader/archive" + c2 "helm.sh/helm/v4/pkg/chart/v2" + c2load "helm.sh/helm/v4/pkg/chart/v2/loader" +) + +// ChartLoader loads a chart. +type ChartLoader interface { + Load() (chart.Charter, error) +} + +// Loader returns a new ChartLoader appropriate for the given chart name +func Loader(name string) (ChartLoader, error) { + fi, err := os.Stat(name) + if err != nil { + return nil, err + } + if fi.IsDir() { + return DirLoader(name), nil + } + return FileLoader(name), nil +} + +// Load takes a string name, tries to resolve it to a file or directory, and then loads it. +// +// This is the preferred way to load a chart. It will discover the chart encoding +// and hand off to the appropriate chart reader. +// +// If a .helmignore file is present, the directory loader will skip loading any files +// matching it. But .helmignore is not evaluated when reading out of an archive. +func Load(name string) (chart.Charter, error) { + l, err := Loader(name) + if err != nil { + return nil, err + } + return l.Load() +} + +// DirLoader loads a chart from a directory +type DirLoader string + +// Load loads the chart +func (l DirLoader) Load() (chart.Charter, error) { + return LoadDir(string(l)) +} + +func LoadDir(dir string) (chart.Charter, error) { + topdir, err := filepath.Abs(dir) + if err != nil { + return nil, err + } + + name := filepath.Join(topdir, "Chart.yaml") + data, err := os.ReadFile(name) + if err != nil { + return nil, fmt.Errorf("unable to detect chart at %s: %w", name, err) + } + + c := new(chartBase) + err = yaml.Unmarshal(data, c) + if err != nil { + return nil, fmt.Errorf("cannot load Chart.yaml: %w", err) + } + + switch c.APIVersion { + case c2.APIVersionV1, c2.APIVersionV2, "": + return c2load.Load(dir) + case c3.APIVersionV3: + return c3load.Load(dir) + default: + return nil, errors.New("unsupported chart version") + } + +} + +// FileLoader loads a chart from a file +type FileLoader string + +// Load loads a chart +func (l FileLoader) Load() (chart.Charter, error) { + return LoadFile(string(l)) +} + +func LoadFile(name string) (chart.Charter, error) { + if fi, err := os.Stat(name); err != nil { + return nil, err + } else if fi.IsDir() { + return nil, errors.New("cannot load a directory") + } + + raw, err := os.Open(name) + if err != nil { + return nil, err + } + defer raw.Close() + + err = archive.EnsureArchive(name, raw) + if err != nil { + return nil, err + } + + files, err := archive.LoadArchiveFiles(raw) + if err != nil { + if err == gzip.ErrHeader { + return nil, fmt.Errorf("file '%s' does not appear to be a valid chart file (details: %s)", name, err) + } + return nil, errors.New("unable to load chart archive") + } + + for _, f := range files { + if f.Name == "Chart.yaml" { + c := new(chartBase) + if err := yaml.Unmarshal(f.Data, c); err != nil { + return c, fmt.Errorf("cannot load Chart.yaml: %w", err) + } + switch c.APIVersion { + case c2.APIVersionV1, c2.APIVersionV2, "": + return c2load.Load(name) + case c3.APIVersionV3: + return c3load.Load(name) + default: + return nil, errors.New("unsupported chart version") + } + } + } + + return nil, errors.New("unable to detect chart version, no Chart.yaml found") +} + +// chartBase is used to detect the API Version for the chart to run it through the +// loader for that type. +type chartBase struct { + APIVersion string `json:"apiVersion,omitempty"` +} diff --git a/pkg/chart/v2/chart.go b/pkg/chart/v2/chart.go index 66ddf98a5..d77a53ddc 100644 --- a/pkg/chart/v2/chart.go +++ b/pkg/chart/v2/chart.go @@ -19,6 +19,9 @@ import ( "path/filepath" "regexp" "strings" + "time" + + "helm.sh/helm/v4/pkg/chart/common" ) // APIVersionV1 is the API version number for version 1. @@ -37,20 +40,24 @@ type Chart struct { // // This should not be used except in special cases like `helm show values`, // where we want to display the raw values, comments and all. - Raw []*File `json:"-"` + Raw []*common.File `json:"-"` // Metadata is the contents of the Chartfile. Metadata *Metadata `json:"metadata"` // Lock is the contents of Chart.lock. Lock *Lock `json:"lock"` // Templates for this chart. - Templates []*File `json:"templates"` + Templates []*common.File `json:"templates"` // Values are default config for this chart. Values map[string]interface{} `json:"values"` // Schema is an optional JSON schema for imposing structure on Values Schema []byte `json:"schema"` + // SchemaModTime the schema was last modified + SchemaModTime time.Time `json:"schemamodtime,omitempty"` // Files are miscellaneous files in a chart archive, // e.g. README, LICENSE, etc. - Files []*File `json:"files"` + Files []*common.File `json:"files"` + // ModTime the chart metadata was last modified + ModTime time.Time `json:"modtime,omitzero"` parent *Chart dependencies []*Chart @@ -62,7 +69,7 @@ type CRD struct { // Filename is the File obj Name including (sub-)chart.ChartFullPath Filename string // File is the File obj for the crd - File *File + File *common.File } // SetDependencies replaces the chart dependencies. @@ -137,8 +144,8 @@ func (ch *Chart) AppVersion() string { // CRDs returns a list of File objects in the 'crds/' directory of a Helm chart. // Deprecated: use CRDObjects() -func (ch *Chart) CRDs() []*File { - files := []*File{} +func (ch *Chart) CRDs() []*common.File { + files := []*common.File{} // Find all resources in the crds/ directory for _, f := range ch.Files { if strings.HasPrefix(f.Name, "crds/") && hasManifestExtension(f.Name) { diff --git a/pkg/chart/v2/chart_test.go b/pkg/chart/v2/chart_test.go index d6311085b..d0837eb16 100644 --- a/pkg/chart/v2/chart_test.go +++ b/pkg/chart/v2/chart_test.go @@ -18,32 +18,41 @@ package v2 import ( "encoding/json" "testing" + "time" "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/pkg/chart/common" ) func TestCRDs(t *testing.T) { + modTime := time.Now() chrt := Chart{ - Files: []*File{ + Files: []*common.File{ { - Name: "crds/foo.yaml", - Data: []byte("hello"), + Name: "crds/foo.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "bar.yaml", - Data: []byte("hello"), + Name: "bar.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/foo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crds/foo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crdsfoo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crdsfoo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/README.md", - Data: []byte("# hello"), + Name: "crds/README.md", + ModTime: modTime, + Data: []byte("# hello"), }, }, } @@ -57,10 +66,11 @@ func TestCRDs(t *testing.T) { func TestSaveChartNoRawData(t *testing.T) { chrt := Chart{ - Raw: []*File{ + Raw: []*common.File{ { - Name: "fhqwhgads.yaml", - Data: []byte("Everybody to the Limit"), + Name: "fhqwhgads.yaml", + ModTime: time.Now(), + Data: []byte("Everybody to the Limit"), }, }, } @@ -76,7 +86,7 @@ func TestSaveChartNoRawData(t *testing.T) { t.Fatal(err) } - is.Equal([]*File(nil), res.Raw) + is.Equal([]*common.File(nil), res.Raw) } func TestMetadata(t *testing.T) { @@ -161,27 +171,33 @@ func TestChartFullPath(t *testing.T) { } func TestCRDObjects(t *testing.T) { + modTime := time.Now() chrt := Chart{ - Files: []*File{ + Files: []*common.File{ { - Name: "crds/foo.yaml", - Data: []byte("hello"), + Name: "crds/foo.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "bar.yaml", - Data: []byte("hello"), + Name: "bar.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/foo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crds/foo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crdsfoo/bar/baz.yaml", - Data: []byte("hello"), + Name: "crdsfoo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, { - Name: "crds/README.md", - Data: []byte("# hello"), + Name: "crds/README.md", + ModTime: modTime, + Data: []byte("# hello"), }, }, } @@ -190,17 +206,19 @@ func TestCRDObjects(t *testing.T) { { Name: "crds/foo.yaml", Filename: "crds/foo.yaml", - File: &File{ - Name: "crds/foo.yaml", - Data: []byte("hello"), + File: &common.File{ + Name: "crds/foo.yaml", + ModTime: modTime, + Data: []byte("hello"), }, }, { Name: "crds/foo/bar/baz.yaml", Filename: "crds/foo/bar/baz.yaml", - File: &File{ - Name: "crds/foo/bar/baz.yaml", - Data: []byte("hello"), + File: &common.File{ + Name: "crds/foo/bar/baz.yaml", + ModTime: modTime, + Data: []byte("hello"), }, }, } diff --git a/pkg/chart/v2/lint/lint.go b/pkg/chart/v2/lint/lint.go new file mode 100644 index 000000000..1c871d936 --- /dev/null +++ b/pkg/chart/v2/lint/lint.go @@ -0,0 +1,71 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package lint // import "helm.sh/helm/v4/pkg/chart/v2/lint" + +import ( + "path/filepath" + + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/v2/lint/rules" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" +) + +type linterOptions struct { + KubeVersion *common.KubeVersion + SkipSchemaValidation bool +} + +type LinterOption func(lo *linterOptions) + +func WithKubeVersion(kubeVersion *common.KubeVersion) LinterOption { + return func(lo *linterOptions) { + lo.KubeVersion = kubeVersion + } +} + +func WithSkipSchemaValidation(skipSchemaValidation bool) LinterOption { + return func(lo *linterOptions) { + lo.SkipSchemaValidation = skipSchemaValidation + } +} + +func RunAll(baseDir string, values map[string]interface{}, namespace string, options ...LinterOption) support.Linter { + + chartDir, _ := filepath.Abs(baseDir) + + lo := linterOptions{} + for _, option := range options { + option(&lo) + } + + result := support.Linter{ + ChartDir: chartDir, + } + + rules.Chartfile(&result) + rules.ValuesWithOverrides(&result, values, lo.SkipSchemaValidation) + rules.Templates( + &result, + namespace, + values, + rules.TemplateLinterKubeVersion(lo.KubeVersion), + rules.TemplateLinterSkipSchemaValidation(lo.SkipSchemaValidation)) + rules.Dependencies(&result) + rules.Crds(&result) + + return result +} diff --git a/pkg/chart/v2/lint/lint_test.go b/pkg/chart/v2/lint/lint_test.go new file mode 100644 index 000000000..6f8f137f4 --- /dev/null +++ b/pkg/chart/v2/lint/lint_test.go @@ -0,0 +1,257 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package lint + +import ( + "strings" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/pkg/chart/v2/lint/support" + chartutil "helm.sh/helm/v4/pkg/chart/v2/util" +) + +const namespace = "testNamespace" + +const badChartDir = "rules/testdata/badchartfile" +const badValuesFileDir = "rules/testdata/badvaluesfile" +const badYamlFileDir = "rules/testdata/albatross" +const badCrdFileDir = "rules/testdata/badcrdfile" +const goodChartDir = "rules/testdata/goodone" +const subChartValuesDir = "rules/testdata/withsubchart" +const malformedTemplate = "rules/testdata/malformed-template" +const invalidChartFileDir = "rules/testdata/invalidchartfile" + +func TestBadChart(t *testing.T) { + var values map[string]any + m := RunAll(badChartDir, values, namespace).Messages + if len(m) != 9 { + t.Errorf("Number of errors %v", len(m)) + t.Errorf("All didn't fail with expected errors, got %#v", m) + } + // There should be one INFO, 2 WARNING and 2 ERROR messages, check for them + var i, w, w2, e, e2, e3, e4, e5, e6 bool + for _, msg := range m { + if msg.Severity == support.InfoSev { + if strings.Contains(msg.Err.Error(), "icon is recommended") { + i = true + } + } + if msg.Severity == support.WarningSev { + if strings.Contains(msg.Err.Error(), "does not exist") { + w = true + } + } + if msg.Severity == support.ErrorSev { + if strings.Contains(msg.Err.Error(), "version '0.0.0.0' is not a valid SemVer") { + e = true + } + if strings.Contains(msg.Err.Error(), "name is required") { + e2 = true + } + + if strings.Contains(msg.Err.Error(), "apiVersion is required. The value must be either \"v1\" or \"v2\"") { + e3 = true + } + + if strings.Contains(msg.Err.Error(), "chart type is not valid in apiVersion") { + e4 = true + } + + if strings.Contains(msg.Err.Error(), "dependencies are not valid in the Chart file with apiVersion") { + e5 = true + } + // This comes from the dependency check, which loads dependency info from the Chart.yaml + if strings.Contains(msg.Err.Error(), "unable to load chart") { + e6 = true + } + } + if msg.Severity == support.WarningSev { + if strings.Contains(msg.Err.Error(), "version '0.0.0.0' is not a valid SemVerV2") { + w2 = true + } + } + } + if !e || !e2 || !e3 || !e4 || !e5 || !i || !e6 || !w || !w2 { + t.Errorf("Didn't find all the expected errors, got %#v", m) + } +} + +func TestInvalidYaml(t *testing.T) { + var values map[string]any + m := RunAll(badYamlFileDir, values, namespace).Messages + if len(m) != 1 { + t.Fatalf("All didn't fail with expected errors, got %#v", m) + } + if !strings.Contains(m[0].Err.Error(), "deliberateSyntaxError") { + t.Errorf("All didn't have the error for deliberateSyntaxError") + } +} + +func TestInvalidChartYaml(t *testing.T) { + var values map[string]any + m := RunAll(invalidChartFileDir, values, namespace).Messages + if len(m) != 2 { + t.Fatalf("All didn't fail with expected errors, got %#v", m) + } + if !strings.Contains(m[0].Err.Error(), "failed to strictly parse chart metadata file") { + t.Errorf("All didn't have the error for duplicate YAML keys") + } +} + +func TestBadValues(t *testing.T) { + var values map[string]any + m := RunAll(badValuesFileDir, values, namespace).Messages + if len(m) < 1 { + t.Fatalf("All didn't fail with expected errors, got %#v", m) + } + if !strings.Contains(m[0].Err.Error(), "unable to parse YAML") { + t.Errorf("All didn't have the error for invalid key format: %s", m[0].Err) + } +} + +func TestBadCrdFile(t *testing.T) { + var values map[string]any + m := RunAll(badCrdFileDir, values, namespace).Messages + assert.Lenf(t, m, 2, "All didn't fail with expected errors, got %#v", m) + assert.ErrorContains(t, m[0].Err, "apiVersion is not in 'apiextensions.k8s.io'") + assert.ErrorContains(t, m[1].Err, "object kind is not 'CustomResourceDefinition'") +} + +func TestGoodChart(t *testing.T) { + var values map[string]any + m := RunAll(goodChartDir, values, namespace).Messages + if len(m) != 0 { + t.Error("All returned linter messages when it shouldn't have") + for i, msg := range m { + t.Logf("Message %d: %s", i, msg) + } + } +} + +// TestHelmCreateChart tests that a `helm create` always passes a `helm lint` test. +// +// See https://github.com/helm/helm/issues/7923 +func TestHelmCreateChart(t *testing.T) { + var values map[string]any + dir := t.TempDir() + + createdChart, err := chartutil.Create("testhelmcreatepasseslint", dir) + if err != nil { + t.Error(err) + // Fatal is bad because of the defer. + return + } + + // Note: we test with strict=true here, even though others have + // strict = false. + m := RunAll(createdChart, values, namespace, WithSkipSchemaValidation(true)).Messages + if ll := len(m); ll != 1 { + t.Errorf("All should have had exactly 1 error. Got %d", ll) + for i, msg := range m { + t.Logf("Message %d: %s", i, msg.Error()) + } + } else if msg := m[0].Err.Error(); !strings.Contains(msg, "icon is recommended") { + t.Errorf("Unexpected lint error: %s", msg) + } +} + +// TestHelmCreateChart_CheckDeprecatedWarnings checks if any default template created by `helm create` throws +// deprecated warnings in the linter check against the current Kubernetes version (provided using ldflags). +// +// See https://github.com/helm/helm/issues/11495 +// +// Resources like hpa and ingress, which are disabled by default in values.yaml are enabled here using the equivalent +// of the `--set` flag. +// +// Note: This test requires the following ldflags to be set per the current Kubernetes version to avoid false-positive +// results. +// 1. -X helm.sh/helm/v4/pkg/lint/rules.k8sVersionMajor= +// 2. -X helm.sh/helm/v4/pkg/lint/rules.k8sVersionMinor= +// or directly use '$(LDFLAGS)' in Makefile. +// +// When run without ldflags, the test passes giving a false-positive result. This is because the variables +// `k8sVersionMajor` and `k8sVersionMinor` by default are set to an older version of Kubernetes, with which, there +// might not be the deprecation warning. +func TestHelmCreateChart_CheckDeprecatedWarnings(t *testing.T) { + createdChart, err := chartutil.Create("checkdeprecatedwarnings", t.TempDir()) + if err != nil { + t.Error(err) + return + } + + // Add values to enable hpa, and ingress which are disabled by default. + // This is the equivalent of: + // helm lint checkdeprecatedwarnings --set 'autoscaling.enabled=true,ingress.enabled=true' + updatedValues := map[string]any{ + "autoscaling": map[string]any{ + "enabled": true, + }, + "ingress": map[string]any{ + "enabled": true, + }, + } + + linterRunDetails := RunAll(createdChart, updatedValues, namespace, WithSkipSchemaValidation(true)) + for _, msg := range linterRunDetails.Messages { + if strings.HasPrefix(msg.Error(), "[WARNING]") && + strings.Contains(msg.Error(), "deprecated") { + // When there is a deprecation warning for an object created + // by `helm create` for the current Kubernetes version, fail. + t.Errorf("Unexpected deprecation warning for %q: %s", msg.Path, msg.Error()) + } + } +} + +// lint ignores import-values +// See https://github.com/helm/helm/issues/9658 +func TestSubChartValuesChart(t *testing.T) { + var values map[string]any + m := RunAll(subChartValuesDir, values, namespace).Messages + if len(m) != 0 { + t.Error("All returned linter messages when it shouldn't have") + for i, msg := range m { + t.Logf("Message %d: %s", i, msg) + } + } +} + +// lint stuck with malformed template object +// See https://github.com/helm/helm/issues/11391 +func TestMalformedTemplate(t *testing.T) { + var values map[string]any + c := time.After(3 * time.Second) + ch := make(chan int, 1) + var m []support.Message + go func() { + m = RunAll(malformedTemplate, values, namespace).Messages + ch <- 1 + }() + select { + case <-c: + t.Fatalf("lint malformed template timeout") + case <-ch: + if len(m) != 1 { + t.Fatalf("All didn't fail with expected errors, got %#v", m) + } + if !strings.Contains(m[0].Err.Error(), "invalid character '{'") { + t.Errorf("All didn't have the error for invalid character '{'") + } + } +} diff --git a/pkg/lint/rules/chartfile.go b/pkg/chart/v2/lint/rules/chartfile.go similarity index 94% rename from pkg/lint/rules/chartfile.go rename to pkg/chart/v2/lint/rules/chartfile.go index 103c28374..806363477 100644 --- a/pkg/lint/rules/chartfile.go +++ b/pkg/chart/v2/lint/rules/chartfile.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package rules // import "helm.sh/helm/v4/pkg/lint/rules" +package rules // import "helm.sh/helm/v4/pkg/chart/v2/lint/rules" import ( "errors" @@ -27,8 +27,8 @@ import ( "sigs.k8s.io/yaml" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint/support" ) // Chartfile runs a set of linter rules related to Chart.yaml file @@ -67,6 +67,7 @@ func Chartfile(linter *support.Linter) { linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartIconURL(chartFile)) linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartType(chartFile)) linter.RunLinterRule(support.ErrorSev, chartFileName, validateChartDependencies(chartFile)) + linter.RunLinterRule(support.WarningSev, chartFileName, validateChartVersionStrictSemVerV2(chartFile)) } func validateChartVersionType(data map[string]interface{}) error { @@ -158,6 +159,16 @@ func validateChartVersion(cf *chart.Metadata) error { return nil } +func validateChartVersionStrictSemVerV2(cf *chart.Metadata) error { + _, err := semver.StrictNewVersion(cf.Version) + + if err != nil { + return fmt.Errorf("version '%s' is not a valid SemVerV2", cf.Version) + } + + return nil +} + func validateChartMaintainer(cf *chart.Metadata) error { for _, maintainer := range cf.Maintainers { if maintainer == nil { diff --git a/pkg/chart/v2/lint/rules/chartfile_test.go b/pkg/chart/v2/lint/rules/chartfile_test.go new file mode 100644 index 000000000..692358426 --- /dev/null +++ b/pkg/chart/v2/lint/rules/chartfile_test.go @@ -0,0 +1,319 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules + +import ( + "errors" + "os" + "path/filepath" + "strings" + "testing" + + chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" + chartutil "helm.sh/helm/v4/pkg/chart/v2/util" +) + +const ( + badChartNameDir = "testdata/badchartname" + badChartDir = "testdata/badchartfile" + anotherBadChartDir = "testdata/anotherbadchartfile" +) + +var ( + badChartNamePath = filepath.Join(badChartNameDir, "Chart.yaml") + badChartFilePath = filepath.Join(badChartDir, "Chart.yaml") + nonExistingChartFilePath = filepath.Join(os.TempDir(), "Chart.yaml") +) + +var badChart, _ = chartutil.LoadChartfile(badChartFilePath) +var badChartName, _ = chartutil.LoadChartfile(badChartNamePath) + +// Validation functions Test +func TestValidateChartYamlNotDirectory(t *testing.T) { + _ = os.Mkdir(nonExistingChartFilePath, os.ModePerm) + defer os.Remove(nonExistingChartFilePath) + + err := validateChartYamlNotDirectory(nonExistingChartFilePath) + if err == nil { + t.Errorf("validateChartYamlNotDirectory to return a linter error, got no error") + } +} + +func TestValidateChartYamlFormat(t *testing.T) { + err := validateChartYamlFormat(errors.New("Read error")) + if err == nil { + t.Errorf("validateChartYamlFormat to return a linter error, got no error") + } + + err = validateChartYamlFormat(nil) + if err != nil { + t.Errorf("validateChartYamlFormat to return no error, got a linter error") + } +} + +func TestValidateChartName(t *testing.T) { + err := validateChartName(badChart) + if err == nil { + t.Errorf("validateChartName to return a linter error, got no error") + } + + err = validateChartName(badChartName) + if err == nil { + t.Error("expected validateChartName to return a linter error for an invalid name, got no error") + } +} + +func TestValidateChartVersion(t *testing.T) { + var failTest = []struct { + Version string + ErrorMsg string + }{ + {"", "version is required"}, + {"1.2.3.4", "version '1.2.3.4' is not a valid SemVer"}, + {"waps", "'waps' is not a valid SemVer"}, + {"-3", "'-3' is not a valid SemVer"}, + } + + var successTest = []string{"0.0.1", "0.0.1+build", "0.0.1-beta"} + + for _, test := range failTest { + badChart.Version = test.Version + err := validateChartVersion(badChart) + if err == nil || !strings.Contains(err.Error(), test.ErrorMsg) { + t.Errorf("validateChartVersion(%s) to return \"%s\", got no error", test.Version, test.ErrorMsg) + } + } + + for _, version := range successTest { + badChart.Version = version + err := validateChartVersion(badChart) + if err != nil { + t.Errorf("validateChartVersion(%s) to return no error, got a linter error", version) + } + } +} + +func TestValidateChartVersionStrictSemVerV2(t *testing.T) { + var failTest = []struct { + Version string + ErrorMsg string + }{ + {"", "version '' is not a valid SemVerV2"}, + {"1", "version '1' is not a valid SemVerV2"}, + {"1.1", "version '1.1' is not a valid SemVerV2"}, + } + + var successTest = []string{"1.1.1", "0.0.1+build", "0.0.1-beta"} + + for _, test := range failTest { + badChart.Version = test.Version + err := validateChartVersionStrictSemVerV2(badChart) + if err == nil || !strings.Contains(err.Error(), test.ErrorMsg) { + t.Errorf("validateChartVersionStrictSemVerV2(%s) to return \"%s\", got no error", test.Version, test.ErrorMsg) + } + } + + for _, version := range successTest { + badChart.Version = version + err := validateChartVersionStrictSemVerV2(badChart) + if err != nil { + t.Errorf("validateChartVersionStrictSemVerV2(%s) to return no error, got a linter error", version) + } + } +} + +func TestValidateChartMaintainer(t *testing.T) { + var failTest = []struct { + Name string + Email string + ErrorMsg string + }{ + {"", "", "each maintainer requires a name"}, + {"", "test@test.com", "each maintainer requires a name"}, + {"John Snow", "wrongFormatEmail.com", "invalid email"}, + } + + var successTest = []struct { + Name string + Email string + }{ + {"John Snow", ""}, + {"John Snow", "john@winterfell.com"}, + } + + for _, test := range failTest { + badChart.Maintainers = []*chart.Maintainer{{Name: test.Name, Email: test.Email}} + err := validateChartMaintainer(badChart) + if err == nil || !strings.Contains(err.Error(), test.ErrorMsg) { + t.Errorf("validateChartMaintainer(%s, %s) to return \"%s\", got no error", test.Name, test.Email, test.ErrorMsg) + } + } + + for _, test := range successTest { + badChart.Maintainers = []*chart.Maintainer{{Name: test.Name, Email: test.Email}} + err := validateChartMaintainer(badChart) + if err != nil { + t.Errorf("validateChartMaintainer(%s, %s) to return no error, got %s", test.Name, test.Email, err.Error()) + } + } + + // Testing for an empty maintainer + badChart.Maintainers = []*chart.Maintainer{nil} + err := validateChartMaintainer(badChart) + if err == nil { + t.Errorf("validateChartMaintainer did not return error for nil maintainer as expected") + } + if err.Error() != "a maintainer entry is empty" { + t.Errorf("validateChartMaintainer returned unexpected error for nil maintainer: %s", err.Error()) + } +} + +func TestValidateChartSources(t *testing.T) { + var failTest = []string{"", "RiverRun", "john@winterfell", "riverrun.io"} + var successTest = []string{"http://riverrun.io", "https://riverrun.io", "https://riverrun.io/blackfish"} + for _, test := range failTest { + badChart.Sources = []string{test} + err := validateChartSources(badChart) + if err == nil || !strings.Contains(err.Error(), "invalid source URL") { + t.Errorf("validateChartSources(%s) to return \"invalid source URL\", got no error", test) + } + } + + for _, test := range successTest { + badChart.Sources = []string{test} + err := validateChartSources(badChart) + if err != nil { + t.Errorf("validateChartSources(%s) to return no error, got %s", test, err.Error()) + } + } +} + +func TestValidateChartIconPresence(t *testing.T) { + t.Run("Icon absent", func(t *testing.T) { + testChart := &chart.Metadata{ + Icon: "", + } + + err := validateChartIconPresence(testChart) + + if err == nil { + t.Errorf("validateChartIconPresence to return a linter error, got no error") + } else if !strings.Contains(err.Error(), "icon is recommended") { + t.Errorf("expected %q, got %q", "icon is recommended", err.Error()) + } + }) + t.Run("Icon present", func(t *testing.T) { + testChart := &chart.Metadata{ + Icon: "http://example.org/icon.png", + } + + err := validateChartIconPresence(testChart) + + if err != nil { + t.Errorf("Unexpected error: %q", err.Error()) + } + }) +} + +func TestValidateChartIconURL(t *testing.T) { + var failTest = []string{"RiverRun", "john@winterfell", "riverrun.io"} + var successTest = []string{"http://riverrun.io", "https://riverrun.io", "https://riverrun.io/blackfish.png"} + for _, test := range failTest { + badChart.Icon = test + err := validateChartIconURL(badChart) + if err == nil || !strings.Contains(err.Error(), "invalid icon URL") { + t.Errorf("validateChartIconURL(%s) to return \"invalid icon URL\", got no error", test) + } + } + + for _, test := range successTest { + badChart.Icon = test + err := validateChartSources(badChart) + if err != nil { + t.Errorf("validateChartIconURL(%s) to return no error, got %s", test, err.Error()) + } + } +} + +func TestChartfile(t *testing.T) { + t.Run("Chart.yaml basic validity issues", func(t *testing.T) { + linter := support.Linter{ChartDir: badChartDir} + Chartfile(&linter) + msgs := linter.Messages + expectedNumberOfErrorMessages := 7 + + if len(msgs) != expectedNumberOfErrorMessages { + t.Errorf("Expected %d errors, got %d", expectedNumberOfErrorMessages, len(msgs)) + return + } + + if !strings.Contains(msgs[0].Err.Error(), "name is required") { + t.Errorf("Unexpected message 0: %s", msgs[0].Err) + } + + if !strings.Contains(msgs[1].Err.Error(), "apiVersion is required. The value must be either \"v1\" or \"v2\"") { + t.Errorf("Unexpected message 1: %s", msgs[1].Err) + } + + if !strings.Contains(msgs[2].Err.Error(), "version '0.0.0.0' is not a valid SemVer") { + t.Errorf("Unexpected message 2: %s", msgs[2].Err) + } + + if !strings.Contains(msgs[3].Err.Error(), "icon is recommended") { + t.Errorf("Unexpected message 3: %s", msgs[3].Err) + } + + if !strings.Contains(msgs[4].Err.Error(), "chart type is not valid in apiVersion") { + t.Errorf("Unexpected message 4: %s", msgs[4].Err) + } + + if !strings.Contains(msgs[5].Err.Error(), "dependencies are not valid in the Chart file with apiVersion") { + t.Errorf("Unexpected message 5: %s", msgs[5].Err) + } + if !strings.Contains(msgs[6].Err.Error(), "version '0.0.0.0' is not a valid SemVerV2") { + t.Errorf("Unexpected message 6: %s", msgs[6].Err) + } + }) + + t.Run("Chart.yaml validity issues due to type mismatch", func(t *testing.T) { + linter := support.Linter{ChartDir: anotherBadChartDir} + Chartfile(&linter) + msgs := linter.Messages + expectedNumberOfErrorMessages := 4 + + if len(msgs) != expectedNumberOfErrorMessages { + t.Errorf("Expected %d errors, got %d", expectedNumberOfErrorMessages, len(msgs)) + return + } + + if !strings.Contains(msgs[0].Err.Error(), "version should be of type string") { + t.Errorf("Unexpected message 0: %s", msgs[0].Err) + } + + if !strings.Contains(msgs[1].Err.Error(), "version '7.2445e+06' is not a valid SemVer") { + t.Errorf("Unexpected message 1: %s", msgs[1].Err) + } + + if !strings.Contains(msgs[2].Err.Error(), "appVersion should be of type string") { + t.Errorf("Unexpected message 2: %s", msgs[2].Err) + } + if !strings.Contains(msgs[3].Err.Error(), "version '7.2445e+06' is not a valid SemVerV2") { + t.Errorf("Unexpected message 3: %s", msgs[3].Err) + } + }) +} diff --git a/pkg/lint/rules/crds.go b/pkg/chart/v2/lint/rules/crds.go similarity index 98% rename from pkg/lint/rules/crds.go rename to pkg/chart/v2/lint/rules/crds.go index 1b8a73139..49e30192a 100644 --- a/pkg/lint/rules/crds.go +++ b/pkg/chart/v2/lint/rules/crds.go @@ -28,8 +28,8 @@ import ( "k8s.io/apimachinery/pkg/util/yaml" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" "helm.sh/helm/v4/pkg/chart/v2/loader" - "helm.sh/helm/v4/pkg/lint/support" ) // Crds lints the CRDs in the Linter. diff --git a/pkg/lint/rules/crds_test.go b/pkg/chart/v2/lint/rules/crds_test.go similarity index 95% rename from pkg/lint/rules/crds_test.go rename to pkg/chart/v2/lint/rules/crds_test.go index d497b29ba..e644f182f 100644 --- a/pkg/lint/rules/crds_test.go +++ b/pkg/chart/v2/lint/rules/crds_test.go @@ -21,7 +21,7 @@ import ( "github.com/stretchr/testify/assert" - "helm.sh/helm/v4/pkg/lint/support" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" ) const invalidCrdsDir = "./testdata/invalidcrdsdir" diff --git a/pkg/lint/rules/dependencies.go b/pkg/chart/v2/lint/rules/dependencies.go similarity index 96% rename from pkg/lint/rules/dependencies.go rename to pkg/chart/v2/lint/rules/dependencies.go index 16c9d6435..d944a016d 100644 --- a/pkg/lint/rules/dependencies.go +++ b/pkg/chart/v2/lint/rules/dependencies.go @@ -14,15 +14,15 @@ See the License for the specific language governing permissions and limitations under the License. */ -package rules // import "helm.sh/helm/v4/pkg/lint/rules" +package rules // import "helm.sh/helm/v4/pkg/chart/v2/lint/rules" import ( "fmt" "strings" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" "helm.sh/helm/v4/pkg/chart/v2/loader" - "helm.sh/helm/v4/pkg/lint/support" ) // Dependencies runs lints against a chart's dependencies diff --git a/pkg/lint/rules/dependencies_test.go b/pkg/chart/v2/lint/rules/dependencies_test.go similarity index 98% rename from pkg/lint/rules/dependencies_test.go rename to pkg/chart/v2/lint/rules/dependencies_test.go index 1369b2372..08a6646cd 100644 --- a/pkg/lint/rules/dependencies_test.go +++ b/pkg/chart/v2/lint/rules/dependencies_test.go @@ -20,8 +20,8 @@ import ( "testing" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint/support" ) func chartWithBadDependencies() chart.Chart { diff --git a/pkg/chart/v2/lint/rules/deprecations.go b/pkg/chart/v2/lint/rules/deprecations.go new file mode 100644 index 000000000..6eba316bc --- /dev/null +++ b/pkg/chart/v2/lint/rules/deprecations.go @@ -0,0 +1,106 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules // import "helm.sh/helm/v4/pkg/chart/v2/lint/rules" + +import ( + "fmt" + "strconv" + + "helm.sh/helm/v4/pkg/chart/common" + + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/endpoints/deprecation" + kscheme "k8s.io/client-go/kubernetes/scheme" +) + +var ( + // This should be set in the Makefile based on the version of client-go being imported. + // These constants will be overwritten with LDFLAGS. The version components must be + // strings in order for LDFLAGS to set them. + k8sVersionMajor = "1" + k8sVersionMinor = "20" +) + +// deprecatedAPIError indicates than an API is deprecated in Kubernetes +type deprecatedAPIError struct { + Deprecated string + Message string +} + +func (e deprecatedAPIError) Error() string { + msg := e.Message + return msg +} + +func validateNoDeprecations(resource *k8sYamlStruct, kubeVersion *common.KubeVersion) error { + // if `resource` does not have an APIVersion or Kind, we cannot test it for deprecation + if resource.APIVersion == "" { + return nil + } + if resource.Kind == "" { + return nil + } + + majorVersion := k8sVersionMajor + minorVersion := k8sVersionMinor + + if kubeVersion != nil { + majorVersion = kubeVersion.Major + minorVersion = kubeVersion.Minor + } + + runtimeObject, err := resourceToRuntimeObject(resource) + if err != nil { + // do not error for non-kubernetes resources + if runtime.IsNotRegisteredError(err) { + return nil + } + return err + } + + major, err := strconv.Atoi(majorVersion) + if err != nil { + return err + } + minor, err := strconv.Atoi(minorVersion) + if err != nil { + return err + } + + if !deprecation.IsDeprecated(runtimeObject, major, minor) { + return nil + } + gvk := fmt.Sprintf("%s %s", resource.APIVersion, resource.Kind) + return deprecatedAPIError{ + Deprecated: gvk, + Message: deprecation.WarningMessage(runtimeObject), + } +} + +func resourceToRuntimeObject(resource *k8sYamlStruct) (runtime.Object, error) { + scheme := runtime.NewScheme() + kscheme.AddToScheme(scheme) + + gvk := schema.FromAPIVersionAndKind(resource.APIVersion, resource.Kind) + out, err := scheme.New(gvk) + if err != nil { + return nil, err + } + out.GetObjectKind().SetGroupVersionKind(gvk) + return out, nil +} diff --git a/pkg/lint/rules/deprecations_test.go b/pkg/chart/v2/lint/rules/deprecations_test.go similarity index 94% rename from pkg/lint/rules/deprecations_test.go rename to pkg/chart/v2/lint/rules/deprecations_test.go index 6add843ce..e153f67e6 100644 --- a/pkg/lint/rules/deprecations_test.go +++ b/pkg/chart/v2/lint/rules/deprecations_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package rules // import "helm.sh/helm/v4/pkg/lint/rules" +package rules // import "helm.sh/helm/v4/pkg/chart/v2/lint/rules" import "testing" diff --git a/pkg/chart/v2/lint/rules/template.go b/pkg/chart/v2/lint/rules/template.go new file mode 100644 index 000000000..0c633dc1a --- /dev/null +++ b/pkg/chart/v2/lint/rules/template.go @@ -0,0 +1,384 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules + +import ( + "bufio" + "bytes" + "errors" + "fmt" + "io" + "os" + "path" + "path/filepath" + "slices" + "strings" + + "k8s.io/apimachinery/pkg/api/validation" + apipath "k8s.io/apimachinery/pkg/api/validation/path" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/apimachinery/pkg/util/yaml" + + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" + "helm.sh/helm/v4/pkg/chart/v2/loader" + chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/engine" +) + +// Templates lints the templates in the Linter. +func Templates(linter *support.Linter, namespace string, values map[string]any, options ...TemplateLinterOption) { + templateLinter := newTemplateLinter(linter, namespace, values, options...) + templateLinter.Lint() +} + +type TemplateLinterOption func(*templateLinter) + +func TemplateLinterKubeVersion(kubeVersion *common.KubeVersion) TemplateLinterOption { + return func(tl *templateLinter) { + tl.kubeVersion = kubeVersion + } +} + +func TemplateLinterSkipSchemaValidation(skipSchemaValidation bool) TemplateLinterOption { + return func(tl *templateLinter) { + tl.skipSchemaValidation = skipSchemaValidation + } +} + +func newTemplateLinter(linter *support.Linter, namespace string, values map[string]any, options ...TemplateLinterOption) templateLinter { + + result := templateLinter{ + linter: linter, + values: values, + namespace: namespace, + } + + for _, o := range options { + o(&result) + } + + return result +} + +type templateLinter struct { + linter *support.Linter + values map[string]any + namespace string + kubeVersion *common.KubeVersion + skipSchemaValidation bool +} + +func (t *templateLinter) Lint() { + templatesDir := "templates/" + templatesPath := filepath.Join(t.linter.ChartDir, templatesDir) + + templatesDirExists := t.linter.RunLinterRule(support.WarningSev, templatesDir, templatesDirExists(templatesPath)) + if !templatesDirExists { + return + } + + validTemplatesDir := t.linter.RunLinterRule(support.ErrorSev, templatesDir, validateTemplatesDir(templatesPath)) + if !validTemplatesDir { + return + } + + // Load chart and parse templates + chart, err := loader.Load(t.linter.ChartDir) + + chartLoaded := t.linter.RunLinterRule(support.ErrorSev, templatesDir, err) + + if !chartLoaded { + return + } + + options := common.ReleaseOptions{ + Name: "test-release", + Namespace: t.namespace, + } + + caps := common.DefaultCapabilities.Copy() + if t.kubeVersion != nil { + caps.KubeVersion = *t.kubeVersion + } + + // lint ignores import-values + // See https://github.com/helm/helm/issues/9658 + if err := chartutil.ProcessDependencies(chart, t.values); err != nil { + return + } + + cvals, err := util.CoalesceValues(chart, t.values) + if err != nil { + return + } + + valuesToRender, err := util.ToRenderValuesWithSchemaValidation(chart, cvals, options, caps, t.skipSchemaValidation) + if err != nil { + t.linter.RunLinterRule(support.ErrorSev, templatesDir, err) + return + } + var e engine.Engine + e.LintMode = true + renderedContentMap, err := e.Render(chart, valuesToRender) + + renderOk := t.linter.RunLinterRule(support.ErrorSev, templatesDir, err) + + if !renderOk { + return + } + + /* Iterate over all the templates to check: + - It is a .yaml file + - All the values in the template file is defined + - {{}} include | quote + - Generated content is a valid Yaml file + - Metadata.Namespace is not set + */ + for _, template := range chart.Templates { + fileName := template.Name + + t.linter.RunLinterRule(support.ErrorSev, fileName, validateAllowedExtension(fileName)) + + // We only apply the following lint rules to yaml files + if !isYamlFileExtension(fileName) { + continue + } + + // NOTE: disabled for now, Refs https://github.com/helm/helm/issues/1463 + // Check that all the templates have a matching value + // linter.RunLinterRule(support.WarningSev, fpath, validateNoMissingValues(templatesPath, valuesToRender, preExecutedTemplate)) + + // NOTE: disabled for now, Refs https://github.com/helm/helm/issues/1037 + // linter.RunLinterRule(support.WarningSev, fpath, validateQuotes(string(preExecutedTemplate))) + + renderedContent := renderedContentMap[path.Join(chart.Name(), fileName)] + if strings.TrimSpace(renderedContent) != "" { + t.linter.RunLinterRule(support.WarningSev, fileName, validateTopIndentLevel(renderedContent)) + + decoder := yaml.NewYAMLOrJSONDecoder(strings.NewReader(renderedContent), 4096) + + // Lint all resources if the file contains multiple documents separated by --- + for { + // Even though k8sYamlStruct only defines a few fields, an error in any other + // key will be raised as well + var yamlStruct *k8sYamlStruct + + err := decoder.Decode(&yamlStruct) + if err == io.EOF { + break + } + + // If YAML linting fails here, it will always fail in the next block as well, so we should return here. + // fix https://github.com/helm/helm/issues/11391 + if !t.linter.RunLinterRule(support.ErrorSev, fileName, validateYamlContent(err)) { + return + } + if yamlStruct != nil { + // NOTE: set to warnings to allow users to support out-of-date kubernetes + // Refs https://github.com/helm/helm/issues/8596 + t.linter.RunLinterRule(support.WarningSev, fileName, validateMetadataName(yamlStruct)) + t.linter.RunLinterRule(support.WarningSev, fileName, validateNoDeprecations(yamlStruct, t.kubeVersion)) + + t.linter.RunLinterRule(support.ErrorSev, fileName, validateMatchSelector(yamlStruct, renderedContent)) + t.linter.RunLinterRule(support.ErrorSev, fileName, validateListAnnotations(yamlStruct, renderedContent)) + } + } + } + } +} + +// validateTopIndentLevel checks that the content does not start with an indent level > 0. +// +// This error can occur when a template accidentally inserts space. It can cause +// unpredictable errors depending on whether the text is normalized before being passed +// into the YAML parser. So we trap it here. +// +// See https://github.com/helm/helm/issues/8467 +func validateTopIndentLevel(content string) error { + // Read lines until we get to a non-empty one + scanner := bufio.NewScanner(bytes.NewBufferString(content)) + for scanner.Scan() { + line := scanner.Text() + // If line is empty, skip + if strings.TrimSpace(line) == "" { + continue + } + // If it starts with one or more spaces, this is an error + if strings.HasPrefix(line, " ") || strings.HasPrefix(line, "\t") { + return fmt.Errorf("document starts with an illegal indent: %q, which may cause parsing problems", line) + } + // Any other condition passes. + return nil + } + return scanner.Err() +} + +// Validation functions +func templatesDirExists(templatesPath string) error { + _, err := os.Stat(templatesPath) + if errors.Is(err, os.ErrNotExist) { + return errors.New("directory does not exist") + } + return nil +} + +func validateTemplatesDir(templatesPath string) error { + fi, err := os.Stat(templatesPath) + if err != nil { + return err + } + if !fi.IsDir() { + return errors.New("not a directory") + } + return nil +} + +func validateAllowedExtension(fileName string) error { + ext := filepath.Ext(fileName) + validExtensions := []string{".yaml", ".yml", ".tpl", ".txt"} + + if slices.Contains(validExtensions, ext) { + return nil + } + + return fmt.Errorf("file extension '%s' not valid. Valid extensions are .yaml, .yml, .tpl, or .txt", ext) +} + +func validateYamlContent(err error) error { + if err != nil { + return fmt.Errorf("unable to parse YAML: %w", err) + } + + return nil +} + +// validateMetadataName uses the correct validation function for the object +// Kind, or if not set, defaults to the standard definition of a subdomain in +// DNS (RFC 1123), used by most resources. +func validateMetadataName(obj *k8sYamlStruct) error { + fn := validateMetadataNameFunc(obj) + allErrs := field.ErrorList{} + for _, msg := range fn(obj.Metadata.Name, false) { + allErrs = append(allErrs, field.Invalid(field.NewPath("metadata").Child("name"), obj.Metadata.Name, msg)) + } + if len(allErrs) > 0 { + return fmt.Errorf("object name does not conform to Kubernetes naming requirements: %q: %w", obj.Metadata.Name, allErrs.ToAggregate()) + } + return nil +} + +// validateMetadataNameFunc will return a name validation function for the +// object kind, if defined below. +// +// Rules should match those set in the various api validations: +// https://github.com/kubernetes/kubernetes/blob/v1.20.0/pkg/apis/core/validation/validation.go#L205-L274 +// https://github.com/kubernetes/kubernetes/blob/v1.20.0/pkg/apis/apps/validation/validation.go#L39 +// ... +// +// Implementing here to avoid importing k/k. +// +// If no mapping is defined, returns NameIsDNSSubdomain. This is used by object +// kinds that don't have special requirements, so is the most likely to work if +// new kinds are added. +func validateMetadataNameFunc(obj *k8sYamlStruct) validation.ValidateNameFunc { + switch strings.ToLower(obj.Kind) { + case "pod", "node", "secret", "endpoints", "resourcequota", // core + "controllerrevision", "daemonset", "deployment", "replicaset", "statefulset", // apps + "autoscaler", // autoscaler + "cronjob", "job", // batch + "lease", // coordination + "endpointslice", // discovery + "networkpolicy", "ingress", // networking + "podsecuritypolicy", // policy + "priorityclass", // scheduling + "podpreset", // settings + "storageclass", "volumeattachment", "csinode": // storage + return validation.NameIsDNSSubdomain + case "service": + return validation.NameIsDNS1035Label + case "namespace": + return validation.ValidateNamespaceName + case "serviceaccount": + return validation.ValidateServiceAccountName + case "certificatesigningrequest": + // No validation. + // https://github.com/kubernetes/kubernetes/blob/v1.20.0/pkg/apis/certificates/validation/validation.go#L137-L140 + return func(_ string, _ bool) []string { return nil } + case "role", "clusterrole", "rolebinding", "clusterrolebinding": + // https://github.com/kubernetes/kubernetes/blob/v1.20.0/pkg/apis/rbac/validation/validation.go#L32-L34 + return func(name string, _ bool) []string { + return apipath.IsValidPathSegmentName(name) + } + default: + return validation.NameIsDNSSubdomain + } +} + +// validateMatchSelector ensures that template specs have a selector declared. +// See https://github.com/helm/helm/issues/1990 +func validateMatchSelector(yamlStruct *k8sYamlStruct, manifest string) error { + switch yamlStruct.Kind { + case "Deployment", "ReplicaSet", "DaemonSet", "StatefulSet": + // verify that matchLabels or matchExpressions is present + if !strings.Contains(manifest, "matchLabels") && !strings.Contains(manifest, "matchExpressions") { + return fmt.Errorf("a %s must contain matchLabels or matchExpressions, and %q does not", yamlStruct.Kind, yamlStruct.Metadata.Name) + } + } + return nil +} + +func validateListAnnotations(yamlStruct *k8sYamlStruct, manifest string) error { + if yamlStruct.Kind == "List" { + m := struct { + Items []struct { + Metadata struct { + Annotations map[string]string + } + } + }{} + + if err := yaml.Unmarshal([]byte(manifest), &m); err != nil { + return validateYamlContent(err) + } + + for _, i := range m.Items { + if _, ok := i.Metadata.Annotations["helm.sh/resource-policy"]; ok { + return errors.New("annotation 'helm.sh/resource-policy' within List objects are ignored") + } + } + } + return nil +} + +func isYamlFileExtension(fileName string) bool { + ext := strings.ToLower(filepath.Ext(fileName)) + return ext == ".yaml" || ext == ".yml" +} + +// k8sYamlStruct stubs a Kubernetes YAML file. +type k8sYamlStruct struct { + APIVersion string `json:"apiVersion"` + Kind string + Metadata k8sYamlMetadata +} + +type k8sYamlMetadata struct { + Namespace string + Name string +} diff --git a/pkg/chart/v2/lint/rules/template_test.go b/pkg/chart/v2/lint/rules/template_test.go new file mode 100644 index 000000000..c08ba6cc3 --- /dev/null +++ b/pkg/chart/v2/lint/rules/template_test.go @@ -0,0 +1,490 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules + +import ( + "fmt" + "os" + "path/filepath" + "strings" + "testing" + "time" + + "helm.sh/helm/v4/pkg/chart/common" + chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" + chartutil "helm.sh/helm/v4/pkg/chart/v2/util" +) + +const templateTestBasedir = "./testdata/albatross" + +func TestValidateAllowedExtension(t *testing.T) { + var failTest = []string{"/foo", "/test.toml"} + for _, test := range failTest { + err := validateAllowedExtension(test) + if err == nil || !strings.Contains(err.Error(), "Valid extensions are .yaml, .yml, .tpl, or .txt") { + t.Errorf("validateAllowedExtension('%s') to return \"Valid extensions are .yaml, .yml, .tpl, or .txt\", got no error", test) + } + } + var successTest = []string{"/foo.yaml", "foo.yaml", "foo.tpl", "/foo/bar/baz.yaml", "NOTES.txt"} + for _, test := range successTest { + err := validateAllowedExtension(test) + if err != nil { + t.Errorf("validateAllowedExtension('%s') to return no error but got \"%s\"", test, err.Error()) + } + } +} + +var values = map[string]interface{}{"nameOverride": "", "httpPort": 80} + +const namespace = "testNamespace" + +func TestTemplateParsing(t *testing.T) { + linter := support.Linter{ChartDir: templateTestBasedir} + Templates( + &linter, + namespace, + values, + TemplateLinterSkipSchemaValidation(false)) + res := linter.Messages + + if len(res) != 1 { + t.Fatalf("Expected one error, got %d, %v", len(res), res) + } + + if !strings.Contains(res[0].Err.Error(), "deliberateSyntaxError") { + t.Errorf("Unexpected error: %s", res[0]) + } +} + +var wrongTemplatePath = filepath.Join(templateTestBasedir, "templates", "fail.yaml") +var ignoredTemplatePath = filepath.Join(templateTestBasedir, "fail.yaml.ignored") + +// Test a template with all the existing features: +// namespaces, partial templates +func TestTemplateIntegrationHappyPath(t *testing.T) { + // Rename file so it gets ignored by the linter + os.Rename(wrongTemplatePath, ignoredTemplatePath) + defer os.Rename(ignoredTemplatePath, wrongTemplatePath) + + linter := support.Linter{ChartDir: templateTestBasedir} + Templates( + &linter, + namespace, + values, + TemplateLinterSkipSchemaValidation(false)) + res := linter.Messages + + if len(res) != 0 { + t.Fatalf("Expected no error, got %d, %v", len(res), res) + } +} + +func TestMultiTemplateFail(t *testing.T) { + linter := support.Linter{ChartDir: "./testdata/multi-template-fail"} + Templates( + &linter, + namespace, + values, + TemplateLinterSkipSchemaValidation(false)) + res := linter.Messages + + if len(res) != 1 { + t.Fatalf("Expected 1 error, got %d, %v", len(res), res) + } + + if !strings.Contains(res[0].Err.Error(), "object name does not conform to Kubernetes naming requirements") { + t.Errorf("Unexpected error: %s", res[0].Err) + } +} + +func TestValidateMetadataName(t *testing.T) { + tests := []struct { + obj *k8sYamlStruct + wantErr bool + }{ + // Most kinds use IsDNS1123Subdomain. + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: ""}}, true}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "foo.bar1234baz.seventyone"}}, false}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "FOO"}}, true}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "123baz"}}, false}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "foo.BAR.baz"}}, true}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "one-two"}}, false}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "-two"}}, true}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "one_two"}}, true}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "a..b"}}, true}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "%^&#$%*@^*@&#^"}}, true}, + {&k8sYamlStruct{Kind: "Pod", Metadata: k8sYamlMetadata{Name: "operator:pod"}}, true}, + {&k8sYamlStruct{Kind: "ServiceAccount", Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Kind: "ServiceAccount", Metadata: k8sYamlMetadata{Name: "foo.bar1234baz.seventyone"}}, false}, + {&k8sYamlStruct{Kind: "ServiceAccount", Metadata: k8sYamlMetadata{Name: "FOO"}}, true}, + {&k8sYamlStruct{Kind: "ServiceAccount", Metadata: k8sYamlMetadata{Name: "operator:sa"}}, true}, + + // Service uses IsDNS1035Label. + {&k8sYamlStruct{Kind: "Service", Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Kind: "Service", Metadata: k8sYamlMetadata{Name: "123baz"}}, true}, + {&k8sYamlStruct{Kind: "Service", Metadata: k8sYamlMetadata{Name: "foo.bar"}}, true}, + + // Namespace uses IsDNS1123Label. + {&k8sYamlStruct{Kind: "Namespace", Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Kind: "Namespace", Metadata: k8sYamlMetadata{Name: "123baz"}}, false}, + {&k8sYamlStruct{Kind: "Namespace", Metadata: k8sYamlMetadata{Name: "foo.bar"}}, true}, + {&k8sYamlStruct{Kind: "Namespace", Metadata: k8sYamlMetadata{Name: "foo-bar"}}, false}, + + // CertificateSigningRequest has no validation. + {&k8sYamlStruct{Kind: "CertificateSigningRequest", Metadata: k8sYamlMetadata{Name: ""}}, false}, + {&k8sYamlStruct{Kind: "CertificateSigningRequest", Metadata: k8sYamlMetadata{Name: "123baz"}}, false}, + {&k8sYamlStruct{Kind: "CertificateSigningRequest", Metadata: k8sYamlMetadata{Name: "%^&#$%*@^*@&#^"}}, false}, + + // RBAC uses path validation. + {&k8sYamlStruct{Kind: "Role", Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Kind: "Role", Metadata: k8sYamlMetadata{Name: "123baz"}}, false}, + {&k8sYamlStruct{Kind: "Role", Metadata: k8sYamlMetadata{Name: "foo.bar"}}, false}, + {&k8sYamlStruct{Kind: "Role", Metadata: k8sYamlMetadata{Name: "operator:role"}}, false}, + {&k8sYamlStruct{Kind: "Role", Metadata: k8sYamlMetadata{Name: "operator/role"}}, true}, + {&k8sYamlStruct{Kind: "Role", Metadata: k8sYamlMetadata{Name: "operator%role"}}, true}, + {&k8sYamlStruct{Kind: "ClusterRole", Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Kind: "ClusterRole", Metadata: k8sYamlMetadata{Name: "123baz"}}, false}, + {&k8sYamlStruct{Kind: "ClusterRole", Metadata: k8sYamlMetadata{Name: "foo.bar"}}, false}, + {&k8sYamlStruct{Kind: "ClusterRole", Metadata: k8sYamlMetadata{Name: "operator:role"}}, false}, + {&k8sYamlStruct{Kind: "ClusterRole", Metadata: k8sYamlMetadata{Name: "operator/role"}}, true}, + {&k8sYamlStruct{Kind: "ClusterRole", Metadata: k8sYamlMetadata{Name: "operator%role"}}, true}, + {&k8sYamlStruct{Kind: "RoleBinding", Metadata: k8sYamlMetadata{Name: "operator:role"}}, false}, + {&k8sYamlStruct{Kind: "ClusterRoleBinding", Metadata: k8sYamlMetadata{Name: "operator:role"}}, false}, + + // Unknown Kind + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: ""}}, true}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "foo.bar1234baz.seventyone"}}, false}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "FOO"}}, true}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "123baz"}}, false}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "foo.BAR.baz"}}, true}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "one-two"}}, false}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "-two"}}, true}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "one_two"}}, true}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "a..b"}}, true}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "%^&#$%*@^*@&#^"}}, true}, + {&k8sYamlStruct{Kind: "FutureKind", Metadata: k8sYamlMetadata{Name: "operator:pod"}}, true}, + + // No kind + {&k8sYamlStruct{Metadata: k8sYamlMetadata{Name: "foo"}}, false}, + {&k8sYamlStruct{Metadata: k8sYamlMetadata{Name: "operator:pod"}}, true}, + } + for _, tt := range tests { + t.Run(fmt.Sprintf("%s/%s", tt.obj.Kind, tt.obj.Metadata.Name), func(t *testing.T) { + if err := validateMetadataName(tt.obj); (err != nil) != tt.wantErr { + t.Errorf("validateMetadataName() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} + +func TestDeprecatedAPIFails(t *testing.T) { + modTime := time.Now() + mychart := chart.Chart{ + Metadata: &chart.Metadata{ + APIVersion: "v2", + Name: "failapi", + Version: "0.1.0", + Icon: "satisfy-the-linting-gods.gif", + }, + Templates: []*common.File{ + { + Name: "templates/baddeployment.yaml", + ModTime: modTime, + Data: []byte("apiVersion: apps/v1beta1\nkind: Deployment\nmetadata:\n name: baddep\nspec: {selector: {matchLabels: {foo: bar}}}"), + }, + { + Name: "templates/goodsecret.yaml", + ModTime: modTime, + Data: []byte("apiVersion: v1\nkind: Secret\nmetadata:\n name: goodsecret"), + }, + }, + } + tmpdir := t.TempDir() + + if err := chartutil.SaveDir(&mychart, tmpdir); err != nil { + t.Fatal(err) + } + + linter := support.Linter{ChartDir: filepath.Join(tmpdir, mychart.Name())} + Templates( + &linter, + namespace, + values, + TemplateLinterSkipSchemaValidation(false)) + if l := len(linter.Messages); l != 1 { + for i, msg := range linter.Messages { + t.Logf("Message %d: %s", i, msg) + } + t.Fatalf("Expected 1 lint error, got %d", l) + } + + err := linter.Messages[0].Err.(deprecatedAPIError) + if err.Deprecated != "apps/v1beta1 Deployment" { + t.Errorf("Surprised to learn that %q is deprecated", err.Deprecated) + } +} + +const manifest = `apiVersion: v1 +kind: ConfigMap +metadata: + name: foo +data: + myval1: {{default "val" .Values.mymap.key1 }} + myval2: {{default "val" .Values.mymap.key2 }} +` + +// TestStrictTemplateParsingMapError is a regression test. +// +// The template engine should not produce an error when a map in values.yaml does +// not contain all possible keys. +// +// See https://github.com/helm/helm/issues/7483 +func TestStrictTemplateParsingMapError(t *testing.T) { + + ch := chart.Chart{ + Metadata: &chart.Metadata{ + Name: "regression7483", + APIVersion: "v2", + Version: "0.1.0", + }, + Values: map[string]interface{}{ + "mymap": map[string]string{ + "key1": "val1", + }, + }, + Templates: []*common.File{ + { + Name: "templates/configmap.yaml", + ModTime: time.Now(), + Data: []byte(manifest), + }, + }, + } + dir := t.TempDir() + if err := chartutil.SaveDir(&ch, dir); err != nil { + t.Fatal(err) + } + linter := &support.Linter{ + ChartDir: filepath.Join(dir, ch.Metadata.Name), + } + Templates( + linter, + namespace, + ch.Values, + TemplateLinterSkipSchemaValidation(false)) + if len(linter.Messages) != 0 { + t.Errorf("expected zero messages, got %d", len(linter.Messages)) + for i, msg := range linter.Messages { + t.Logf("Message %d: %q", i, msg) + } + } +} + +func TestValidateMatchSelector(t *testing.T) { + md := &k8sYamlStruct{ + APIVersion: "apps/v1", + Kind: "Deployment", + Metadata: k8sYamlMetadata{ + Name: "mydeployment", + }, + } + manifest := ` + apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx +spec: + replicas: 3 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ` + if err := validateMatchSelector(md, manifest); err != nil { + t.Error(err) + } + manifest = ` + apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx +spec: + replicas: 3 + selector: + matchExpressions: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ` + if err := validateMatchSelector(md, manifest); err != nil { + t.Error(err) + } + manifest = ` + apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx +spec: + replicas: 3 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ` + if err := validateMatchSelector(md, manifest); err == nil { + t.Error("expected Deployment with no selector to fail") + } +} + +func TestValidateTopIndentLevel(t *testing.T) { + for doc, shouldFail := range map[string]bool{ + // Should not fail + "\n\n\n\t\n \t\n": false, + "apiVersion:foo\n bar:baz": false, + "\n\n\napiVersion:foo\n\n\n": false, + // Should fail + " apiVersion:foo": true, + "\n\n apiVersion:foo\n\n": true, + } { + if err := validateTopIndentLevel(doc); (err == nil) == shouldFail { + t.Errorf("Expected %t for %q", shouldFail, doc) + } + } + +} + +// TestEmptyWithCommentsManifests checks the lint is not failing against empty manifests that contains only comments +// See https://github.com/helm/helm/issues/8621 +func TestEmptyWithCommentsManifests(t *testing.T) { + mychart := chart.Chart{ + Metadata: &chart.Metadata{ + APIVersion: "v2", + Name: "emptymanifests", + Version: "0.1.0", + Icon: "satisfy-the-linting-gods.gif", + }, + Templates: []*common.File{ + { + Name: "templates/empty-with-comments.yaml", + ModTime: time.Now(), + Data: []byte("#@formatter:off\n"), + }, + }, + } + tmpdir := t.TempDir() + + if err := chartutil.SaveDir(&mychart, tmpdir); err != nil { + t.Fatal(err) + } + + linter := support.Linter{ChartDir: filepath.Join(tmpdir, mychart.Name())} + Templates( + &linter, + namespace, + values, + TemplateLinterSkipSchemaValidation(false)) + if l := len(linter.Messages); l > 0 { + for i, msg := range linter.Messages { + t.Logf("Message %d: %s", i, msg) + } + t.Fatalf("Expected 0 lint errors, got %d", l) + } +} +func TestValidateListAnnotations(t *testing.T) { + md := &k8sYamlStruct{ + APIVersion: "v1", + Kind: "List", + Metadata: k8sYamlMetadata{ + Name: "list", + }, + } + manifest := ` +apiVersion: v1 +kind: List +items: + - apiVersion: v1 + kind: ConfigMap + metadata: + annotations: + helm.sh/resource-policy: keep +` + + if err := validateListAnnotations(md, manifest); err == nil { + t.Fatal("expected list with nested keep annotations to fail") + } + + manifest = ` +apiVersion: v1 +kind: List +metadata: + annotations: + helm.sh/resource-policy: keep +items: + - apiVersion: v1 + kind: ConfigMap +` + + if err := validateListAnnotations(md, manifest); err != nil { + t.Fatalf("List objects keep annotations should pass. got: %s", err) + } +} + +func TestIsYamlFileExtension(t *testing.T) { + tests := []struct { + filename string + expected bool + }{ + {"test.yaml", true}, + {"test.yml", true}, + {"test.txt", false}, + {"test", false}, + } + + for _, test := range tests { + result := isYamlFileExtension(test.filename) + if result != test.expected { + t.Errorf("isYamlFileExtension(%s) = %v; want %v", test.filename, result, test.expected) + } + } + +} diff --git a/pkg/lint/rules/testdata/albatross/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/albatross/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/albatross/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/albatross/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/albatross/templates/_helpers.tpl b/pkg/chart/v2/lint/rules/testdata/albatross/templates/_helpers.tpl new file mode 100644 index 000000000..24f76db73 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/albatross/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{define "name"}}{{default "nginx" .Values.nameOverride | trunc 63 | trimSuffix "-" }}{{end}} + +{{/* +Create a default fully qualified app name. + +We truncate at 63 chars because some Kubernetes name fields are limited to this +(by the DNS naming spec). +*/}} +{{define "fullname"}} +{{- $name := default "nginx" .Values.nameOverride -}} +{{printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{end}} diff --git a/pkg/chart/v2/lint/rules/testdata/albatross/templates/fail.yaml b/pkg/chart/v2/lint/rules/testdata/albatross/templates/fail.yaml new file mode 100644 index 000000000..a11e0e90e --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/albatross/templates/fail.yaml @@ -0,0 +1 @@ +{{ deliberateSyntaxError }} diff --git a/pkg/chart/v2/lint/rules/testdata/albatross/templates/svc.yaml b/pkg/chart/v2/lint/rules/testdata/albatross/templates/svc.yaml new file mode 100644 index 000000000..16bb27d55 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/albatross/templates/svc.yaml @@ -0,0 +1,19 @@ +# This is a service gateway to the replica set created by the deployment. +# Take a look at the deployment.yaml for general notes about this chart. +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Values.name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" + kubeVersion: {{ .Capabilities.KubeVersion.Major }} +spec: + ports: + - port: {{default 80 .Values.httpPort | quote}} + targetPort: 80 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{template "fullname" .}} diff --git a/pkg/chart/v2/lint/rules/testdata/albatross/values.yaml b/pkg/chart/v2/lint/rules/testdata/albatross/values.yaml new file mode 100644 index 000000000..74cc6a0dc --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/albatross/values.yaml @@ -0,0 +1 @@ +name: "mariner" diff --git a/pkg/lint/rules/testdata/anotherbadchartfile/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/anotherbadchartfile/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/anotherbadchartfile/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/anotherbadchartfile/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/badchartfile/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/badchartfile/Chart.yaml new file mode 100644 index 000000000..3564ede3e --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badchartfile/Chart.yaml @@ -0,0 +1,11 @@ +description: A Helm chart for Kubernetes +version: 0.0.0.0 +home: "" +type: application +dependencies: +- name: mariadb + version: 5.x.x + repository: https://charts.helm.sh/stable/ + condition: mariadb.enabled + tags: + - database diff --git a/pkg/chart/v2/lint/rules/testdata/badchartfile/values.yaml b/pkg/chart/v2/lint/rules/testdata/badchartfile/values.yaml new file mode 100644 index 000000000..9f367033b --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badchartfile/values.yaml @@ -0,0 +1 @@ +# Default values for badchartfile. diff --git a/pkg/lint/rules/testdata/badchartname/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/badchartname/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/badchartname/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/badchartname/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/badchartname/values.yaml b/pkg/chart/v2/lint/rules/testdata/badchartname/values.yaml new file mode 100644 index 000000000..9f367033b --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badchartname/values.yaml @@ -0,0 +1 @@ +# Default values for badchartfile. diff --git a/pkg/lint/rules/testdata/badcrdfile/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/badcrdfile/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/badcrdfile/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/badcrdfile/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/badcrdfile/crds/bad-apiversion.yaml b/pkg/chart/v2/lint/rules/testdata/badcrdfile/crds/bad-apiversion.yaml new file mode 100644 index 000000000..468916053 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badcrdfile/crds/bad-apiversion.yaml @@ -0,0 +1,2 @@ +apiVersion: bad.k8s.io/v1beta1 +kind: CustomResourceDefinition diff --git a/pkg/chart/v2/lint/rules/testdata/badcrdfile/crds/bad-crd.yaml b/pkg/chart/v2/lint/rules/testdata/badcrdfile/crds/bad-crd.yaml new file mode 100644 index 000000000..523b97f85 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badcrdfile/crds/bad-crd.yaml @@ -0,0 +1,2 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: NotACustomResourceDefinition diff --git a/pkg/chart/v2/lint/rules/testdata/badcrdfile/templates/.gitkeep b/pkg/chart/v2/lint/rules/testdata/badcrdfile/templates/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/pkg/chart/v2/lint/rules/testdata/badcrdfile/values.yaml b/pkg/chart/v2/lint/rules/testdata/badcrdfile/values.yaml new file mode 100644 index 000000000..2fffc7715 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badcrdfile/values.yaml @@ -0,0 +1 @@ +# Default values for badcrdfile. diff --git a/pkg/lint/rules/testdata/badvaluesfile/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/badvaluesfile/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/badvaluesfile/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/badvaluesfile/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/badvaluesfile/templates/badvaluesfile.yaml b/pkg/chart/v2/lint/rules/testdata/badvaluesfile/templates/badvaluesfile.yaml new file mode 100644 index 000000000..6c2ceb8db --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badvaluesfile/templates/badvaluesfile.yaml @@ -0,0 +1,2 @@ +metadata: + name: {{.name | default "foo" | title}} diff --git a/pkg/chart/v2/lint/rules/testdata/badvaluesfile/values.yaml b/pkg/chart/v2/lint/rules/testdata/badvaluesfile/values.yaml new file mode 100644 index 000000000..b5a10271c --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/badvaluesfile/values.yaml @@ -0,0 +1,2 @@ +# Invalid value for badvaluesfile for testing lint fails with invalid yaml format +name= "value" diff --git a/pkg/lint/rules/testdata/goodone/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/goodone/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/goodone/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/goodone/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/goodone/crds/test-crd.yaml b/pkg/chart/v2/lint/rules/testdata/goodone/crds/test-crd.yaml new file mode 100644 index 000000000..1d7350f1d --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/goodone/crds/test-crd.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tests.test.io +spec: + group: test.io + names: + kind: Test + listKind: TestList + plural: tests + singular: test + scope: Namespaced + versions: + - name : v1alpha2 + served: true + storage: true + - name : v1alpha1 + served: true + storage: false diff --git a/pkg/chart/v2/lint/rules/testdata/goodone/templates/goodone.yaml b/pkg/chart/v2/lint/rules/testdata/goodone/templates/goodone.yaml new file mode 100644 index 000000000..cd46f62c7 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/goodone/templates/goodone.yaml @@ -0,0 +1,2 @@ +metadata: + name: {{ .Values.name | default "foo" | lower }} diff --git a/pkg/chart/v2/lint/rules/testdata/goodone/values.yaml b/pkg/chart/v2/lint/rules/testdata/goodone/values.yaml new file mode 100644 index 000000000..92c3d9bb9 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/goodone/values.yaml @@ -0,0 +1 @@ +name: "goodone-here" diff --git a/pkg/chart/v2/lint/rules/testdata/invalidchartfile/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/invalidchartfile/Chart.yaml new file mode 100644 index 000000000..0fd58d1d4 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/invalidchartfile/Chart.yaml @@ -0,0 +1,6 @@ +name: some-chart +apiVersion: v2 +apiVersion: v1 +description: A Helm chart for Kubernetes +version: 1.3.0 +icon: http://example.com diff --git a/pkg/chart/v2/lint/rules/testdata/invalidchartfile/values.yaml b/pkg/chart/v2/lint/rules/testdata/invalidchartfile/values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/pkg/lint/rules/testdata/invalidcrdsdir/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/invalidcrdsdir/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/invalidcrdsdir/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/invalidcrdsdir/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/invalidcrdsdir/crds b/pkg/chart/v2/lint/rules/testdata/invalidcrdsdir/crds new file mode 100644 index 000000000..e69de29bb diff --git a/pkg/chart/v2/lint/rules/testdata/invalidcrdsdir/values.yaml b/pkg/chart/v2/lint/rules/testdata/invalidcrdsdir/values.yaml new file mode 100644 index 000000000..6b1611a64 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/invalidcrdsdir/values.yaml @@ -0,0 +1 @@ +# Default values for invalidcrdsdir. diff --git a/pkg/chart/v2/lint/rules/testdata/malformed-template/.helmignore b/pkg/chart/v2/lint/rules/testdata/malformed-template/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/malformed-template/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/pkg/lint/rules/testdata/malformed-template/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/malformed-template/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/malformed-template/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/malformed-template/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/malformed-template/templates/bad.yaml b/pkg/chart/v2/lint/rules/testdata/malformed-template/templates/bad.yaml new file mode 100644 index 000000000..213198fda --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/malformed-template/templates/bad.yaml @@ -0,0 +1 @@ +{ {- $relname := .Release.Name -}} diff --git a/pkg/chart/v2/lint/rules/testdata/malformed-template/values.yaml b/pkg/chart/v2/lint/rules/testdata/malformed-template/values.yaml new file mode 100644 index 000000000..1cc3182ea --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/malformed-template/values.yaml @@ -0,0 +1,82 @@ +# Default values for test. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/pkg/lint/rules/testdata/multi-template-fail/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/multi-template-fail/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/multi-template-fail/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/multi-template-fail/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/multi-template-fail/templates/multi-fail.yaml b/pkg/chart/v2/lint/rules/testdata/multi-template-fail/templates/multi-fail.yaml new file mode 100644 index 000000000..835be07be --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/multi-template-fail/templates/multi-fail.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: game-config +data: + game.properties: cheat +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: -this:name-is-not_valid$ +data: + game.properties: empty diff --git a/pkg/lint/rules/testdata/v3-fail/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/v3-fail/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/v3-fail/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/v3-fail/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/_helpers.tpl b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/_helpers.tpl new file mode 100644 index 000000000..0b89e723b --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "v3-fail.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "v3-fail.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "v3-fail.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "v3-fail.labels" -}} +helm.sh/chart: {{ include "v3-fail.chart" . }} +{{ include "v3-fail.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "v3-fail.selectorLabels" -}} +app.kubernetes.io/name: {{ include "v3-fail.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "v3-fail.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "v3-fail.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/deployment.yaml b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/deployment.yaml new file mode 100644 index 000000000..6d651ab8e --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "v3-fail.fullname" . }} + labels: + nope: {{ .Release.Time }} + {{- include "v3-fail.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "v3-fail.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "v3-fail.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "v3-fail.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/ingress.yaml b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/ingress.yaml new file mode 100644 index 000000000..4790650d0 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "v3-fail.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "v3-fail.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + "helm.sh/hook": crd-install + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/service.yaml b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/service.yaml new file mode 100644 index 000000000..79a0f40b0 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/v3-fail/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "v3-fail.fullname" . }} + annotations: + helm.sh/hook: crd-install + labels: + {{- include "v3-fail.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "v3-fail.selectorLabels" . | nindent 4 }} diff --git a/pkg/chart/v2/lint/rules/testdata/v3-fail/values.yaml b/pkg/chart/v2/lint/rules/testdata/v3-fail/values.yaml new file mode 100644 index 000000000..01d99b4e6 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/v3-fail/values.yaml @@ -0,0 +1,66 @@ +# Default values for v3-fail. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/pkg/lint/rules/testdata/withsubchart/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/withsubchart/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/withsubchart/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/withsubchart/Chart.yaml diff --git a/pkg/lint/rules/testdata/withsubchart/charts/subchart/Chart.yaml b/pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/Chart.yaml similarity index 100% rename from pkg/lint/rules/testdata/withsubchart/charts/subchart/Chart.yaml rename to pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/Chart.yaml diff --git a/pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/templates/subchart.yaml b/pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/templates/subchart.yaml new file mode 100644 index 000000000..6cb6cc2af --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/templates/subchart.yaml @@ -0,0 +1,2 @@ +metadata: + name: {{ .Values.subchart.name | lower }} diff --git a/pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/values.yaml b/pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/values.yaml new file mode 100644 index 000000000..422a359d5 --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/withsubchart/charts/subchart/values.yaml @@ -0,0 +1,2 @@ +subchart: + name: subchart \ No newline at end of file diff --git a/pkg/chart/v2/lint/rules/testdata/withsubchart/templates/mainchart.yaml b/pkg/chart/v2/lint/rules/testdata/withsubchart/templates/mainchart.yaml new file mode 100644 index 000000000..6cb6cc2af --- /dev/null +++ b/pkg/chart/v2/lint/rules/testdata/withsubchart/templates/mainchart.yaml @@ -0,0 +1,2 @@ +metadata: + name: {{ .Values.subchart.name | lower }} diff --git a/pkg/chart/v2/lint/rules/testdata/withsubchart/values.yaml b/pkg/chart/v2/lint/rules/testdata/withsubchart/values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/pkg/lint/rules/values.go b/pkg/chart/v2/lint/rules/values.go similarity index 77% rename from pkg/lint/rules/values.go rename to pkg/chart/v2/lint/rules/values.go index 019e74fa7..994a6a463 100644 --- a/pkg/lint/rules/values.go +++ b/pkg/chart/v2/lint/rules/values.go @@ -21,8 +21,9 @@ import ( "os" "path/filepath" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" - "helm.sh/helm/v4/pkg/lint/support" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" ) // ValuesWithOverrides tests the values.yaml file. @@ -31,7 +32,7 @@ import ( // they are only tested for well-formedness. // // If additional values are supplied, they are coalesced into the values in values.yaml. -func ValuesWithOverrides(linter *support.Linter, valueOverrides map[string]interface{}) { +func ValuesWithOverrides(linter *support.Linter, valueOverrides map[string]interface{}, skipSchemaValidation bool) { file := "values.yaml" vf := filepath.Join(linter.ChartDir, file) fileExists := linter.RunLinterRule(support.InfoSev, file, validateValuesFileExistence(vf)) @@ -40,7 +41,7 @@ func ValuesWithOverrides(linter *support.Linter, valueOverrides map[string]inter return } - linter.RunLinterRule(support.ErrorSev, file, validateValuesFile(vf, valueOverrides)) + linter.RunLinterRule(support.ErrorSev, file, validateValuesFile(vf, valueOverrides, skipSchemaValidation)) } func validateValuesFileExistence(valuesPath string) error { @@ -51,8 +52,8 @@ func validateValuesFileExistence(valuesPath string) error { return nil } -func validateValuesFile(valuesPath string, overrides map[string]interface{}) error { - values, err := chartutil.ReadValuesFile(valuesPath) +func validateValuesFile(valuesPath string, overrides map[string]interface{}, skipSchemaValidation bool) error { + values, err := common.ReadValuesFile(valuesPath) if err != nil { return fmt.Errorf("unable to parse YAML: %w", err) } @@ -62,8 +63,8 @@ func validateValuesFile(valuesPath string, overrides map[string]interface{}) err // We could change that. For now, though, we retain that strategy, and thus can // coalesce tables (like reuse-values does) instead of doing the full chart // CoalesceValues - coalescedValues := chartutil.CoalesceTables(make(map[string]interface{}, len(overrides)), overrides) - coalescedValues = chartutil.CoalesceTables(coalescedValues, values) + coalescedValues := util.CoalesceTables(make(map[string]interface{}, len(overrides)), overrides) + coalescedValues = util.CoalesceTables(coalescedValues, values) ext := filepath.Ext(valuesPath) schemaPath := valuesPath[:len(valuesPath)-len(ext)] + ".schema.json" @@ -74,5 +75,10 @@ func validateValuesFile(valuesPath string, overrides map[string]interface{}) err if err != nil { return err } - return chartutil.ValidateAgainstSingleSchema(coalescedValues, schema) + + if !skipSchemaValidation { + return util.ValidateAgainstSingleSchema(coalescedValues, schema) + } + + return nil } diff --git a/pkg/chart/v2/lint/rules/values_test.go b/pkg/chart/v2/lint/rules/values_test.go new file mode 100644 index 000000000..288b77436 --- /dev/null +++ b/pkg/chart/v2/lint/rules/values_test.go @@ -0,0 +1,183 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rules + +import ( + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/internal/test/ensure" +) + +var nonExistingValuesFilePath = filepath.Join("/fake/dir", "values.yaml") + +const testSchema = ` +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "helm values test schema", + "type": "object", + "additionalProperties": false, + "required": [ + "username", + "password" + ], + "properties": { + "username": { + "description": "Your username", + "type": "string" + }, + "password": { + "description": "Your password", + "type": "string" + } + } +} +` + +func TestValidateValuesYamlNotDirectory(t *testing.T) { + _ = os.Mkdir(nonExistingValuesFilePath, os.ModePerm) + defer os.Remove(nonExistingValuesFilePath) + + err := validateValuesFileExistence(nonExistingValuesFilePath) + if err == nil { + t.Errorf("validateValuesFileExistence to return a linter error, got no error") + } +} + +func TestValidateValuesFileWellFormed(t *testing.T) { + badYaml := ` + not:well[]{}formed + ` + tmpdir := ensure.TempFile(t, "values.yaml", []byte(badYaml)) + valfile := filepath.Join(tmpdir, "values.yaml") + if err := validateValuesFile(valfile, map[string]interface{}{}, false); err == nil { + t.Fatal("expected values file to fail parsing") + } +} + +func TestValidateValuesFileSchema(t *testing.T) { + yaml := "username: admin\npassword: swordfish" + tmpdir := ensure.TempFile(t, "values.yaml", []byte(yaml)) + createTestingSchema(t, tmpdir) + + valfile := filepath.Join(tmpdir, "values.yaml") + if err := validateValuesFile(valfile, map[string]interface{}{}, false); err != nil { + t.Fatalf("Failed validation with %s", err) + } +} + +func TestValidateValuesFileSchemaFailure(t *testing.T) { + // 1234 is an int, not a string. This should fail. + yaml := "username: 1234\npassword: swordfish" + tmpdir := ensure.TempFile(t, "values.yaml", []byte(yaml)) + createTestingSchema(t, tmpdir) + + valfile := filepath.Join(tmpdir, "values.yaml") + + err := validateValuesFile(valfile, map[string]interface{}{}, false) + if err == nil { + t.Fatal("expected values file to fail parsing") + } + + assert.Contains(t, err.Error(), "- at '/username': got number, want string") +} + +func TestValidateValuesFileSchemaFailureButWithSkipSchemaValidation(t *testing.T) { + // 1234 is an int, not a string. This should fail normally but pass with skipSchemaValidation. + yaml := "username: 1234\npassword: swordfish" + tmpdir := ensure.TempFile(t, "values.yaml", []byte(yaml)) + createTestingSchema(t, tmpdir) + + valfile := filepath.Join(tmpdir, "values.yaml") + + err := validateValuesFile(valfile, map[string]interface{}{}, true) + if err != nil { + t.Fatal("expected values file to pass parsing because of skipSchemaValidation") + } +} + +func TestValidateValuesFileSchemaOverrides(t *testing.T) { + yaml := "username: admin" + overrides := map[string]interface{}{ + "password": "swordfish", + } + tmpdir := ensure.TempFile(t, "values.yaml", []byte(yaml)) + createTestingSchema(t, tmpdir) + + valfile := filepath.Join(tmpdir, "values.yaml") + if err := validateValuesFile(valfile, overrides, false); err != nil { + t.Fatalf("Failed validation with %s", err) + } +} + +func TestValidateValuesFile(t *testing.T) { + tests := []struct { + name string + yaml string + overrides map[string]interface{} + errorMessage string + }{ + { + name: "value added", + yaml: "username: admin", + overrides: map[string]interface{}{"password": "swordfish"}, + }, + { + name: "value not overridden", + yaml: "username: admin\npassword:", + overrides: map[string]interface{}{"username": "anotherUser"}, + errorMessage: "- at '/password': got null, want string", + }, + { + name: "value overridden", + yaml: "username: admin\npassword:", + overrides: map[string]interface{}{"username": "anotherUser", "password": "swordfish"}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tmpdir := ensure.TempFile(t, "values.yaml", []byte(tt.yaml)) + createTestingSchema(t, tmpdir) + + valfile := filepath.Join(tmpdir, "values.yaml") + + err := validateValuesFile(valfile, tt.overrides, false) + + switch { + case err != nil && tt.errorMessage == "": + t.Errorf("Failed validation with %s", err) + case err == nil && tt.errorMessage != "": + t.Error("expected values file to fail parsing") + case err != nil && tt.errorMessage != "": + assert.Contains(t, err.Error(), tt.errorMessage, "Failed with unexpected error") + } + }) + } +} + +func createTestingSchema(t *testing.T, dir string) string { + t.Helper() + schemafile := filepath.Join(dir, "values.schema.json") + if err := os.WriteFile(schemafile, []byte(testSchema), 0700); err != nil { + t.Fatalf("Failed to write schema to tmpdir: %s", err) + } + return schemafile +} diff --git a/pkg/lint/support/doc.go b/pkg/chart/v2/lint/support/doc.go similarity index 91% rename from pkg/lint/support/doc.go rename to pkg/chart/v2/lint/support/doc.go index b007804dc..7e050b8c2 100644 --- a/pkg/lint/support/doc.go +++ b/pkg/chart/v2/lint/support/doc.go @@ -20,4 +20,4 @@ Package support contains tools for linting charts. Linting is the process of testing charts for errors or warnings regarding formatting, compilation, or standards compliance. */ -package support // import "helm.sh/helm/v4/pkg/lint/support" +package support // import "helm.sh/helm/v4/pkg/chart/v2/lint/support" diff --git a/pkg/chart/v2/lint/support/message.go b/pkg/chart/v2/lint/support/message.go new file mode 100644 index 000000000..5efbc7a61 --- /dev/null +++ b/pkg/chart/v2/lint/support/message.go @@ -0,0 +1,76 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package support + +import "fmt" + +// Severity indicates the severity of a Message. +const ( + // UnknownSev indicates that the severity of the error is unknown, and should not stop processing. + UnknownSev = iota + // InfoSev indicates information, for example missing values.yaml file + InfoSev + // WarningSev indicates that something does not meet code standards, but will likely function. + WarningSev + // ErrorSev indicates that something will not likely function. + ErrorSev +) + +// sev matches the *Sev states. +var sev = []string{"UNKNOWN", "INFO", "WARNING", "ERROR"} + +// Linter encapsulates a linting run of a particular chart. +type Linter struct { + Messages []Message + // The highest severity of all the failing lint rules + HighestSeverity int + ChartDir string +} + +// Message describes an error encountered while linting. +type Message struct { + // Severity is one of the *Sev constants + Severity int + Path string + Err error +} + +func (m Message) Error() string { + return fmt.Sprintf("[%s] %s: %s", sev[m.Severity], m.Path, m.Err.Error()) +} + +// NewMessage creates a new Message struct +func NewMessage(severity int, path string, err error) Message { + return Message{Severity: severity, Path: path, Err: err} +} + +// RunLinterRule returns true if the validation passed +func (l *Linter) RunLinterRule(severity int, path string, err error) bool { + // severity is out of bound + if severity < 0 || severity >= len(sev) { + return false + } + + if err != nil { + l.Messages = append(l.Messages, NewMessage(severity, path, err)) + + if severity > l.HighestSeverity { + l.HighestSeverity = severity + } + } + return err == nil +} diff --git a/pkg/chart/v2/lint/support/message_test.go b/pkg/chart/v2/lint/support/message_test.go new file mode 100644 index 000000000..ce5b5e42e --- /dev/null +++ b/pkg/chart/v2/lint/support/message_test.go @@ -0,0 +1,79 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package support + +import ( + "errors" + "testing" +) + +var errLint = errors.New("lint failed") + +func TestRunLinterRule(t *testing.T) { + var tests = []struct { + Severity int + LintError error + ExpectedMessages int + ExpectedReturn bool + ExpectedHighestSeverity int + }{ + {InfoSev, errLint, 1, false, InfoSev}, + {WarningSev, errLint, 2, false, WarningSev}, + {ErrorSev, errLint, 3, false, ErrorSev}, + // No error so it returns true + {ErrorSev, nil, 3, true, ErrorSev}, + // Retains highest severity + {InfoSev, errLint, 4, false, ErrorSev}, + // Invalid severity values + {4, errLint, 4, false, ErrorSev}, + {22, errLint, 4, false, ErrorSev}, + {-1, errLint, 4, false, ErrorSev}, + } + + linter := Linter{} + for _, test := range tests { + isValid := linter.RunLinterRule(test.Severity, "chart", test.LintError) + if len(linter.Messages) != test.ExpectedMessages { + t.Errorf("RunLinterRule(%d, \"chart\", %v), linter.Messages should now have %d message, we got %d", test.Severity, test.LintError, test.ExpectedMessages, len(linter.Messages)) + } + + if linter.HighestSeverity != test.ExpectedHighestSeverity { + t.Errorf("RunLinterRule(%d, \"chart\", %v), linter.HighestSeverity should be %d, we got %d", test.Severity, test.LintError, test.ExpectedHighestSeverity, linter.HighestSeverity) + } + + if isValid != test.ExpectedReturn { + t.Errorf("RunLinterRule(%d, \"chart\", %v), should have returned %t but returned %t", test.Severity, test.LintError, test.ExpectedReturn, isValid) + } + } +} + +func TestMessage(t *testing.T) { + m := Message{ErrorSev, "Chart.yaml", errors.New("Foo")} + if m.Error() != "[ERROR] Chart.yaml: Foo" { + t.Errorf("Unexpected output: %s", m.Error()) + } + + m = Message{WarningSev, "templates/", errors.New("Bar")} + if m.Error() != "[WARNING] templates/: Bar" { + t.Errorf("Unexpected output: %s", m.Error()) + } + + m = Message{InfoSev, "templates/rc.yaml", errors.New("FooBar")} + if m.Error() != "[INFO] templates/rc.yaml: FooBar" { + t.Errorf("Unexpected output: %s", m.Error()) + } +} diff --git a/pkg/chart/v2/loader/archive.go b/pkg/chart/v2/loader/archive.go index b9f370f56..f6ed0e84f 100644 --- a/pkg/chart/v2/loader/archive.go +++ b/pkg/chart/v2/loader/archive.go @@ -17,32 +17,16 @@ limitations under the License. package loader import ( - "archive/tar" - "bytes" "compress/gzip" "errors" "fmt" "io" - "net/http" "os" - "path" - "regexp" - "strings" + "helm.sh/helm/v4/pkg/chart/loader/archive" chart "helm.sh/helm/v4/pkg/chart/v2" ) -// MaxDecompressedChartSize is the maximum size of a chart archive that will be -// decompressed. This is the decompressed size of all the files. -// The default value is 100 MiB. -var MaxDecompressedChartSize int64 = 100 * 1024 * 1024 // Default 100 MiB - -// MaxDecompressedFileSize is the size of the largest file that Helm will attempt to load. -// The size of the file is the decompressed version of it when it is stored in an archive. -var MaxDecompressedFileSize int64 = 5 * 1024 * 1024 // Default 5 MiB - -var drivePathPattern = regexp.MustCompile(`^[a-zA-Z]:/`) - // FileLoader loads a chart from a file type FileLoader string @@ -65,7 +49,7 @@ func LoadFile(name string) (*chart.Chart, error) { } defer raw.Close() - err = ensureArchive(name, raw) + err = archive.EnsureArchive(name, raw) if err != nil { return nil, err } @@ -79,153 +63,9 @@ func LoadFile(name string) (*chart.Chart, error) { return c, err } -// ensureArchive's job is to return an informative error if the file does not appear to be a gzipped archive. -// -// Sometimes users will provide a values.yaml for an argument where a chart is expected. One common occurrence -// of this is invoking `helm template values.yaml mychart` which would otherwise produce a confusing error -// if we didn't check for this. -func ensureArchive(name string, raw *os.File) error { - defer raw.Seek(0, 0) // reset read offset to allow archive loading to proceed. - - // Check the file format to give us a chance to provide the user with more actionable feedback. - buffer := make([]byte, 512) - _, err := raw.Read(buffer) - if err != nil && err != io.EOF { - return fmt.Errorf("file '%s' cannot be read: %s", name, err) - } - - // Helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject. - // Fix for: https://github.com/helm/helm/issues/12261 - if contentType := http.DetectContentType(buffer); contentType != "application/x-gzip" && !isGZipApplication(buffer) { - // TODO: Is there a way to reliably test if a file content is YAML? ghodss/yaml accepts a wide - // variety of content (Makefile, .zshrc) as valid YAML without errors. - - // Wrong content type. Let's check if it's yaml and give an extra hint? - if strings.HasSuffix(name, ".yml") || strings.HasSuffix(name, ".yaml") { - return fmt.Errorf("file '%s' seems to be a YAML file, but expected a gzipped archive", name) - } - return fmt.Errorf("file '%s' does not appear to be a gzipped archive; got '%s'", name, contentType) - } - return nil -} - -// isGZipApplication checks whether the archive is of the application/x-gzip type. -func isGZipApplication(data []byte) bool { - sig := []byte("\x1F\x8B\x08") - return bytes.HasPrefix(data, sig) -} - -// LoadArchiveFiles reads in files out of an archive into memory. This function -// performs important path security checks and should always be used before -// expanding a tarball -func LoadArchiveFiles(in io.Reader) ([]*BufferedFile, error) { - unzipped, err := gzip.NewReader(in) - if err != nil { - return nil, err - } - defer unzipped.Close() - - files := []*BufferedFile{} - tr := tar.NewReader(unzipped) - remainingSize := MaxDecompressedChartSize - for { - b := bytes.NewBuffer(nil) - hd, err := tr.Next() - if err == io.EOF { - break - } - if err != nil { - return nil, err - } - - if hd.FileInfo().IsDir() { - // Use this instead of hd.Typeflag because we don't have to do any - // inference chasing. - continue - } - - switch hd.Typeflag { - // We don't want to process these extension header files. - case tar.TypeXGlobalHeader, tar.TypeXHeader: - continue - } - - // Archive could contain \ if generated on Windows - delimiter := "/" - if strings.ContainsRune(hd.Name, '\\') { - delimiter = "\\" - } - - parts := strings.Split(hd.Name, delimiter) - n := strings.Join(parts[1:], delimiter) - - // Normalize the path to the / delimiter - n = strings.ReplaceAll(n, delimiter, "/") - - if path.IsAbs(n) { - return nil, errors.New("chart illegally contains absolute paths") - } - - n = path.Clean(n) - if n == "." { - // In this case, the original path was relative when it should have been absolute. - return nil, fmt.Errorf("chart illegally contains content outside the base directory: %q", hd.Name) - } - if strings.HasPrefix(n, "..") { - return nil, errors.New("chart illegally references parent directory") - } - - // In some particularly arcane acts of path creativity, it is possible to intermix - // UNIX and Windows style paths in such a way that you produce a result of the form - // c:/foo even after all the built-in absolute path checks. So we explicitly check - // for this condition. - if drivePathPattern.MatchString(n) { - return nil, errors.New("chart contains illegally named files") - } - - if parts[0] == "Chart.yaml" { - return nil, errors.New("chart yaml not in base directory") - } - - if hd.Size > remainingSize { - return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize) - } - - if hd.Size > MaxDecompressedFileSize { - return nil, fmt.Errorf("decompressed chart file %q is larger than the maximum file size %d", hd.Name, MaxDecompressedFileSize) - } - - limitedReader := io.LimitReader(tr, remainingSize) - - bytesWritten, err := io.Copy(b, limitedReader) - if err != nil { - return nil, err - } - - remainingSize -= bytesWritten - // When the bytesWritten are less than the file size it means the limit reader ended - // copying early. Here we report that error. This is important if the last file extracted - // is the one that goes over the limit. It assumes the Size stored in the tar header - // is correct, something many applications do. - if bytesWritten < hd.Size || remainingSize <= 0 { - return nil, fmt.Errorf("decompressed chart is larger than the maximum size %d", MaxDecompressedChartSize) - } - - data := bytes.TrimPrefix(b.Bytes(), utf8bom) - - files = append(files, &BufferedFile{Name: n, Data: data}) - b.Reset() - } - - if len(files) == 0 { - return nil, errors.New("no files in chart archive") - } - return files, nil -} - // LoadArchive loads from a reader containing a compressed tar archive. func LoadArchive(in io.Reader) (*chart.Chart, error) { - files, err := LoadArchiveFiles(in) + files, err := archive.LoadArchiveFiles(in) if err != nil { return nil, err } diff --git a/pkg/chart/v2/loader/archive_test.go b/pkg/chart/v2/loader/archive_test.go deleted file mode 100644 index d16c47563..000000000 --- a/pkg/chart/v2/loader/archive_test.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package loader - -import ( - "archive/tar" - "bytes" - "compress/gzip" - "testing" -) - -func TestLoadArchiveFiles(t *testing.T) { - tcs := []struct { - name string - generate func(w *tar.Writer) - check func(t *testing.T, files []*BufferedFile, err error) - }{ - { - name: "empty input should return no files", - generate: func(_ *tar.Writer) {}, - check: func(t *testing.T, _ []*BufferedFile, err error) { - t.Helper() - if err.Error() != "no files in chart archive" { - t.Fatalf(`expected "no files in chart archive", got [%#v]`, err) - } - }, - }, - { - name: "should ignore files with XGlobalHeader type", - generate: func(w *tar.Writer) { - // simulate the presence of a `pax_global_header` file like you would get when - // processing a GitHub release archive. - err := w.WriteHeader(&tar.Header{ - Typeflag: tar.TypeXGlobalHeader, - Name: "pax_global_header", - }) - if err != nil { - t.Fatal(err) - } - - // we need to have at least one file, otherwise we'll get the "no files in chart archive" error - err = w.WriteHeader(&tar.Header{ - Typeflag: tar.TypeReg, - Name: "dir/empty", - }) - if err != nil { - t.Fatal(err) - } - }, - check: func(t *testing.T, files []*BufferedFile, err error) { - t.Helper() - if err != nil { - t.Fatalf(`got unwanted error [%#v] for tar file with pax_global_header content`, err) - } - - if len(files) != 1 { - t.Fatalf(`expected to get one file but got [%v]`, files) - } - }, - }, - } - - for _, tc := range tcs { - t.Run(tc.name, func(t *testing.T) { - buf := &bytes.Buffer{} - gzw := gzip.NewWriter(buf) - tw := tar.NewWriter(gzw) - - tc.generate(tw) - - _ = tw.Close() - _ = gzw.Close() - - files, err := LoadArchiveFiles(buf) - tc.check(t, files, err) - }) - } -} diff --git a/pkg/chart/v2/loader/directory.go b/pkg/chart/v2/loader/directory.go index 4f72925dc..82578d924 100644 --- a/pkg/chart/v2/loader/directory.go +++ b/pkg/chart/v2/loader/directory.go @@ -24,6 +24,7 @@ import ( "strings" "helm.sh/helm/v4/internal/sympath" + "helm.sh/helm/v4/pkg/chart/loader/archive" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/ignore" ) @@ -61,7 +62,7 @@ func LoadDir(dir string) (*chart.Chart, error) { } rules.AddDefaults() - files := []*BufferedFile{} + files := []*archive.BufferedFile{} topdir += string(filepath.Separator) walk := func(name string, fi os.FileInfo, err error) error { @@ -99,8 +100,8 @@ func LoadDir(dir string) (*chart.Chart, error) { return fmt.Errorf("cannot load irregular file %s as it has file mode type bits set", name) } - if fi.Size() > MaxDecompressedFileSize { - return fmt.Errorf("chart file %q is larger than the maximum file size %d", fi.Name(), MaxDecompressedFileSize) + if fi.Size() > archive.MaxDecompressedFileSize { + return fmt.Errorf("chart file %q is larger than the maximum file size %d", fi.Name(), archive.MaxDecompressedFileSize) } data, err := os.ReadFile(name) @@ -110,7 +111,7 @@ func LoadDir(dir string) (*chart.Chart, error) { data = bytes.TrimPrefix(data, utf8bom) - files = append(files, &BufferedFile{Name: n, Data: data}) + files = append(files, &archive.BufferedFile{Name: n, ModTime: fi.ModTime(), Data: data}) return nil } if err = sympath.Walk(topdir, walk); err != nil { diff --git a/pkg/chart/v2/loader/load.go b/pkg/chart/v2/loader/load.go index 75c73e959..ba3a9b6bc 100644 --- a/pkg/chart/v2/loader/load.go +++ b/pkg/chart/v2/loader/load.go @@ -31,6 +31,8 @@ import ( utilyaml "k8s.io/apimachinery/pkg/util/yaml" "sigs.k8s.io/yaml" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/loader/archive" chart "helm.sh/helm/v4/pkg/chart/v2" ) @@ -66,21 +68,15 @@ func Load(name string) (*chart.Chart, error) { return l.Load() } -// BufferedFile represents an archive file buffered for later processing. -type BufferedFile struct { - Name string - Data []byte -} - // LoadFiles loads from in-memory files. -func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { +func LoadFiles(files []*archive.BufferedFile) (*chart.Chart, error) { c := new(chart.Chart) - subcharts := make(map[string][]*BufferedFile) + subcharts := make(map[string][]*archive.BufferedFile) // do not rely on assumed ordering of files in the chart and crash // if Chart.yaml was not coming early enough to initialize metadata for _, f := range files { - c.Raw = append(c.Raw, &chart.File{Name: f.Name, Data: f.Data}) + c.Raw = append(c.Raw, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) if f.Name == "Chart.yaml" { if c.Metadata == nil { c.Metadata = new(chart.Metadata) @@ -94,6 +90,7 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { if c.Metadata.APIVersion == "" { c.Metadata.APIVersion = chart.APIVersionV1 } + c.ModTime = f.ModTime } } for _, f := range files { @@ -114,6 +111,7 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { c.Values = values case f.Name == "values.schema.json": c.Schema = f.Data + c.SchemaModTime = f.ModTime // Deprecated: requirements.yaml is deprecated use Chart.yaml. // We will handle it for you because we are nice people @@ -128,7 +126,7 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { return c, fmt.Errorf("cannot load requirements.yaml: %w", err) } if c.Metadata.APIVersion == chart.APIVersionV1 { - c.Files = append(c.Files, &chart.File{Name: f.Name, Data: f.Data}) + c.Files = append(c.Files, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) } // Deprecated: requirements.lock is deprecated use Chart.lock. case f.Name == "requirements.lock": @@ -143,22 +141,22 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { log.Printf("Warning: Dependency locking is handled in Chart.lock since apiVersion \"v2\". We recommend migrating to Chart.lock.") } if c.Metadata.APIVersion == chart.APIVersionV1 { - c.Files = append(c.Files, &chart.File{Name: f.Name, Data: f.Data}) + c.Files = append(c.Files, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) } case strings.HasPrefix(f.Name, "templates/"): - c.Templates = append(c.Templates, &chart.File{Name: f.Name, Data: f.Data}) + c.Templates = append(c.Templates, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) case strings.HasPrefix(f.Name, "charts/"): if filepath.Ext(f.Name) == ".prov" { - c.Files = append(c.Files, &chart.File{Name: f.Name, Data: f.Data}) + c.Files = append(c.Files, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) continue } fname := strings.TrimPrefix(f.Name, "charts/") cname := strings.SplitN(fname, "/", 2)[0] - subcharts[cname] = append(subcharts[cname], &BufferedFile{Name: fname, Data: f.Data}) + subcharts[cname] = append(subcharts[cname], &archive.BufferedFile{Name: fname, ModTime: f.ModTime, Data: f.Data}) default: - c.Files = append(c.Files, &chart.File{Name: f.Name, Data: f.Data}) + c.Files = append(c.Files, &common.File{Name: f.Name, ModTime: f.ModTime, Data: f.Data}) } } @@ -186,7 +184,7 @@ func LoadFiles(files []*BufferedFile) (*chart.Chart, error) { default: // We have to trim the prefix off of every file, and ignore any file // that is in charts/, but isn't actually a chart. - buff := make([]*BufferedFile, 0, len(files)) + buff := make([]*archive.BufferedFile, 0, len(files)) for _, f := range files { parts := strings.SplitN(f.Name, "/", 2) if len(parts) < 2 { diff --git a/pkg/chart/v2/loader/load_test.go b/pkg/chart/v2/loader/load_test.go index 41154421c..ee0be5b18 100644 --- a/pkg/chart/v2/loader/load_test.go +++ b/pkg/chart/v2/loader/load_test.go @@ -30,6 +30,8 @@ import ( "testing" "time" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/loader/archive" chart "helm.sh/helm/v4/pkg/chart/v2" ) @@ -210,15 +212,16 @@ func TestLoadFile(t *testing.T) { func TestLoadFiles_BadCases(t *testing.T) { for _, tt := range []struct { name string - bufferedFiles []*BufferedFile + bufferedFiles []*archive.BufferedFile expectError string }{ { name: "These files contain only requirements.lock", - bufferedFiles: []*BufferedFile{ + bufferedFiles: []*archive.BufferedFile{ { - Name: "requirements.lock", - Data: []byte(""), + Name: "requirements.lock", + ModTime: time.Now(), + Data: []byte(""), }, }, expectError: "validation: chart.metadata.apiVersion is required"}, @@ -234,9 +237,11 @@ func TestLoadFiles_BadCases(t *testing.T) { } func TestLoadFiles(t *testing.T) { - goodFiles := []*BufferedFile{ + modTime := time.Now() + goodFiles := []*archive.BufferedFile{ { - Name: "Chart.yaml", + Name: "Chart.yaml", + ModTime: modTime, Data: []byte(`apiVersion: v1 name: frobnitz description: This is a frobnitz. @@ -257,20 +262,24 @@ icon: https://example.com/64x64.png `), }, { - Name: "values.yaml", - Data: []byte("var: some values"), + Name: "values.yaml", + ModTime: modTime, + Data: []byte("var: some values"), }, { - Name: "values.schema.json", - Data: []byte("type: Values"), + Name: "values.schema.json", + ModTime: modTime, + Data: []byte("type: Values"), }, { - Name: "templates/deployment.yaml", - Data: []byte("some deployment"), + Name: "templates/deployment.yaml", + ModTime: modTime, + Data: []byte("some deployment"), }, { - Name: "templates/service.yaml", - Data: []byte("some service"), + Name: "templates/service.yaml", + ModTime: modTime, + Data: []byte("some service"), }, } @@ -299,7 +308,7 @@ icon: https://example.com/64x64.png t.Errorf("Expected number of templates == 2, got %d", len(c.Templates)) } - if _, err = LoadFiles([]*BufferedFile{}); err == nil { + if _, err = LoadFiles([]*archive.BufferedFile{}); err == nil { t.Fatal("Expected err to be non-nil") } if err.Error() != "Chart.yaml file is missing" { @@ -310,26 +319,32 @@ icon: https://example.com/64x64.png // Test the order of file loading. The Chart.yaml file needs to come first for // later comparison checks. See https://github.com/helm/helm/pull/8948 func TestLoadFilesOrder(t *testing.T) { - goodFiles := []*BufferedFile{ + modTime := time.Now() + goodFiles := []*archive.BufferedFile{ { - Name: "requirements.yaml", - Data: []byte("dependencies:"), + Name: "requirements.yaml", + ModTime: modTime, + Data: []byte("dependencies:"), }, { - Name: "values.yaml", - Data: []byte("var: some values"), + Name: "values.yaml", + ModTime: modTime, + Data: []byte("var: some values"), }, { - Name: "templates/deployment.yaml", - Data: []byte("some deployment"), + Name: "templates/deployment.yaml", + ModTime: modTime, + Data: []byte("some deployment"), }, { - Name: "templates/service.yaml", - Data: []byte("some service"), + Name: "templates/service.yaml", + ModTime: modTime, + Data: []byte("some service"), }, { - Name: "Chart.yaml", + Name: "Chart.yaml", + ModTime: modTime, Data: []byte(`apiVersion: v1 name: frobnitz description: This is a frobnitz. @@ -543,7 +558,7 @@ foo: } } -func TestMergeValues(t *testing.T) { +func TestMergeValuesV2(t *testing.T) { nestedMap := map[string]interface{}{ "foo": "bar", "baz": map[string]string{ @@ -753,7 +768,7 @@ func verifyChartFileAndTemplate(t *testing.T, c *chart.Chart, name string) { } } -func verifyBomStripped(t *testing.T, files []*chart.File) { +func verifyBomStripped(t *testing.T, files []*common.File) { t.Helper() for _, file := range files { if bytes.HasPrefix(file.Data, utf8bom) { diff --git a/pkg/chart/v2/metadata.go b/pkg/chart/v2/metadata.go index d213a3491..c46007863 100644 --- a/pkg/chart/v2/metadata.go +++ b/pkg/chart/v2/metadata.go @@ -52,7 +52,7 @@ type Metadata struct { Home string `json:"home,omitempty"` // Source is the URL to the source code of this chart Sources []string `json:"sources,omitempty"` - // A SemVer 2 conformant version string of the chart. Required. + // A version string of the chart. Required. Version string `json:"version,omitempty"` // A one-sentence description of the chart Description string `json:"description,omitempty"` diff --git a/pkg/chart/v2/util/coalesce.go b/pkg/chart/v2/util/coalesce.go deleted file mode 100644 index a3e0f5ae8..000000000 --- a/pkg/chart/v2/util/coalesce.go +++ /dev/null @@ -1,308 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "fmt" - "log" - "maps" - - "github.com/mitchellh/copystructure" - - chart "helm.sh/helm/v4/pkg/chart/v2" -) - -func concatPrefix(a, b string) string { - if a == "" { - return b - } - return fmt.Sprintf("%s.%s", a, b) -} - -// CoalesceValues coalesces all of the values in a chart (and its subcharts). -// -// Values are coalesced together using the following rules: -// -// - Values in a higher level chart always override values in a lower-level -// dependency chart -// - Scalar values and arrays are replaced, maps are merged -// - A chart has access to all of the variables for it, as well as all of -// the values destined for its dependencies. -func CoalesceValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) { - valsCopy, err := copyValues(vals) - if err != nil { - return vals, err - } - return coalesce(log.Printf, chrt, valsCopy, "", false) -} - -// MergeValues is used to merge the values in a chart and its subcharts. This -// is different from Coalescing as nil/null values are preserved. -// -// Values are coalesced together using the following rules: -// -// - Values in a higher level chart always override values in a lower-level -// dependency chart -// - Scalar values and arrays are replaced, maps are merged -// - A chart has access to all of the variables for it, as well as all of -// the values destined for its dependencies. -// -// Retaining Nils is useful when processes early in a Helm action or business -// logic need to retain them for when Coalescing will happen again later in the -// business logic. -func MergeValues(chrt *chart.Chart, vals map[string]interface{}) (Values, error) { - valsCopy, err := copyValues(vals) - if err != nil { - return vals, err - } - return coalesce(log.Printf, chrt, valsCopy, "", true) -} - -func copyValues(vals map[string]interface{}) (Values, error) { - v, err := copystructure.Copy(vals) - if err != nil { - return vals, err - } - - valsCopy := v.(map[string]interface{}) - // if we have an empty map, make sure it is initialized - if valsCopy == nil { - valsCopy = make(map[string]interface{}) - } - - return valsCopy, nil -} - -type printFn func(format string, v ...interface{}) - -// coalesce coalesces the dest values and the chart values, giving priority to the dest values. -// -// This is a helper function for CoalesceValues and MergeValues. -// -// Note, the merge argument specifies whether this is being used by MergeValues -// or CoalesceValues. Coalescing removes null values and their keys in some -// situations while merging keeps the null values. -func coalesce(printf printFn, ch *chart.Chart, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { - coalesceValues(printf, ch, dest, prefix, merge) - return coalesceDeps(printf, ch, dest, prefix, merge) -} - -// coalesceDeps coalesces the dependencies of the given chart. -func coalesceDeps(printf printFn, chrt *chart.Chart, dest map[string]interface{}, prefix string, merge bool) (map[string]interface{}, error) { - for _, subchart := range chrt.Dependencies() { - if c, ok := dest[subchart.Name()]; !ok { - // If dest doesn't already have the key, create it. - dest[subchart.Name()] = make(map[string]interface{}) - } else if !istable(c) { - return dest, fmt.Errorf("type mismatch on %s: %t", subchart.Name(), c) - } - if dv, ok := dest[subchart.Name()]; ok { - dvmap := dv.(map[string]interface{}) - subPrefix := concatPrefix(prefix, chrt.Metadata.Name) - // Get globals out of dest and merge them into dvmap. - coalesceGlobals(printf, dvmap, dest, subPrefix, merge) - // Now coalesce the rest of the values. - var err error - dest[subchart.Name()], err = coalesce(printf, subchart, dvmap, subPrefix, merge) - if err != nil { - return dest, err - } - } - } - return dest, nil -} - -// coalesceGlobals copies the globals out of src and merges them into dest. -// -// For convenience, returns dest. -func coalesceGlobals(printf printFn, dest, src map[string]interface{}, prefix string, _ bool) { - var dg, sg map[string]interface{} - - if destglob, ok := dest[GlobalKey]; !ok { - dg = make(map[string]interface{}) - } else if dg, ok = destglob.(map[string]interface{}); !ok { - printf("warning: skipping globals because destination %s is not a table.", GlobalKey) - return - } - - if srcglob, ok := src[GlobalKey]; !ok { - sg = make(map[string]interface{}) - } else if sg, ok = srcglob.(map[string]interface{}); !ok { - printf("warning: skipping globals because source %s is not a table.", GlobalKey) - return - } - - // EXPERIMENTAL: In the past, we have disallowed globals to test tables. This - // reverses that decision. It may somehow be possible to introduce a loop - // here, but I haven't found a way. So for the time being, let's allow - // tables in globals. - for key, val := range sg { - if istable(val) { - vv := copyMap(val.(map[string]interface{})) - if destv, ok := dg[key]; !ok { - // Here there is no merge. We're just adding. - dg[key] = vv - } else { - if destvmap, ok := destv.(map[string]interface{}); !ok { - printf("Conflict: cannot merge map onto non-map for %q. Skipping.", key) - } else { - // Basically, we reverse order of coalesce here to merge - // top-down. - subPrefix := concatPrefix(prefix, key) - // In this location coalesceTablesFullKey should always have - // merge set to true. The output of coalesceGlobals is run - // through coalesce where any nils will be removed. - coalesceTablesFullKey(printf, vv, destvmap, subPrefix, true) - dg[key] = vv - } - } - } else if dv, ok := dg[key]; ok && istable(dv) { - // It's not clear if this condition can actually ever trigger. - printf("key %s is table. Skipping", key) - } else { - // TODO: Do we need to do any additional checking on the value? - dg[key] = val - } - } - dest[GlobalKey] = dg -} - -func copyMap(src map[string]interface{}) map[string]interface{} { - m := make(map[string]interface{}, len(src)) - maps.Copy(m, src) - return m -} - -// coalesceValues builds up a values map for a particular chart. -// -// Values in v will override the values in the chart. -func coalesceValues(printf printFn, c *chart.Chart, v map[string]interface{}, prefix string, merge bool) { - subPrefix := concatPrefix(prefix, c.Metadata.Name) - - // Using c.Values directly when coalescing a table can cause problems where - // the original c.Values is altered. Creating a deep copy stops the problem. - // This section is fault-tolerant as there is no ability to return an error. - valuesCopy, err := copystructure.Copy(c.Values) - var vc map[string]interface{} - var ok bool - if err != nil { - // If there is an error something is wrong with copying c.Values it - // means there is a problem in the deep copying package or something - // wrong with c.Values. In this case we will use c.Values and report - // an error. - printf("warning: unable to copy values, err: %s", err) - vc = c.Values - } else { - vc, ok = valuesCopy.(map[string]interface{}) - if !ok { - // c.Values has a map[string]interface{} structure. If the copy of - // it cannot be treated as map[string]interface{} there is something - // strangely wrong. Log it and use c.Values - printf("warning: unable to convert values copy to values type") - vc = c.Values - } - } - - for key, val := range vc { - if value, ok := v[key]; ok { - if value == nil && !merge { - // When the YAML value is null and we are coalescing instead of - // merging, we remove the value's key. - // This allows Helm's various sources of values (value files or --set) to - // remove incompatible keys from any previous chart, file, or set values. - delete(v, key) - } else if dest, ok := value.(map[string]interface{}); ok { - // if v[key] is a table, merge nv's val table into v[key]. - src, ok := val.(map[string]interface{}) - if !ok { - // If the original value is nil, there is nothing to coalesce, so we don't print - // the warning - if val != nil { - printf("warning: skipped value for %s.%s: Not a table.", subPrefix, key) - } - } else { - // If the key is a child chart, coalesce tables with Merge set to true - merge := childChartMergeTrue(c, key, merge) - - // Because v has higher precedence than nv, dest values override src - // values. - coalesceTablesFullKey(printf, dest, src, concatPrefix(subPrefix, key), merge) - } - } - } else { - // If the key is not in v, copy it from nv. - v[key] = val - } - } -} - -func childChartMergeTrue(chrt *chart.Chart, key string, merge bool) bool { - for _, subchart := range chrt.Dependencies() { - if subchart.Name() == key { - return true - } - } - return merge -} - -// CoalesceTables merges a source map into a destination map. -// -// dest is considered authoritative. -func CoalesceTables(dst, src map[string]interface{}) map[string]interface{} { - return coalesceTablesFullKey(log.Printf, dst, src, "", false) -} - -func MergeTables(dst, src map[string]interface{}) map[string]interface{} { - return coalesceTablesFullKey(log.Printf, dst, src, "", true) -} - -// coalesceTablesFullKey merges a source map into a destination map. -// -// dest is considered authoritative. -func coalesceTablesFullKey(printf printFn, dst, src map[string]interface{}, prefix string, merge bool) map[string]interface{} { - // When --reuse-values is set but there are no modifications yet, return new values - if src == nil { - return dst - } - if dst == nil { - return src - } - for key, val := range dst { - if val == nil { - src[key] = nil - } - } - // Because dest has higher precedence than src, dest values override src - // values. - for key, val := range src { - fullkey := concatPrefix(prefix, key) - if dv, ok := dst[key]; ok && !merge && dv == nil { - delete(dst, key) - } else if !ok { - dst[key] = val - } else if istable(val) { - if istable(dv) { - coalesceTablesFullKey(printf, dv.(map[string]interface{}), val.(map[string]interface{}), fullkey, merge) - } else { - printf("warning: cannot overwrite table with non table for %s (%v)", fullkey, val) - } - } else if istable(dv) && val != nil { - printf("warning: destination for %s is a table. Ignoring non-table value (%v)", fullkey, val) - } - } - return dst -} diff --git a/pkg/chart/v2/util/create.go b/pkg/chart/v2/util/create.go index a8ae3ab40..bf572c707 100644 --- a/pkg/chart/v2/util/create.go +++ b/pkg/chart/v2/util/create.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/yaml" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/chart/v2/loader" ) @@ -655,11 +656,11 @@ func CreateFrom(chartfile *chart.Metadata, dest, src string) error { schart.Metadata = chartfile - var updatedTemplates []*chart.File + var updatedTemplates []*common.File for _, template := range schart.Templates { newData := transform(string(template.Data), schart.Name()) - updatedTemplates = append(updatedTemplates, &chart.File{Name: template.Name, Data: newData}) + updatedTemplates = append(updatedTemplates, &common.File{Name: template.Name, ModTime: template.ModTime, Data: newData}) } schart.Templates = updatedTemplates diff --git a/pkg/chart/v2/util/dependencies.go b/pkg/chart/v2/util/dependencies.go index c2dded99c..c92ab5085 100644 --- a/pkg/chart/v2/util/dependencies.go +++ b/pkg/chart/v2/util/dependencies.go @@ -22,11 +22,13 @@ import ( "github.com/mitchellh/copystructure" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" chart "helm.sh/helm/v4/pkg/chart/v2" ) // ProcessDependencies checks through this chart's dependencies, processing accordingly. -func ProcessDependencies(c *chart.Chart, v Values) error { +func ProcessDependencies(c *chart.Chart, v common.Values) error { if err := processDependencyEnabled(c, v, ""); err != nil { return err } @@ -34,7 +36,7 @@ func ProcessDependencies(c *chart.Chart, v Values) error { } // processDependencyConditions disables charts based on condition path value in values -func processDependencyConditions(reqs []*chart.Dependency, cvals Values, cpath string) { +func processDependencyConditions(reqs []*chart.Dependency, cvals common.Values, cpath string) { if reqs == nil { return } @@ -50,7 +52,7 @@ func processDependencyConditions(reqs []*chart.Dependency, cvals Values, cpath s break } slog.Warn("returned non-bool value", "path", c, "chart", r.Name) - } else if _, ok := err.(ErrNoValue); !ok { + } else if _, ok := err.(common.ErrNoValue); !ok { // this is a real error slog.Warn("the method PathValue returned error", slog.Any("error", err)) } @@ -60,7 +62,7 @@ func processDependencyConditions(reqs []*chart.Dependency, cvals Values, cpath s } // processDependencyTags disables charts based on tags in values -func processDependencyTags(reqs []*chart.Dependency, cvals Values) { +func processDependencyTags(reqs []*chart.Dependency, cvals common.Values) { if reqs == nil { return } @@ -177,7 +179,7 @@ Loop: for _, lr := range c.Metadata.Dependencies { lr.Enabled = true } - cvals, err := CoalesceValues(c, v) + cvals, err := util.CoalesceValues(c, v) if err != nil { return err } @@ -232,6 +234,8 @@ func pathToMap(path string, data map[string]interface{}) map[string]interface{} return set(parsePath(path), data) } +func parsePath(key string) []string { return strings.Split(key, ".") } + func set(path []string, data map[string]interface{}) map[string]interface{} { if len(path) == 0 { return nil @@ -249,12 +253,12 @@ func processImportValues(c *chart.Chart, merge bool) error { return nil } // combine chart values and empty config to get Values - var cvals Values + var cvals common.Values var err error if merge { - cvals, err = MergeValues(c, nil) + cvals, err = util.MergeValues(c, nil) } else { - cvals, err = CoalesceValues(c, nil) + cvals, err = util.CoalesceValues(c, nil) } if err != nil { return err @@ -286,9 +290,9 @@ func processImportValues(c *chart.Chart, merge bool) error { } // create value map from child to be merged into parent if merge { - b = MergeTables(b, pathToMap(parent, vv.AsMap())) + b = util.MergeTables(b, pathToMap(parent, vv.AsMap())) } else { - b = CoalesceTables(b, pathToMap(parent, vv.AsMap())) + b = util.CoalesceTables(b, pathToMap(parent, vv.AsMap())) } case string: child := "exports." + iv @@ -302,9 +306,9 @@ func processImportValues(c *chart.Chart, merge bool) error { continue } if merge { - b = MergeTables(b, vm.AsMap()) + b = util.MergeTables(b, vm.AsMap()) } else { - b = CoalesceTables(b, vm.AsMap()) + b = util.CoalesceTables(b, vm.AsMap()) } } } @@ -319,14 +323,14 @@ func processImportValues(c *chart.Chart, merge bool) error { // deep copying the cvals as there are cases where pointers can end // up in the cvals when they are copied onto b in ways that break things. cvals = deepCopyMap(cvals) - c.Values = MergeTables(cvals, b) + c.Values = util.MergeTables(cvals, b) } else { // Trimming the nil values from cvals is needed for backwards compatibility. // Previously, the b value had been populated with cvals along with some // overrides. This caused the coalescing functionality to remove the // nil/null values. This trimming is for backwards compat. cvals = trimNilValues(cvals) - c.Values = CoalesceTables(cvals, b) + c.Values = util.CoalesceTables(cvals, b) } return nil @@ -359,6 +363,12 @@ func trimNilValues(vals map[string]interface{}) map[string]interface{} { return valsCopyMap } +// istable is a special-purpose function to see if the present thing matches the definition of a YAML table. +func istable(v interface{}) bool { + _, ok := v.(map[string]interface{}) + return ok +} + // processDependencyImportValues imports specified chart values from child to parent. func processDependencyImportValues(c *chart.Chart, merge bool) error { for _, d := range c.Dependencies() { diff --git a/pkg/chart/v2/util/dependencies_test.go b/pkg/chart/v2/util/dependencies_test.go index 1cf78f0c5..f40cedb03 100644 --- a/pkg/chart/v2/util/dependencies_test.go +++ b/pkg/chart/v2/util/dependencies_test.go @@ -21,6 +21,7 @@ import ( "strconv" "testing" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/chart/v2/loader" ) @@ -232,7 +233,7 @@ func TestProcessDependencyImportValues(t *testing.T) { if err := processDependencyImportValues(c, false); err != nil { t.Fatalf("processing import values dependencies %v", err) } - cc := Values(c.Values) + cc := common.Values(c.Values) for kk, vv := range e { pv, err := cc.PathValue(kk) if err != nil { @@ -262,7 +263,7 @@ func TestProcessDependencyImportValues(t *testing.T) { t.Error("expect nil value not found but found it") } switch xerr := err.(type) { - case ErrNoValue: + case common.ErrNoValue: // We found what we expected default: t.Errorf("expected an ErrNoValue but got %q instead", xerr) @@ -272,7 +273,7 @@ func TestProcessDependencyImportValues(t *testing.T) { if err := processDependencyImportValues(c, true); err != nil { t.Fatalf("processing import values dependencies %v", err) } - cc = Values(c.Values) + cc = common.Values(c.Values) val, err := cc.PathValue("ensurenull") if err != nil { t.Error("expect value but ensurenull was not found") @@ -302,7 +303,7 @@ func TestProcessDependencyImportValuesFromSharedDependencyToAliases(t *testing.T e["foo.grandchild.defaults.defaultValue"] = "42" e["bar.grandchild.defaults.defaultValue"] = "42" - cValues := Values(c.Values) + cValues := common.Values(c.Values) for kk, vv := range e { pv, err := cValues.PathValue(kk) if err != nil { @@ -340,7 +341,7 @@ func TestProcessDependencyImportValuesMultiLevelPrecedence(t *testing.T) { if err := processDependencyImportValues(c, true); err != nil { t.Fatalf("processing import values dependencies %v", err) } - cc := Values(c.Values) + cc := common.Values(c.Values) for kk, vv := range e { pv, err := cc.PathValue(kk) if err != nil { diff --git a/pkg/chart/v2/util/expand.go b/pkg/chart/v2/util/expand.go index 9d08571ed..077dfbf38 100644 --- a/pkg/chart/v2/util/expand.go +++ b/pkg/chart/v2/util/expand.go @@ -26,13 +26,13 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "sigs.k8s.io/yaml" + "helm.sh/helm/v4/pkg/chart/loader/archive" chart "helm.sh/helm/v4/pkg/chart/v2" - "helm.sh/helm/v4/pkg/chart/v2/loader" ) // Expand uncompresses and extracts a chart into the specified directory. func Expand(dir string, r io.Reader) error { - files, err := loader.LoadArchiveFiles(r) + files, err := archive.LoadArchiveFiles(r) if err != nil { return err } diff --git a/pkg/chart/v2/util/save.go b/pkg/chart/v2/util/save.go index 624a5b562..e66d86991 100644 --- a/pkg/chart/v2/util/save.go +++ b/pkg/chart/v2/util/save.go @@ -29,6 +29,7 @@ import ( "sigs.k8s.io/yaml" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" ) @@ -76,7 +77,7 @@ func SaveDir(c *chart.Chart, dest string) error { } // Save templates and files - for _, o := range [][]*chart.File{c.Templates, c.Files} { + for _, o := range [][]*common.File{c.Templates, c.Files} { for _, f := range o { n := filepath.Join(outdir, f.Name) if err := writeFile(n, f.Data); err != nil { @@ -174,7 +175,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { if err != nil { return err } - if err := writeToTar(out, filepath.Join(base, ChartfileName), cdata); err != nil { + if err := writeToTar(out, filepath.Join(base, ChartfileName), cdata, c.ModTime); err != nil { return err } @@ -186,7 +187,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { if err != nil { return err } - if err := writeToTar(out, filepath.Join(base, "Chart.lock"), ldata); err != nil { + if err := writeToTar(out, filepath.Join(base, "Chart.lock"), ldata, c.Lock.Generated); err != nil { return err } } @@ -195,7 +196,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { // Save values.yaml for _, f := range c.Raw { if f.Name == ValuesfileName { - if err := writeToTar(out, filepath.Join(base, ValuesfileName), f.Data); err != nil { + if err := writeToTar(out, filepath.Join(base, ValuesfileName), f.Data, f.ModTime); err != nil { return err } } @@ -206,7 +207,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { if !json.Valid(c.Schema) { return errors.New("invalid JSON in " + SchemafileName) } - if err := writeToTar(out, filepath.Join(base, SchemafileName), c.Schema); err != nil { + if err := writeToTar(out, filepath.Join(base, SchemafileName), c.Schema, c.SchemaModTime); err != nil { return err } } @@ -214,7 +215,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { // Save templates for _, f := range c.Templates { n := filepath.Join(base, f.Name) - if err := writeToTar(out, n, f.Data); err != nil { + if err := writeToTar(out, n, f.Data, f.ModTime); err != nil { return err } } @@ -222,7 +223,7 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { // Save files for _, f := range c.Files { n := filepath.Join(base, f.Name) - if err := writeToTar(out, n, f.Data); err != nil { + if err := writeToTar(out, n, f.Data, f.ModTime); err != nil { return err } } @@ -237,13 +238,16 @@ func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error { } // writeToTar writes a single file to a tar archive. -func writeToTar(out *tar.Writer, name string, body []byte) error { +func writeToTar(out *tar.Writer, name string, body []byte, modTime time.Time) error { // TODO: Do we need to create dummy parent directory names if none exist? h := &tar.Header{ Name: filepath.ToSlash(name), Mode: 0644, Size: int64(len(body)), - ModTime: time.Now(), + ModTime: modTime, + } + if h.ModTime.IsZero() { + h.ModTime = time.Now() } if err := out.WriteHeader(h); err != nil { return err @@ -258,7 +262,7 @@ func validateName(name string) error { nname := filepath.Base(name) if nname != name { - return ErrInvalidChartName{name} + return common.ErrInvalidChartName{Name: name} } return nil diff --git a/pkg/chart/v2/util/save_test.go b/pkg/chart/v2/util/save_test.go index ff96331b5..e317d1c09 100644 --- a/pkg/chart/v2/util/save_test.go +++ b/pkg/chart/v2/util/save_test.go @@ -20,6 +20,8 @@ import ( "archive/tar" "bytes" "compress/gzip" + "crypto/sha256" + "fmt" "io" "os" "path" @@ -29,6 +31,7 @@ import ( "testing" "time" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/chart/v2/loader" ) @@ -47,8 +50,8 @@ func TestSave(t *testing.T) { Lock: &chart.Lock{ Digest: "testdigest", }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: time.Now(), Data: []byte("1,001 Nights")}, }, Schema: []byte("{\n \"title\": \"Values\"\n}"), } @@ -116,8 +119,8 @@ func TestSave(t *testing.T) { Lock: &chart.Lock{ Digest: "testdigest", }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: time.Now(), Data: []byte("1,001 Nights")}, }, } _, err := Save(c, tmp) @@ -152,14 +155,16 @@ func TestSavePreservesTimestamps(t *testing.T) { Name: "ahab", Version: "1.2.3", }, + ModTime: initialCreateTime, Values: map[string]interface{}{ "imageName": "testimage", "imageId": 42, }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: initialCreateTime, Data: []byte("1,001 Nights")}, }, - Schema: []byte("{\n \"title\": \"Values\"\n}"), + Schema: []byte("{\n \"title\": \"Values\"\n}"), + SchemaModTime: initialCreateTime, } where, err := Save(c, tmp) @@ -172,8 +177,9 @@ func TestSavePreservesTimestamps(t *testing.T) { t.Fatalf("Failed to parse tar: %v", err) } + roundedTime := initialCreateTime.Round(time.Second) for _, header := range allHeaders { - if header.ModTime.Before(initialCreateTime) { + if !header.ModTime.Equal(roundedTime) { t.Fatalf("File timestamp not preserved: %v", header.ModTime) } } @@ -216,17 +222,18 @@ func retrieveAllHeadersFromTar(path string) ([]*tar.Header, error) { func TestSaveDir(t *testing.T) { tmp := t.TempDir() + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{ APIVersion: chart.APIVersionV1, Name: "ahab", Version: "1.2.3", }, - Files: []*chart.File{ - {Name: "scheherazade/shahryar.txt", Data: []byte("1,001 Nights")}, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: modTime, Data: []byte("1,001 Nights")}, }, - Templates: []*chart.File{ - {Name: path.Join(TemplatesDir, "nested", "dir", "thing.yaml"), Data: []byte("abc: {{ .Values.abc }}")}, + Templates: []*common.File{ + {Name: path.Join(TemplatesDir, "nested", "dir", "thing.yaml"), ModTime: modTime, Data: []byte("abc: {{ .Values.abc }}")}, }, } @@ -262,3 +269,92 @@ func TestSaveDir(t *testing.T) { t.Fatalf("Did not get expected error for chart named %q", c.Name()) } } + +func TestRepeatableSave(t *testing.T) { + tmp := t.TempDir() + defer os.RemoveAll(tmp) + modTime := time.Date(2021, 9, 1, 20, 34, 58, 651387237, time.UTC) + tests := []struct { + name string + chart *chart.Chart + want string + }{ + { + name: "Package 1 file", + chart: &chart.Chart{ + Metadata: &chart.Metadata{ + APIVersion: chart.APIVersionV2, + Name: "ahab", + Version: "1.2.3", + }, + ModTime: modTime, + Lock: &chart.Lock{ + Digest: "testdigest", + Generated: modTime, + }, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: modTime, Data: []byte("1,001 Nights")}, + }, + Schema: []byte("{\n \"title\": \"Values\"\n}"), + SchemaModTime: modTime, + }, + want: "fea2662522317b65c2788ff9e5fc446a9264830038dac618d4449493d99b3257", + }, + { + name: "Package 2 files", + chart: &chart.Chart{ + Metadata: &chart.Metadata{ + APIVersion: chart.APIVersionV2, + Name: "ahab", + Version: "1.2.3", + }, + ModTime: modTime, + Lock: &chart.Lock{ + Digest: "testdigest", + Generated: modTime, + }, + Files: []*common.File{ + {Name: "scheherazade/shahryar.txt", ModTime: modTime, Data: []byte("1,001 Nights")}, + {Name: "scheherazade/dunyazad.txt", ModTime: modTime, Data: []byte("1,001 Nights again")}, + }, + Schema: []byte("{\n \"title\": \"Values\"\n}"), + SchemaModTime: modTime, + }, + want: "7ae92b2f274bb51ea3f1969e4187d78cc52b5f6f663b44b8fb3b40bcb8ee46f3", + }, + } + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + // create package + dest := path.Join(tmp, "newdir") + where, err := Save(test.chart, dest) + if err != nil { + t.Fatalf("Failed to save: %s", err) + } + // get shasum for package + result, err := sha256Sum(where) + if err != nil { + t.Fatalf("Failed to check shasum: %s", err) + } + // assert that the package SHA is what we wanted. + if result != test.want { + t.Errorf("FormatName() result = %v, want %v", result, test.want) + } + }) + } +} + +func sha256Sum(filePath string) (string, error) { + f, err := os.Open(filePath) + if err != nil { + return "", err + } + defer f.Close() + + h := sha256.New() + if _, err := io.Copy(h, f); err != nil { + return "", err + } + + return fmt.Sprintf("%x", h.Sum(nil)), nil +} diff --git a/pkg/cli/environment.go b/pkg/cli/environment.go index 19563cba3..106d24336 100644 --- a/pkg/cli/environment.go +++ b/pkg/cli/environment.go @@ -249,6 +249,7 @@ func (s *EnvSettings) EnvVars() map[string]string { "HELM_PLUGINS": s.PluginsDirectory, "HELM_REGISTRY_CONFIG": s.RegistryConfig, "HELM_REPOSITORY_CACHE": s.RepositoryCache, + "HELM_CONTENT_CACHE": s.ContentCache, "HELM_REPOSITORY_CONFIG": s.RepositoryConfig, "HELM_NAMESPACE": s.Namespace(), "HELM_MAX_HISTORY": strconv.Itoa(s.MaxHistory), diff --git a/pkg/cli/values/options_test.go b/pkg/cli/values/options_test.go index 4dbc709f1..fe1afc5d2 100644 --- a/pkg/cli/values/options_test.go +++ b/pkg/cli/values/options_test.go @@ -294,7 +294,7 @@ func TestReadFileOriginal(t *testing.T) { } } -func TestMergeValues(t *testing.T) { +func TestMergeValuesCLI(t *testing.T) { tests := []struct { name string opts Options diff --git a/pkg/cmd/completion_test.go b/pkg/cmd/completion_test.go index 375a9a97d..81c1ee2ad 100644 --- a/pkg/cmd/completion_test.go +++ b/pkg/cmd/completion_test.go @@ -22,6 +22,7 @@ import ( "testing" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" ) @@ -31,7 +32,7 @@ func checkFileCompletion(t *testing.T, cmdName string, shouldBePerformed bool) { storage := storageFixture() storage.Create(&release.Release{ Name: "myrelease", - Info: &release.Info{Status: release.StatusDeployed}, + Info: &release.Info{Status: common.StatusDeployed}, Chart: &chart.Chart{ Metadata: &chart.Metadata{ Name: "Myrelease-Chart", diff --git a/pkg/cmd/dependency.go b/pkg/cmd/dependency.go index 34bbff6be..5978c902a 100644 --- a/pkg/cmd/dependency.go +++ b/pkg/cmd/dependency.go @@ -130,7 +130,7 @@ func addDependencySubcommandFlags(f *pflag.FlagSet, client *action.Dependency) { f.StringVar(&client.Password, "password", "", "chart repository password where to locate the requested chart") f.StringVar(&client.CertFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") f.StringVar(&client.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") - f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") + f.BoolVar(&client.InsecureSkipTLSVerify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&client.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") f.StringVar(&client.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") } diff --git a/pkg/cmd/dependency_build.go b/pkg/cmd/dependency_build.go index 320fe12ae..7e5c731b7 100644 --- a/pkg/cmd/dependency_build.go +++ b/pkg/cmd/dependency_build.go @@ -55,7 +55,7 @@ func newDependencyBuildCmd(out io.Writer) *cobra.Command { chartpath = filepath.Clean(args[0]) } registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/pkg/cmd/dependency_build_test.go b/pkg/cmd/dependency_build_test.go index a4a89b7a9..a3473301d 100644 --- a/pkg/cmd/dependency_build_test.go +++ b/pkg/cmd/dependency_build_test.go @@ -24,8 +24,8 @@ import ( chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/provenance" - "helm.sh/helm/v4/pkg/repo" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestDependencyBuildCmd(t *testing.T) { diff --git a/pkg/cmd/dependency_update.go b/pkg/cmd/dependency_update.go index b534fb48a..7f805c37b 100644 --- a/pkg/cmd/dependency_update.go +++ b/pkg/cmd/dependency_update.go @@ -59,7 +59,7 @@ func newDependencyUpdateCmd(_ *action.Configuration, out io.Writer) *cobra.Comma chartpath = filepath.Clean(args[0]) } registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/pkg/cmd/dependency_update_test.go b/pkg/cmd/dependency_update_test.go index f1b39c4b7..3eaa51df1 100644 --- a/pkg/cmd/dependency_update_test.go +++ b/pkg/cmd/dependency_update_test.go @@ -29,8 +29,8 @@ import ( chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/helmpath" "helm.sh/helm/v4/pkg/provenance" - "helm.sh/helm/v4/pkg/repo" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestDependencyUpdateCmd(t *testing.T) { diff --git a/pkg/cmd/flags.go b/pkg/cmd/flags.go index d11073e5f..5836a6af9 100644 --- a/pkg/cmd/flags.go +++ b/pkg/cmd/flags.go @@ -31,12 +31,13 @@ import ( "k8s.io/klog/v2" "helm.sh/helm/v4/pkg/action" + "helm.sh/helm/v4/pkg/cli" "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cli/values" "helm.sh/helm/v4/pkg/helmpath" "helm.sh/helm/v4/pkg/kube" - "helm.sh/helm/v4/pkg/postrender" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/postrenderer" + "helm.sh/helm/v4/pkg/repo/v1" ) const ( @@ -109,7 +110,7 @@ func addChartPathOptionsFlags(f *pflag.FlagSet, c *action.ChartPathOptions) { f.StringVar(&c.Password, "password", "", "chart repository password where to locate the requested chart") f.StringVar(&c.CertFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") f.StringVar(&c.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") - f.BoolVar(&c.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") + f.BoolVar(&c.InsecureSkipTLSVerify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&c.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") f.StringVar(&c.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") f.BoolVar(&c.PassCredentialsAll, "pass-credentials", false, "pass credentials to all domains") @@ -164,16 +165,18 @@ func (o *outputValue) Set(s string) error { return nil } -func bindPostRenderFlag(cmd *cobra.Command, varRef *postrender.PostRenderer) { - p := &postRendererOptions{varRef, "", []string{}} - cmd.Flags().Var(&postRendererString{p}, postRenderFlag, "the path to an executable to be used for post rendering. If it exists in $PATH, the binary will be used, otherwise it will try to look for the executable at the given path") +// TODO there is probably a better way to pass cobra settings than as a param +func bindPostRenderFlag(cmd *cobra.Command, varRef *postrenderer.PostRenderer, settings *cli.EnvSettings) { + p := &postRendererOptions{varRef, "", []string{}, settings} + cmd.Flags().Var(&postRendererString{p}, postRenderFlag, "the name of a postrenderer type plugin to be used for post rendering. If it exists, the plugin will be used") cmd.Flags().Var(&postRendererArgsSlice{p}, postRenderArgsFlag, "an argument to the post-renderer (can specify multiple)") } type postRendererOptions struct { - renderer *postrender.PostRenderer - binaryPath string + renderer *postrenderer.PostRenderer + pluginName string args []string + settings *cli.EnvSettings } type postRendererString struct { @@ -181,7 +184,7 @@ type postRendererString struct { } func (p *postRendererString) String() string { - return p.options.binaryPath + return p.options.pluginName } func (p *postRendererString) Type() string { @@ -192,11 +195,11 @@ func (p *postRendererString) Set(val string) error { if val == "" { return nil } - if p.options.binaryPath != "" { + if p.options.pluginName != "" { return fmt.Errorf("cannot specify --post-renderer flag more than once") } - p.options.binaryPath = val - pr, err := postrender.NewExec(p.options.binaryPath, p.options.args...) + p.options.pluginName = val + pr, err := postrenderer.NewPostRendererPlugin(p.options.settings, p.options.pluginName, p.options.args...) if err != nil { return err } @@ -221,11 +224,11 @@ func (p *postRendererArgsSlice) Set(val string) error { // a post-renderer defined by a user may accept empty arguments p.options.args = append(p.options.args, val) - if p.options.binaryPath == "" { + if p.options.pluginName == "" { return nil } // overwrite if already create PostRenderer by `post-renderer` flags - pr, err := postrender.NewExec(p.options.binaryPath, p.options.args...) + pr, err := postrenderer.NewPostRendererPlugin(p.options.settings, p.options.pluginName, p.options.args...) if err != nil { return err } diff --git a/pkg/cmd/flags_test.go b/pkg/cmd/flags_test.go index cbc2e6419..614970252 100644 --- a/pkg/cmd/flags_test.go +++ b/pkg/cmd/flags_test.go @@ -19,19 +19,20 @@ package cmd import ( "fmt" "testing" + "time" "github.com/stretchr/testify/require" "helm.sh/helm/v4/pkg/action" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" ) func outputFlagCompletionTest(t *testing.T, cmdName string) { t.Helper() releasesMockWithStatus := func(info *release.Info, hooks ...*release.Hook) []*release.Release { - info.LastDeployed = helmtime.Unix(1452902400, 0).UTC() + info.LastDeployed = time.Unix(1452902400, 0).UTC() return []*release.Release{{ Name: "athos", Namespace: "default", @@ -64,35 +65,35 @@ func outputFlagCompletionTest(t *testing.T, cmdName string) { cmd: fmt.Sprintf("__complete %s --output ''", cmdName), golden: "output/output-comp.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }), }, { name: "completion for output flag long and after arg", cmd: fmt.Sprintf("__complete %s aramis --output ''", cmdName), golden: "output/output-comp.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }), }, { name: "completion for output flag short and before arg", cmd: fmt.Sprintf("__complete %s -o ''", cmdName), golden: "output/output-comp.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }), }, { name: "completion for output flag short and after arg", cmd: fmt.Sprintf("__complete %s aramis -o ''", cmdName), golden: "output/output-comp.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }), }, { name: "completion for output flag, no filter", cmd: fmt.Sprintf("__complete %s --output jso", cmdName), golden: "output/output-comp.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }), }} runTestCmd(t, tests) @@ -101,20 +102,22 @@ func outputFlagCompletionTest(t *testing.T, cmdName string) { func TestPostRendererFlagSetOnce(t *testing.T) { cfg := action.Configuration{} client := action.NewInstall(&cfg) + settings.PluginsDirectory = "testdata/helmhome/helm/plugins" str := postRendererString{ options: &postRendererOptions{ renderer: &client.PostRenderer, + settings: settings, }, } - // Set the binary once - err := str.Set("echo") + // Set the plugin name once + err := str.Set("postrenderer-v1") require.NoError(t, err) - // Set the binary again to the same value is not ok - err = str.Set("echo") + // Set the plugin name again to the same value is not ok + err = str.Set("postrenderer-v1") require.Error(t, err) - // Set the binary again to a different value is not ok + // Set the plugin name again to a different value is not ok err = str.Set("cat") require.Error(t, err) } diff --git a/pkg/cmd/get_hooks.go b/pkg/cmd/get_hooks.go index 7ffefd93c..d344307cb 100644 --- a/pkg/cmd/get_hooks.go +++ b/pkg/cmd/get_hooks.go @@ -25,6 +25,7 @@ import ( "helm.sh/helm/v4/pkg/action" "helm.sh/helm/v4/pkg/cmd/require" + "helm.sh/helm/v4/pkg/release" ) const getHooksHelp = ` @@ -52,8 +53,16 @@ func newGetHooksCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if err != nil { return err } - for _, hook := range res.Hooks { - fmt.Fprintf(out, "---\n# Source: %s\n%s\n", hook.Path, hook.Manifest) + rac, err := release.NewAccessor(res) + if err != nil { + return err + } + for _, hook := range rac.Hooks() { + hac, err := release.NewHookAccessor(hook) + if err != nil { + return err + } + fmt.Fprintf(out, "---\n# Source: %s\n%s\n", hac.Path(), hac.Manifest()) } return nil }, diff --git a/pkg/cmd/get_manifest.go b/pkg/cmd/get_manifest.go index 021495d8d..253b011c1 100644 --- a/pkg/cmd/get_manifest.go +++ b/pkg/cmd/get_manifest.go @@ -25,6 +25,7 @@ import ( "helm.sh/helm/v4/pkg/action" "helm.sh/helm/v4/pkg/cmd/require" + "helm.sh/helm/v4/pkg/release" ) var getManifestHelp = ` @@ -54,7 +55,11 @@ func newGetManifestCmd(cfg *action.Configuration, out io.Writer) *cobra.Command if err != nil { return err } - fmt.Fprintln(out, res.Manifest) + rac, err := release.NewAccessor(res) + if err != nil { + return err + } + fmt.Fprintln(out, rac.Manifest()) return nil }, } diff --git a/pkg/cmd/get_metadata.go b/pkg/cmd/get_metadata.go index aea149f5e..eb90b6e44 100644 --- a/pkg/cmd/get_metadata.go +++ b/pkg/cmd/get_metadata.go @@ -27,6 +27,8 @@ import ( "helm.sh/helm/v4/pkg/action" "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cmd/require" + + release "helm.sh/helm/v4/pkg/release/v1" ) type metadataWriter struct { @@ -75,6 +77,20 @@ func newGetMetadataCmd(cfg *action.Configuration, out io.Writer) *cobra.Command } func (w metadataWriter) WriteTable(out io.Writer) error { + + formatApplyMethod := func(applyMethod string) string { + switch applyMethod { + case "": + return "client-side apply (defaulted)" + case string(release.ApplyMethodClientSideApply): + return "client-side apply" + case string(release.ApplyMethodServerSideApply): + return "server-side apply" + default: + return fmt.Sprintf("unknown (%q)", applyMethod) + } + } + _, _ = fmt.Fprintf(out, "NAME: %v\n", w.metadata.Name) _, _ = fmt.Fprintf(out, "CHART: %v\n", w.metadata.Chart) _, _ = fmt.Fprintf(out, "VERSION: %v\n", w.metadata.Version) @@ -86,6 +102,7 @@ func (w metadataWriter) WriteTable(out io.Writer) error { _, _ = fmt.Fprintf(out, "REVISION: %v\n", w.metadata.Revision) _, _ = fmt.Fprintf(out, "STATUS: %v\n", w.metadata.Status) _, _ = fmt.Fprintf(out, "DEPLOYED_AT: %v\n", w.metadata.DeployedAt) + _, _ = fmt.Fprintf(out, "APPLY_METHOD: %v\n", formatApplyMethod(w.metadata.ApplyMethod)) return nil } diff --git a/pkg/cmd/get_notes.go b/pkg/cmd/get_notes.go index ae79d8bcc..46fbeeaf5 100644 --- a/pkg/cmd/get_notes.go +++ b/pkg/cmd/get_notes.go @@ -25,6 +25,7 @@ import ( "helm.sh/helm/v4/pkg/action" "helm.sh/helm/v4/pkg/cmd/require" + "helm.sh/helm/v4/pkg/release" ) var getNotesHelp = ` @@ -50,8 +51,12 @@ func newGetNotesCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if err != nil { return err } - if len(res.Info.Notes) > 0 { - fmt.Fprintf(out, "NOTES:\n%s\n", res.Info.Notes) + rac, err := release.NewAccessor(res) + if err != nil { + return err + } + if len(rac.Notes()) > 0 { + fmt.Fprintf(out, "NOTES:\n%s\n", rac.Notes()) } return nil }, diff --git a/pkg/cmd/helpers.go b/pkg/cmd/helpers.go new file mode 100644 index 000000000..e555dd18b --- /dev/null +++ b/pkg/cmd/helpers.go @@ -0,0 +1,83 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package cmd + +import ( + "fmt" + "log/slog" + "strconv" + + "github.com/spf13/cobra" + + "helm.sh/helm/v4/pkg/action" +) + +func addDryRunFlag(cmd *cobra.Command) { + // --dry-run options with expected outcome: + // - Not set means no dry run and server is contacted. + // - Set with no value, a value of client, or a value of true and the server is not contacted + // - Set with a value of false, none, or false and the server is contacted + // The true/false part is meant to reflect some legacy behavior while none is equal to "". + f := cmd.Flags() + f.String( + "dry-run", + "none", + `simulates the operation without persisting changes. Must be one of: "none" (default), "client", or "server". '--dry-run=none' executes the operation normally and persists changes (no simulation). '--dry-run=client' simulates the operation client-side only and avoids cluster connections. '--dry-run=server' simulates the operation on the server, requiring cluster connectivity.`) + f.Lookup("dry-run").NoOptDefVal = "unset" +} + +// Determine the `action.DryRunStrategy` given -dry-run=` flag (or absence of) +// Legacy usage of the flag: boolean values, and `--dry-run` (without value) are supported, and log warnings emitted +func cmdGetDryRunFlagStrategy(cmd *cobra.Command, isTemplate bool) (action.DryRunStrategy, error) { + + f := cmd.Flag("dry-run") + v := f.Value.String() + + switch v { + case f.NoOptDefVal: + slog.Warn(`--dry-run is deprecated and should be replaced with '--dry-run=client'`) + return action.DryRunClient, nil + case string(action.DryRunClient): + return action.DryRunClient, nil + case string(action.DryRunServer): + return action.DryRunServer, nil + case string(action.DryRunNone): + if isTemplate { + // Special case hack for `helm template`, which is always a dry run + return action.DryRunNone, fmt.Errorf(`invalid dry-run value (%q). Must be "server" or "client"`, v) + } + return action.DryRunNone, nil + } + + b, err := strconv.ParseBool(v) + if err != nil { + return action.DryRunNone, fmt.Errorf(`invalid dry-run value (%q). Must be "none", "server", or "client"`, v) + } + + if isTemplate && !b { + // Special case for `helm template`, which is always a dry run + return action.DryRunNone, fmt.Errorf(`invalid dry-run value (%q). Must be "server" or "client"`, v) + } + + result := action.DryRunNone + if b { + result = action.DryRunClient + } + slog.Warn(fmt.Sprintf(`boolean '--dry-run=%v' flag is deprecated and must be replaced with '--dry-run=%s'`, v, result)) + + return result, nil +} diff --git a/pkg/cmd/helpers_test.go b/pkg/cmd/helpers_test.go index 40478c30e..08065499e 100644 --- a/pkg/cmd/helpers_test.go +++ b/pkg/cmd/helpers_test.go @@ -18,23 +18,27 @@ package cmd import ( "bytes" + "encoding/json" "io" + "log/slog" "os" "strings" "testing" + "time" shellwords "github.com/mattn/go-shellwords" "github.com/spf13/cobra" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "helm.sh/helm/v4/internal/test" "helm.sh/helm/v4/pkg/action" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/chart/common" "helm.sh/helm/v4/pkg/cli" kubefake "helm.sh/helm/v4/pkg/kube/fake" release "helm.sh/helm/v4/pkg/release/v1" "helm.sh/helm/v4/pkg/storage" "helm.sh/helm/v4/pkg/storage/driver" - "helm.sh/helm/v4/pkg/time" ) func testTimestamper() time.Time { return time.Unix(242085845, 0).UTC() } @@ -91,7 +95,7 @@ func executeActionCommandStdinC(store *storage.Storage, in *os.File, cmd string) actionConfig := &action.Configuration{ Releases: store, KubeClient: &kubefake.PrintingKubeClient{Out: io.Discard}, - Capabilities: chartutil.DefaultCapabilities, + Capabilities: common.DefaultCapabilities, } root, err := newRootCmdWithConfig(actionConfig, buf, args, SetupLogging) @@ -151,3 +155,155 @@ func resetEnv() func() { settings = cli.New() } } + +func TestCmdGetDryRunFlagStrategy(t *testing.T) { + + type testCaseExpectedLog struct { + Level string + Msg string + } + testCases := map[string]struct { + DryRunFlagArg string + IsTemplate bool + ExpectedStrategy action.DryRunStrategy + ExpectedError bool + ExpectedLog *testCaseExpectedLog + }{ + "unset_value": { + DryRunFlagArg: "--dry-run", + ExpectedStrategy: action.DryRunClient, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `--dry-run is deprecated and should be replaced with '--dry-run=client'`, + }, + }, + "unset_special": { + DryRunFlagArg: "--dry-run=unset", // Special value that matches cmd.Flags("dry-run").NoOptDefVal + ExpectedStrategy: action.DryRunClient, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `--dry-run is deprecated and should be replaced with '--dry-run=client'`, + }, + }, + "none": { + DryRunFlagArg: "--dry-run=none", + ExpectedStrategy: action.DryRunNone, + }, + "client": { + DryRunFlagArg: "--dry-run=client", + ExpectedStrategy: action.DryRunClient, + }, + "server": { + DryRunFlagArg: "--dry-run=server", + ExpectedStrategy: action.DryRunServer, + }, + "bool_false": { + DryRunFlagArg: "--dry-run=false", + ExpectedStrategy: action.DryRunNone, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `boolean '--dry-run=false' flag is deprecated and must be replaced with '--dry-run=none'`, + }, + }, + "bool_true": { + DryRunFlagArg: "--dry-run=true", + ExpectedStrategy: action.DryRunClient, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `boolean '--dry-run=true' flag is deprecated and must be replaced with '--dry-run=client'`, + }, + }, + "bool_0": { + DryRunFlagArg: "--dry-run=0", + ExpectedStrategy: action.DryRunNone, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `boolean '--dry-run=0' flag is deprecated and must be replaced with '--dry-run=none'`, + }, + }, + "bool_1": { + DryRunFlagArg: "--dry-run=1", + ExpectedStrategy: action.DryRunClient, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `boolean '--dry-run=1' flag is deprecated and must be replaced with '--dry-run=client'`, + }, + }, + "invalid": { + DryRunFlagArg: "--dry-run=invalid", + ExpectedError: true, + }, + "template_unset_value": { + DryRunFlagArg: "--dry-run", + IsTemplate: true, + ExpectedStrategy: action.DryRunClient, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `--dry-run is deprecated and should be replaced with '--dry-run=client'`, + }, + }, + "template_bool_false": { + DryRunFlagArg: "--dry-run=false", + IsTemplate: true, + ExpectedError: true, + }, + "template_bool_template_true": { + DryRunFlagArg: "--dry-run=true", + IsTemplate: true, + ExpectedStrategy: action.DryRunClient, + ExpectedLog: &testCaseExpectedLog{ + Level: "WARN", + Msg: `boolean '--dry-run=true' flag is deprecated and must be replaced with '--dry-run=client'`, + }, + }, + "template_none": { + DryRunFlagArg: "--dry-run=none", + IsTemplate: true, + ExpectedError: true, + }, + "template_client": { + DryRunFlagArg: "--dry-run=client", + IsTemplate: true, + ExpectedStrategy: action.DryRunClient, + }, + "template_server": { + DryRunFlagArg: "--dry-run=server", + IsTemplate: true, + ExpectedStrategy: action.DryRunServer, + }, + } + + for name, tc := range testCases { + + logBuf := new(bytes.Buffer) + logger := slog.New(slog.NewJSONHandler(logBuf, nil)) + slog.SetDefault(logger) + + cmd := &cobra.Command{ + Use: "helm", + } + addDryRunFlag(cmd) + cmd.Flags().Parse([]string{"helm", tc.DryRunFlagArg}) + + t.Run(name, func(t *testing.T) { + dryRunStrategy, err := cmdGetDryRunFlagStrategy(cmd, tc.IsTemplate) + if tc.ExpectedError { + assert.Error(t, err) + } else { + assert.Nil(t, err) + assert.Equal(t, tc.ExpectedStrategy, dryRunStrategy) + } + + if tc.ExpectedLog != nil { + logResult := map[string]string{} + err = json.Unmarshal(logBuf.Bytes(), &logResult) + require.Nil(t, err) + + assert.Equal(t, tc.ExpectedLog.Level, logResult["level"]) + assert.Equal(t, tc.ExpectedLog.Msg, logResult["msg"]) + } else { + assert.Equal(t, 0, logBuf.Len()) + } + }) + } +} diff --git a/pkg/cmd/history.go b/pkg/cmd/history.go index ec2a1bc12..b294a9da7 100644 --- a/pkg/cmd/history.go +++ b/pkg/cmd/history.go @@ -17,6 +17,7 @@ limitations under the License. package cmd import ( + "encoding/json" "fmt" "io" "strconv" @@ -29,9 +30,8 @@ import ( chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cmd/require" - releaseutil "helm.sh/helm/v4/pkg/release/util" release "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" ) var historyHelp = ` @@ -84,12 +84,81 @@ func newHistoryCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } type releaseInfo struct { - Revision int `json:"revision"` - Updated helmtime.Time `json:"updated"` - Status string `json:"status"` - Chart string `json:"chart"` - AppVersion string `json:"app_version"` - Description string `json:"description"` + Revision int `json:"revision"` + Updated time.Time `json:"updated,omitzero"` + Status string `json:"status"` + Chart string `json:"chart"` + AppVersion string `json:"app_version"` + Description string `json:"description"` +} + +// releaseInfoJSON is used for custom JSON marshaling/unmarshaling +type releaseInfoJSON struct { + Revision int `json:"revision"` + Updated *time.Time `json:"updated,omitempty"` + Status string `json:"status"` + Chart string `json:"chart"` + AppVersion string `json:"app_version"` + Description string `json:"description"` +} + +// UnmarshalJSON implements the json.Unmarshaler interface. +// It handles empty string time fields by treating them as zero values. +func (r *releaseInfo) UnmarshalJSON(data []byte) error { + // First try to unmarshal into a map to handle empty string time fields + var raw map[string]interface{} + if err := json.Unmarshal(data, &raw); err != nil { + return err + } + + // Replace empty string time fields with nil + if val, ok := raw["updated"]; ok { + if str, ok := val.(string); ok && str == "" { + raw["updated"] = nil + } + } + + // Re-marshal with cleaned data + cleaned, err := json.Marshal(raw) + if err != nil { + return err + } + + // Unmarshal into temporary struct with pointer time field + var tmp releaseInfoJSON + if err := json.Unmarshal(cleaned, &tmp); err != nil { + return err + } + + // Copy values to releaseInfo struct + r.Revision = tmp.Revision + if tmp.Updated != nil { + r.Updated = *tmp.Updated + } + r.Status = tmp.Status + r.Chart = tmp.Chart + r.AppVersion = tmp.AppVersion + r.Description = tmp.Description + + return nil +} + +// MarshalJSON implements the json.Marshaler interface. +// It omits zero-value time fields from the JSON output. +func (r releaseInfo) MarshalJSON() ([]byte, error) { + tmp := releaseInfoJSON{ + Revision: r.Revision, + Status: r.Status, + Chart: r.Chart, + AppVersion: r.AppVersion, + Description: r.Description, + } + + if !r.Updated.IsZero() { + tmp.Updated = &r.Updated + } + + return json.Marshal(tmp) } type releaseHistory []releaseInfo @@ -112,7 +181,11 @@ func (r releaseHistory) WriteTable(out io.Writer) error { } func getHistory(client *action.History, name string) (releaseHistory, error) { - hist, err := client.Run(name) + histi, err := client.Run(name) + if err != nil { + return nil, err + } + hist, err := releaseListToV1List(histi) if err != nil { return nil, err } @@ -181,7 +254,11 @@ func compListRevisions(_ string, cfg *action.Configuration, releaseName string) client := action.NewHistory(cfg) var revisions []string - if hist, err := client.Run(releaseName); err == nil { + if histi, err := client.Run(releaseName); err == nil { + hist, err := releaseListToV1List(histi) + if err != nil { + return nil, cobra.ShellCompDirectiveError + } for _, version := range hist { appVersion := fmt.Sprintf("App: %s", version.Chart.Metadata.AppVersion) chartDesc := fmt.Sprintf("Chart: %s-%s", version.Chart.Metadata.Name, version.Chart.Metadata.Version) diff --git a/pkg/cmd/history_test.go b/pkg/cmd/history_test.go index d26ed9ecf..d8adc2d19 100644 --- a/pkg/cmd/history_test.go +++ b/pkg/cmd/history_test.go @@ -17,14 +17,20 @@ limitations under the License. package cmd import ( + "encoding/json" "fmt" "testing" + "time" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" ) func TestHistoryCmd(t *testing.T) { - mk := func(name string, vers int, status release.Status) *release.Release { + mk := func(name string, vers int, status common.Status) *release.Release { return release.Mock(&release.MockReleaseOptions{ Name: name, Version: vers, @@ -36,34 +42,34 @@ func TestHistoryCmd(t *testing.T) { name: "get history for release", cmd: "history angry-bird", rels: []*release.Release{ - mk("angry-bird", 4, release.StatusDeployed), - mk("angry-bird", 3, release.StatusSuperseded), - mk("angry-bird", 2, release.StatusSuperseded), - mk("angry-bird", 1, release.StatusSuperseded), + mk("angry-bird", 4, common.StatusDeployed), + mk("angry-bird", 3, common.StatusSuperseded), + mk("angry-bird", 2, common.StatusSuperseded), + mk("angry-bird", 1, common.StatusSuperseded), }, golden: "output/history.txt", }, { name: "get history with max limit set", cmd: "history angry-bird --max 2", rels: []*release.Release{ - mk("angry-bird", 4, release.StatusDeployed), - mk("angry-bird", 3, release.StatusSuperseded), + mk("angry-bird", 4, common.StatusDeployed), + mk("angry-bird", 3, common.StatusSuperseded), }, golden: "output/history-limit.txt", }, { name: "get history with yaml output format", cmd: "history angry-bird --output yaml", rels: []*release.Release{ - mk("angry-bird", 4, release.StatusDeployed), - mk("angry-bird", 3, release.StatusSuperseded), + mk("angry-bird", 4, common.StatusDeployed), + mk("angry-bird", 3, common.StatusSuperseded), }, golden: "output/history.yaml", }, { name: "get history with json output format", cmd: "history angry-bird --output json", rels: []*release.Release{ - mk("angry-bird", 4, release.StatusDeployed), - mk("angry-bird", 3, release.StatusSuperseded), + mk("angry-bird", 4, common.StatusDeployed), + mk("angry-bird", 3, common.StatusSuperseded), }, golden: "output/history.json", }} @@ -76,7 +82,7 @@ func TestHistoryOutputCompletion(t *testing.T) { func revisionFlagCompletionTest(t *testing.T, cmdName string) { t.Helper() - mk := func(name string, vers int, status release.Status) *release.Release { + mk := func(name string, vers int, status common.Status) *release.Release { return release.Mock(&release.MockReleaseOptions{ Name: name, Version: vers, @@ -85,10 +91,10 @@ func revisionFlagCompletionTest(t *testing.T, cmdName string) { } releases := []*release.Release{ - mk("musketeers", 11, release.StatusDeployed), - mk("musketeers", 10, release.StatusSuperseded), - mk("musketeers", 9, release.StatusSuperseded), - mk("musketeers", 8, release.StatusSuperseded), + mk("musketeers", 11, common.StatusDeployed), + mk("musketeers", 10, common.StatusSuperseded), + mk("musketeers", 9, common.StatusSuperseded), + mk("musketeers", 8, common.StatusSuperseded), } tests := []cmdTestCase{{ @@ -123,3 +129,205 @@ func TestHistoryFileCompletion(t *testing.T) { checkFileCompletion(t, "history", false) checkFileCompletion(t, "history myrelease", false) } + +func TestReleaseInfoMarshalJSON(t *testing.T) { + updated := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + + tests := []struct { + name string + info releaseInfo + expected string + }{ + { + name: "all fields populated", + info: releaseInfo{ + Revision: 1, + Updated: updated, + Status: "deployed", + Chart: "mychart-1.0.0", + AppVersion: "1.0.0", + Description: "Initial install", + }, + expected: `{"revision":1,"updated":"2025-10-08T12:00:00Z","status":"deployed","chart":"mychart-1.0.0","app_version":"1.0.0","description":"Initial install"}`, + }, + { + name: "without updated time", + info: releaseInfo{ + Revision: 2, + Status: "superseded", + Chart: "mychart-1.0.1", + AppVersion: "1.0.1", + Description: "Upgraded", + }, + expected: `{"revision":2,"status":"superseded","chart":"mychart-1.0.1","app_version":"1.0.1","description":"Upgraded"}`, + }, + { + name: "with zero revision", + info: releaseInfo{ + Revision: 0, + Updated: updated, + Status: "failed", + Chart: "mychart-1.0.0", + AppVersion: "1.0.0", + Description: "Install failed", + }, + expected: `{"revision":0,"updated":"2025-10-08T12:00:00Z","status":"failed","chart":"mychart-1.0.0","app_version":"1.0.0","description":"Install failed"}`, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + data, err := json.Marshal(&tt.info) + require.NoError(t, err) + assert.JSONEq(t, tt.expected, string(data)) + }) + } +} + +func TestReleaseInfoUnmarshalJSON(t *testing.T) { + updated := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + + tests := []struct { + name string + input string + expected releaseInfo + wantErr bool + }{ + { + name: "all fields populated", + input: `{"revision":1,"updated":"2025-10-08T12:00:00Z","status":"deployed","chart":"mychart-1.0.0","app_version":"1.0.0","description":"Initial install"}`, + expected: releaseInfo{ + Revision: 1, + Updated: updated, + Status: "deployed", + Chart: "mychart-1.0.0", + AppVersion: "1.0.0", + Description: "Initial install", + }, + }, + { + name: "empty string updated field", + input: `{"revision":2,"updated":"","status":"superseded","chart":"mychart-1.0.1","app_version":"1.0.1","description":"Upgraded"}`, + expected: releaseInfo{ + Revision: 2, + Status: "superseded", + Chart: "mychart-1.0.1", + AppVersion: "1.0.1", + Description: "Upgraded", + }, + }, + { + name: "missing updated field", + input: `{"revision":3,"status":"deployed","chart":"mychart-1.0.2","app_version":"1.0.2","description":"Upgraded"}`, + expected: releaseInfo{ + Revision: 3, + Status: "deployed", + Chart: "mychart-1.0.2", + AppVersion: "1.0.2", + Description: "Upgraded", + }, + }, + { + name: "null updated field", + input: `{"revision":4,"updated":null,"status":"failed","chart":"mychart-1.0.3","app_version":"1.0.3","description":"Failed"}`, + expected: releaseInfo{ + Revision: 4, + Status: "failed", + Chart: "mychart-1.0.3", + AppVersion: "1.0.3", + Description: "Failed", + }, + }, + { + name: "invalid time format", + input: `{"revision":5,"updated":"invalid-time","status":"deployed","chart":"mychart-1.0.4","app_version":"1.0.4","description":"Test"}`, + wantErr: true, + }, + { + name: "zero revision", + input: `{"revision":0,"updated":"2025-10-08T12:00:00Z","status":"pending-install","chart":"mychart-1.0.0","app_version":"1.0.0","description":"Installing"}`, + expected: releaseInfo{ + Revision: 0, + Updated: updated, + Status: "pending-install", + Chart: "mychart-1.0.0", + AppVersion: "1.0.0", + Description: "Installing", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var info releaseInfo + err := json.Unmarshal([]byte(tt.input), &info) + if tt.wantErr { + assert.Error(t, err) + return + } + require.NoError(t, err) + assert.Equal(t, tt.expected.Revision, info.Revision) + assert.Equal(t, tt.expected.Updated.Unix(), info.Updated.Unix()) + assert.Equal(t, tt.expected.Status, info.Status) + assert.Equal(t, tt.expected.Chart, info.Chart) + assert.Equal(t, tt.expected.AppVersion, info.AppVersion) + assert.Equal(t, tt.expected.Description, info.Description) + }) + } +} + +func TestReleaseInfoRoundTrip(t *testing.T) { + updated := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + + original := releaseInfo{ + Revision: 1, + Updated: updated, + Status: "deployed", + Chart: "mychart-1.0.0", + AppVersion: "1.0.0", + Description: "Initial install", + } + + data, err := json.Marshal(&original) + require.NoError(t, err) + + var decoded releaseInfo + err = json.Unmarshal(data, &decoded) + require.NoError(t, err) + + assert.Equal(t, original.Revision, decoded.Revision) + assert.Equal(t, original.Updated.Unix(), decoded.Updated.Unix()) + assert.Equal(t, original.Status, decoded.Status) + assert.Equal(t, original.Chart, decoded.Chart) + assert.Equal(t, original.AppVersion, decoded.AppVersion) + assert.Equal(t, original.Description, decoded.Description) +} + +func TestReleaseInfoEmptyStringRoundTrip(t *testing.T) { + // This test specifically verifies that empty string time fields + // are handled correctly during parsing + input := `{"revision":1,"updated":"","status":"deployed","chart":"mychart-1.0.0","app_version":"1.0.0","description":"Test"}` + + var info releaseInfo + err := json.Unmarshal([]byte(input), &info) + require.NoError(t, err) + + // Verify time field is zero value + assert.True(t, info.Updated.IsZero()) + assert.Equal(t, 1, info.Revision) + assert.Equal(t, "deployed", info.Status) + + // Marshal back and verify empty time field is omitted + data, err := json.Marshal(&info) + require.NoError(t, err) + + var result map[string]interface{} + err = json.Unmarshal(data, &result) + require.NoError(t, err) + + // Zero time value should be omitted + assert.NotContains(t, result, "updated") + assert.Equal(t, float64(1), result["revision"]) + assert.Equal(t, "deployed", result["status"]) + assert.Equal(t, "mychart-1.0.0", result["chart"]) +} diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go index 869163a2a..e5d311394 100644 --- a/pkg/cmd/install.go +++ b/pkg/cmd/install.go @@ -18,14 +18,12 @@ package cmd import ( "context" - "errors" "fmt" "io" "log" "log/slog" "os" "os/signal" - "slices" "syscall" "time" @@ -33,8 +31,8 @@ import ( "github.com/spf13/pflag" "helm.sh/helm/v4/pkg/action" - chart "helm.sh/helm/v4/pkg/chart/v2" - "helm.sh/helm/v4/pkg/chart/v2/loader" + "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/loader" "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cli/values" "helm.sh/helm/v4/pkg/cmd/require" @@ -144,20 +142,20 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { ValidArgsFunction: func(_ *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { return compInstall(args, toComplete, client) }, - RunE: func(_ *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, args []string) error { registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } client.SetRegistryClient(registryClient) - // This is for the case where "" is specifically passed in as a - // value. When there is no value passed in NoOptDefVal will be used - // and it is set to client. See addInstallFlags. - if client.DryRunOption == "" { - client.DryRunOption = "none" + dryRunStrategy, err := cmdGetDryRunFlagStrategy(cmd, false) + if err != nil { + return err } + client.DryRunStrategy = dryRunStrategy + rel, err := runInstall(args, client, valueOpts, out) if err != nil { return fmt.Errorf("INSTALLATION FAILED: %w", err) @@ -173,29 +171,25 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { }, } - addInstallFlags(cmd, cmd.Flags(), client, valueOpts) + f := cmd.Flags() + addInstallFlags(cmd, f, client, valueOpts) // hide-secret is not available in all places the install flags are used so // it is added separately - f := cmd.Flags() f.BoolVar(&client.HideSecret, "hide-secret", false, "hide Kubernetes Secrets when also using the --dry-run flag") + addDryRunFlag(cmd) bindOutputFlag(cmd, &outfmt) - bindPostRenderFlag(cmd, &client.PostRenderer) + bindPostRenderFlag(cmd, &client.PostRenderer, settings) return cmd } func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Install, valueOpts *values.Options) { f.BoolVar(&client.CreateNamespace, "create-namespace", false, "create the release namespace if not present") - // --dry-run options with expected outcome: - // - Not set means no dry run and server is contacted. - // - Set with no value, a value of client, or a value of true and the server is not contacted - // - Set with a value of false, none, or false and the server is contacted - // The true/false part is meant to reflect some legacy behavior while none is equal to "". - f.StringVar(&client.DryRunOption, "dry-run", "", "simulate an install. If --dry-run is set with no option being specified or as '--dry-run=client', it will not attempt cluster connections. Setting '--dry-run=server' allows attempting cluster connections.") - f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.ForceReplace, "force-replace", false, "force resource updates by replacement") f.BoolVar(&client.ForceReplace, "force", false, "deprecated") f.MarkDeprecated("force", "use --force-replace instead") + f.BoolVar(&client.ForceConflicts, "force-conflicts", false, "if set server-side apply will force changes against conflicts") + f.BoolVar(&client.ServerSideApply, "server-side", true, "object updates run in the server instead of the client") f.BoolVar(&client.DisableHooks, "no-hooks", false, "prevent hooks from running during install") f.BoolVar(&client.Replace, "replace", false, "reuse the given name, only if that name is a deleted release which remains in the history. This is unsafe in production") f.DurationVar(&client.Timeout, "timeout", 300*time.Second, "time to wait for any individual Kubernetes operation (like Jobs for hooks)") @@ -218,6 +212,8 @@ func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Instal addValueOptionsFlags(f, valueOpts) addChartPathOptionsFlags(f, &client.ChartPathOptions) AddWaitFlag(cmd, &client.WaitStrategy) + cmd.MarkFlagsMutuallyExclusive("force-replace", "force-conflicts") + cmd.MarkFlagsMutuallyExclusive("force", "force-conflicts") err := cmd.RegisterFlagCompletionFunc("version", func(_ *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { requiredArgs := 2 @@ -266,15 +262,20 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options return nil, err } - if err := checkIfInstallable(chartRequested); err != nil { + ac, err := chart.NewAccessor(chartRequested) + if err != nil { + return nil, err + } + + if err := checkIfInstallable(ac); err != nil { return nil, err } - if chartRequested.Metadata.Deprecated { + if ac.Deprecated() { slog.Warn("this chart is deprecated") } - if req := chartRequested.Metadata.Dependencies; req != nil { + if req := ac.MetaDependencies(); req != nil { // If CheckDependencies returns an error, we have unfulfilled dependencies. // As of Helm 2.4.0, this is treated as a stopping condition: // https://github.com/helm/helm/issues/2209 @@ -307,11 +308,6 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options client.Namespace = settings.Namespace() - // Validate DryRunOption member is one of the allowed values - if err := validateDryRunOptionFlag(client.DryRunOption); err != nil { - return nil, err - } - // Create context and prepare the handle of SIGTERM ctx := context.Background() ctx, cancel := context.WithCancel(ctx) @@ -327,18 +323,25 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options cancel() }() - return client.RunWithContext(ctx, chartRequested, vals) + ri, err := client.RunWithContext(ctx, chartRequested, vals) + rel, rerr := releaserToV1Release(ri) + if rerr != nil { + return nil, rerr + } + return rel, err } // checkIfInstallable validates if a chart can be installed // // Application chart type is only installable -func checkIfInstallable(ch *chart.Chart) error { - switch ch.Metadata.Type { +func checkIfInstallable(ch chart.Accessor) error { + meta := ch.MetadataAsMap() + + switch meta["Type"] { case "", "application": return nil } - return fmt.Errorf("%s charts are not installable", ch.Metadata.Type) + return fmt.Errorf("%s charts are not installable", meta["Type"]) } // Provide dynamic auto-completion for the install and template commands @@ -352,13 +355,3 @@ func compInstall(args []string, toComplete string, client *action.Install) ([]st } return nil, cobra.ShellCompDirectiveNoFileComp } - -func validateDryRunOptionFlag(dryRunOptionFlagValue string) error { - // Validate dry-run flag value with a set of allowed value - allowedDryRunValues := []string{"false", "true", "none", "client", "server"} - isAllowed := slices.Contains(allowedDryRunValues, dryRunOptionFlagValue) - if !isAllowed { - return errors.New("invalid dry-run flag. Flag must one of the following: false, true, none, client, server") - } - return nil -} diff --git a/pkg/cmd/install_test.go b/pkg/cmd/install_test.go index 9cd244e84..f0f12e4f7 100644 --- a/pkg/cmd/install_test.go +++ b/pkg/cmd/install_test.go @@ -23,7 +23,7 @@ import ( "path/filepath" "testing" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestInstall(t *testing.T) { diff --git a/pkg/cmd/lint.go b/pkg/cmd/lint.go index 78083a7ea..ccc53ddd0 100644 --- a/pkg/cmd/lint.go +++ b/pkg/cmd/lint.go @@ -27,10 +27,11 @@ import ( "github.com/spf13/cobra" "helm.sh/helm/v4/pkg/action" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/v2/lint/support" "helm.sh/helm/v4/pkg/cli/values" + "helm.sh/helm/v4/pkg/cmd/require" "helm.sh/helm/v4/pkg/getter" - "helm.sh/helm/v4/pkg/lint/support" ) var longLintHelp = ` @@ -51,14 +52,12 @@ func newLintCmd(out io.Writer) *cobra.Command { Use: "lint PATH", Short: "examine a chart for possible issues", Long: longLintHelp, + Args: require.MinimumNArgs(1), RunE: func(_ *cobra.Command, args []string) error { - paths := []string{"."} - if len(args) > 0 { - paths = args - } + paths := args if kubeVersion != "" { - parsedKubeVersion, err := chartutil.ParseKubeVersion(kubeVersion) + parsedKubeVersion, err := common.ParseKubeVersion(kubeVersion) if err != nil { return fmt.Errorf("invalid kube version '%s': %s", kubeVersion, err) } diff --git a/pkg/cmd/lint_test.go b/pkg/cmd/lint_test.go index 401c84d74..270273116 100644 --- a/pkg/cmd/lint_test.go +++ b/pkg/cmd/lint_test.go @@ -91,6 +91,15 @@ func TestLintCmdWithKubeVersionFlag(t *testing.T) { runTestCmd(t, tests) } +func TestLintCmdRequiresArgs(t *testing.T) { + tests := []cmdTestCase{{ + name: "lint without arguments should fail", + cmd: "lint", + wantError: true, + }} + runTestCmd(t, tests) +} + func TestLintFileCompletion(t *testing.T) { checkFileCompletion(t, "lint", true) checkFileCompletion(t, "lint mypath", true) // Multiple paths can be given diff --git a/pkg/cmd/list.go b/pkg/cmd/list.go index 55d828036..3c15a0954 100644 --- a/pkg/cmd/list.go +++ b/pkg/cmd/list.go @@ -30,15 +30,17 @@ import ( "helm.sh/helm/v4/pkg/action" "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cmd/require" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" ) var listHelp = ` This command lists all of the releases for a specified namespace (uses current namespace context if namespace not specified). -By default, it lists only releases that are deployed or failed. Flags like -'--uninstalled' and '--all' will alter this behavior. Such flags can be combined: -'--uninstalled --failed'. +By default, it lists all releases in any status. Individual status filters like '--deployed', '--failed', +'--pending', '--uninstalled', '--superseded', and '--uninstalling' can be used +to show only releases in specific states. Such flags can be combined: +'--deployed --failed'. By default, items are sorted alphabetically. Use the '-d' flag to sort by release date. @@ -79,7 +81,11 @@ func newListCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } client.SetStateMask() - results, err := client.Run() + resultsi, err := client.Run() + if err != nil { + return err + } + results, err := releaseListToV1List(resultsi) if err != nil { return err } @@ -117,11 +123,10 @@ func newListCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.StringVar(&client.TimeFormat, "time-format", "", `format time using golang time formatter. Example: --time-format "2006-01-02 15:04:05Z0700"`) f.BoolVarP(&client.ByDate, "date", "d", false, "sort by release date") f.BoolVarP(&client.SortReverse, "reverse", "r", false, "reverse the sort order") - f.BoolVarP(&client.All, "all", "a", false, "show all releases without any filter applied") f.BoolVar(&client.Uninstalled, "uninstalled", false, "show uninstalled releases (if 'helm uninstall --keep-history' was used)") f.BoolVar(&client.Superseded, "superseded", false, "show superseded releases") f.BoolVar(&client.Uninstalling, "uninstalling", false, "show releases that are currently being uninstalled") - f.BoolVar(&client.Deployed, "deployed", false, "show deployed releases. If no other is specified, this will be automatically enabled") + f.BoolVar(&client.Deployed, "deployed", false, "show deployed releases") f.BoolVar(&client.Failed, "failed", false, "show failed releases") f.BoolVar(&client.Pending, "pending", false, "show pending releases") f.BoolVarP(&client.AllNamespaces, "all-namespaces", "A", false, "list releases across all namespaces") @@ -193,28 +198,28 @@ func (w *releaseListWriter) WriteTable(out io.Writer) error { } for _, r := range w.releases { // Parse the status string back to a release.Status to use color - var status release.Status + var status common.Status switch r.Status { case "deployed": - status = release.StatusDeployed + status = common.StatusDeployed case "failed": - status = release.StatusFailed + status = common.StatusFailed case "pending-install": - status = release.StatusPendingInstall + status = common.StatusPendingInstall case "pending-upgrade": - status = release.StatusPendingUpgrade + status = common.StatusPendingUpgrade case "pending-rollback": - status = release.StatusPendingRollback + status = common.StatusPendingRollback case "uninstalling": - status = release.StatusUninstalling + status = common.StatusUninstalling case "uninstalled": - status = release.StatusUninstalled + status = common.StatusUninstalled case "superseded": - status = release.StatusSuperseded + status = common.StatusSuperseded case "unknown": - status = release.StatusUnknown + status = common.StatusUnknown default: - status = release.Status(r.Status) + status = common.Status(r.Status) } table.AddRow(r.Name, coloroutput.ColorizeNamespace(r.Namespace, w.noColor), r.Revision, r.Updated, coloroutput.ColorizeStatus(status, w.noColor), r.Chart, r.AppVersion) } @@ -264,7 +269,11 @@ func compListReleases(toComplete string, ignoredReleaseNames []string, cfg *acti // client.Filter = fmt.Sprintf("^%s", toComplete) client.SetStateMask() - releases, err := client.Run() + releasesi, err := client.Run() + if err != nil { + return nil, cobra.ShellCompDirectiveDefault + } + releases, err := releaseListToV1List(releasesi) if err != nil { return nil, cobra.ShellCompDirectiveDefault } diff --git a/pkg/cmd/list_test.go b/pkg/cmd/list_test.go index 82b25a768..35153465a 100644 --- a/pkg/cmd/list_test.go +++ b/pkg/cmd/list_test.go @@ -18,10 +18,11 @@ package cmd import ( "testing" + "time" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" - "helm.sh/helm/v4/pkg/time" ) func TestListCmd(t *testing.T) { @@ -47,7 +48,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp1, - Status: release.StatusSuperseded, + Status: common.StatusSuperseded, }, Chart: chartInfo, }, @@ -57,7 +58,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp1, - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: chartInfo, }, @@ -67,7 +68,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp1, - Status: release.StatusUninstalled, + Status: common.StatusUninstalled, }, Chart: chartInfo, }, @@ -77,7 +78,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp1, - Status: release.StatusSuperseded, + Status: common.StatusSuperseded, }, Chart: chartInfo, }, @@ -87,7 +88,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp2, - Status: release.StatusFailed, + Status: common.StatusFailed, }, Chart: chartInfo, }, @@ -97,7 +98,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp1, - Status: release.StatusUninstalling, + Status: common.StatusUninstalling, }, Chart: chartInfo, }, @@ -107,7 +108,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp1, - Status: release.StatusPendingInstall, + Status: common.StatusPendingInstall, }, Chart: chartInfo, }, @@ -117,7 +118,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp3, - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: chartInfo, }, @@ -127,7 +128,7 @@ func TestListCmd(t *testing.T) { Namespace: defaultNamespace, Info: &release.Info{ LastDeployed: timestamp4, - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: chartInfo, }, @@ -137,7 +138,7 @@ func TestListCmd(t *testing.T) { Namespace: "milano", Info: &release.Info{ LastDeployed: timestamp1, - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: chartInfo, }, @@ -146,22 +147,17 @@ func TestListCmd(t *testing.T) { tests := []cmdTestCase{{ name: "list releases", cmd: "list", - golden: "output/list.txt", + golden: "output/list-all.txt", rels: releaseFixture, }, { name: "list without headers", cmd: "list --no-headers", - golden: "output/list-no-headers.txt", - rels: releaseFixture, - }, { - name: "list all releases", - cmd: "list --all", - golden: "output/list-all.txt", + golden: "output/list-all-no-headers.txt", rels: releaseFixture, }, { name: "list releases sorted by release date", cmd: "list --date", - golden: "output/list-date.txt", + golden: "output/list-all-date.txt", rels: releaseFixture, }, { name: "list failed releases", @@ -171,17 +167,17 @@ func TestListCmd(t *testing.T) { }, { name: "list filtered releases", cmd: "list --filter='.*'", - golden: "output/list-filter.txt", + golden: "output/list-all.txt", rels: releaseFixture, }, { name: "list releases, limited to one release", cmd: "list --max 1", - golden: "output/list-max.txt", + golden: "output/list-all-max.txt", rels: releaseFixture, }, { name: "list releases, offset by one", cmd: "list --offset 1", - golden: "output/list-offset.txt", + golden: "output/list-all-offset.txt", rels: releaseFixture, }, { name: "list pending releases", @@ -191,27 +187,32 @@ func TestListCmd(t *testing.T) { }, { name: "list releases in reverse order", cmd: "list --reverse", - golden: "output/list-reverse.txt", + golden: "output/list-all-reverse.txt", rels: releaseFixture, }, { name: "list releases sorted by reversed release date", cmd: "list --date --reverse", - golden: "output/list-date-reversed.txt", + golden: "output/list-all-date-reversed.txt", rels: releaseFixture, }, { name: "list releases in short output format", cmd: "list --short", - golden: "output/list-short.txt", + golden: "output/list-all-short.txt", rels: releaseFixture, }, { name: "list releases in short output format", cmd: "list --short --output yaml", - golden: "output/list-short-yaml.txt", + golden: "output/list-all-short-yaml.txt", rels: releaseFixture, }, { name: "list releases in short output format", cmd: "list --short --output json", - golden: "output/list-short-json.txt", + golden: "output/list-all-short-json.txt", + rels: releaseFixture, + }, { + name: "list deployed and failed releases only", + cmd: "list --deployed --failed", + golden: "output/list.txt", rels: releaseFixture, }, { name: "list superseded releases", @@ -244,3 +245,373 @@ func TestListOutputCompletion(t *testing.T) { func TestListFileCompletion(t *testing.T) { checkFileCompletion(t, "list", false) } + +func TestListOutputFormats(t *testing.T) { + defaultNamespace := "default" + timestamp := time.Unix(1452902400, 0).UTC() + chartInfo := &chart.Chart{ + Metadata: &chart.Metadata{ + Name: "test-chart", + Version: "1.0.0", + AppVersion: "0.0.1", + }, + } + + releaseFixture := []*release.Release{ + { + Name: "test-release", + Version: 1, + Namespace: defaultNamespace, + Info: &release.Info{ + LastDeployed: timestamp, + Status: common.StatusDeployed, + }, + Chart: chartInfo, + }, + } + + tests := []cmdTestCase{{ + name: "list releases in json format", + cmd: "list --output json", + golden: "output/list-json.txt", + rels: releaseFixture, + }, { + name: "list releases in yaml format", + cmd: "list --output yaml", + golden: "output/list-yaml.txt", + rels: releaseFixture, + }} + runTestCmd(t, tests) +} + +func TestReleaseListWriter(t *testing.T) { + timestamp := time.Unix(1452902400, 0).UTC() + chartInfo := &chart.Chart{ + Metadata: &chart.Metadata{ + Name: "test-chart", + Version: "1.0.0", + AppVersion: "0.0.1", + }, + } + + releases := []*release.Release{ + { + Name: "test-release", + Version: 1, + Namespace: "default", + Info: &release.Info{ + LastDeployed: timestamp, + Status: common.StatusDeployed, + }, + Chart: chartInfo, + }, + } + + tests := []struct { + name string + releases []*release.Release + timeFormat string + noHeaders bool + noColor bool + }{ + { + name: "empty releases list", + releases: []*release.Release{}, + timeFormat: "", + noHeaders: false, + noColor: false, + }, + { + name: "custom time format", + releases: releases, + timeFormat: "2006-01-02", + noHeaders: false, + noColor: false, + }, + { + name: "no headers", + releases: releases, + timeFormat: "", + noHeaders: true, + noColor: false, + }, + { + name: "no color", + releases: releases, + timeFormat: "", + noHeaders: false, + noColor: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + writer := newReleaseListWriter(tt.releases, tt.timeFormat, tt.noHeaders, tt.noColor) + + if writer == nil { + t.Error("Expected writer to be non-nil") + } else { + if len(writer.releases) != len(tt.releases) { + t.Errorf("Expected %d releases, got %d", len(tt.releases), len(writer.releases)) + } + } + }) + } +} + +func TestReleaseListWriterMethods(t *testing.T) { + timestamp := time.Unix(1452902400, 0).UTC() + zeroTimestamp := time.Time{} + chartInfo := &chart.Chart{ + Metadata: &chart.Metadata{ + Name: "test-chart", + Version: "1.0.0", + AppVersion: "0.0.1", + }, + } + + releases := []*release.Release{ + { + Name: "test-release", + Version: 1, + Namespace: "default", + Info: &release.Info{ + LastDeployed: timestamp, + Status: common.StatusDeployed, + }, + Chart: chartInfo, + }, + { + Name: "zero-time-release", + Version: 1, + Namespace: "default", + Info: &release.Info{ + LastDeployed: zeroTimestamp, + Status: common.StatusFailed, + }, + Chart: chartInfo, + }, + } + + tests := []struct { + name string + status common.Status + }{ + {"deployed", common.StatusDeployed}, + {"failed", common.StatusFailed}, + {"pending-install", common.StatusPendingInstall}, + {"pending-upgrade", common.StatusPendingUpgrade}, + {"pending-rollback", common.StatusPendingRollback}, + {"uninstalling", common.StatusUninstalling}, + {"uninstalled", common.StatusUninstalled}, + {"superseded", common.StatusSuperseded}, + {"unknown", common.StatusUnknown}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + testReleases := []*release.Release{ + { + Name: "test-release", + Version: 1, + Namespace: "default", + Info: &release.Info{ + LastDeployed: timestamp, + Status: tt.status, + }, + Chart: chartInfo, + }, + } + + writer := newReleaseListWriter(testReleases, "", false, false) + + var buf []byte + out := &bytesWriter{buf: &buf} + + err := writer.WriteJSON(out) + if err != nil { + t.Errorf("WriteJSON failed: %v", err) + } + + err = writer.WriteYAML(out) + if err != nil { + t.Errorf("WriteYAML failed: %v", err) + } + + err = writer.WriteTable(out) + if err != nil { + t.Errorf("WriteTable failed: %v", err) + } + }) + } + + writer := newReleaseListWriter(releases, "", false, false) + + var buf []byte + out := &bytesWriter{buf: &buf} + + err := writer.WriteJSON(out) + if err != nil { + t.Errorf("WriteJSON failed: %v", err) + } + + err = writer.WriteYAML(out) + if err != nil { + t.Errorf("WriteYAML failed: %v", err) + } + + err = writer.WriteTable(out) + if err != nil { + t.Errorf("WriteTable failed: %v", err) + } +} + +func TestFilterReleases(t *testing.T) { + releases := []*release.Release{ + {Name: "release1"}, + {Name: "release2"}, + {Name: "release3"}, + } + + tests := []struct { + name string + releases []*release.Release + ignoredReleaseNames []string + expectedCount int + }{ + { + name: "nil ignored list", + releases: releases, + ignoredReleaseNames: nil, + expectedCount: 3, + }, + { + name: "empty ignored list", + releases: releases, + ignoredReleaseNames: []string{}, + expectedCount: 3, + }, + { + name: "filter one release", + releases: releases, + ignoredReleaseNames: []string{"release1"}, + expectedCount: 2, + }, + { + name: "filter multiple releases", + releases: releases, + ignoredReleaseNames: []string{"release1", "release3"}, + expectedCount: 1, + }, + { + name: "filter non-existent release", + releases: releases, + ignoredReleaseNames: []string{"non-existent"}, + expectedCount: 3, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := filterReleases(tt.releases, tt.ignoredReleaseNames) + if len(result) != tt.expectedCount { + t.Errorf("Expected %d releases, got %d", tt.expectedCount, len(result)) + } + }) + } +} + +type bytesWriter struct { + buf *[]byte +} + +func (b *bytesWriter) Write(p []byte) (n int, err error) { + *b.buf = append(*b.buf, p...) + return len(p), nil +} + +func TestListCustomTimeFormat(t *testing.T) { + defaultNamespace := "default" + timestamp := time.Unix(1452902400, 0).UTC() + chartInfo := &chart.Chart{ + Metadata: &chart.Metadata{ + Name: "test-chart", + Version: "1.0.0", + AppVersion: "0.0.1", + }, + } + + releaseFixture := []*release.Release{ + { + Name: "test-release", + Version: 1, + Namespace: defaultNamespace, + Info: &release.Info{ + LastDeployed: timestamp, + Status: common.StatusDeployed, + }, + Chart: chartInfo, + }, + } + + tests := []cmdTestCase{{ + name: "list releases with custom time format", + cmd: "list --time-format '2006-01-02 15:04:05'", + golden: "output/list-time-format.txt", + rels: releaseFixture, + }} + runTestCmd(t, tests) +} + +func TestListStatusMapping(t *testing.T) { + defaultNamespace := "default" + timestamp := time.Unix(1452902400, 0).UTC() + chartInfo := &chart.Chart{ + Metadata: &chart.Metadata{ + Name: "test-chart", + Version: "1.0.0", + AppVersion: "0.0.1", + }, + } + + testCases := []struct { + name string + status common.Status + }{ + {"deployed", common.StatusDeployed}, + {"failed", common.StatusFailed}, + {"pending-install", common.StatusPendingInstall}, + {"pending-upgrade", common.StatusPendingUpgrade}, + {"pending-rollback", common.StatusPendingRollback}, + {"uninstalling", common.StatusUninstalling}, + {"uninstalled", common.StatusUninstalled}, + {"superseded", common.StatusSuperseded}, + {"unknown", common.StatusUnknown}, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + releaseFixture := []*release.Release{ + { + Name: "test-release", + Version: 1, + Namespace: defaultNamespace, + Info: &release.Info{ + LastDeployed: timestamp, + Status: tc.status, + }, + Chart: chartInfo, + }, + } + + writer := newReleaseListWriter(releaseFixture, "", false, false) + if len(writer.releases) != 1 { + t.Errorf("Expected 1 release, got %d", len(writer.releases)) + } + + if writer.releases[0].Status != tc.status.String() { + t.Errorf("Expected status %s, got %s", tc.status.String(), writer.releases[0].Status) + } + }) + } +} diff --git a/pkg/cmd/load_plugins.go b/pkg/cmd/load_plugins.go index 5057c1033..ddda5fde6 100644 --- a/pkg/cmd/load_plugins.go +++ b/pkg/cmd/load_plugins.go @@ -20,7 +20,7 @@ import ( "context" "fmt" "io" - "log" + "log/slog" "os" "path/filepath" "slices" @@ -46,11 +46,6 @@ const ( pluginDynamicCompletionExecutable = "plugin.complete" ) -type PluginError struct { - error - Code int -} - // loadCLIPlugins loads CLI plugins into the command list. // // This follows a different pattern than the other commands because it has @@ -68,7 +63,7 @@ func loadCLIPlugins(baseCmd *cobra.Command, out io.Writer) { } found, err := plugin.FindPlugins(dirs, descriptor) if err != nil { - fmt.Fprintf(os.Stderr, "failed to load plugins: %s\n", err) + slog.Error("failed to load plugins", slog.String("error", err.Error())) return } @@ -76,7 +71,7 @@ func loadCLIPlugins(baseCmd *cobra.Command, out io.Writer) { for _, plug := range found { var use, short, long string var ignoreFlags bool - if cliConfig, ok := plug.Metadata().Config.(*plugin.ConfigCLI); ok { + if cliConfig, ok := plug.Metadata().Config.(*schema.ConfigCLIV1); ok { use = cliConfig.Usage short = cliConfig.ShortHelp long = cliConfig.LongHelp @@ -101,8 +96,6 @@ func loadCLIPlugins(baseCmd *cobra.Command, out io.Writer) { if err != nil { return err } - // Setup plugin environment - plugin.SetupPluginEnv(settings, plug.Metadata().Name, plug.Dir()) // For CLI plugin types runtime, set extra args and settings extraArgs := []string{} @@ -120,7 +113,6 @@ func loadCLIPlugins(baseCmd *cobra.Command, out io.Writer) { input := &plugin.Input{ Message: schema.InputMessageCLIV1{ ExtraArgs: extraArgs, - Settings: settings, }, Env: env, Stdin: os.Stdin, @@ -128,12 +120,10 @@ func loadCLIPlugins(baseCmd *cobra.Command, out io.Writer) { Stderr: os.Stderr, } _, err = plug.Invoke(context.Background(), input) - // TODO do we want to keep execErr here? if execErr, ok := err.(*plugin.InvokeExecError); ok { - // TODO can we replace cmd.PluginError with plugin.Error? - return PluginError{ - error: execErr.Err, - Code: execErr.Code, + return CommandError{ + error: execErr.Err, + ExitCode: execErr.ExitCode, } } return err @@ -227,9 +217,7 @@ func loadCompletionForPlugin(pluginCmd *cobra.Command, plug plugin.Plugin) { if err != nil { // The file could be missing or invalid. No static completion for this plugin. - if settings.Debug { - log.Output(2, fmt.Sprintf("[info] %s\n", err.Error())) - } + slog.Debug("plugin completion file loading", slog.String("error", err.Error())) // Continue to setup dynamic completion. cmds = &pluginCommand{} } @@ -248,10 +236,7 @@ func addPluginCommands(plug plugin.Plugin, baseCmd *cobra.Command, cmds *pluginC } if len(cmds.Name) == 0 { - // Missing name for a command - if settings.Debug { - log.Output(2, fmt.Sprintf("[info] sub-command name field missing for %s", baseCmd.CommandPath())) - } + slog.Debug("sub-command name field missing", slog.String("commandPath", baseCmd.CommandPath())) return } @@ -349,7 +334,7 @@ func pluginDynamicComp(plug plugin.Plugin, cmd *cobra.Command, args []string, to } var ignoreFlags bool - if cliConfig, ok := subprocessPlug.Metadata().Config.(*plugin.ConfigCLI); ok { + if cliConfig, ok := subprocessPlug.Metadata().Config.(*schema.ConfigCLIV1); ok { ignoreFlags = cliConfig.IgnoreFlags } @@ -369,7 +354,6 @@ func pluginDynamicComp(plug plugin.Plugin, cmd *cobra.Command, args []string, to argv = append(argv, u...) argv = append(argv, toComplete) } - plugin.SetupPluginEnv(settings, plug.Metadata().Name, plug.Dir()) cobra.CompDebugln(fmt.Sprintf("calling %s with args %v", main, argv), settings.Debug) buf := new(bytes.Buffer) diff --git a/pkg/cmd/package.go b/pkg/cmd/package.go index fc56e936a..36a7dff73 100644 --- a/pkg/cmd/package.go +++ b/pkg/cmd/package.go @@ -76,7 +76,7 @@ func newPackageCmd(out io.Writer) *cobra.Command { } registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } @@ -130,7 +130,7 @@ func newPackageCmd(out io.Writer) *cobra.Command { f.StringVar(&client.Password, "password", "", "chart repository password where to locate the requested chart") f.StringVar(&client.CertFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") f.StringVar(&client.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") - f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") + f.BoolVar(&client.InsecureSkipTLSVerify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&client.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") f.StringVar(&client.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") diff --git a/pkg/cmd/plugin.go b/pkg/cmd/plugin.go index b03000ad4..ba904ef5f 100644 --- a/pkg/cmd/plugin.go +++ b/pkg/cmd/plugin.go @@ -38,6 +38,8 @@ func newPluginCmd(out io.Writer) *cobra.Command { newPluginListCmd(out), newPluginUninstallCmd(out), newPluginUpdateCmd(out), + newPluginPackageCmd(out), + newPluginVerifyCmd(out), ) return cmd } @@ -46,7 +48,6 @@ func newPluginCmd(out io.Writer) *cobra.Command { func runHook(p plugin.Plugin, event string) error { pluginHook, ok := p.(plugin.PluginHook) if ok { - plugin.SetupPluginEnv(settings, p.Metadata().Name, p.Dir()) return pluginHook.InvokeHook(event) } diff --git a/pkg/cmd/plugin_install.go b/pkg/cmd/plugin_install.go index 960404a76..a45c4a3de 100644 --- a/pkg/cmd/plugin_install.go +++ b/pkg/cmd/plugin_install.go @@ -33,11 +33,14 @@ import ( type pluginInstallOptions struct { source string version string + // signing options + verify bool + keyring string // OCI-specific options certFile string keyFile string caFile string - insecureSkipTLSverify bool + insecureSkipTLSVerify bool plainHTTP bool password string username string @@ -45,6 +48,13 @@ type pluginInstallOptions struct { const pluginInstallDesc = ` This command allows you to install a plugin from a url to a VCS repo or a local path. + +By default, plugin signatures are verified before installation when installing from +tarballs (.tgz or .tar.gz). This requires a corresponding .prov file to be available +alongside the tarball. +For local development, plugins installed from local directories are automatically +treated as "local dev" and do not require signatures. +Use --verify=false to skip signature verification for remote plugins. ` func newPluginInstallCmd(out io.Writer) *cobra.Command { @@ -71,12 +81,14 @@ func newPluginInstallCmd(out io.Writer) *cobra.Command { }, } cmd.Flags().StringVar(&o.version, "version", "", "specify a version constraint. If this is not specified, the latest version is installed") + cmd.Flags().BoolVar(&o.verify, "verify", true, "verify the plugin signature before installing") + cmd.Flags().StringVar(&o.keyring, "keyring", defaultKeyring(), "location of public keys used for verification") // Add OCI-specific flags cmd.Flags().StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file") cmd.Flags().StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") cmd.Flags().StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") - cmd.Flags().BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the plugin download") + cmd.Flags().BoolVar(&o.insecureSkipTLSVerify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the plugin download") cmd.Flags().BoolVar(&o.plainHTTP, "plain-http", false, "use insecure HTTP connections for the plugin download") cmd.Flags().StringVar(&o.username, "username", "", "registry username") cmd.Flags().StringVar(&o.password, "password", "", "registry password") @@ -94,7 +106,7 @@ func (o *pluginInstallOptions) newInstallerForSource() (installer.Installer, err // Build getter options for OCI options := []getter.Option{ getter.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile), - getter.WithInsecureSkipVerifyTLS(o.insecureSkipTLSverify), + getter.WithInsecureSkipVerifyTLS(o.insecureSkipTLSVerify), getter.WithPlainHTTP(o.plainHTTP), getter.WithBasicAuth(o.username, o.password), } @@ -113,10 +125,51 @@ func (o *pluginInstallOptions) run(out io.Writer) error { if err != nil { return err } - if err := installer.Install(i); err != nil { + + // Determine if we should verify based on installer type and flags + shouldVerify := o.verify + + // Check if this is a local directory installation (for development) + if localInst, ok := i.(*installer.LocalInstaller); ok && !localInst.SupportsVerification() { + // Local directory installations are allowed without verification + shouldVerify = false + fmt.Fprintf(out, "Installing plugin from local directory (development mode)\n") + } else if shouldVerify { + // For remote installations, check if verification is supported + if verifier, ok := i.(installer.Verifier); !ok || !verifier.SupportsVerification() { + return fmt.Errorf("plugin source does not support verification. Use --verify=false to skip verification") + } + } else { + // User explicitly disabled verification + fmt.Fprintf(out, "WARNING: Skipping plugin signature verification\n") + } + + // Set up installation options + opts := installer.Options{ + Verify: shouldVerify, + Keyring: o.keyring, + } + + // If verify is requested, show verification output + if shouldVerify { + fmt.Fprintf(out, "Verifying plugin signature...\n") + } + + // Install the plugin with options + verifyResult, err := installer.InstallWithOptions(i, opts) + if err != nil { return err } + // If verification was successful, show the details + if verifyResult != nil { + for _, signer := range verifyResult.SignedBy { + fmt.Fprintf(out, "Signed by: %s\n", signer) + } + fmt.Fprintf(out, "Using Key With Fingerprint: %s\n", verifyResult.Fingerprint) + fmt.Fprintf(out, "Plugin Hash Verified: %s\n", verifyResult.FileHash) + } + slog.Debug("loading plugin", "path", i.Path()) p, err := plugin.LoadDir(i.Path()) if err != nil { diff --git a/pkg/cmd/plugin_list.go b/pkg/cmd/plugin_list.go index 31a76330d..74e969e04 100644 --- a/pkg/cmd/plugin_list.go +++ b/pkg/cmd/plugin_list.go @@ -26,6 +26,7 @@ import ( "github.com/spf13/cobra" "helm.sh/helm/v4/internal/plugin" + "helm.sh/helm/v4/internal/plugin/schema" ) func newPluginListCmd(out io.Writer) *cobra.Command { @@ -46,15 +47,23 @@ func newPluginListCmd(out io.Writer) *cobra.Command { return err } + // Get signing info for all plugins + signingInfo := plugin.GetSigningInfoForPlugins(plugins) + table := uitable.New() - table.AddRow("NAME", "VERSION", "TYPE", "APIVERSION", "SOURCE") + table.AddRow("NAME", "VERSION", "TYPE", "APIVERSION", "PROVENANCE", "SOURCE") for _, p := range plugins { m := p.Metadata() sourceURL := m.SourceURL if sourceURL == "" { sourceURL = "unknown" } - table.AddRow(m.Name, m.Version, m.Type, m.APIVersion, sourceURL) + // Get signing status + signedStatus := "unknown" + if info, ok := signingInfo[m.Name]; ok { + signedStatus = info.Status + } + table.AddRow(m.Name, m.Version, m.Type, m.APIVersion, signedStatus, sourceURL) } fmt.Fprintln(out, table) return nil @@ -98,7 +107,7 @@ func compListPlugins(_ string, ignoredPluginNames []string) []string { for _, p := range filteredPlugins { m := p.Metadata() var shortHelp string - if config, ok := m.Config.(*plugin.ConfigCLI); ok { + if config, ok := m.Config.(*schema.ConfigCLIV1); ok { shortHelp = config.ShortHelp } pNames = append(pNames, fmt.Sprintf("%s\t%s", p.Metadata().Name, shortHelp)) diff --git a/pkg/cmd/plugin_package.go b/pkg/cmd/plugin_package.go new file mode 100644 index 000000000..05f8bb5ad --- /dev/null +++ b/pkg/cmd/plugin_package.go @@ -0,0 +1,216 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package cmd + +import ( + "bytes" + "errors" + "fmt" + "io" + "os" + "path/filepath" + "syscall" + + "github.com/spf13/cobra" + "golang.org/x/term" + + "helm.sh/helm/v4/internal/plugin" + "helm.sh/helm/v4/pkg/cmd/require" + "helm.sh/helm/v4/pkg/provenance" +) + +const pluginPackageDesc = ` +This command packages a Helm plugin directory into a tarball. + +By default, the command will generate a provenance file signed with a PGP key. +This ensures the plugin can be verified after installation. + +Use --sign=false to skip signing (not recommended for distribution). +` + +type pluginPackageOptions struct { + sign bool + keyring string + key string + passphraseFile string + pluginPath string + destination string +} + +func newPluginPackageCmd(out io.Writer) *cobra.Command { + o := &pluginPackageOptions{} + + cmd := &cobra.Command{ + Use: "package [PATH]", + Short: "package a plugin directory into a plugin archive", + Long: pluginPackageDesc, + Args: require.ExactArgs(1), + RunE: func(_ *cobra.Command, args []string) error { + o.pluginPath = args[0] + return o.run(out) + }, + } + + f := cmd.Flags() + f.BoolVar(&o.sign, "sign", true, "use a PGP private key to sign this plugin") + f.StringVar(&o.key, "key", "", "name of the key to use when signing. Used if --sign is true") + f.StringVar(&o.keyring, "keyring", defaultKeyring(), "location of a public keyring") + f.StringVar(&o.passphraseFile, "passphrase-file", "", "location of a file which contains the passphrase for the signing key. Use \"-\" to read from stdin.") + f.StringVarP(&o.destination, "destination", "d", ".", "location to write the plugin tarball.") + + return cmd +} + +func (o *pluginPackageOptions) run(out io.Writer) error { + // Check if the plugin path exists and is a directory + fi, err := os.Stat(o.pluginPath) + if err != nil { + return err + } + if !fi.IsDir() { + return fmt.Errorf("plugin package only supports directories, not tarballs") + } + + // Load and validate plugin metadata + pluginMeta, err := plugin.LoadDir(o.pluginPath) + if err != nil { + return fmt.Errorf("invalid plugin directory: %w", err) + } + + // Create destination directory if needed + if err := os.MkdirAll(o.destination, 0755); err != nil { + return err + } + + // If signing is requested, prepare the signer first + var signer *provenance.Signatory + if o.sign { + // Load the signing key + signer, err = provenance.NewFromKeyring(o.keyring, o.key) + if err != nil { + return fmt.Errorf("error reading from keyring: %w", err) + } + + // Get passphrase + passphraseFetcher := o.promptUser + if o.passphraseFile != "" { + passphraseFetcher, err = o.passphraseFileFetcher() + if err != nil { + return err + } + } + + // Decrypt the key + if err := signer.DecryptKey(passphraseFetcher); err != nil { + return err + } + } else { + // User explicitly disabled signing + fmt.Fprintf(out, "WARNING: Skipping plugin signing. This is not recommended for plugins intended for distribution.\n") + } + + // Now create the tarball (only after signing prerequisites are met) + // Use plugin metadata for filename: PLUGIN_NAME-SEMVER.tgz + metadata := pluginMeta.Metadata() + filename := fmt.Sprintf("%s-%s.tgz", metadata.Name, metadata.Version) + tarballPath := filepath.Join(o.destination, filename) + + tarFile, err := os.Create(tarballPath) + if err != nil { + return fmt.Errorf("failed to create tarball: %w", err) + } + defer tarFile.Close() + + if err := plugin.CreatePluginTarball(o.pluginPath, metadata.Name, tarFile); err != nil { + os.Remove(tarballPath) + return fmt.Errorf("failed to create plugin tarball: %w", err) + } + tarFile.Close() // Ensure file is closed before signing + + // If signing was requested, sign the tarball + if o.sign { + // Read the tarball data + tarballData, err := os.ReadFile(tarballPath) + if err != nil { + os.Remove(tarballPath) + return fmt.Errorf("failed to read tarball for signing: %w", err) + } + + // Sign the plugin tarball data + sig, err := plugin.SignPlugin(tarballData, filepath.Base(tarballPath), signer) + if err != nil { + os.Remove(tarballPath) + return fmt.Errorf("failed to sign plugin: %w", err) + } + + // Write the signature + provFile := tarballPath + ".prov" + if err := os.WriteFile(provFile, []byte(sig), 0644); err != nil { + os.Remove(tarballPath) + return err + } + + fmt.Fprintf(out, "Successfully signed. Signature written to: %s\n", provFile) + } + + fmt.Fprintf(out, "Successfully packaged plugin and saved it to: %s\n", tarballPath) + + return nil +} + +func (o *pluginPackageOptions) promptUser(name string) ([]byte, error) { + fmt.Printf("Password for key %q > ", name) + pw, err := term.ReadPassword(int(syscall.Stdin)) + fmt.Println() + return pw, err +} + +func (o *pluginPackageOptions) passphraseFileFetcher() (provenance.PassphraseFetcher, error) { + file, err := openPassphraseFile(o.passphraseFile, os.Stdin) + if err != nil { + return nil, err + } + defer file.Close() + + // Read the entire passphrase + passphrase, err := io.ReadAll(file) + if err != nil { + return nil, err + } + + // Trim any trailing newline characters (both \n and \r\n) + passphrase = bytes.TrimRight(passphrase, "\r\n") + + return func(_ string) ([]byte, error) { + return passphrase, nil + }, nil +} + +// copied from action.openPassphraseFile +// TODO: should we move this to pkg/action so we can reuse the func from there? +func openPassphraseFile(passphraseFile string, stdin *os.File) (*os.File, error) { + if passphraseFile == "-" { + stat, err := stdin.Stat() + if err != nil { + return nil, err + } + if (stat.Mode() & os.ModeNamedPipe) == 0 { + return nil, errors.New("specified reading passphrase from stdin, without input on stdin") + } + return stdin, nil + } + return os.Open(passphraseFile) +} diff --git a/pkg/cmd/plugin_package_test.go b/pkg/cmd/plugin_package_test.go new file mode 100644 index 000000000..7d97562f8 --- /dev/null +++ b/pkg/cmd/plugin_package_test.go @@ -0,0 +1,170 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package cmd + +import ( + "bytes" + "os" + "path/filepath" + "strings" + "testing" +) + +// Common plugin.yaml content for v1 format tests +const testPluginYAML = `apiVersion: v1 +name: test-plugin +version: 1.0.0 +type: cli/v1 +runtime: subprocess +config: + usage: test-plugin [flags] + shortHelp: A test plugin + longHelp: A test plugin for testing purposes +runtimeConfig: + platformCommand: + - os: linux + command: echo + args: ["test"]` + +func TestPluginPackageWithoutSigning(t *testing.T) { + // Create a test plugin directory + tempDir := t.TempDir() + pluginDir := filepath.Join(tempDir, "test-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatal(err) + } + + // Create a plugin.yaml file + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(testPluginYAML), 0644); err != nil { + t.Fatal(err) + } + + // Create package options with sign=false + o := &pluginPackageOptions{ + sign: false, // Explicitly disable signing + pluginPath: pluginDir, + destination: tempDir, + } + + // Run the package command + out := &bytes.Buffer{} + err := o.run(out) + + // Should succeed without error + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + // Check that tarball was created with plugin name and version + tarballPath := filepath.Join(tempDir, "test-plugin-1.0.0.tgz") + if _, err := os.Stat(tarballPath); os.IsNotExist(err) { + t.Error("tarball should exist when sign=false") + } + + // Check that no .prov file was created + provPath := tarballPath + ".prov" + if _, err := os.Stat(provPath); !os.IsNotExist(err) { + t.Error("provenance file should not exist when sign=false") + } + + // Output should contain warning about skipping signing + output := out.String() + if !strings.Contains(output, "WARNING: Skipping plugin signing") { + t.Error("should print warning when signing is skipped") + } + if !strings.Contains(output, "Successfully packaged") { + t.Error("should print success message") + } +} + +func TestPluginPackageDefaultRequiresSigning(t *testing.T) { + // Create a test plugin directory + tempDir := t.TempDir() + pluginDir := filepath.Join(tempDir, "test-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatal(err) + } + + // Create a plugin.yaml file + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(testPluginYAML), 0644); err != nil { + t.Fatal(err) + } + + // Create package options with default sign=true and invalid keyring + o := &pluginPackageOptions{ + sign: true, // This is now the default + keyring: "/non/existent/keyring", + pluginPath: pluginDir, + destination: tempDir, + } + + // Run the package command + out := &bytes.Buffer{} + err := o.run(out) + + // Should fail because signing is required by default + if err == nil { + t.Error("expected error when signing fails with default settings") + } + + // Check that no tarball was created + tarballPath := filepath.Join(tempDir, "test-plugin.tgz") + if _, err := os.Stat(tarballPath); !os.IsNotExist(err) { + t.Error("tarball should not exist when signing fails") + } +} + +func TestPluginPackageSigningFailure(t *testing.T) { + // Create a test plugin directory + tempDir := t.TempDir() + pluginDir := filepath.Join(tempDir, "test-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatal(err) + } + + // Create a plugin.yaml file + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(testPluginYAML), 0644); err != nil { + t.Fatal(err) + } + + // Create package options with sign flag but invalid keyring + o := &pluginPackageOptions{ + sign: true, + keyring: "/non/existent/keyring", // This will cause signing to fail + pluginPath: pluginDir, + destination: tempDir, + } + + // Run the package command + out := &bytes.Buffer{} + err := o.run(out) + + // Should get an error + if err == nil { + t.Error("expected error when signing fails, got nil") + } + + // Check that no tarball was created + tarballPath := filepath.Join(tempDir, "test-plugin.tgz") + if _, err := os.Stat(tarballPath); !os.IsNotExist(err) { + t.Error("tarball should not exist when signing fails") + } + + // Output should not contain success message + if bytes.Contains(out.Bytes(), []byte("Successfully packaged")) { + t.Error("should not print success message when signing fails") + } +} diff --git a/pkg/cmd/plugin_test.go b/pkg/cmd/plugin_test.go index b476b80d2..f7a418569 100644 --- a/pkg/cmd/plugin_test.go +++ b/pkg/cmd/plugin_test.go @@ -17,6 +17,7 @@ package cmd import ( "bytes" + "fmt" "os" "runtime" "strings" @@ -93,14 +94,14 @@ func TestLoadCLIPlugins(t *testing.T) { ) loadCLIPlugins(&cmd, &out) - envs := strings.Join([]string{ - "fullenv", - "testdata/helmhome/helm/plugins/fullenv", - "testdata/helmhome/helm/plugins", - "testdata/helmhome/helm/repositories.yaml", - "testdata/helmhome/helm/repository", - os.Args[0], - }, "\n") + fullEnvOutput := strings.Join([]string{ + "HELM_PLUGIN_NAME=fullenv", + "HELM_PLUGIN_DIR=testdata/helmhome/helm/plugins/fullenv", + "HELM_PLUGINS=testdata/helmhome/helm/plugins", + "HELM_REPOSITORY_CONFIG=testdata/helmhome/helm/repositories.yaml", + "HELM_REPOSITORY_CACHE=testdata/helmhome/helm/repository", + fmt.Sprintf("HELM_BIN=%s", os.Args[0]), + }, "\n") + "\n" // Test that the YAML file was correctly converted to a command. tests := []struct { @@ -113,47 +114,50 @@ func TestLoadCLIPlugins(t *testing.T) { }{ {"args", "echo args", "This echos args", "-a -b -c\n", []string{"-a", "-b", "-c"}, 0}, {"echo", "echo stuff", "This echos stuff", "hello\n", []string{}, 0}, - {"env", "env stuff", "show the env", "env\n", []string{}, 0}, + {"env", "env stuff", "show the env", "HELM_PLUGIN_NAME=env\n", []string{}, 0}, {"exitwith", "exitwith code", "This exits with the specified exit code", "", []string{"2"}, 2}, - {"fullenv", "show env vars", "show all env vars", envs + "\n", []string{}, 0}, + {"fullenv", "show env vars", "show all env vars", fullEnvOutput, []string{}, 0}, } - plugins := cmd.Commands() + pluginCmds := cmd.Commands() - require.Len(t, plugins, len(tests), "Expected %d plugins, got %d", len(tests), len(plugins)) + require.Len(t, pluginCmds, len(tests), "Expected %d plugins, got %d", len(tests), len(pluginCmds)) - for i := 0; i < len(plugins); i++ { + for i := range pluginCmds { out.Reset() tt := tests[i] - pp := plugins[i] - if pp.Use != tt.use { - t.Errorf("%d: Expected Use=%q, got %q", i, tt.use, pp.Use) - } - if pp.Short != tt.short { - t.Errorf("%d: Expected Use=%q, got %q", i, tt.short, pp.Short) - } - if pp.Long != tt.long { - t.Errorf("%d: Expected Use=%q, got %q", i, tt.long, pp.Long) - } + pluginCmd := pluginCmds[i] + t.Run(fmt.Sprintf("%s-%d", pluginCmd.Name(), i), func(t *testing.T) { + out.Reset() + if pluginCmd.Use != tt.use { + t.Errorf("%d: Expected Use=%q, got %q", i, tt.use, pluginCmd.Use) + } + if pluginCmd.Short != tt.short { + t.Errorf("%d: Expected Use=%q, got %q", i, tt.short, pluginCmd.Short) + } + if pluginCmd.Long != tt.long { + t.Errorf("%d: Expected Use=%q, got %q", i, tt.long, pluginCmd.Long) + } - // Currently, plugins assume a Linux subsystem. Skip the execution - // tests until this is fixed - if runtime.GOOS != "windows" { - if err := pp.RunE(pp, tt.args); err != nil { - if tt.code > 0 { - perr, ok := err.(PluginError) - if !ok { - t.Errorf("Expected %s to return pluginError: got %v(%T)", tt.use, err, err) + // Currently, plugins assume a Linux subsystem. Skip the execution + // tests until this is fixed + if runtime.GOOS != "windows" { + if err := pluginCmd.RunE(pluginCmd, tt.args); err != nil { + if tt.code > 0 { + cerr, ok := err.(CommandError) + if !ok { + t.Errorf("Expected %s to return pluginError: got %v(%T)", tt.use, err, err) + } + if cerr.ExitCode != tt.code { + t.Errorf("Expected %s to return %d: got %d", tt.use, tt.code, cerr.ExitCode) + } + } else { + t.Errorf("Error running %s: %+v", tt.use, err) } - if perr.Code != tt.code { - t.Errorf("Expected %s to return %d: got %d", tt.use, tt.code, perr.Code) - } - } else { - t.Errorf("Error running %s: %+v", tt.use, err) } + assert.Equal(t, tt.expect, out.String(), "expected output for %q", tt.use) } - assert.Equal(t, tt.expect, out.String(), "expected output for %s", tt.use) - } + }) } } @@ -214,12 +218,12 @@ func TestLoadPluginsWithSpace(t *testing.T) { if runtime.GOOS != "windows" { if err := pp.RunE(pp, tt.args); err != nil { if tt.code > 0 { - perr, ok := err.(PluginError) + cerr, ok := err.(CommandError) if !ok { t.Errorf("Expected %s to return pluginError: got %v(%T)", tt.use, err, err) } - if perr.Code != tt.code { - t.Errorf("Expected %s to return %d: got %d", tt.use, tt.code, perr.Code) + if cerr.ExitCode != tt.code { + t.Errorf("Expected %s to return %d: got %d", tt.use, tt.code, cerr.ExitCode) } } else { t.Errorf("Error running %s: %+v", tt.use, err) diff --git a/pkg/cmd/plugin_verify.go b/pkg/cmd/plugin_verify.go new file mode 100644 index 000000000..5f89e743e --- /dev/null +++ b/pkg/cmd/plugin_verify.go @@ -0,0 +1,123 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package cmd + +import ( + "fmt" + "io" + "os" + "path/filepath" + + "github.com/spf13/cobra" + + "helm.sh/helm/v4/internal/plugin" + "helm.sh/helm/v4/pkg/cmd/require" +) + +const pluginVerifyDesc = ` +This command verifies that a Helm plugin has a valid provenance file, +and that the provenance file is signed by a trusted PGP key. + +It supports both: +- Plugin tarballs (.tgz or .tar.gz files) +- Installed plugin directories + +For installed plugins, use the path shown by 'helm env HELM_PLUGINS' followed +by the plugin name. For example: + helm plugin verify ~/.local/share/helm/plugins/example-cli + +To generate a signed plugin, use the 'helm plugin package --sign' command. +` + +type pluginVerifyOptions struct { + keyring string + pluginPath string +} + +func newPluginVerifyCmd(out io.Writer) *cobra.Command { + o := &pluginVerifyOptions{} + + cmd := &cobra.Command{ + Use: "verify [PATH]", + Short: "verify that a plugin at the given path has been signed and is valid", + Long: pluginVerifyDesc, + Args: require.ExactArgs(1), + RunE: func(_ *cobra.Command, args []string) error { + o.pluginPath = args[0] + return o.run(out) + }, + } + + cmd.Flags().StringVar(&o.keyring, "keyring", defaultKeyring(), "keyring containing public keys") + + return cmd +} + +func (o *pluginVerifyOptions) run(out io.Writer) error { + // Verify the plugin path exists + fi, err := os.Stat(o.pluginPath) + if err != nil { + return err + } + + // Only support tarball verification + if fi.IsDir() { + return fmt.Errorf("directory verification not supported - only plugin tarballs can be verified") + } + + // Verify it's a tarball + if !plugin.IsTarball(o.pluginPath) { + return fmt.Errorf("plugin file must be a gzipped tarball (.tar.gz or .tgz)") + } + + // Look for provenance file + provFile := o.pluginPath + ".prov" + if _, err := os.Stat(provFile); err != nil { + return fmt.Errorf("could not find provenance file %s: %w", provFile, err) + } + + // Read the files + archiveData, err := os.ReadFile(o.pluginPath) + if err != nil { + return fmt.Errorf("failed to read plugin file: %w", err) + } + + provData, err := os.ReadFile(provFile) + if err != nil { + return fmt.Errorf("failed to read provenance file: %w", err) + } + + // Verify the plugin using data + verification, err := plugin.VerifyPlugin(archiveData, provData, filepath.Base(o.pluginPath), o.keyring) + if err != nil { + return err + } + + // Output verification details + for name := range verification.SignedBy.Identities { + fmt.Fprintf(out, "Signed by: %v\n", name) + } + fmt.Fprintf(out, "Using Key With Fingerprint: %X\n", verification.SignedBy.PrimaryKey.Fingerprint) + + // Only show hash for tarballs + if verification.FileHash != "" { + fmt.Fprintf(out, "Plugin Hash Verified: %s\n", verification.FileHash) + } else { + fmt.Fprintf(out, "Plugin Metadata Verified: %s\n", verification.FileName) + } + + return nil +} diff --git a/pkg/cmd/plugin_verify_test.go b/pkg/cmd/plugin_verify_test.go new file mode 100644 index 000000000..e631814dd --- /dev/null +++ b/pkg/cmd/plugin_verify_test.go @@ -0,0 +1,264 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package cmd + +import ( + "bytes" + "crypto/sha256" + "fmt" + "os" + "path/filepath" + "strings" + "testing" + + "helm.sh/helm/v4/internal/plugin" + "helm.sh/helm/v4/internal/test/ensure" +) + +func TestPluginVerifyCmd_NoArgs(t *testing.T) { + ensure.HelmHome(t) + + out := &bytes.Buffer{} + cmd := newPluginVerifyCmd(out) + cmd.SetArgs([]string{}) + + err := cmd.Execute() + if err == nil { + t.Error("expected error when no arguments provided") + } + if !strings.Contains(err.Error(), "requires 1 argument") { + t.Errorf("expected 'requires 1 argument' error, got: %v", err) + } +} + +func TestPluginVerifyCmd_TooManyArgs(t *testing.T) { + ensure.HelmHome(t) + + out := &bytes.Buffer{} + cmd := newPluginVerifyCmd(out) + cmd.SetArgs([]string{"plugin1", "plugin2"}) + + err := cmd.Execute() + if err == nil { + t.Error("expected error when too many arguments provided") + } + if !strings.Contains(err.Error(), "requires 1 argument") { + t.Errorf("expected 'requires 1 argument' error, got: %v", err) + } +} + +func TestPluginVerifyCmd_NonexistentFile(t *testing.T) { + ensure.HelmHome(t) + + out := &bytes.Buffer{} + cmd := newPluginVerifyCmd(out) + cmd.SetArgs([]string{"/nonexistent/plugin.tgz"}) + + err := cmd.Execute() + if err == nil { + t.Error("expected error when plugin file doesn't exist") + } +} + +func TestPluginVerifyCmd_MissingProvenance(t *testing.T) { + ensure.HelmHome(t) + + // Create a plugin tarball without .prov file + pluginTgz := createTestPluginTarball(t) + defer os.Remove(pluginTgz) + + out := &bytes.Buffer{} + cmd := newPluginVerifyCmd(out) + cmd.SetArgs([]string{pluginTgz}) + + err := cmd.Execute() + if err == nil { + t.Error("expected error when .prov file is missing") + } + if !strings.Contains(err.Error(), "could not find provenance file") { + t.Errorf("expected 'could not find provenance file' error, got: %v", err) + } +} + +func TestPluginVerifyCmd_InvalidProvenance(t *testing.T) { + ensure.HelmHome(t) + + // Create a plugin tarball with invalid .prov file + pluginTgz := createTestPluginTarball(t) + defer os.Remove(pluginTgz) + + // Create invalid .prov file + provFile := pluginTgz + ".prov" + if err := os.WriteFile(provFile, []byte("invalid provenance"), 0644); err != nil { + t.Fatal(err) + } + defer os.Remove(provFile) + + out := &bytes.Buffer{} + cmd := newPluginVerifyCmd(out) + cmd.SetArgs([]string{pluginTgz}) + + err := cmd.Execute() + if err == nil { + t.Error("expected error when .prov file is invalid") + } +} + +func TestPluginVerifyCmd_DirectoryNotSupported(t *testing.T) { + ensure.HelmHome(t) + + // Create a plugin directory + pluginDir := createTestPluginDir(t) + + out := &bytes.Buffer{} + cmd := newPluginVerifyCmd(out) + cmd.SetArgs([]string{pluginDir}) + + err := cmd.Execute() + if err == nil { + t.Error("expected error when verifying directory") + } + if !strings.Contains(err.Error(), "directory verification not supported") { + t.Errorf("expected 'directory verification not supported' error, got: %v", err) + } +} + +func TestPluginVerifyCmd_KeyringFlag(t *testing.T) { + ensure.HelmHome(t) + + // Create a plugin tarball with .prov file + pluginTgz := createTestPluginTarball(t) + defer os.Remove(pluginTgz) + + // Create .prov file + provFile := pluginTgz + ".prov" + createProvFile(t, provFile, pluginTgz, "") + defer os.Remove(provFile) + + // Create empty keyring file + keyring := createTestKeyring(t) + defer os.Remove(keyring) + + out := &bytes.Buffer{} + cmd := newPluginVerifyCmd(out) + cmd.SetArgs([]string{"--keyring", keyring, pluginTgz}) + + // Should fail with keyring error but command parsing should work + err := cmd.Execute() + if err == nil { + t.Error("expected error with empty keyring") + } + // The important thing is that the keyring flag was parsed and used +} + +func TestPluginVerifyOptions_Run_Success(t *testing.T) { + // Skip this test as it would require real PGP keys and valid signatures + // The core verification logic is thoroughly tested in internal/plugin/verify_test.go + t.Skip("Success case requires real PGP keys - core logic tested in internal/plugin/verify_test.go") +} + +// Helper functions for test setup + +func createTestPluginDir(t *testing.T) string { + t.Helper() + + // Create temporary directory with plugin structure + tmpDir := t.TempDir() + pluginDir := filepath.Join(tmpDir, "test-plugin") + if err := os.MkdirAll(pluginDir, 0755); err != nil { + t.Fatalf("Failed to create plugin directory: %v", err) + } + + // Use the same plugin YAML as other cmd tests + if err := os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(testPluginYAML), 0644); err != nil { + t.Fatalf("Failed to create plugin.yaml: %v", err) + } + + return pluginDir +} + +func createTestPluginTarball(t *testing.T) string { + t.Helper() + + pluginDir := createTestPluginDir(t) + + // Create tarball using the plugin package helper + tmpDir := filepath.Dir(pluginDir) + tgzPath := filepath.Join(tmpDir, "test-plugin-1.0.0.tgz") + tarFile, err := os.Create(tgzPath) + if err != nil { + t.Fatalf("Failed to create tarball file: %v", err) + } + defer tarFile.Close() + + if err := plugin.CreatePluginTarball(pluginDir, "test-plugin", tarFile); err != nil { + t.Fatalf("Failed to create tarball: %v", err) + } + + return tgzPath +} + +func createProvFile(t *testing.T, provFile, pluginTgz, hash string) { + t.Helper() + + var hashStr string + if hash == "" { + // Calculate actual hash of the tarball + data, err := os.ReadFile(pluginTgz) + if err != nil { + t.Fatalf("Failed to read tarball for hashing: %v", err) + } + hashSum := sha256.Sum256(data) + hashStr = fmt.Sprintf("sha256:%x", hashSum) + } else { + // Use provided hash + hashStr = hash + } + + // Create properly formatted provenance file with specified hash + provContent := fmt.Sprintf(`-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +name: test-plugin +version: 1.0.0 +description: Test plugin for verification +files: + test-plugin-1.0.0.tgz: %s +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAEBCAAGBQJktest... +-----END PGP SIGNATURE----- +`, hashStr) + if err := os.WriteFile(provFile, []byte(provContent), 0644); err != nil { + t.Fatalf("Failed to create provenance file: %v", err) + } +} + +func createTestKeyring(t *testing.T) string { + t.Helper() + + // Create a temporary keyring file + tmpDir := t.TempDir() + keyringPath := filepath.Join(tmpDir, "pubring.gpg") + + // Create empty keyring for testing + if err := os.WriteFile(keyringPath, []byte{}, 0644); err != nil { + t.Fatalf("Failed to create test keyring: %v", err) + } + + return keyringPath +} diff --git a/pkg/cmd/pull.go b/pkg/cmd/pull.go index e3d93c049..922698c6c 100644 --- a/pkg/cmd/pull.go +++ b/pkg/cmd/pull.go @@ -66,7 +66,7 @@ func newPullCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/pkg/cmd/pull_test.go b/pkg/cmd/pull_test.go index c3156c394..c24bf33b7 100644 --- a/pkg/cmd/pull_test.go +++ b/pkg/cmd/pull_test.go @@ -24,7 +24,7 @@ import ( "path/filepath" "testing" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestPullCmd(t *testing.T) { diff --git a/pkg/cmd/push.go b/pkg/cmd/push.go index 94d322b9d..f57a7c52f 100644 --- a/pkg/cmd/push.go +++ b/pkg/cmd/push.go @@ -38,7 +38,7 @@ type registryPushOptions struct { certFile string keyFile string caFile string - insecureSkipTLSverify bool + insecureSkipTLSVerify bool plainHTTP bool password string username string @@ -71,7 +71,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { }, RunE: func(_ *cobra.Command, args []string) error { registryClient, err := newRegistryClient( - o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify, o.plainHTTP, o.username, o.password, + o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSVerify, o.plainHTTP, o.username, o.password, ) if err != nil { @@ -82,7 +82,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { remote := args[1] client := action.NewPushWithOpts(action.WithPushConfig(cfg), action.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile), - action.WithInsecureSkipTLSVerify(o.insecureSkipTLSverify), + action.WithInsecureSkipTLSVerify(o.insecureSkipTLSVerify), action.WithPlainHTTP(o.plainHTTP), action.WithPushOptWriter(out)) client.Settings = settings @@ -99,7 +99,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file") f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") - f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload") + f.BoolVar(&o.insecureSkipTLSVerify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload") f.BoolVar(&o.plainHTTP, "plain-http", false, "use insecure HTTP connections for the chart upload") f.StringVar(&o.username, "username", "", "chart repository username where to locate the requested chart") f.StringVar(&o.password, "password", "", "chart repository password where to locate the requested chart") diff --git a/pkg/cmd/release_testing.go b/pkg/cmd/release_testing.go index b660a16c5..88a6f351f 100644 --- a/pkg/cmd/release_testing.go +++ b/pkg/cmd/release_testing.go @@ -65,19 +65,23 @@ func newReleaseTestCmd(cfg *action.Configuration, out io.Writer) *cobra.Command client.Filters[action.ExcludeNameFilter] = append(client.Filters[action.ExcludeNameFilter], notName.ReplaceAllLiteralString(f, "")) } } - rel, runErr := client.Run(args[0]) + reli, runErr := client.Run(args[0]) // We only return an error if we weren't even able to get the // release, otherwise we keep going so we can print status and logs // if requested - if runErr != nil && rel == nil { + if runErr != nil && reli == nil { return runErr } + rel, err := releaserToV1Release(reli) + if err != nil { + return err + } if err := outfmt.Write(out, &statusPrinter{ release: rel, debug: settings.Debug, showMetadata: false, - hideNotes: client.HideNotes, + hideNotes: true, noColor: settings.ShouldDisableColor(), }); err != nil { return err @@ -99,7 +103,6 @@ func newReleaseTestCmd(cfg *action.Configuration, out io.Writer) *cobra.Command f.DurationVar(&client.Timeout, "timeout", 300*time.Second, "time to wait for any individual Kubernetes operation (like Jobs for hooks)") f.BoolVar(&outputLogs, "logs", false, "dump the logs from test pods (this runs after all tests are complete, but before any cleanup)") f.StringSliceVar(&filter, "filter", []string{}, "specify tests by attribute (currently \"name\") using attribute=value syntax or '!attribute=value' to exclude a test (can specify multiple or separate values with commas: name=test1,name=test2)") - f.BoolVar(&client.HideNotes, "hide-notes", false, "if set, do not show notes in test output. Does not affect presence in chart metadata") return cmd } diff --git a/pkg/cmd/release_testing_test.go b/pkg/cmd/release_testing_test.go index 43599ad0d..fdb5df1e9 100644 --- a/pkg/cmd/release_testing_test.go +++ b/pkg/cmd/release_testing_test.go @@ -17,7 +17,17 @@ limitations under the License. package cmd import ( + "bytes" + "io" + "strings" "testing" + + "helm.sh/helm/v4/pkg/action" + "helm.sh/helm/v4/pkg/chart/common" + chart "helm.sh/helm/v4/pkg/chart/v2" + kubefake "helm.sh/helm/v4/pkg/kube/fake" + rcommon "helm.sh/helm/v4/pkg/release/common" + release "helm.sh/helm/v4/pkg/release/v1" ) func TestReleaseTestingCompletion(t *testing.T) { @@ -28,3 +38,44 @@ func TestReleaseTestingFileCompletion(t *testing.T) { checkFileCompletion(t, "test", false) checkFileCompletion(t, "test myrelease", false) } + +func TestReleaseTestNotesHandling(t *testing.T) { + // Test that ensures notes behavior is correct for test command + // This is a simpler test that focuses on the core functionality + + rel := &release.Release{ + Name: "test-release", + Namespace: "default", + Info: &release.Info{ + Status: rcommon.StatusDeployed, + Notes: "Some important notes that should be hidden by default", + }, + Chart: &chart.Chart{Metadata: &chart.Metadata{Name: "test", Version: "1.0.0"}}, + } + + // Set up storage + store := storageFixture() + store.Create(rel) + + // Set up action configuration properly + actionConfig := &action.Configuration{ + Releases: store, + KubeClient: &kubefake.FailingKubeClient{PrintingKubeClient: kubefake.PrintingKubeClient{Out: io.Discard}}, + Capabilities: common.DefaultCapabilities, + } + + // Test the newReleaseTestCmd function directly + var buf1 bytes.Buffer + + // Test 1: Default behavior (should hide notes) + cmd1 := newReleaseTestCmd(actionConfig, &buf1) + cmd1.SetArgs([]string{"test-release"}) + err1 := cmd1.Execute() + if err1 != nil { + t.Fatalf("Unexpected error for default test: %v", err1) + } + output1 := buf1.String() + if strings.Contains(output1, "NOTES:") { + t.Errorf("Expected notes to be hidden by default, but found NOTES section in output: %s", output1) + } +} diff --git a/pkg/cmd/repo_add.go b/pkg/cmd/repo_add.go index 187234486..3fc1a7249 100644 --- a/pkg/cmd/repo_add.go +++ b/pkg/cmd/repo_add.go @@ -34,7 +34,7 @@ import ( "helm.sh/helm/v4/pkg/cmd/require" "helm.sh/helm/v4/pkg/getter" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) // Repositories that have been permanently deleted and no longer work @@ -57,7 +57,7 @@ type repoAddOptions struct { certFile string keyFile string caFile string - insecureSkipTLSverify bool + insecureSkipTLSVerify bool repoFile string repoCache string @@ -94,7 +94,7 @@ func newRepoAddCmd(out io.Writer) *cobra.Command { f.StringVar(&o.certFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") f.StringVar(&o.keyFile, "key-file", "", "identify HTTPS client using this SSL key file") f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") - f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the repository") + f.BoolVar(&o.insecureSkipTLSVerify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the repository") f.BoolVar(&o.allowDeprecatedRepos, "allow-deprecated-repos", false, "by default, this command will not allow adding official repos that have been permanently deleted. This disables that behavior") f.BoolVar(&o.passCredentialsAll, "pass-credentials", false, "pass credentials to all domains") f.DurationVar(&o.timeout, "timeout", getter.DefaultHTTPTimeout*time.Second, "time to wait for the index file download to complete") @@ -177,7 +177,7 @@ func (o *repoAddOptions) run(out io.Writer) error { CertFile: o.certFile, KeyFile: o.keyFile, CAFile: o.caFile, - InsecureSkipTLSverify: o.insecureSkipTLSverify, + InsecureSkipTLSVerify: o.insecureSkipTLSVerify, } // Check if the repo name is legal diff --git a/pkg/cmd/repo_add_test.go b/pkg/cmd/repo_add_test.go index aa6c4eaad..6d3696f52 100644 --- a/pkg/cmd/repo_add_test.go +++ b/pkg/cmd/repo_add_test.go @@ -31,8 +31,8 @@ import ( "helm.sh/helm/v4/pkg/helmpath" "helm.sh/helm/v4/pkg/helmpath/xdg" - "helm.sh/helm/v4/pkg/repo" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestRepoAddCmd(t *testing.T) { diff --git a/pkg/cmd/repo_index.go b/pkg/cmd/repo_index.go index c17fd9391..ece0ce811 100644 --- a/pkg/cmd/repo_index.go +++ b/pkg/cmd/repo_index.go @@ -27,7 +27,7 @@ import ( "github.com/spf13/cobra" "helm.sh/helm/v4/pkg/cmd/require" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) const repoIndexDesc = ` diff --git a/pkg/cmd/repo_index_test.go b/pkg/cmd/repo_index_test.go index c865c8a5d..c8959f21e 100644 --- a/pkg/cmd/repo_index_test.go +++ b/pkg/cmd/repo_index_test.go @@ -24,7 +24,7 @@ import ( "path/filepath" "testing" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) func TestRepoIndexCmd(t *testing.T) { diff --git a/pkg/cmd/repo_list.go b/pkg/cmd/repo_list.go index 70f57992e..10b4442a0 100644 --- a/pkg/cmd/repo_list.go +++ b/pkg/cmd/repo_list.go @@ -25,7 +25,7 @@ import ( "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cmd/require" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) func newRepoListCmd(out io.Writer) *cobra.Command { diff --git a/pkg/cmd/repo_remove.go b/pkg/cmd/repo_remove.go index d0a3aa205..330e69d3a 100644 --- a/pkg/cmd/repo_remove.go +++ b/pkg/cmd/repo_remove.go @@ -28,7 +28,7 @@ import ( "helm.sh/helm/v4/pkg/cmd/require" "helm.sh/helm/v4/pkg/helmpath" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) type repoRemoveOptions struct { diff --git a/pkg/cmd/repo_remove_test.go b/pkg/cmd/repo_remove_test.go index bd8757812..fce15bb73 100644 --- a/pkg/cmd/repo_remove_test.go +++ b/pkg/cmd/repo_remove_test.go @@ -25,8 +25,8 @@ import ( "testing" "helm.sh/helm/v4/pkg/helmpath" - "helm.sh/helm/v4/pkg/repo" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestRepoRemove(t *testing.T) { diff --git a/pkg/cmd/repo_update.go b/pkg/cmd/repo_update.go index 54318bf29..f2e7c0e0f 100644 --- a/pkg/cmd/repo_update.go +++ b/pkg/cmd/repo_update.go @@ -28,7 +28,7 @@ import ( "helm.sh/helm/v4/pkg/cmd/require" "helm.sh/helm/v4/pkg/getter" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) const updateDesc = ` diff --git a/pkg/cmd/repo_update_test.go b/pkg/cmd/repo_update_test.go index b0deff1ae..7aa4d414f 100644 --- a/pkg/cmd/repo_update_test.go +++ b/pkg/cmd/repo_update_test.go @@ -26,8 +26,8 @@ import ( "helm.sh/helm/v4/internal/test/ensure" "helm.sh/helm/v4/pkg/getter" - "helm.sh/helm/v4/pkg/repo" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestUpdateCmd(t *testing.T) { diff --git a/pkg/cmd/rollback.go b/pkg/cmd/rollback.go index 4b7f3016d..00a2725bc 100644 --- a/pkg/cmd/rollback.go +++ b/pkg/cmd/rollback.go @@ -57,7 +57,7 @@ func newRollbackCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return noMoreArgsComp() }, - RunE: func(_ *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, args []string) error { if len(args) > 1 { ver, err := strconv.Atoi(args[1]) if err != nil { @@ -66,6 +66,12 @@ func newRollbackCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.Version = ver } + dryRunStrategy, err := cmdGetDryRunFlagStrategy(cmd, false) + if err != nil { + return err + } + client.DryRunStrategy = dryRunStrategy + if err := client.Run(args[0]); err != nil { return err } @@ -76,16 +82,20 @@ func newRollbackCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } f := cmd.Flags() - f.BoolVar(&client.DryRun, "dry-run", false, "simulate a rollback") f.BoolVar(&client.ForceReplace, "force-replace", false, "force resource updates by replacement") f.BoolVar(&client.ForceReplace, "force", false, "deprecated") f.MarkDeprecated("force", "use --force-replace instead") + f.BoolVar(&client.ForceConflicts, "force-conflicts", false, "if set server-side apply will force changes against conflicts") + f.StringVar(&client.ServerSideApply, "server-side", "auto", "must be \"true\", \"false\" or \"auto\". Object updates run in the server instead of the client (\"auto\" defaults the value from the previous chart release's method)") f.BoolVar(&client.DisableHooks, "no-hooks", false, "prevent hooks from running during rollback") f.DurationVar(&client.Timeout, "timeout", 300*time.Second, "time to wait for any individual Kubernetes operation (like Jobs for hooks)") f.BoolVar(&client.WaitForJobs, "wait-for-jobs", false, "if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as --timeout") f.BoolVar(&client.CleanupOnFail, "cleanup-on-fail", false, "allow deletion of new resources created in this rollback when rollback fails") f.IntVar(&client.MaxHistory, "history-max", settings.MaxHistory, "limit the maximum number of revisions saved per release. Use 0 for no limit") + addDryRunFlag(cmd) AddWaitFlag(cmd, &client.WaitStrategy) + cmd.MarkFlagsMutuallyExclusive("force-replace", "force-conflicts") + cmd.MarkFlagsMutuallyExclusive("force", "force-conflicts") return cmd } diff --git a/pkg/cmd/rollback_test.go b/pkg/cmd/rollback_test.go index 53c63613e..116e158fd 100644 --- a/pkg/cmd/rollback_test.go +++ b/pkg/cmd/rollback_test.go @@ -22,6 +22,7 @@ import ( "testing" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" ) @@ -29,13 +30,13 @@ func TestRollbackCmd(t *testing.T) { rels := []*release.Release{ { Name: "funny-honey", - Info: &release.Info{Status: release.StatusSuperseded}, + Info: &release.Info{Status: common.StatusSuperseded}, Chart: &chart.Chart{}, Version: 1, }, { Name: "funny-honey", - Info: &release.Info{Status: release.StatusDeployed}, + Info: &release.Info{Status: common.StatusDeployed}, Chart: &chart.Chart{}, Version: 2, }, @@ -83,7 +84,7 @@ func TestRollbackCmd(t *testing.T) { } func TestRollbackRevisionCompletion(t *testing.T) { - mk := func(name string, vers int, status release.Status) *release.Release { + mk := func(name string, vers int, status common.Status) *release.Release { return release.Mock(&release.MockReleaseOptions{ Name: name, Version: vers, @@ -92,11 +93,11 @@ func TestRollbackRevisionCompletion(t *testing.T) { } releases := []*release.Release{ - mk("musketeers", 11, release.StatusDeployed), - mk("musketeers", 10, release.StatusSuperseded), - mk("musketeers", 9, release.StatusSuperseded), - mk("musketeers", 8, release.StatusSuperseded), - mk("carabins", 1, release.StatusSuperseded), + mk("musketeers", 11, common.StatusDeployed), + mk("musketeers", 10, common.StatusSuperseded), + mk("musketeers", 9, common.StatusSuperseded), + mk("musketeers", 8, common.StatusSuperseded), + mk("carabins", 1, common.StatusSuperseded), } tests := []cmdTestCase{{ @@ -132,14 +133,14 @@ func TestRollbackWithLabels(t *testing.T) { rels := []*release.Release{ { Name: releaseName, - Info: &release.Info{Status: release.StatusSuperseded}, + Info: &release.Info{Status: common.StatusSuperseded}, Chart: &chart.Chart{}, Version: 1, Labels: labels1, }, { Name: releaseName, - Info: &release.Info{Status: release.StatusDeployed}, + Info: &release.Info{Status: common.StatusDeployed}, Chart: &chart.Chart{}, Version: 2, Labels: labels2, @@ -155,7 +156,11 @@ func TestRollbackWithLabels(t *testing.T) { if err != nil { t.Errorf("unexpected error, got '%v'", err) } - updatedRel, err := storage.Get(releaseName, 3) + updatedReli, err := storage.Get(releaseName, 3) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + updatedRel, err := releaserToV1Release(updatedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } diff --git a/pkg/cmd/root.go b/pkg/cmd/root.go index 836df834d..b64118a50 100644 --- a/pkg/cmd/root.go +++ b/pkg/cmd/root.go @@ -39,8 +39,9 @@ import ( "helm.sh/helm/v4/pkg/cli" kubefake "helm.sh/helm/v4/pkg/kube/fake" "helm.sh/helm/v4/pkg/registry" + ri "helm.sh/helm/v4/pkg/release" release "helm.sh/helm/v4/pkg/release/v1" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" "helm.sh/helm/v4/pkg/storage/driver" ) @@ -102,7 +103,7 @@ By default, the default directories depend on the Operating System. The defaults var settings = cli.New() func NewRootCmd(out io.Writer, args []string, logSetup func(bool)) (*cobra.Command, error) { - actionConfig := new(action.Configuration) + actionConfig := action.NewConfiguration() cmd, err := newRootCmdWithConfig(actionConfig, out, args, logSetup) if err != nil { return nil, err @@ -173,7 +174,7 @@ func newRootCmdWithConfig(actionConfig *action.Configuration, out io.Writer, arg // those errors will be caught later during the call to cmd.Execution. // This call is required to gather configuration information prior to // execution. - flags.ParseErrorsWhitelist.UnknownFlags = true + flags.ParseErrorsAllowlist.UnknownFlags = true flags.Parse(args) logSetup(settings.Debug) @@ -392,10 +393,10 @@ func checkForExpiredRepos(repofile string) { } func newRegistryClient( - certFile, keyFile, caFile string, insecureSkipTLSverify, plainHTTP bool, username, password string, + certFile, keyFile, caFile string, insecureSkipTLSVerify, plainHTTP bool, username, password string, ) (*registry.Client, error) { - if certFile != "" && keyFile != "" || caFile != "" || insecureSkipTLSverify { - registryClient, err := newRegistryClientWithTLS(certFile, keyFile, caFile, insecureSkipTLSverify, username, password) + if certFile != "" && keyFile != "" || caFile != "" || insecureSkipTLSVerify { + registryClient, err := newRegistryClientWithTLS(certFile, keyFile, caFile, insecureSkipTLSVerify, username, password) if err != nil { return nil, err } @@ -429,10 +430,10 @@ func newDefaultRegistryClient(plainHTTP bool, username, password string) (*regis } func newRegistryClientWithTLS( - certFile, keyFile, caFile string, insecureSkipTLSverify bool, username, password string, + certFile, keyFile, caFile string, insecureSkipTLSVerify bool, username, password string, ) (*registry.Client, error) { tlsConf, err := tlsutil.NewTLSConfig( - tlsutil.WithInsecureSkipVerify(insecureSkipTLSverify), + tlsutil.WithInsecureSkipVerify(insecureSkipTLSVerify), tlsutil.WithCertKeyPairFiles(certFile, keyFile), tlsutil.WithCAFile(caFile), ) @@ -460,3 +461,36 @@ func newRegistryClientWithTLS( } return registryClient, nil } + +type CommandError struct { + error + ExitCode int +} + +// releaserToV1Release is a helper function to convert a v1 release passed by interface +// into the type object. +func releaserToV1Release(rel ri.Releaser) (*release.Release, error) { + switch r := rel.(type) { + case release.Release: + return &r, nil + case *release.Release: + return r, nil + case nil: + return nil, nil + default: + return nil, fmt.Errorf("unsupported release type: %T", rel) + } +} + +func releaseListToV1List(ls []ri.Releaser) ([]*release.Release, error) { + rls := make([]*release.Release, 0, len(ls)) + for _, val := range ls { + rel, err := releaserToV1Release(val) + if err != nil { + return nil, err + } + rls = append(rls, rel) + } + + return rls, nil +} diff --git a/pkg/cmd/search/search.go b/pkg/cmd/search/search.go index f9e229154..1c7bb1d06 100644 --- a/pkg/cmd/search/search.go +++ b/pkg/cmd/search/search.go @@ -31,7 +31,7 @@ import ( "github.com/Masterminds/semver/v3" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) // Result is a search result. diff --git a/pkg/cmd/search/search_test.go b/pkg/cmd/search/search_test.go index 7a4ba786b..a24eb1f64 100644 --- a/pkg/cmd/search/search_test.go +++ b/pkg/cmd/search/search_test.go @@ -21,7 +21,7 @@ import ( "testing" chart "helm.sh/helm/v4/pkg/chart/v2" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) func TestSortScore(t *testing.T) { diff --git a/pkg/cmd/search_repo.go b/pkg/cmd/search_repo.go index dffa0d1c4..07345a48f 100644 --- a/pkg/cmd/search_repo.go +++ b/pkg/cmd/search_repo.go @@ -34,7 +34,7 @@ import ( "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cmd/search" "helm.sh/helm/v4/pkg/helmpath" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) const searchRepoDesc = ` @@ -287,7 +287,7 @@ func compListChartsOfRepo(repoName string, prefix string) []string { if isNotExist(err) { // If there is no cached charts file, fallback to the full index file. // This is much slower but can happen after the caching feature is first - // installed but before the user does a 'helm repo update' to generate the + // installed but before the user does a 'helm repo update' to generate the // first cached charts file. path = filepath.Join(settings.RepositoryCache, helmpath.CacheIndexFile(repoName)) if indexFile, err := repo.LoadIndexFile(path); err == nil { diff --git a/pkg/cmd/show.go b/pkg/cmd/show.go index 1c7e7be44..d7249c3fe 100644 --- a/pkg/cmd/show.go +++ b/pkg/cmd/show.go @@ -227,7 +227,7 @@ func runShow(args []string, client *action.Show) (string, error) { func addRegistryClient(client *action.Show) error { registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/pkg/cmd/show_test.go b/pkg/cmd/show_test.go index 5ccb4bcad..ff3671dbc 100644 --- a/pkg/cmd/show_test.go +++ b/pkg/cmd/show_test.go @@ -22,7 +22,7 @@ import ( "strings" "testing" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestShowPreReleaseChart(t *testing.T) { diff --git a/pkg/cmd/status.go b/pkg/cmd/status.go index aa836f9f3..f68316c6c 100644 --- a/pkg/cmd/status.go +++ b/pkg/cmd/status.go @@ -30,10 +30,11 @@ import ( coloroutput "helm.sh/helm/v4/internal/cli/output" "helm.sh/helm/v4/pkg/action" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/chart/common/util" "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cmd/require" - release "helm.sh/helm/v4/pkg/release/v1" + "helm.sh/helm/v4/pkg/release" + releasev1 "helm.sh/helm/v4/pkg/release/v1" ) // NOTE: Keep the list of statuses up-to-date with pkg/release/status.go. @@ -72,7 +73,11 @@ func newStatusCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if outfmt == output.Table { client.ShowResourcesTable = true } - rel, err := client.Run(args[0]) + reli, err := client.Run(args[0]) + if err != nil { + return err + } + rel, err := releaserToV1Release(reli) if err != nil { return err } @@ -110,54 +115,65 @@ func newStatusCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } type statusPrinter struct { - release *release.Release + release release.Releaser debug bool showMetadata bool hideNotes bool noColor bool } +func (s statusPrinter) getV1Release() *releasev1.Release { + switch rel := s.release.(type) { + case releasev1.Release: + return &rel + case *releasev1.Release: + return rel + } + return &releasev1.Release{} +} + func (s statusPrinter) WriteJSON(out io.Writer) error { - return output.EncodeJSON(out, s.release) + return output.EncodeJSON(out, s.getV1Release()) } func (s statusPrinter) WriteYAML(out io.Writer) error { - return output.EncodeYAML(out, s.release) + return output.EncodeYAML(out, s.getV1Release()) } func (s statusPrinter) WriteTable(out io.Writer) error { if s.release == nil { return nil } - _, _ = fmt.Fprintf(out, "NAME: %s\n", s.release.Name) - if !s.release.Info.LastDeployed.IsZero() { - _, _ = fmt.Fprintf(out, "LAST DEPLOYED: %s\n", s.release.Info.LastDeployed.Format(time.ANSIC)) + rel := s.getV1Release() + _, _ = fmt.Fprintf(out, "NAME: %s\n", rel.Name) + if !rel.Info.LastDeployed.IsZero() { + _, _ = fmt.Fprintf(out, "LAST DEPLOYED: %s\n", rel.Info.LastDeployed.Format(time.ANSIC)) } - _, _ = fmt.Fprintf(out, "NAMESPACE: %s\n", coloroutput.ColorizeNamespace(s.release.Namespace, s.noColor)) - _, _ = fmt.Fprintf(out, "STATUS: %s\n", coloroutput.ColorizeStatus(s.release.Info.Status, s.noColor)) - _, _ = fmt.Fprintf(out, "REVISION: %d\n", s.release.Version) + _, _ = fmt.Fprintf(out, "NAMESPACE: %s\n", coloroutput.ColorizeNamespace(rel.Namespace, s.noColor)) + _, _ = fmt.Fprintf(out, "STATUS: %s\n", coloroutput.ColorizeStatus(rel.Info.Status, s.noColor)) + _, _ = fmt.Fprintf(out, "REVISION: %d\n", rel.Version) if s.showMetadata { - _, _ = fmt.Fprintf(out, "CHART: %s\n", s.release.Chart.Metadata.Name) - _, _ = fmt.Fprintf(out, "VERSION: %s\n", s.release.Chart.Metadata.Version) - _, _ = fmt.Fprintf(out, "APP_VERSION: %s\n", s.release.Chart.Metadata.AppVersion) + _, _ = fmt.Fprintf(out, "CHART: %s\n", rel.Chart.Metadata.Name) + _, _ = fmt.Fprintf(out, "VERSION: %s\n", rel.Chart.Metadata.Version) + _, _ = fmt.Fprintf(out, "APP_VERSION: %s\n", rel.Chart.Metadata.AppVersion) } - _, _ = fmt.Fprintf(out, "DESCRIPTION: %s\n", s.release.Info.Description) + _, _ = fmt.Fprintf(out, "DESCRIPTION: %s\n", rel.Info.Description) - if len(s.release.Info.Resources) > 0 { + if len(rel.Info.Resources) > 0 { buf := new(bytes.Buffer) printFlags := get.NewHumanPrintFlags() typePrinter, _ := printFlags.ToPrinter("") printer := &get.TablePrinter{Delegate: typePrinter} var keys []string - for key := range s.release.Info.Resources { + for key := range rel.Info.Resources { keys = append(keys, key) } for _, t := range keys { _, _ = fmt.Fprintf(buf, "==> %s\n", t) - vk := s.release.Info.Resources[t] + vk := rel.Info.Resources[t] for _, resource := range vk { if err := printer.PrintObj(resource, buf); err != nil { _, _ = fmt.Fprintf(buf, "failed to print object type %s: %v\n", t, err) @@ -170,8 +186,8 @@ func (s statusPrinter) WriteTable(out io.Writer) error { _, _ = fmt.Fprintf(out, "RESOURCES:\n%s\n", buf.String()) } - executions := executionsByHookEvent(s.release) - if tests, ok := executions[release.HookTest]; !ok || len(tests) == 0 { + executions := executionsByHookEvent(rel) + if tests, ok := executions[releasev1.HookTest]; !ok || len(tests) == 0 { _, _ = fmt.Fprintln(out, "TEST SUITE: None") } else { for _, h := range tests { @@ -190,14 +206,14 @@ func (s statusPrinter) WriteTable(out io.Writer) error { if s.debug { _, _ = fmt.Fprintln(out, "USER-SUPPLIED VALUES:") - err := output.EncodeYAML(out, s.release.Config) + err := output.EncodeYAML(out, rel.Config) if err != nil { return err } // Print an extra newline _, _ = fmt.Fprintln(out) - cfg, err := chartutil.CoalesceValues(s.release.Chart, s.release.Config) + cfg, err := util.CoalesceValues(rel.Chart, rel.Config) if err != nil { return err } @@ -211,28 +227,28 @@ func (s statusPrinter) WriteTable(out io.Writer) error { _, _ = fmt.Fprintln(out) } - if strings.EqualFold(s.release.Info.Description, "Dry run complete") || s.debug { + if strings.EqualFold(rel.Info.Description, "Dry run complete") || s.debug { _, _ = fmt.Fprintln(out, "HOOKS:") - for _, h := range s.release.Hooks { + for _, h := range rel.Hooks { _, _ = fmt.Fprintf(out, "---\n# Source: %s\n%s\n", h.Path, h.Manifest) } - _, _ = fmt.Fprintf(out, "MANIFEST:\n%s\n", s.release.Manifest) + _, _ = fmt.Fprintf(out, "MANIFEST:\n%s\n", rel.Manifest) } // Hide notes from output - option in install and upgrades - if !s.hideNotes && len(s.release.Info.Notes) > 0 { - _, _ = fmt.Fprintf(out, "NOTES:\n%s\n", strings.TrimSpace(s.release.Info.Notes)) + if !s.hideNotes && len(rel.Info.Notes) > 0 { + _, _ = fmt.Fprintf(out, "NOTES:\n%s\n", strings.TrimSpace(rel.Info.Notes)) } return nil } -func executionsByHookEvent(rel *release.Release) map[release.HookEvent][]*release.Hook { - result := make(map[release.HookEvent][]*release.Hook) +func executionsByHookEvent(rel *releasev1.Release) map[releasev1.HookEvent][]*releasev1.Hook { + result := make(map[releasev1.HookEvent][]*releasev1.Hook) for _, h := range rel.Hooks { for _, e := range h.Events { executions, ok := result[e] if !ok { - executions = []*release.Hook{} + executions = []*releasev1.Hook{} } result[e] = append(executions, h) } diff --git a/pkg/cmd/status_test.go b/pkg/cmd/status_test.go index cb4e23c59..b96a0d19a 100644 --- a/pkg/cmd/status_test.go +++ b/pkg/cmd/status_test.go @@ -21,13 +21,13 @@ import ( "time" chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" ) func TestStatusCmd(t *testing.T) { releasesMockWithStatus := func(info *release.Info, hooks ...*release.Hook) []*release.Release { - info.LastDeployed = helmtime.Unix(1452902400, 0).UTC() + info.LastDeployed = time.Unix(1452902400, 0).UTC() return []*release.Release{{ Name: "flummoxed-chickadee", Namespace: "default", @@ -42,14 +42,14 @@ func TestStatusCmd(t *testing.T) { cmd: "status flummoxed-chickadee", golden: "output/status.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }), }, { name: "get status of a deployed release, with desc", cmd: "status flummoxed-chickadee", golden: "output/status-with-desc.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, Description: "Mock description", }), }, { @@ -57,7 +57,7 @@ func TestStatusCmd(t *testing.T) { cmd: "status flummoxed-chickadee", golden: "output/status-with-notes.txt", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, Notes: "release notes", }), }, { @@ -65,7 +65,7 @@ func TestStatusCmd(t *testing.T) { cmd: "status flummoxed-chickadee -o json", golden: "output/status.json", rels: releasesMockWithStatus(&release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, Notes: "release notes", }), }, { @@ -74,7 +74,7 @@ func TestStatusCmd(t *testing.T) { golden: "output/status-with-resources.txt", rels: releasesMockWithStatus( &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, ), }, { @@ -83,7 +83,7 @@ func TestStatusCmd(t *testing.T) { golden: "output/status-with-resources.json", rels: releasesMockWithStatus( &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, ), }, { @@ -92,7 +92,7 @@ func TestStatusCmd(t *testing.T) { golden: "output/status-with-test-suite.txt", rels: releasesMockWithStatus( &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, &release.Hook{ Name: "never-run-test", @@ -130,8 +130,8 @@ func TestStatusCmd(t *testing.T) { runTestCmd(t, tests) } -func mustParseTime(t string) helmtime.Time { - res, _ := helmtime.Parse(time.RFC3339, t) +func mustParseTime(t string) time.Time { + res, _ := time.Parse(time.RFC3339, t) return res } @@ -141,7 +141,7 @@ func TestStatusCompletion(t *testing.T) { Name: "athos", Namespace: "default", Info: &release.Info{ - Status: release.StatusDeployed, + Status: common.StatusDeployed, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ @@ -153,7 +153,7 @@ func TestStatusCompletion(t *testing.T) { Name: "porthos", Namespace: "default", Info: &release.Info{ - Status: release.StatusFailed, + Status: common.StatusFailed, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ @@ -165,7 +165,7 @@ func TestStatusCompletion(t *testing.T) { Name: "aramis", Namespace: "default", Info: &release.Info{ - Status: release.StatusUninstalled, + Status: common.StatusUninstalled, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ @@ -177,7 +177,7 @@ func TestStatusCompletion(t *testing.T) { Name: "dartagnan", Namespace: "gascony", Info: &release.Info{ - Status: release.StatusUnknown, + Status: common.StatusUnknown, }, Chart: &chart.Chart{ Metadata: &chart.Metadata{ diff --git a/pkg/cmd/template.go b/pkg/cmd/template.go index ac20a45b3..cf68c6c46 100644 --- a/pkg/cmd/template.go +++ b/pkg/cmd/template.go @@ -23,7 +23,6 @@ import ( "io" "io/fs" "os" - "path" "path/filepath" "regexp" "slices" @@ -35,10 +34,10 @@ import ( "github.com/spf13/cobra" "helm.sh/helm/v4/pkg/action" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/chart/common" "helm.sh/helm/v4/pkg/cli/values" "helm.sh/helm/v4/pkg/cmd/require" - releaseutil "helm.sh/helm/v4/pkg/release/util" + releaseutil "helm.sh/helm/v4/pkg/release/v1/util" ) const templateDesc = ` @@ -67,9 +66,9 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { ValidArgsFunction: func(_ *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { return compInstall(args, toComplete, client) }, - RunE: func(_ *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, args []string) error { if kubeVersion != "" { - parsedKubeVersion, err := chartutil.ParseKubeVersion(kubeVersion) + parsedKubeVersion, err := common.ParseKubeVersion(kubeVersion) if err != nil { return fmt.Errorf("invalid kube version '%s': %s", kubeVersion, err) } @@ -77,23 +76,24 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } client.SetRegistryClient(registryClient) - // This is for the case where "" is specifically passed in as a - // value. When there is no value passed in NoOptDefVal will be used - // and it is set to client. See addInstallFlags. - if client.DryRunOption == "" { - client.DryRunOption = "true" + dryRunStrategy, err := cmdGetDryRunFlagStrategy(cmd, true) + if err != nil { + return err + } + if validate { + // Mimic deprecated --validate flag behavior by enabling server dry run + dryRunStrategy = action.DryRunServer } - client.DryRun = true + client.DryRunStrategy = dryRunStrategy client.ReleaseName = "release-name" client.Replace = true // Skip the name check - client.ClientOnly = !validate - client.APIVersions = chartutil.VersionSet(extraAPIs) + client.APIVersions = common.VersionSet(extraAPIs) client.IncludeCRDs = includeCrds rel, err := runInstall(args, client, valueOpts, out) @@ -196,14 +196,21 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { addInstallFlags(cmd, f, client, valueOpts) f.StringArrayVarP(&showFiles, "show-only", "s", []string{}, "only show manifests rendered from the given templates") f.StringVar(&client.OutputDir, "output-dir", "", "writes the executed templates to files in output-dir instead of stdout") - f.BoolVar(&validate, "validate", false, "validate your manifests against the Kubernetes cluster you are currently pointing at. This is the same validation performed on an install") + f.BoolVar(&validate, "validate", false, "deprecated") + f.MarkDeprecated("validate", "use '--dry-run=server' instead") f.BoolVar(&includeCrds, "include-crds", false, "include CRDs in the templated output") f.BoolVar(&skipTests, "skip-tests", false, "skip tests from templated output") f.BoolVar(&client.IsUpgrade, "is-upgrade", false, "set .Release.IsUpgrade instead of .Release.IsInstall") f.StringVar(&kubeVersion, "kube-version", "", "Kubernetes version used for Capabilities.KubeVersion") f.StringSliceVarP(&extraAPIs, "api-versions", "a", []string{}, "Kubernetes api versions used for Capabilities.APIVersions (multiple can be specified)") f.BoolVar(&client.UseReleaseName, "release-name", false, "use release name in the output-dir path.") - bindPostRenderFlag(cmd, &client.PostRenderer) + f.String( + "dry-run", + "client", + `simulates the operation either client-side or server-side. Must be either: "client", or "server". '--dry-run=client simulates the operation client-side only and avoids cluster connections. '--dry-run=server' simulates/validates the operation on the server, requiring cluster connectivity.`) + f.Lookup("dry-run").NoOptDefVal = "unset" + bindPostRenderFlag(cmd, &client.PostRenderer, settings) + cmd.MarkFlagsMutuallyExclusive("validate", "dry-run") return cmd } @@ -250,7 +257,7 @@ func createOrOpenFile(filename string, appendData bool) (*os.File, error) { } func ensureDirectoryForFile(file string) error { - baseDir := path.Dir(file) + baseDir := filepath.Dir(file) _, err := os.Stat(baseDir) if err != nil && !errors.Is(err, fs.ErrNotExist) { return err diff --git a/pkg/cmd/testdata/helm home with space/helm/plugins/fullenv/plugin.yaml b/pkg/cmd/testdata/helm home with space/helm/plugins/fullenv/plugin.yaml index 8b874da1d..a58544b03 100644 --- a/pkg/cmd/testdata/helm home with space/helm/plugins/fullenv/plugin.yaml +++ b/pkg/cmd/testdata/helm home with space/helm/plugins/fullenv/plugin.yaml @@ -1,10 +1,12 @@ +--- +apiVersion: v1 name: fullenv type: cli/v1 -apiVersion: v1 runtime: subprocess config: shortHelp: "show env vars" longHelp: "show all env vars" ignoreFlags: false runtimeConfig: - command: "$HELM_PLUGIN_DIR/fullenv.sh" + platformCommand: + - command: "$HELM_PLUGIN_DIR/fullenv.sh" diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/args/plugin.yaml b/pkg/cmd/testdata/helmhome/helm/plugins/args/plugin.yaml index 57312cbfa..4156e7f17 100644 --- a/pkg/cmd/testdata/helmhome/helm/plugins/args/plugin.yaml +++ b/pkg/cmd/testdata/helmhome/helm/plugins/args/plugin.yaml @@ -7,4 +7,5 @@ config: longHelp: "This echos args" ignoreFlags: false runtimeConfig: - command: "$HELM_PLUGIN_DIR/args.sh" + platformCommand: + - command: "$HELM_PLUGIN_DIR/args.sh" diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/echo/plugin.yaml b/pkg/cmd/testdata/helmhome/helm/plugins/echo/plugin.yaml index 544efa85e..a0a0b5255 100644 --- a/pkg/cmd/testdata/helmhome/helm/plugins/echo/plugin.yaml +++ b/pkg/cmd/testdata/helmhome/helm/plugins/echo/plugin.yaml @@ -7,4 +7,5 @@ config: longHelp: "This echos stuff" ignoreFlags: false runtimeConfig: - command: "echo hello" + platformCommand: + - command: "echo hello" diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/env/plugin-name.sh b/pkg/cmd/testdata/helmhome/helm/plugins/env/plugin-name.sh new file mode 100755 index 000000000..9e823ac13 --- /dev/null +++ b/pkg/cmd/testdata/helmhome/helm/plugins/env/plugin-name.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env sh + +echo HELM_PLUGIN_NAME=${HELM_PLUGIN_NAME} diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/env/plugin.yaml b/pkg/cmd/testdata/helmhome/helm/plugins/env/plugin.yaml index d7a4c229c..78a0a23fb 100644 --- a/pkg/cmd/testdata/helmhome/helm/plugins/env/plugin.yaml +++ b/pkg/cmd/testdata/helmhome/helm/plugins/env/plugin.yaml @@ -1,10 +1,12 @@ +--- +apiVersion: v1 name: env type: cli/v1 -apiVersion: v1 runtime: subprocess config: shortHelp: "env stuff" longHelp: "show the env" ignoreFlags: false runtimeConfig: - command: "echo $HELM_PLUGIN_NAME" + platformCommand: + - command: ${HELM_PLUGIN_DIR}/plugin-name.sh diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/exitwith/plugin.yaml b/pkg/cmd/testdata/helmhome/helm/plugins/exitwith/plugin.yaml index 06a350f83..ba9508255 100644 --- a/pkg/cmd/testdata/helmhome/helm/plugins/exitwith/plugin.yaml +++ b/pkg/cmd/testdata/helmhome/helm/plugins/exitwith/plugin.yaml @@ -1,10 +1,12 @@ +--- +apiVersion: v1 name: exitwith type: cli/v1 -apiVersion: v1 runtime: subprocess config: shortHelp: "exitwith code" longHelp: "This exits with the specified exit code" ignoreFlags: false runtimeConfig: - command: "$HELM_PLUGIN_DIR/exitwith.sh" + platformCommand: + - command: "$HELM_PLUGIN_DIR/exitwith.sh" diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/fullenv.sh b/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/fullenv.sh index 2efad9b3c..cc0c64a6a 100755 --- a/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/fullenv.sh +++ b/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/fullenv.sh @@ -1,7 +1,7 @@ #!/bin/sh -echo $HELM_PLUGIN_NAME -echo $HELM_PLUGIN_DIR -echo $HELM_PLUGINS -echo $HELM_REPOSITORY_CONFIG -echo $HELM_REPOSITORY_CACHE -echo $HELM_BIN +echo HELM_PLUGIN_NAME=${HELM_PLUGIN_NAME} +echo HELM_PLUGIN_DIR=${HELM_PLUGIN_DIR} +echo HELM_PLUGINS=${HELM_PLUGINS} +echo HELM_REPOSITORY_CONFIG=${HELM_REPOSITORY_CONFIG} +echo HELM_REPOSITORY_CACHE=${HELM_REPOSITORY_CACHE} +echo HELM_BIN=${HELM_BIN} diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/plugin.yaml b/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/plugin.yaml index 8b874da1d..a58544b03 100644 --- a/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/plugin.yaml +++ b/pkg/cmd/testdata/helmhome/helm/plugins/fullenv/plugin.yaml @@ -1,10 +1,12 @@ +--- +apiVersion: v1 name: fullenv type: cli/v1 -apiVersion: v1 runtime: subprocess config: shortHelp: "show env vars" longHelp: "show all env vars" ignoreFlags: false runtimeConfig: - command: "$HELM_PLUGIN_DIR/fullenv.sh" + platformCommand: + - command: "$HELM_PLUGIN_DIR/fullenv.sh" diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/postrenderer-v1/plugin.yaml b/pkg/cmd/testdata/helmhome/helm/plugins/postrenderer-v1/plugin.yaml new file mode 100644 index 000000000..b6e8afa57 --- /dev/null +++ b/pkg/cmd/testdata/helmhome/helm/plugins/postrenderer-v1/plugin.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +name: "postrenderer-v1" +version: "1.2.3" +type: postrenderer/v1 +runtime: subprocess +runtimeConfig: + platformCommand: + - command: "${HELM_PLUGIN_DIR}/sed-test.sh" diff --git a/pkg/cmd/testdata/helmhome/helm/plugins/postrenderer-v1/sed-test.sh b/pkg/cmd/testdata/helmhome/helm/plugins/postrenderer-v1/sed-test.sh new file mode 100755 index 000000000..a016e398f --- /dev/null +++ b/pkg/cmd/testdata/helmhome/helm/plugins/postrenderer-v1/sed-test.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if [ $# -eq 0 ]; then + sed s/FOOTEST/BARTEST/g <&0 +else + sed s/FOOTEST/"$*"/g <&0 +fi diff --git a/pkg/cmd/testdata/output/env-comp.txt b/pkg/cmd/testdata/output/env-comp.txt index 8f9c53fc7..9d38ee464 100644 --- a/pkg/cmd/testdata/output/env-comp.txt +++ b/pkg/cmd/testdata/output/env-comp.txt @@ -2,6 +2,7 @@ HELM_BIN HELM_BURST_LIMIT HELM_CACHE_HOME HELM_CONFIG_HOME +HELM_CONTENT_CACHE HELM_DATA_HOME HELM_DEBUG HELM_KUBEAPISERVER diff --git a/pkg/cmd/testdata/output/get-metadata.txt b/pkg/cmd/testdata/output/get-metadata.txt index 5744083dd..b3cb73ee2 100644 --- a/pkg/cmd/testdata/output/get-metadata.txt +++ b/pkg/cmd/testdata/output/get-metadata.txt @@ -9,3 +9,4 @@ NAMESPACE: default REVISION: 1 STATUS: deployed DEPLOYED_AT: 1977-09-02T22:04:05Z +APPLY_METHOD: client-side apply (defaulted) diff --git a/pkg/cmd/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt b/pkg/cmd/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt index 7b445a69a..67ed58ec3 100644 --- a/pkg/cmd/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt +++ b/pkg/cmd/testdata/output/lint-chart-with-bad-subcharts-with-subcharts.txt @@ -9,6 +9,7 @@ [ERROR] Chart.yaml: apiVersion is required. The value must be either "v1" or "v2" [ERROR] Chart.yaml: version is required [INFO] Chart.yaml: icon is recommended +[WARNING] Chart.yaml: version '' is not a valid SemVerV2 [WARNING] templates/: directory does not exist [ERROR] : unable to load chart validation: chart.metadata.name is required diff --git a/pkg/cmd/testdata/output/list-all-date-reversed.txt b/pkg/cmd/testdata/output/list-all-date-reversed.txt new file mode 100644 index 000000000..d185334a2 --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-date-reversed.txt @@ -0,0 +1,9 @@ +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +iguana default 2 2016-01-16 00:00:04 +0000 UTC deployed chickadee-1.0.0 0.0.1 +hummingbird default 1 2016-01-16 00:00:03 +0000 UTC deployed chickadee-1.0.0 0.0.1 +rocket default 1 2016-01-16 00:00:02 +0000 UTC failed chickadee-1.0.0 0.0.1 +thanos default 1 2016-01-16 00:00:01 +0000 UTC pending-install chickadee-1.0.0 0.0.1 +starlord default 2 2016-01-16 00:00:01 +0000 UTC deployed chickadee-1.0.0 0.0.1 +groot default 1 2016-01-16 00:00:01 +0000 UTC uninstalled chickadee-1.0.0 0.0.1 +gamora default 1 2016-01-16 00:00:01 +0000 UTC superseded chickadee-1.0.0 0.0.1 +drax default 1 2016-01-16 00:00:01 +0000 UTC uninstalling chickadee-1.0.0 0.0.1 diff --git a/pkg/cmd/testdata/output/list-all-date.txt b/pkg/cmd/testdata/output/list-all-date.txt new file mode 100644 index 000000000..5e5f9efee --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-date.txt @@ -0,0 +1,9 @@ +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +drax default 1 2016-01-16 00:00:01 +0000 UTC uninstalling chickadee-1.0.0 0.0.1 +gamora default 1 2016-01-16 00:00:01 +0000 UTC superseded chickadee-1.0.0 0.0.1 +groot default 1 2016-01-16 00:00:01 +0000 UTC uninstalled chickadee-1.0.0 0.0.1 +starlord default 2 2016-01-16 00:00:01 +0000 UTC deployed chickadee-1.0.0 0.0.1 +thanos default 1 2016-01-16 00:00:01 +0000 UTC pending-install chickadee-1.0.0 0.0.1 +rocket default 1 2016-01-16 00:00:02 +0000 UTC failed chickadee-1.0.0 0.0.1 +hummingbird default 1 2016-01-16 00:00:03 +0000 UTC deployed chickadee-1.0.0 0.0.1 +iguana default 2 2016-01-16 00:00:04 +0000 UTC deployed chickadee-1.0.0 0.0.1 diff --git a/pkg/cmd/testdata/output/list-all-max.txt b/pkg/cmd/testdata/output/list-all-max.txt new file mode 100644 index 000000000..922896391 --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-max.txt @@ -0,0 +1,2 @@ +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +drax default 1 2016-01-16 00:00:01 +0000 UTC uninstalling chickadee-1.0.0 0.0.1 diff --git a/pkg/cmd/testdata/output/list-all-no-headers.txt b/pkg/cmd/testdata/output/list-all-no-headers.txt new file mode 100644 index 000000000..33581d8c5 --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-no-headers.txt @@ -0,0 +1,8 @@ +drax default 1 2016-01-16 00:00:01 +0000 UTC uninstalling chickadee-1.0.0 0.0.1 +gamora default 1 2016-01-16 00:00:01 +0000 UTC superseded chickadee-1.0.0 0.0.1 +groot default 1 2016-01-16 00:00:01 +0000 UTC uninstalled chickadee-1.0.0 0.0.1 +hummingbird default 1 2016-01-16 00:00:03 +0000 UTC deployed chickadee-1.0.0 0.0.1 +iguana default 2 2016-01-16 00:00:04 +0000 UTC deployed chickadee-1.0.0 0.0.1 +rocket default 1 2016-01-16 00:00:02 +0000 UTC failed chickadee-1.0.0 0.0.1 +starlord default 2 2016-01-16 00:00:01 +0000 UTC deployed chickadee-1.0.0 0.0.1 +thanos default 1 2016-01-16 00:00:01 +0000 UTC pending-install chickadee-1.0.0 0.0.1 diff --git a/pkg/cmd/testdata/output/list-all-offset.txt b/pkg/cmd/testdata/output/list-all-offset.txt new file mode 100644 index 000000000..e17fd7b00 --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-offset.txt @@ -0,0 +1,8 @@ +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +gamora default 1 2016-01-16 00:00:01 +0000 UTC superseded chickadee-1.0.0 0.0.1 +groot default 1 2016-01-16 00:00:01 +0000 UTC uninstalled chickadee-1.0.0 0.0.1 +hummingbird default 1 2016-01-16 00:00:03 +0000 UTC deployed chickadee-1.0.0 0.0.1 +iguana default 2 2016-01-16 00:00:04 +0000 UTC deployed chickadee-1.0.0 0.0.1 +rocket default 1 2016-01-16 00:00:02 +0000 UTC failed chickadee-1.0.0 0.0.1 +starlord default 2 2016-01-16 00:00:01 +0000 UTC deployed chickadee-1.0.0 0.0.1 +thanos default 1 2016-01-16 00:00:01 +0000 UTC pending-install chickadee-1.0.0 0.0.1 diff --git a/pkg/cmd/testdata/output/list-all-reverse.txt b/pkg/cmd/testdata/output/list-all-reverse.txt new file mode 100644 index 000000000..31bb3de96 --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-reverse.txt @@ -0,0 +1,9 @@ +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +thanos default 1 2016-01-16 00:00:01 +0000 UTC pending-install chickadee-1.0.0 0.0.1 +starlord default 2 2016-01-16 00:00:01 +0000 UTC deployed chickadee-1.0.0 0.0.1 +rocket default 1 2016-01-16 00:00:02 +0000 UTC failed chickadee-1.0.0 0.0.1 +iguana default 2 2016-01-16 00:00:04 +0000 UTC deployed chickadee-1.0.0 0.0.1 +hummingbird default 1 2016-01-16 00:00:03 +0000 UTC deployed chickadee-1.0.0 0.0.1 +groot default 1 2016-01-16 00:00:01 +0000 UTC uninstalled chickadee-1.0.0 0.0.1 +gamora default 1 2016-01-16 00:00:01 +0000 UTC superseded chickadee-1.0.0 0.0.1 +drax default 1 2016-01-16 00:00:01 +0000 UTC uninstalling chickadee-1.0.0 0.0.1 diff --git a/pkg/cmd/testdata/output/list-all-short-json.txt b/pkg/cmd/testdata/output/list-all-short-json.txt new file mode 100644 index 000000000..6dac52c43 --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-short-json.txt @@ -0,0 +1 @@ +["drax","gamora","groot","hummingbird","iguana","rocket","starlord","thanos"] diff --git a/pkg/cmd/testdata/output/list-all-short-yaml.txt b/pkg/cmd/testdata/output/list-all-short-yaml.txt new file mode 100644 index 000000000..2ae0e88ad --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-short-yaml.txt @@ -0,0 +1,8 @@ +- drax +- gamora +- groot +- hummingbird +- iguana +- rocket +- starlord +- thanos diff --git a/pkg/cmd/testdata/output/list-all-short.txt b/pkg/cmd/testdata/output/list-all-short.txt new file mode 100644 index 000000000..52871d8b4 --- /dev/null +++ b/pkg/cmd/testdata/output/list-all-short.txt @@ -0,0 +1,8 @@ +drax +gamora +groot +hummingbird +iguana +rocket +starlord +thanos diff --git a/pkg/cmd/testdata/output/list-json.txt b/pkg/cmd/testdata/output/list-json.txt new file mode 100644 index 000000000..89e4d9dcf --- /dev/null +++ b/pkg/cmd/testdata/output/list-json.txt @@ -0,0 +1 @@ +[{"name":"test-release","namespace":"default","revision":"1","updated":"2016-01-16 00:00:00 +0000 UTC","status":"deployed","chart":"test-chart-1.0.0","app_version":"0.0.1"}] diff --git a/pkg/cmd/testdata/output/list-time-format.txt b/pkg/cmd/testdata/output/list-time-format.txt new file mode 100644 index 000000000..4d493da7c --- /dev/null +++ b/pkg/cmd/testdata/output/list-time-format.txt @@ -0,0 +1,2 @@ +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +test-release default 1 2016-01-16 00:00:00 deployed test-chart-1.0.0 0.0.1 diff --git a/pkg/cmd/testdata/output/list-yaml.txt b/pkg/cmd/testdata/output/list-yaml.txt new file mode 100644 index 000000000..9e1d41f30 --- /dev/null +++ b/pkg/cmd/testdata/output/list-yaml.txt @@ -0,0 +1,7 @@ +- app_version: 0.0.1 + chart: test-chart-1.0.0 + name: test-release + namespace: default + revision: "1" + status: deployed + updated: 2016-01-16 00:00:00 +0000 UTC diff --git a/pkg/cmd/testdata/output/status-with-resources.json b/pkg/cmd/testdata/output/status-with-resources.json index 275e0cfc6..af512bfd1 100644 --- a/pkg/cmd/testdata/output/status-with-resources.json +++ b/pkg/cmd/testdata/output/status-with-resources.json @@ -1 +1 @@ -{"name":"flummoxed-chickadee","info":{"first_deployed":"","last_deployed":"2016-01-16T00:00:00Z","deleted":"","status":"deployed"},"namespace":"default"} +{"name":"flummoxed-chickadee","info":{"last_deployed":"2016-01-16T00:00:00Z","status":"deployed"},"namespace":"default"} diff --git a/pkg/cmd/testdata/output/status.json b/pkg/cmd/testdata/output/status.json index 4b499c935..4727dd100 100644 --- a/pkg/cmd/testdata/output/status.json +++ b/pkg/cmd/testdata/output/status.json @@ -1 +1 @@ -{"name":"flummoxed-chickadee","info":{"first_deployed":"","last_deployed":"2016-01-16T00:00:00Z","deleted":"","status":"deployed","notes":"release notes"},"namespace":"default"} +{"name":"flummoxed-chickadee","info":{"last_deployed":"2016-01-16T00:00:00Z","status":"deployed","notes":"release notes"},"namespace":"default"} diff --git a/pkg/cmd/testdata/output/version-client-shorthand.txt b/pkg/cmd/testdata/output/version-client-shorthand.txt deleted file mode 100644 index 3b138ae77..000000000 --- a/pkg/cmd/testdata/output/version-client-shorthand.txt +++ /dev/null @@ -1 +0,0 @@ -version.BuildInfo{Version:"v4.0", GitCommit:"", GitTreeState:"", GoVersion:""} diff --git a/pkg/cmd/testdata/output/version-client.txt b/pkg/cmd/testdata/output/version-client.txt deleted file mode 100644 index 3b138ae77..000000000 --- a/pkg/cmd/testdata/output/version-client.txt +++ /dev/null @@ -1 +0,0 @@ -version.BuildInfo{Version:"v4.0", GitCommit:"", GitTreeState:"", GoVersion:""} diff --git a/pkg/cmd/testdata/output/version.txt b/pkg/cmd/testdata/output/version.txt index 3b138ae77..2d50053f2 100644 --- a/pkg/cmd/testdata/output/version.txt +++ b/pkg/cmd/testdata/output/version.txt @@ -1 +1 @@ -version.BuildInfo{Version:"v4.0", GitCommit:"", GitTreeState:"", GoVersion:""} +version.BuildInfo{Version:"v4.0", GitCommit:"", GitTreeState:"", GoVersion:"", KubeClientVersion:"v."} diff --git a/pkg/cmd/testdata/testplugin/plugin.yaml b/pkg/cmd/testdata/testplugin/plugin.yaml new file mode 100644 index 000000000..3ee5d04f6 --- /dev/null +++ b/pkg/cmd/testdata/testplugin/plugin.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +name: testplugin +type: cli/v1 +runtime: subprocess +config: + shortHelp: "echo test" + longHelp: "This echos test" + ignoreFlags: false +runtimeConfig: + platformCommand: + - command: "echo test" diff --git a/pkg/cmd/upgrade.go b/pkg/cmd/upgrade.go index 4ca889fc2..92f130f60 100644 --- a/pkg/cmd/upgrade.go +++ b/pkg/cmd/upgrade.go @@ -30,13 +30,15 @@ import ( "github.com/spf13/cobra" "helm.sh/helm/v4/pkg/action" - "helm.sh/helm/v4/pkg/chart/v2/loader" + ci "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/loader" "helm.sh/helm/v4/pkg/cli/output" "helm.sh/helm/v4/pkg/cli/values" "helm.sh/helm/v4/pkg/cmd/require" "helm.sh/helm/v4/pkg/downloader" "helm.sh/helm/v4/pkg/getter" - release "helm.sh/helm/v4/pkg/release/v1" + ri "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" "helm.sh/helm/v4/pkg/storage/driver" ) @@ -99,22 +101,22 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } return noMoreArgsComp() }, - RunE: func(_ *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, args []string) error { client.Namespace = settings.Namespace() registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + client.InsecureSkipTLSVerify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } client.SetRegistryClient(registryClient) - // This is for the case where "" is specifically passed in as a - // value. When there is no value passed in NoOptDefVal will be used - // and it is set to client. See addInstallFlags. - if client.DryRunOption == "" { - client.DryRunOption = "none" + dryRunStrategy, err := cmdGetDryRunFlagStrategy(cmd, false) + if err != nil { + return err } + client.DryRunStrategy = dryRunStrategy + // Fixes #7002 - Support reading values from STDIN for `upgrade` command // Must load values AFTER determining if we have to call install so that values loaded from stdin are not read twice if client.Install { @@ -131,8 +133,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { instClient.CreateNamespace = createNamespace instClient.ChartPathOptions = client.ChartPathOptions instClient.ForceReplace = client.ForceReplace - instClient.DryRun = client.DryRun - instClient.DryRunOption = client.DryRunOption + instClient.DryRunStrategy = client.DryRunStrategy instClient.DisableHooks = client.DisableHooks instClient.SkipCRDs = client.SkipCRDs instClient.Timeout = client.Timeout @@ -182,10 +183,6 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if err != nil { return err } - // Validate dry-run flag value is one of the allowed values - if err := validateDryRunOptionFlag(client.DryRunOption); err != nil { - return err - } p := getter.All(settings) vals, err := valueOpts.MergeValues(p) @@ -198,7 +195,12 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if err != nil { return err } - if req := ch.Metadata.Dependencies; req != nil { + + ac, err := ci.NewAccessor(ch) + if err != nil { + return err + } + if req := ac.MetaDependencies(); req != nil { if err := action.CheckDependencies(ch, req); err != nil { err = fmt.Errorf("an error occurred while checking for chart dependencies. You may need to run `helm dependency build` to fetch missing dependencies: %w", err) if client.DependencyUpdate { @@ -226,7 +228,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } } - if ch.Metadata.Deprecated { + if ac.Deprecated() { slog.Warn("this chart is deprecated") } @@ -268,12 +270,12 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.BoolVar(&createNamespace, "create-namespace", false, "if --install is set, create the release namespace if not present") f.BoolVarP(&client.Install, "install", "i", false, "if a release by this name doesn't already exist, run an install") f.BoolVar(&client.Devel, "devel", false, "use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored") - f.StringVar(&client.DryRunOption, "dry-run", "", "simulate an install. If --dry-run is set with no option being specified or as '--dry-run=client', it will not attempt cluster connections. Setting '--dry-run=server' allows attempting cluster connections.") f.BoolVar(&client.HideSecret, "hide-secret", false, "hide Kubernetes Secrets when also using the --dry-run flag") - f.Lookup("dry-run").NoOptDefVal = "client" f.BoolVar(&client.ForceReplace, "force-replace", false, "force resource updates by replacement") f.BoolVar(&client.ForceReplace, "force", false, "deprecated") f.MarkDeprecated("force", "use --force-replace instead") + f.BoolVar(&client.ForceConflicts, "force-conflicts", false, "if set server-side apply will force changes against conflicts") + f.StringVar(&client.ServerSideApply, "server-side", "auto", "must be \"true\", \"false\" or \"auto\". Object updates run in the server instead of the client (\"auto\" defaults the value from the previous chart release's method)") f.BoolVar(&client.DisableHooks, "no-hooks", false, "disable pre/post upgrade hooks") f.BoolVar(&client.DisableOpenAPIValidation, "disable-openapi-validation", false, "if set, the upgrade process will not validate rendered templates against the Kubernetes OpenAPI Schema") f.BoolVar(&client.SkipCRDs, "skip-crds", false, "if set, no CRDs will be installed when an upgrade is performed with install flag enabled. By default, CRDs are installed if not already present, when an upgrade is performed with install flag enabled") @@ -295,11 +297,14 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.BoolVar(&client.DependencyUpdate, "dependency-update", false, "update dependencies if they are missing before installing the chart") f.BoolVar(&client.EnableDNS, "enable-dns", false, "enable DNS lookups when rendering templates") f.BoolVar(&client.TakeOwnership, "take-ownership", false, "if set, upgrade will ignore the check for helm annotations and take ownership of the existing resources") + addDryRunFlag(cmd) addChartPathOptionsFlags(f, &client.ChartPathOptions) addValueOptionsFlags(f, valueOpts) bindOutputFlag(cmd, &outfmt) - bindPostRenderFlag(cmd, &client.PostRenderer) + bindPostRenderFlag(cmd, &client.PostRenderer, settings) AddWaitFlag(cmd, &client.WaitStrategy) + cmd.MarkFlagsMutuallyExclusive("force-replace", "force-conflicts") + cmd.MarkFlagsMutuallyExclusive("force", "force-conflicts") err := cmd.RegisterFlagCompletionFunc("version", func(_ *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { if len(args) != 2 { @@ -314,6 +319,11 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return cmd } -func isReleaseUninstalled(versions []*release.Release) bool { - return len(versions) > 0 && versions[len(versions)-1].Info.Status == release.StatusUninstalled +func isReleaseUninstalled(versionsi []ri.Releaser) bool { + versions, err := releaseListToV1List(versionsi) + if err != nil { + slog.Error("cannot convert release list to v1 release list", "error", err) + return false + } + return len(versions) > 0 && versions[len(versions)-1].Info.Status == common.StatusUninstalled } diff --git a/pkg/cmd/upgrade_test.go b/pkg/cmd/upgrade_test.go index d7375dcad..8729be0ec 100644 --- a/pkg/cmd/upgrade_test.go +++ b/pkg/cmd/upgrade_test.go @@ -23,10 +23,13 @@ import ( "reflect" "strings" "testing" + "time" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/chart/v2/loader" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + rcommon "helm.sh/helm/v4/pkg/release/common" release "helm.sh/helm/v4/pkg/release/v1" ) @@ -81,7 +84,7 @@ func TestUpgradeCmd(t *testing.T) { badDepsPath := "testdata/testcharts/chart-bad-requirements" presentDepsPath := "testdata/testcharts/chart-with-subchart-update" - relWithStatusMock := func(n string, v int, ch *chart.Chart, status release.Status) *release.Release { + relWithStatusMock := func(n string, v int, ch *chart.Chart, status rcommon.Status) *release.Release { return release.Mock(&release.MockReleaseOptions{Name: n, Version: v, Chart: ch, Status: status}) } @@ -172,20 +175,20 @@ func TestUpgradeCmd(t *testing.T) { name: "upgrade a failed release", cmd: fmt.Sprintf("upgrade funny-bunny '%s'", chartPath), golden: "output/upgrade.txt", - rels: []*release.Release{relWithStatusMock("funny-bunny", 2, ch, release.StatusFailed)}, + rels: []*release.Release{relWithStatusMock("funny-bunny", 2, ch, rcommon.StatusFailed)}, }, { name: "upgrade a pending install release", cmd: fmt.Sprintf("upgrade funny-bunny '%s'", chartPath), golden: "output/upgrade-with-pending-install.txt", wantError: true, - rels: []*release.Release{relWithStatusMock("funny-bunny", 2, ch, release.StatusPendingInstall)}, + rels: []*release.Release{relWithStatusMock("funny-bunny", 2, ch, rcommon.StatusPendingInstall)}, }, { name: "install a previously uninstalled release with '--keep-history' using 'upgrade --install'", cmd: fmt.Sprintf("upgrade funny-bunny -i '%s'", chartPath), golden: "output/upgrade-uninstalled-with-keep-history.txt", - rels: []*release.Release{relWithStatusMock("funny-bunny", 2, ch, release.StatusUninstalled)}, + rels: []*release.Release{relWithStatusMock("funny-bunny", 2, ch, rcommon.StatusUninstalled)}, }, } runTestCmd(t, tests) @@ -207,7 +210,11 @@ func TestUpgradeWithValue(t *testing.T) { t.Errorf("unexpected error, got '%v'", err) } - updatedRel, err := store.Get(releaseName, 4) + updatedReli, err := store.Get(releaseName, 4) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + updatedRel, err := releaserToV1Release(updatedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } @@ -234,7 +241,11 @@ func TestUpgradeWithStringValue(t *testing.T) { t.Errorf("unexpected error, got '%v'", err) } - updatedRel, err := store.Get(releaseName, 4) + updatedReli, err := store.Get(releaseName, 4) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + updatedRel, err := releaserToV1Release(updatedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } @@ -262,7 +273,11 @@ func TestUpgradeInstallWithSubchartNotes(t *testing.T) { t.Errorf("unexpected error, got '%v'", err) } - upgradedRel, err := store.Get(releaseName, 2) + upgradedReli, err := store.Get(releaseName, 2) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + upgradedRel, err := releaserToV1Release(upgradedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } @@ -294,7 +309,11 @@ func TestUpgradeWithValuesFile(t *testing.T) { t.Errorf("unexpected error, got '%v'", err) } - updatedRel, err := store.Get(releaseName, 4) + updatedReli, err := store.Get(releaseName, 4) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + updatedRel, err := releaserToV1Release(updatedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } @@ -327,7 +346,11 @@ func TestUpgradeWithValuesFromStdin(t *testing.T) { t.Errorf("unexpected error, got '%v'", err) } - updatedRel, err := store.Get(releaseName, 4) + updatedReli, err := store.Get(releaseName, 4) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + updatedRel, err := releaserToV1Release(updatedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } @@ -357,7 +380,11 @@ func TestUpgradeInstallWithValuesFromStdin(t *testing.T) { t.Errorf("unexpected error, got '%v'", err) } - updatedRel, err := store.Get(releaseName, 1) + updatedReli, err := store.Get(releaseName, 1) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + updatedRel, err := releaserToV1Release(updatedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } @@ -382,7 +409,7 @@ func prepareMockRelease(t *testing.T, releaseName string) (func(n string, v int, Description: "A Helm chart for Kubernetes", Version: "0.1.0", }, - Templates: []*chart.File{{Name: "templates/configmap.yaml", Data: configmapData}}, + Templates: []*common.File{{Name: "templates/configmap.yaml", ModTime: time.Now(), Data: configmapData}}, } chartPath := filepath.Join(tmpChart, cfile.Metadata.Name) if err := chartutil.SaveDir(cfile, tmpChart); err != nil { @@ -462,7 +489,11 @@ func TestUpgradeInstallWithLabels(t *testing.T) { t.Errorf("unexpected error, got '%v'", err) } - updatedRel, err := store.Get(releaseName, 1) + updatedReli, err := store.Get(releaseName, 1) + if err != nil { + t.Errorf("unexpected error, got '%v'", err) + } + updatedRel, err := releaserToV1Release(updatedReli) if err != nil { t.Errorf("unexpected error, got '%v'", err) } @@ -483,6 +514,7 @@ func prepareMockReleaseWithSecret(t *testing.T, releaseName string) (func(n stri if err != nil { t.Fatalf("Error loading template yaml %v", err) } + modTime := time.Now() cfile := &chart.Chart{ Metadata: &chart.Metadata{ APIVersion: chart.APIVersionV1, @@ -490,7 +522,7 @@ func prepareMockReleaseWithSecret(t *testing.T, releaseName string) (func(n stri Description: "A Helm chart for Kubernetes", Version: "0.1.0", }, - Templates: []*chart.File{{Name: "templates/configmap.yaml", Data: configmapData}, {Name: "templates/secret.yaml", Data: secretData}}, + Templates: []*common.File{{Name: "templates/configmap.yaml", ModTime: modTime, Data: configmapData}, {Name: "templates/secret.yaml", ModTime: modTime, Data: secretData}}, } chartPath := filepath.Join(tmpChart, cfile.Metadata.Name) if err := chartutil.SaveDir(cfile, tmpChart); err != nil { diff --git a/pkg/cmd/verify.go b/pkg/cmd/verify.go index 50f1ea914..3b7574386 100644 --- a/pkg/cmd/verify.go +++ b/pkg/cmd/verify.go @@ -53,12 +53,12 @@ func newVerifyCmd(out io.Writer) *cobra.Command { return noMoreArgsComp() }, RunE: func(_ *cobra.Command, args []string) error { - err := client.Run(args[0]) + result, err := client.Run(args[0]) if err != nil { return err } - fmt.Fprint(out, client.Out) + fmt.Fprint(out, result) return nil }, diff --git a/pkg/cmd/version.go b/pkg/cmd/version.go index 0211716fe..80fb0d712 100644 --- a/pkg/cmd/version.go +++ b/pkg/cmd/version.go @@ -62,7 +62,7 @@ func newVersionCmd(out io.Writer) *cobra.Command { cmd := &cobra.Command{ Use: "version", - Short: "print the client version information", + Short: "print the helm version information", Long: versionDesc, Args: require.NoArgs, ValidArgsFunction: noMoreArgsCompFunc, @@ -73,8 +73,6 @@ func newVersionCmd(out io.Writer) *cobra.Command { f := cmd.Flags() f.BoolVar(&o.short, "short", false, "print the version number") f.StringVar(&o.template, "template", "", "template for version string format") - f.BoolP("client", "c", true, "display client version information") - f.MarkHidden("client") return cmd } diff --git a/pkg/cmd/version_test.go b/pkg/cmd/version_test.go index c06c72309..9551de767 100644 --- a/pkg/cmd/version_test.go +++ b/pkg/cmd/version_test.go @@ -32,14 +32,6 @@ func TestVersion(t *testing.T) { name: "template", cmd: "version --template='Version: {{.Version}}'", golden: "output/version-template.txt", - }, { - name: "client", - cmd: "version --client", - golden: "output/version-client.txt", - }, { - name: "client shorthand", - cmd: "version -c", - golden: "output/version-client-shorthand.txt", }} runTestCmd(t, tests) } diff --git a/pkg/downloader/chart_downloader.go b/pkg/downloader/chart_downloader.go index 693e6b009..00c8c56e8 100644 --- a/pkg/downloader/chart_downloader.go +++ b/pkg/downloader/chart_downloader.go @@ -36,7 +36,7 @@ import ( "helm.sh/helm/v4/pkg/helmpath" "helm.sh/helm/v4/pkg/provenance" "helm.sh/helm/v4/pkg/registry" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) // VerificationStrategy describes a strategy for determining whether to verify a chart. @@ -493,7 +493,18 @@ func VerifyChart(path, provfile, keyring string) (*provenance.Verification, erro if err != nil { return nil, fmt.Errorf("failed to load keyring: %w", err) } - return sig.Verify(path, provfile) + + // Read archive and provenance files + archiveData, err := os.ReadFile(path) + if err != nil { + return nil, fmt.Errorf("failed to read chart archive: %w", err) + } + provData, err := os.ReadFile(provfile) + if err != nil { + return nil, fmt.Errorf("failed to read provenance file: %w", err) + } + + return sig.Verify(archiveData, provData, filepath.Base(path)) } // isTar tests whether the given file is a tar file. diff --git a/pkg/downloader/chart_downloader_test.go b/pkg/downloader/chart_downloader_test.go index 649448fef..4349ecef9 100644 --- a/pkg/downloader/chart_downloader_test.go +++ b/pkg/downloader/chart_downloader_test.go @@ -28,8 +28,8 @@ import ( "helm.sh/helm/v4/pkg/cli" "helm.sh/helm/v4/pkg/getter" "helm.sh/helm/v4/pkg/registry" - "helm.sh/helm/v4/pkg/repo" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) const ( diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go index 8b77a77c0..6043fbaaa 100644 --- a/pkg/downloader/manager.go +++ b/pkg/downloader/manager.go @@ -42,7 +42,7 @@ import ( "helm.sh/helm/v4/pkg/getter" "helm.sh/helm/v4/pkg/helmpath" "helm.sh/helm/v4/pkg/registry" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) // ErrRepoNotFound indicates that chart repositories can't be found in local repo cache. @@ -315,7 +315,7 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error { // Any failure to resolve/download a chart should fail: // https://github.com/helm/helm/issues/1439 - churl, username, password, insecureskiptlsverify, passcredentialsall, caFile, certFile, keyFile, err := m.findChartURL(dep.Name, dep.Version, dep.Repository, repos) + churl, username, password, insecureSkipTLSVerify, passCredentialsAll, caFile, certFile, keyFile, err := m.findChartURL(dep.Name, dep.Version, dep.Repository, repos) if err != nil { saveError = fmt.Errorf("could not find %s: %w", churl, err) break @@ -339,8 +339,8 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error { Getters: m.Getters, Options: []getter.Option{ getter.WithBasicAuth(username, password), - getter.WithPassCredentialsAll(passcredentialsall), - getter.WithInsecureSkipVerifyTLS(insecureskiptlsverify), + getter.WithPassCredentialsAll(passCredentialsAll), + getter.WithInsecureSkipVerifyTLS(insecureSkipTLSVerify), getter.WithTLSClientConfig(certFile, keyFile, caFile), }, } @@ -725,7 +725,7 @@ func (m *Manager) parallelRepoUpdate(repos []*repo.Entry) error { // repoURL is the repository to search // // If it finds a URL that is "relative", it will prepend the repoURL. -func (m *Manager) findChartURL(name, version, repoURL string, repos map[string]*repo.ChartRepository) (url, username, password string, insecureskiptlsverify, passcredentialsall bool, caFile, certFile, keyFile string, err error) { +func (m *Manager) findChartURL(name, version, repoURL string, repos map[string]*repo.ChartRepository) (url, username, password string, insecureSkipTLSVerify, passCredentialsAll bool, caFile, certFile, keyFile string, err error) { if registry.IsOCI(repoURL) { return fmt.Sprintf("%s/%s:%s", repoURL, name, version), "", "", false, false, "", "", "", nil } @@ -754,8 +754,8 @@ func (m *Manager) findChartURL(name, version, repoURL string, repos map[string]* } username = cr.Config.Username password = cr.Config.Password - passcredentialsall = cr.Config.PassCredentialsAll - insecureskiptlsverify = cr.Config.InsecureSkipTLSverify + passCredentialsAll = cr.Config.PassCredentialsAll + insecureSkipTLSVerify = cr.Config.InsecureSkipTLSVerify caFile = cr.Config.CAFile certFile = cr.Config.CertFile keyFile = cr.Config.KeyFile diff --git a/pkg/downloader/manager_test.go b/pkg/downloader/manager_test.go index b7121a4ce..9e27f183f 100644 --- a/pkg/downloader/manager_test.go +++ b/pkg/downloader/manager_test.go @@ -32,8 +32,8 @@ import ( "helm.sh/helm/v4/pkg/chart/v2/loader" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" "helm.sh/helm/v4/pkg/getter" - "helm.sh/helm/v4/pkg/repo" - "helm.sh/helm/v4/pkg/repo/repotest" + "helm.sh/helm/v4/pkg/repo/v1" + "helm.sh/helm/v4/pkg/repo/v1/repotest" ) func TestVersionEquals(t *testing.T) { diff --git a/pkg/engine/engine.go b/pkg/engine/engine.go index 6e47a0e39..f5db7e158 100644 --- a/pkg/engine/engine.go +++ b/pkg/engine/engine.go @@ -30,22 +30,10 @@ import ( "k8s.io/client-go/rest" - chart "helm.sh/helm/v4/pkg/chart/v2" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + ci "helm.sh/helm/v4/pkg/chart" + "helm.sh/helm/v4/pkg/chart/common" ) -// taken from https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=141 -// > "template: %s: executing %q at <%s>: %s" -var execErrFmt = regexp.MustCompile(`^template: (?P(?U).+): executing (?P(?U).+) at (?P(?U).+): (?P(?U).+)(?P( template:.*)?)$`) - -// taken from https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=138 -// > "template: %s: %s" -var execErrFmtWithoutTemplate = regexp.MustCompile(`^template: (?P(?U).+): (?P.*)(?P( template:.*)?)$`) - -// taken from https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=191 -// > "template: no template %q associated with template %q" -var execErrNoTemplateAssociated = regexp.MustCompile(`^template: no template (?P.*) associated with template (?P(.*)?)$`) - // Engine is an implementation of the Helm rendering implementation for templates. type Engine struct { // If strict is enabled, template rendering will fail if a template references @@ -88,21 +76,21 @@ func New(config *rest.Config) Engine { // that section of the values will be passed into the "foo" chart. And if that // section contains a value named "bar", that value will be passed on to the // bar chart during render time. -func (e Engine) Render(chrt *chart.Chart, values chartutil.Values) (map[string]string, error) { +func (e Engine) Render(chrt ci.Charter, values common.Values) (map[string]string, error) { tmap := allTemplates(chrt, values) return e.render(tmap) } // Render takes a chart, optional values, and value overrides, and attempts to // render the Go templates using the default options. -func Render(chrt *chart.Chart, values chartutil.Values) (map[string]string, error) { +func Render(chrt ci.Charter, values common.Values) (map[string]string, error) { return new(Engine).Render(chrt, values) } // RenderWithClient takes a chart, optional values, and value overrides, and attempts to // render the Go templates using the default options. This engine is client aware and so can have template // functions that interact with the client. -func RenderWithClient(chrt *chart.Chart, values chartutil.Values, config *rest.Config) (map[string]string, error) { +func RenderWithClient(chrt ci.Charter, values common.Values, config *rest.Config) (map[string]string, error) { var clientProvider ClientProvider = clientProviderFromConfig{config} return Engine{ clientProvider: &clientProvider, @@ -113,7 +101,7 @@ func RenderWithClient(chrt *chart.Chart, values chartutil.Values, config *rest.C // render the Go templates using the default options. This engine is client aware and so can have template // functions that interact with the client. // This function differs from RenderWithClient in that it lets you customize the way a dynamic client is constructed. -func RenderWithClientProvider(chrt *chart.Chart, values chartutil.Values, clientProvider ClientProvider) (map[string]string, error) { +func RenderWithClientProvider(chrt ci.Charter, values common.Values, clientProvider ClientProvider) (map[string]string, error) { return Engine{ clientProvider: &clientProvider, }.Render(chrt, values) @@ -124,7 +112,7 @@ type renderable struct { // tpl is the current template. tpl string // vals are the values to be supplied to the template. - vals chartutil.Values + vals common.Values // namespace prefix to the templates of the current chart basePath string } @@ -312,7 +300,7 @@ func (e Engine) render(tpls map[string]renderable) (rendered map[string]string, } // At render time, add information about the template that is being rendered. vals := tpls[filename].vals - vals["Template"] = chartutil.Values{"Name": filename, "BasePath": tpls[filename].basePath} + vals["Template"] = common.Values{"Name": filename, "BasePath": tpls[filename].basePath} var buf strings.Builder if err := t.ExecuteTemplate(&buf, filename, vals); err != nil { return map[string]string{}, reformatExecErrorMsg(filename, err) @@ -338,7 +326,7 @@ func cleanupParseError(filename string, err error) error { location := tokens[1] // The remaining tokens make up a stacktrace-like chain, ending with the relevant error errMsg := tokens[len(tokens)-1] - return fmt.Errorf("parse error at (%s): %s", string(location), errMsg) + return fmt.Errorf("parse error at (%s): %s", location, errMsg) } type TraceableError struct { @@ -350,25 +338,128 @@ type TraceableError struct { func (t TraceableError) String() string { var errorString strings.Builder if t.location != "" { - fmt.Fprintf(&errorString, "%s\n ", t.location) + _, _ = fmt.Fprintf(&errorString, "%s\n ", t.location) } if t.executedFunction != "" { - fmt.Fprintf(&errorString, "%s\n ", t.executedFunction) + _, _ = fmt.Fprintf(&errorString, "%s\n ", t.executedFunction) } if t.message != "" { - fmt.Fprintf(&errorString, "%s\n", t.message) + _, _ = fmt.Fprintf(&errorString, "%s\n", t.message) } return errorString.String() } +// parseTemplateExecErrorString parses a template execution error string from text/template +// without using regular expressions. It returns a TraceableError and true if parsing succeeded. +func parseTemplateExecErrorString(s string) (TraceableError, bool) { + const prefix = "template: " + if !strings.HasPrefix(s, prefix) { + return TraceableError{}, false + } + remainder := s[len(prefix):] + + // Special case: "template: no template %q associated with template %q" + // Matches https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=191 + traceableError, done := parseTemplateNoTemplateError(s, remainder) + if done { + return traceableError, true + } + + // Executing form: ": executing \"\" at <>: [ template:...]" + // Matches https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=141 + traceableError, done = parseTemplateExecutingAtErrorType(remainder) + if done { + return traceableError, true + } + + // Simple form: ": " + // Use LastIndex to avoid splitting colons within line:col info. + // Matches https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=138 + traceableError, done = parseTemplateSimpleErrorString(remainder) + if done { + return traceableError, true + } + + return TraceableError{}, false +} + +// Special case: "template: no template %q associated with template %q" +// Matches https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=191 +func parseTemplateNoTemplateError(s string, remainder string) (TraceableError, bool) { + if strings.HasPrefix(remainder, "no template ") { + return TraceableError{message: s}, true + } + return TraceableError{}, false +} + +// Simple form: ": " +// Use LastIndex to avoid splitting colons within line:col info. +// Matches https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=138 +func parseTemplateSimpleErrorString(remainder string) (TraceableError, bool) { + if sep := strings.LastIndex(remainder, ": "); sep != -1 { + templateName := remainder[:sep] + errMsg := remainder[sep+2:] + if cut := strings.Index(errMsg, " template:"); cut != -1 { + errMsg = errMsg[:cut] + } + return TraceableError{location: templateName, message: errMsg}, true + } + return TraceableError{}, false +} + +// Executing form: ": executing \"\" at <>: [ template:...]" +// Matches https://cs.opensource.google/go/go/+/refs/tags/go1.23.6:src/text/template/exec.go;l=141 +func parseTemplateExecutingAtErrorType(remainder string) (TraceableError, bool) { + if idx := strings.Index(remainder, ": executing "); idx != -1 { + templateName := remainder[:idx] + after := remainder[idx+len(": executing "):] + if len(after) == 0 || after[0] != '"' { + return TraceableError{}, false + } + // find closing quote for function name + endQuote := strings.IndexByte(after[1:], '"') + if endQuote == -1 { + return TraceableError{}, false + } + endQuote++ // account for offset we started at 1 + functionName := after[1:endQuote] + afterFunc := after[endQuote+1:] + + // expect: " at <" then location then ">: " then message + const atPrefix = " at <" + if !strings.HasPrefix(afterFunc, atPrefix) { + return TraceableError{}, false + } + afterAt := afterFunc[len(atPrefix):] + endLoc := strings.Index(afterAt, ">: ") + if endLoc == -1 { + return TraceableError{}, false + } + locationName := afterAt[:endLoc] + errMsg := afterAt[endLoc+len(">: "):] + + // trim chained next error starting with space + "template:" if present + if cut := strings.Index(errMsg, " template:"); cut != -1 { + errMsg = errMsg[:cut] + } + return TraceableError{ + location: templateName, + message: errMsg, + executedFunction: "executing \"" + functionName + "\" at <" + locationName + ">:", + }, true + } + return TraceableError{}, false +} + // reformatExecErrorMsg takes an error message for template rendering and formats it into a formatted // multi-line error string func reformatExecErrorMsg(filename string, err error) error { - // This function matches the error message against regex's for the text/template package. - // If the regex's can parse out details from that error message such as the line number, template it failed on, + // This function parses the error message produced by text/template package. + // If it can parse out details from that error message such as the line number, template it failed on, // and error description, then it will construct a new error that displays these details in a structured way. // If there are issues with parsing the error message, the err passed into the function should return instead. - if _, isExecError := err.(template.ExecError); !isExecError { + var execError template.ExecError + if !errors.As(err, &execError) { return err } @@ -384,45 +475,24 @@ func reformatExecErrorMsg(filename string, err error) error { parts := warnRegex.FindStringSubmatch(tokens[2]) if len(parts) >= 2 { - return fmt.Errorf("execution error at (%s): %s", string(location), parts[1]) + return fmt.Errorf("execution error at (%s): %s", location, parts[1]) } current := err - fileLocations := []TraceableError{} + var fileLocations []TraceableError for current != nil { - var traceable TraceableError - if matches := execErrFmt.FindStringSubmatch(current.Error()); matches != nil { - templateName := matches[execErrFmt.SubexpIndex("templateName")] - functionName := matches[execErrFmt.SubexpIndex("functionName")] - locationName := matches[execErrFmt.SubexpIndex("location")] - errMsg := matches[execErrFmt.SubexpIndex("errMsg")] - traceable = TraceableError{ - location: templateName, - message: errMsg, - executedFunction: "executing " + functionName + " at " + locationName + ":", - } - } else if matches := execErrFmtWithoutTemplate.FindStringSubmatch(current.Error()); matches != nil { - templateName := matches[execErrFmt.SubexpIndex("templateName")] - errMsg := matches[execErrFmt.SubexpIndex("errMsg")] - traceable = TraceableError{ - location: templateName, - message: errMsg, - } - } else if matches := execErrNoTemplateAssociated.FindStringSubmatch(current.Error()); matches != nil { - traceable = TraceableError{ - message: current.Error(), + if tr, ok := parseTemplateExecErrorString(current.Error()); ok { + if len(fileLocations) == 0 || fileLocations[len(fileLocations)-1] != tr { + fileLocations = append(fileLocations, tr) } } else { return err } - if len(fileLocations) == 0 || fileLocations[len(fileLocations)-1] != traceable { - fileLocations = append(fileLocations, traceable) - } current = errors.Unwrap(current) } var finalErrorString strings.Builder for _, fileLocation := range fileLocations { - fmt.Fprintf(&finalErrorString, "%s", fileLocation.String()) + _, _ = fmt.Fprintf(&finalErrorString, "%s", fileLocation.String()) } return errors.New(strings.TrimSpace(finalErrorString.String())) @@ -455,7 +525,7 @@ func (p byPathLen) Less(i, j int) bool { // allTemplates returns all templates for a chart and its dependencies. // // As it goes, it also prepares the values in a scope-sensitive manner. -func allTemplates(c *chart.Chart, vals chartutil.Values) map[string]renderable { +func allTemplates(c ci.Charter, vals common.Values) map[string]renderable { templates := make(map[string]renderable) recAllTpls(c, templates, vals) return templates @@ -465,40 +535,45 @@ func allTemplates(c *chart.Chart, vals chartutil.Values) map[string]renderable { // // As it recurses, it also sets the values to be appropriate for the template // scope. -func recAllTpls(c *chart.Chart, templates map[string]renderable, vals chartutil.Values) map[string]interface{} { +func recAllTpls(c ci.Charter, templates map[string]renderable, values common.Values) map[string]interface{} { + vals := values.AsMap() subCharts := make(map[string]interface{}) - chartMetaData := struct { - chart.Metadata - IsRoot bool - }{*c.Metadata, c.IsRoot()} + accessor, err := ci.NewAccessor(c) + if err != nil { + slog.Error("error accessing chart", "error", err) + } + chartMetaData := accessor.MetadataAsMap() + chartMetaData["IsRoot"] = accessor.IsRoot() next := map[string]interface{}{ "Chart": chartMetaData, - "Files": newFiles(c.Files), + "Files": newFiles(accessor.Files()), "Release": vals["Release"], "Capabilities": vals["Capabilities"], - "Values": make(chartutil.Values), + "Values": make(common.Values), "Subcharts": subCharts, } // If there is a {{.Values.ThisChart}} in the parent metadata, // copy that into the {{.Values}} for this template. - if c.IsRoot() { + if accessor.IsRoot() { next["Values"] = vals["Values"] - } else if vs, err := vals.Table("Values." + c.Name()); err == nil { + } else if vs, err := values.Table("Values." + accessor.Name()); err == nil { next["Values"] = vs } - for _, child := range c.Dependencies() { - subCharts[child.Name()] = recAllTpls(child, templates, next) + for _, child := range accessor.Dependencies() { + // TODO: Handle error + sub, _ := ci.NewAccessor(child) + subCharts[sub.Name()] = recAllTpls(child, templates, next) } - newParentID := c.ChartFullPath() - for _, t := range c.Templates { + newParentID := accessor.ChartFullPath() + for _, t := range accessor.Templates() { if t == nil { continue } - if !isTemplateValid(c, t.Name) { + if !isTemplateValid(accessor, t.Name) { continue } templates[path.Join(newParentID, t.Name)] = renderable{ @@ -512,14 +587,9 @@ func recAllTpls(c *chart.Chart, templates map[string]renderable, vals chartutil. } // isTemplateValid returns true if the template is valid for the chart type -func isTemplateValid(ch *chart.Chart, templateName string) bool { - if isLibraryChart(ch) { +func isTemplateValid(accessor ci.Accessor, templateName string) bool { + if accessor.IsLibraryChart() { return strings.HasPrefix(filepath.Base(templateName), "_") } return true } - -// isLibraryChart returns true if the chart is a library chart -func isLibraryChart(c *chart.Chart) bool { - return strings.EqualFold(c.Metadata.Type, "library") -} diff --git a/pkg/engine/engine_test.go b/pkg/engine/engine_test.go index f4228fbd7..e541ef9d7 100644 --- a/pkg/engine/engine_test.go +++ b/pkg/engine/engine_test.go @@ -23,6 +23,7 @@ import ( "sync" "testing" "text/template" + "time" "github.com/stretchr/testify/assert" @@ -32,8 +33,9 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/client-go/dynamic/fake" + "helm.sh/helm/v4/pkg/chart/common" + "helm.sh/helm/v4/pkg/chart/common/util" chart "helm.sh/helm/v4/pkg/chart/v2" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" ) func TestSortTemplates(t *testing.T) { @@ -89,17 +91,18 @@ func TestFuncMap(t *testing.T) { } func TestRender(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{ Name: "moby", Version: "1.2.3", }, - Templates: []*chart.File{ - {Name: "templates/test1", Data: []byte("{{.Values.outer | title }} {{.Values.inner | title}}")}, - {Name: "templates/test2", Data: []byte("{{.Values.global.callme | lower }}")}, - {Name: "templates/test3", Data: []byte("{{.noValue}}")}, - {Name: "templates/test4", Data: []byte("{{toJson .Values}}")}, - {Name: "templates/test5", Data: []byte("{{getHostByName \"helm.sh\"}}")}, + Templates: []*common.File{ + {Name: "templates/test1", ModTime: modTime, Data: []byte("{{.Values.outer | title }} {{.Values.inner | title}}")}, + {Name: "templates/test2", ModTime: modTime, Data: []byte("{{.Values.global.callme | lower }}")}, + {Name: "templates/test3", ModTime: modTime, Data: []byte("{{.noValue}}")}, + {Name: "templates/test4", ModTime: modTime, Data: []byte("{{toJson .Values}}")}, + {Name: "templates/test5", ModTime: modTime, Data: []byte("{{getHostByName \"helm.sh\"}}")}, }, Values: map[string]interface{}{"outer": "DEFAULT", "inner": "DEFAULT"}, } @@ -114,7 +117,7 @@ func TestRender(t *testing.T) { }, } - v, err := chartutil.CoalesceValues(c, vals) + v, err := util.CoalesceValues(c, vals) if err != nil { t.Fatalf("Failed to coalesce values: %s", err) } @@ -139,14 +142,16 @@ func TestRender(t *testing.T) { } func TestRenderRefsOrdering(t *testing.T) { + modTime := time.Now() + parentChart := &chart.Chart{ Metadata: &chart.Metadata{ Name: "parent", Version: "1.2.3", }, - Templates: []*chart.File{ - {Name: "templates/_helpers.tpl", Data: []byte(`{{- define "test" -}}parent value{{- end -}}`)}, - {Name: "templates/test.yaml", Data: []byte(`{{ tpl "{{ include \"test\" . }}" . }}`)}, + Templates: []*common.File{ + {Name: "templates/_helpers.tpl", ModTime: modTime, Data: []byte(`{{- define "test" -}}parent value{{- end -}}`)}, + {Name: "templates/test.yaml", ModTime: modTime, Data: []byte(`{{ tpl "{{ include \"test\" . }}" . }}`)}, }, } childChart := &chart.Chart{ @@ -154,8 +159,8 @@ func TestRenderRefsOrdering(t *testing.T) { Name: "child", Version: "1.2.3", }, - Templates: []*chart.File{ - {Name: "templates/_helpers.tpl", Data: []byte(`{{- define "test" -}}child value{{- end -}}`)}, + Templates: []*common.File{ + {Name: "templates/_helpers.tpl", ModTime: modTime, Data: []byte(`{{- define "test" -}}child value{{- end -}}`)}, }, } parentChart.AddDependency(childChart) @@ -165,7 +170,7 @@ func TestRenderRefsOrdering(t *testing.T) { } for i := 0; i < 100; i++ { - out, err := Render(parentChart, chartutil.Values{}) + out, err := Render(parentChart, common.Values{}) if err != nil { t.Fatalf("Failed to render templates: %s", err) } @@ -181,7 +186,7 @@ func TestRenderRefsOrdering(t *testing.T) { func TestRenderInternals(t *testing.T) { // Test the internals of the rendering tool. - vals := chartutil.Values{"Name": "one", "Value": "two"} + vals := common.Values{"Name": "one", "Value": "two"} tpls := map[string]renderable{ "one": {tpl: `Hello {{title .Name}}`, vals: vals}, "two": {tpl: `Goodbye {{upper .Value}}`, vals: vals}, @@ -218,8 +223,8 @@ func TestRenderWithDNS(t *testing.T) { Name: "moby", Version: "1.2.3", }, - Templates: []*chart.File{ - {Name: "templates/test1", Data: []byte("{{getHostByName \"helm.sh\"}}")}, + Templates: []*common.File{ + {Name: "templates/test1", ModTime: time.Now(), Data: []byte("{{getHostByName \"helm.sh\"}}")}, }, Values: map[string]interface{}{}, } @@ -228,7 +233,7 @@ func TestRenderWithDNS(t *testing.T) { "Values": map[string]interface{}{}, } - v, err := chartutil.CoalesceValues(c, vals) + v, err := util.CoalesceValues(c, vals) if err != nil { t.Fatalf("Failed to coalesce values: %s", err) } @@ -354,10 +359,12 @@ func TestRenderWithClientProvider(t *testing.T) { Values: map[string]interface{}{}, } + modTime := time.Now() for name, exp := range cases { - c.Templates = append(c.Templates, &chart.File{ - Name: path.Join("templates", name), - Data: []byte(exp.template), + c.Templates = append(c.Templates, &common.File{ + Name: path.Join("templates", name), + ModTime: modTime, + Data: []byte(exp.template), }) } @@ -365,7 +372,7 @@ func TestRenderWithClientProvider(t *testing.T) { "Values": map[string]interface{}{}, } - v, err := chartutil.CoalesceValues(c, vals) + v, err := util.CoalesceValues(c, vals) if err != nil { t.Fatalf("Failed to coalesce values: %s", err) } @@ -391,8 +398,8 @@ func TestRenderWithClientProvider_error(t *testing.T) { Name: "moby", Version: "1.2.3", }, - Templates: []*chart.File{ - {Name: "templates/error", Data: []byte(`{{ lookup "v1" "Error" "" "" }}`)}, + Templates: []*common.File{ + {Name: "templates/error", ModTime: time.Now(), Data: []byte(`{{ lookup "v1" "Error" "" "" }}`)}, }, Values: map[string]interface{}{}, } @@ -401,7 +408,7 @@ func TestRenderWithClientProvider_error(t *testing.T) { "Values": map[string]interface{}{}, } - v, err := chartutil.CoalesceValues(c, vals) + v, err := util.CoalesceValues(c, vals) if err != nil { t.Fatalf("Failed to coalesce values: %s", err) } @@ -448,7 +455,7 @@ func TestParallelRenderInternals(t *testing.T) { } func TestParseErrors(t *testing.T) { - vals := chartutil.Values{"Values": map[string]interface{}{}} + vals := common.Values{"Values": map[string]interface{}{}} tplsUndefinedFunction := map[string]renderable{ "undefined_function": {tpl: `{{foo}}`, vals: vals}, @@ -464,7 +471,7 @@ func TestParseErrors(t *testing.T) { } func TestExecErrors(t *testing.T) { - vals := chartutil.Values{"Values": map[string]interface{}{}} + vals := common.Values{"Values": map[string]interface{}{}} cases := []struct { name string tpls map[string]renderable @@ -528,7 +535,7 @@ linebreak`, } func TestFailErrors(t *testing.T) { - vals := chartutil.Values{"Values": map[string]interface{}{}} + vals := common.Values{"Values": map[string]interface{}{}} failtpl := `All your base are belong to us{{ fail "This is an error" }}` tplsFailed := map[string]renderable{ @@ -557,52 +564,54 @@ func TestFailErrors(t *testing.T) { } func TestAllTemplates(t *testing.T) { + modTime := time.Now() ch1 := &chart.Chart{ Metadata: &chart.Metadata{Name: "ch1"}, - Templates: []*chart.File{ - {Name: "templates/foo", Data: []byte("foo")}, - {Name: "templates/bar", Data: []byte("bar")}, + Templates: []*common.File{ + {Name: "templates/foo", ModTime: modTime, Data: []byte("foo")}, + {Name: "templates/bar", ModTime: modTime, Data: []byte("bar")}, }, } dep1 := &chart.Chart{ Metadata: &chart.Metadata{Name: "laboratory mice"}, - Templates: []*chart.File{ - {Name: "templates/pinky", Data: []byte("pinky")}, - {Name: "templates/brain", Data: []byte("brain")}, + Templates: []*common.File{ + {Name: "templates/pinky", ModTime: modTime, Data: []byte("pinky")}, + {Name: "templates/brain", ModTime: modTime, Data: []byte("brain")}, }, } ch1.AddDependency(dep1) dep2 := &chart.Chart{ Metadata: &chart.Metadata{Name: "same thing we do every night"}, - Templates: []*chart.File{ - {Name: "templates/innermost", Data: []byte("innermost")}, + Templates: []*common.File{ + {Name: "templates/innermost", ModTime: modTime, Data: []byte("innermost")}, }, } dep1.AddDependency(dep2) - tpls := allTemplates(ch1, chartutil.Values{}) + tpls := allTemplates(ch1, common.Values{}) if len(tpls) != 5 { t.Errorf("Expected 5 charts, got %d", len(tpls)) } } func TestChartValuesContainsIsRoot(t *testing.T) { + modTime := time.Now() ch1 := &chart.Chart{ Metadata: &chart.Metadata{Name: "parent"}, - Templates: []*chart.File{ - {Name: "templates/isroot", Data: []byte("{{.Chart.IsRoot}}")}, + Templates: []*common.File{ + {Name: "templates/isroot", ModTime: modTime, Data: []byte("{{.Chart.IsRoot}}")}, }, } dep1 := &chart.Chart{ Metadata: &chart.Metadata{Name: "child"}, - Templates: []*chart.File{ - {Name: "templates/isroot", Data: []byte("{{.Chart.IsRoot}}")}, + Templates: []*common.File{ + {Name: "templates/isroot", ModTime: modTime, Data: []byte("{{.Chart.IsRoot}}")}, }, } ch1.AddDependency(dep1) - out, err := Render(ch1, chartutil.Values{}) + out, err := Render(ch1, common.Values{}) if err != nil { t.Fatalf("failed to render templates: %s", err) } @@ -620,16 +629,17 @@ func TestChartValuesContainsIsRoot(t *testing.T) { func TestRenderDependency(t *testing.T) { deptpl := `{{define "myblock"}}World{{end}}` toptpl := `Hello {{template "myblock"}}` + modTime := time.Now() ch := &chart.Chart{ Metadata: &chart.Metadata{Name: "outerchart"}, - Templates: []*chart.File{ - {Name: "templates/outer", Data: []byte(toptpl)}, + Templates: []*common.File{ + {Name: "templates/outer", ModTime: modTime, Data: []byte(toptpl)}, }, } ch.AddDependency(&chart.Chart{ Metadata: &chart.Metadata{Name: "innerchart"}, - Templates: []*chart.File{ - {Name: "templates/inner", Data: []byte(deptpl)}, + Templates: []*common.File{ + {Name: "templates/inner", ModTime: modTime, Data: []byte(deptpl)}, }, }) @@ -658,19 +668,20 @@ func TestRenderNestedValues(t *testing.T) { // Ensure subcharts scopes are working. subchartspath := "templates/subcharts.tpl" + modTime := time.Now() deepest := &chart.Chart{ Metadata: &chart.Metadata{Name: "deepest"}, - Templates: []*chart.File{ - {Name: deepestpath, Data: []byte(`And this same {{.Values.what}} that smiles {{.Values.global.when}}`)}, - {Name: checkrelease, Data: []byte(`Tomorrow will be {{default "happy" .Release.Name }}`)}, + Templates: []*common.File{ + {Name: deepestpath, ModTime: modTime, Data: []byte(`And this same {{.Values.what}} that smiles {{.Values.global.when}}`)}, + {Name: checkrelease, ModTime: modTime, Data: []byte(`Tomorrow will be {{default "happy" .Release.Name }}`)}, }, Values: map[string]interface{}{"what": "milkshake", "where": "here"}, } inner := &chart.Chart{ Metadata: &chart.Metadata{Name: "herrick"}, - Templates: []*chart.File{ - {Name: innerpath, Data: []byte(`Old {{.Values.who}} is still a-flyin'`)}, + Templates: []*common.File{ + {Name: innerpath, ModTime: modTime, Data: []byte(`Old {{.Values.who}} is still a-flyin'`)}, }, Values: map[string]interface{}{"who": "Robert", "what": "glasses"}, } @@ -678,9 +689,9 @@ func TestRenderNestedValues(t *testing.T) { outer := &chart.Chart{ Metadata: &chart.Metadata{Name: "top"}, - Templates: []*chart.File{ - {Name: outerpath, Data: []byte(`Gather ye {{.Values.what}} while ye may`)}, - {Name: subchartspath, Data: []byte(`The glorious Lamp of {{.Subcharts.herrick.Subcharts.deepest.Values.where}}, the {{.Subcharts.herrick.Values.what}}`)}, + Templates: []*common.File{ + {Name: outerpath, ModTime: modTime, Data: []byte(`Gather ye {{.Values.what}} while ye may`)}, + {Name: subchartspath, ModTime: modTime, Data: []byte(`The glorious Lamp of {{.Subcharts.herrick.Subcharts.deepest.Values.where}}, the {{.Subcharts.herrick.Values.what}}`)}, }, Values: map[string]interface{}{ "what": "stinkweed", @@ -706,15 +717,15 @@ func TestRenderNestedValues(t *testing.T) { }, } - tmp, err := chartutil.CoalesceValues(outer, injValues) + tmp, err := util.CoalesceValues(outer, injValues) if err != nil { t.Fatalf("Failed to coalesce values: %s", err) } - inject := chartutil.Values{ + inject := common.Values{ "Values": tmp, "Chart": outer.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "dyin", }, } @@ -753,31 +764,32 @@ func TestRenderNestedValues(t *testing.T) { } func TestRenderBuiltinValues(t *testing.T) { + modTime := time.Now() inner := &chart.Chart{ - Metadata: &chart.Metadata{Name: "Latium"}, - Templates: []*chart.File{ - {Name: "templates/Lavinia", Data: []byte(`{{.Template.Name}}{{.Chart.Name}}{{.Release.Name}}`)}, - {Name: "templates/From", Data: []byte(`{{.Files.author | printf "%s"}} {{.Files.Get "book/title.txt"}}`)}, + Metadata: &chart.Metadata{Name: "Latium", APIVersion: chart.APIVersionV2}, + Templates: []*common.File{ + {Name: "templates/Lavinia", ModTime: modTime, Data: []byte(`{{.Template.Name}}{{.Chart.Name}}{{.Release.Name}}`)}, + {Name: "templates/From", ModTime: modTime, Data: []byte(`{{.Files.author | printf "%s"}} {{.Files.Get "book/title.txt"}}`)}, }, - Files: []*chart.File{ - {Name: "author", Data: []byte("Virgil")}, - {Name: "book/title.txt", Data: []byte("Aeneid")}, + Files: []*common.File{ + {Name: "author", ModTime: modTime, Data: []byte("Virgil")}, + {Name: "book/title.txt", ModTime: modTime, Data: []byte("Aeneid")}, }, } outer := &chart.Chart{ - Metadata: &chart.Metadata{Name: "Troy"}, - Templates: []*chart.File{ - {Name: "templates/Aeneas", Data: []byte(`{{.Template.Name}}{{.Chart.Name}}{{.Release.Name}}`)}, - {Name: "templates/Amata", Data: []byte(`{{.Subcharts.Latium.Chart.Name}} {{.Subcharts.Latium.Files.author | printf "%s"}}`)}, + Metadata: &chart.Metadata{Name: "Troy", APIVersion: chart.APIVersionV2}, + Templates: []*common.File{ + {Name: "templates/Aeneas", ModTime: modTime, Data: []byte(`{{.Template.Name}}{{.Chart.Name}}{{.Release.Name}}`)}, + {Name: "templates/Amata", ModTime: modTime, Data: []byte(`{{.Subcharts.Latium.Chart.Name}} {{.Subcharts.Latium.Files.author | printf "%s"}}`)}, }, } outer.AddDependency(inner) - inject := chartutil.Values{ + inject := common.Values{ "Values": "", "Chart": outer.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "Aeneid", }, } @@ -804,27 +816,28 @@ func TestRenderBuiltinValues(t *testing.T) { } func TestAlterFuncMap_include(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{Name: "conrad"}, - Templates: []*chart.File{ - {Name: "templates/quote", Data: []byte(`{{include "conrad/templates/_partial" . | indent 2}} dead.`)}, - {Name: "templates/_partial", Data: []byte(`{{.Release.Name}} - he`)}, + Templates: []*common.File{ + {Name: "templates/quote", ModTime: modTime, Data: []byte(`{{include "conrad/templates/_partial" . | indent 2}} dead.`)}, + {Name: "templates/_partial", ModTime: modTime, Data: []byte(`{{.Release.Name}} - he`)}, }, } // Check nested reference in include FuncMap d := &chart.Chart{ Metadata: &chart.Metadata{Name: "nested"}, - Templates: []*chart.File{ - {Name: "templates/quote", Data: []byte(`{{include "nested/templates/quote" . | indent 2}} dead.`)}, - {Name: "templates/_partial", Data: []byte(`{{.Release.Name}} - he`)}, + Templates: []*common.File{ + {Name: "templates/quote", ModTime: modTime, Data: []byte(`{{include "nested/templates/quote" . | indent 2}} dead.`)}, + {Name: "templates/_partial", ModTime: modTime, Data: []byte(`{{.Release.Name}} - he`)}, }, } - v := chartutil.Values{ + v := common.Values{ "Values": "", "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "Mistah Kurtz", }, } @@ -847,21 +860,22 @@ func TestAlterFuncMap_include(t *testing.T) { } func TestAlterFuncMap_require(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{Name: "conan"}, - Templates: []*chart.File{ - {Name: "templates/quote", Data: []byte(`All your base are belong to {{ required "A valid 'who' is required" .Values.who }}`)}, - {Name: "templates/bases", Data: []byte(`All {{ required "A valid 'bases' is required" .Values.bases }} of them!`)}, + Templates: []*common.File{ + {Name: "templates/quote", ModTime: modTime, Data: []byte(`All your base are belong to {{ required "A valid 'who' is required" .Values.who }}`)}, + {Name: "templates/bases", ModTime: modTime, Data: []byte(`All {{ required "A valid 'bases' is required" .Values.bases }} of them!`)}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{ + v := common.Values{ + "Values": common.Values{ "who": "us", "bases": 2, }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "That 90s meme", }, } @@ -882,12 +896,12 @@ func TestAlterFuncMap_require(t *testing.T) { // test required without passing in needed values with lint mode on // verifies lint replaces required with an empty string (should not fail) - lintValues := chartutil.Values{ - "Values": chartutil.Values{ + lintValues := common.Values{ + "Values": common.Values{ "who": "us", }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "That 90s meme", }, } @@ -911,17 +925,17 @@ func TestAlterFuncMap_require(t *testing.T) { func TestAlterFuncMap_tpl(t *testing.T) { c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplFunction"}, - Templates: []*chart.File{ - {Name: "templates/base", Data: []byte(`Evaluate tpl {{tpl "Value: {{ .Values.value}}" .}}`)}, + Templates: []*common.File{ + {Name: "templates/base", ModTime: time.Now(), Data: []byte(`Evaluate tpl {{tpl "Value: {{ .Values.value}}" .}}`)}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{ + v := common.Values{ + "Values": common.Values{ "value": "myvalue", }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -940,17 +954,17 @@ func TestAlterFuncMap_tpl(t *testing.T) { func TestAlterFuncMap_tplfunc(t *testing.T) { c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplFunction"}, - Templates: []*chart.File{ - {Name: "templates/base", Data: []byte(`Evaluate tpl {{tpl "Value: {{ .Values.value | quote}}" .}}`)}, + Templates: []*common.File{ + {Name: "templates/base", ModTime: time.Now(), Data: []byte(`Evaluate tpl {{tpl "Value: {{ .Values.value | quote}}" .}}`)}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{ + v := common.Values{ + "Values": common.Values{ "value": "myvalue", }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -967,19 +981,20 @@ func TestAlterFuncMap_tplfunc(t *testing.T) { } func TestAlterFuncMap_tplinclude(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplFunction"}, - Templates: []*chart.File{ - {Name: "templates/base", Data: []byte(`{{ tpl "{{include ` + "`" + `TplFunction/templates/_partial` + "`" + ` . | quote }}" .}}`)}, - {Name: "templates/_partial", Data: []byte(`{{.Template.Name}}`)}, + Templates: []*common.File{ + {Name: "templates/base", ModTime: modTime, Data: []byte(`{{ tpl "{{include ` + "`" + `TplFunction/templates/_partial` + "`" + ` . | quote }}" .}}`)}, + {Name: "templates/_partial", ModTime: modTime, Data: []byte(`{{.Template.Name}}`)}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{ + v := common.Values{ + "Values": common.Values{ "value": "myvalue", }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -997,18 +1012,20 @@ func TestAlterFuncMap_tplinclude(t *testing.T) { } func TestRenderRecursionLimit(t *testing.T) { + modTime := time.Now() + // endless recursion should produce an error c := &chart.Chart{ Metadata: &chart.Metadata{Name: "bad"}, - Templates: []*chart.File{ - {Name: "templates/base", Data: []byte(`{{include "recursion" . }}`)}, - {Name: "templates/recursion", Data: []byte(`{{define "recursion"}}{{include "recursion" . }}{{end}}`)}, + Templates: []*common.File{ + {Name: "templates/base", ModTime: modTime, Data: []byte(`{{include "recursion" . }}`)}, + {Name: "templates/recursion", ModTime: modTime, Data: []byte(`{{define "recursion"}}{{include "recursion" . }}{{end}}`)}, }, } - v := chartutil.Values{ + v := common.Values{ "Values": "", "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1023,16 +1040,16 @@ func TestRenderRecursionLimit(t *testing.T) { times := 4000 phrase := "All work and no play makes Jack a dull boy" printFunc := `{{define "overlook"}}{{printf "` + phrase + `\n"}}{{end}}` - var repeatedIncl string + var repeatedIncl strings.Builder for i := 0; i < times; i++ { - repeatedIncl += `{{include "overlook" . }}` + repeatedIncl.WriteString(`{{include "overlook" . }}`) } d := &chart.Chart{ Metadata: &chart.Metadata{Name: "overlook"}, - Templates: []*chart.File{ - {Name: "templates/quote", Data: []byte(repeatedIncl)}, - {Name: "templates/_function", Data: []byte(printFunc)}, + Templates: []*common.File{ + {Name: "templates/quote", ModTime: modTime, Data: []byte(repeatedIncl.String())}, + {Name: "templates/_function", ModTime: modTime, Data: []byte(printFunc)}, }, } @@ -1052,25 +1069,26 @@ func TestRenderRecursionLimit(t *testing.T) { } func TestRenderLoadTemplateForTplFromFile(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplLoadFromFile"}, - Templates: []*chart.File{ - {Name: "templates/base", Data: []byte(`{{ tpl (.Files.Get .Values.filename) . }}`)}, - {Name: "templates/_function", Data: []byte(`{{define "test-function"}}test-function{{end}}`)}, + Templates: []*common.File{ + {Name: "templates/base", ModTime: modTime, Data: []byte(`{{ tpl (.Files.Get .Values.filename) . }}`)}, + {Name: "templates/_function", ModTime: modTime, Data: []byte(`{{define "test-function"}}test-function{{end}}`)}, }, - Files: []*chart.File{ - {Name: "test", Data: []byte(`{{ tpl (.Files.Get .Values.filename2) .}}`)}, - {Name: "test2", Data: []byte(`{{include "test-function" .}}{{define "nested-define"}}nested-define-content{{end}} {{include "nested-define" .}}`)}, + Files: []*common.File{ + {Name: "test", ModTime: modTime, Data: []byte(`{{ tpl (.Files.Get .Values.filename2) .}}`)}, + {Name: "test2", ModTime: modTime, Data: []byte(`{{include "test-function" .}}{{define "nested-define"}}nested-define-content{{end}} {{include "nested-define" .}}`)}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{ + v := common.Values{ + "Values": common.Values{ "filename": "test", "filename2": "test2", }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1087,17 +1105,18 @@ func TestRenderLoadTemplateForTplFromFile(t *testing.T) { } func TestRenderTplEmpty(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplEmpty"}, - Templates: []*chart.File{ - {Name: "templates/empty-string", Data: []byte(`{{tpl "" .}}`)}, - {Name: "templates/empty-action", Data: []byte(`{{tpl "{{ \"\"}}" .}}`)}, - {Name: "templates/only-defines", Data: []byte(`{{tpl "{{define \"not-invoked\"}}not-rendered{{end}}" .}}`)}, + Templates: []*common.File{ + {Name: "templates/empty-string", ModTime: modTime, Data: []byte(`{{tpl "" .}}`)}, + {Name: "templates/empty-action", ModTime: modTime, Data: []byte(`{{tpl "{{ \"\"}}" .}}`)}, + {Name: "templates/only-defines", ModTime: modTime, Data: []byte(`{{tpl "{{define \"not-invoked\"}}not-rendered{{end}}" .}}`)}, }, } - v := chartutil.Values{ + v := common.Values{ "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1120,21 +1139,22 @@ func TestRenderTplEmpty(t *testing.T) { } func TestRenderTplTemplateNames(t *testing.T) { + modTime := time.Now() // .Template.BasePath and .Name make it through c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplTemplateNames"}, - Templates: []*chart.File{ - {Name: "templates/default-basepath", Data: []byte(`{{tpl "{{ .Template.BasePath }}" .}}`)}, - {Name: "templates/default-name", Data: []byte(`{{tpl "{{ .Template.Name }}" .}}`)}, - {Name: "templates/modified-basepath", Data: []byte(`{{tpl "{{ .Template.BasePath }}" .Values.dot}}`)}, - {Name: "templates/modified-name", Data: []byte(`{{tpl "{{ .Template.Name }}" .Values.dot}}`)}, - {Name: "templates/modified-field", Data: []byte(`{{tpl "{{ .Template.Field }}" .Values.dot}}`)}, - }, - } - v := chartutil.Values{ - "Values": chartutil.Values{ - "dot": chartutil.Values{ - "Template": chartutil.Values{ + Templates: []*common.File{ + {Name: "templates/default-basepath", ModTime: modTime, Data: []byte(`{{tpl "{{ .Template.BasePath }}" .}}`)}, + {Name: "templates/default-name", ModTime: modTime, Data: []byte(`{{tpl "{{ .Template.Name }}" .}}`)}, + {Name: "templates/modified-basepath", ModTime: modTime, Data: []byte(`{{tpl "{{ .Template.BasePath }}" .Values.dot}}`)}, + {Name: "templates/modified-name", ModTime: modTime, Data: []byte(`{{tpl "{{ .Template.Name }}" .Values.dot}}`)}, + {Name: "templates/modified-field", ModTime: modTime, Data: []byte(`{{tpl "{{ .Template.Field }}" .Values.dot}}`)}, + }, + } + v := common.Values{ + "Values": common.Values{ + "dot": common.Values{ + "Template": common.Values{ "BasePath": "path/to/template", "Name": "name-of-template", "Field": "extra-field", @@ -1142,7 +1162,7 @@ func TestRenderTplTemplateNames(t *testing.T) { }, }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1167,12 +1187,13 @@ func TestRenderTplTemplateNames(t *testing.T) { } func TestRenderTplRedefines(t *testing.T) { + modTime := time.Now() // Redefining a template inside 'tpl' does not affect the outer definition c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplRedefines"}, - Templates: []*chart.File{ - {Name: "templates/_partials", Data: []byte(`{{define "partial"}}original-in-partial{{end}}`)}, - {Name: "templates/partial", Data: []byte( + Templates: []*common.File{ + {Name: "templates/_partials", ModTime: modTime, Data: []byte(`{{define "partial"}}original-in-partial{{end}}`)}, + {Name: "templates/partial", ModTime: modTime, Data: []byte( `before: {{include "partial" .}}\n{{tpl .Values.partialText .}}\nafter: {{include "partial" .}}`, )}, {Name: "templates/manifest", Data: []byte( @@ -1192,8 +1213,8 @@ func TestRenderTplRedefines(t *testing.T) { )}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{ + v := common.Values{ + "Values": common.Values{ "partialText": `{{define "partial"}}redefined-in-tpl{{end}}tpl: {{include "partial" .}}`, "manifestText": `{{define "manifest"}}redefined-in-tpl{{end}}tpl: {{include "manifest" .}}`, "manifestOnlyText": `tpl: {{include "manifest-only" .}}`, @@ -1205,7 +1226,7 @@ func TestRenderTplRedefines(t *testing.T) { "innerText": `{{define "nested"}}redefined-in-inner-tpl{{end}}inner-tpl: {{include "nested" .}} {{include "nested-outer" . }}`, }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1236,16 +1257,16 @@ func TestRenderTplMissingKey(t *testing.T) { // Rendering a missing key results in empty/zero output. c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplMissingKey"}, - Templates: []*chart.File{ - {Name: "templates/manifest", Data: []byte( + Templates: []*common.File{ + {Name: "templates/manifest", ModTime: time.Now(), Data: []byte( `missingValue: {{tpl "{{.Values.noSuchKey}}" .}}`, )}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{}, + v := common.Values{ + "Values": common.Values{}, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1269,16 +1290,16 @@ func TestRenderTplMissingKeyString(t *testing.T) { // Rendering a missing key results in error c := &chart.Chart{ Metadata: &chart.Metadata{Name: "TplMissingKeyStrict"}, - Templates: []*chart.File{ - {Name: "templates/manifest", Data: []byte( + Templates: []*common.File{ + {Name: "templates/manifest", ModTime: time.Now(), Data: []byte( `missingValue: {{tpl "{{.Values.noSuchKey}}" .}}`, )}, }, } - v := chartutil.Values{ - "Values": chartutil.Values{}, + v := common.Values{ + "Values": common.Values{}, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1299,16 +1320,17 @@ func TestRenderTplMissingKeyString(t *testing.T) { } func TestNestedHelpersProducesMultilineStacktrace(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{Name: "NestedHelperFunctions"}, - Templates: []*chart.File{ - {Name: "templates/svc.yaml", Data: []byte( + Templates: []*common.File{ + {Name: "templates/svc.yaml", ModTime: modTime, Data: []byte( `name: {{ include "nested_helper.name" . }}`, )}, - {Name: "templates/_helpers_1.tpl", Data: []byte( + {Name: "templates/_helpers_1.tpl", ModTime: modTime, Data: []byte( `{{- define "nested_helper.name" -}}{{- include "common.names.get_name" . -}}{{- end -}}`, )}, - {Name: "charts/common/templates/_helpers_2.tpl", Data: []byte( + {Name: "charts/common/templates/_helpers_2.tpl", ModTime: modTime, Data: []byte( `{{- define "common.names.get_name" -}}{{- .Values.nonexistant.key | trunc 63 | trimSuffix "-" -}}{{- end -}}`, )}, }, @@ -1324,9 +1346,9 @@ NestedHelperFunctions/charts/common/templates/_helpers_2.tpl:1:49 executing "common.names.get_name" at <.Values.nonexistant.key>: nil pointer evaluating interface {}.key` - v := chartutil.Values{} + v := common.Values{} - val, _ := chartutil.CoalesceValues(c, v) + val, _ := util.CoalesceValues(c, v) vals := map[string]interface{}{ "Values": val.AsMap(), } @@ -1337,16 +1359,17 @@ NestedHelperFunctions/charts/common/templates/_helpers_2.tpl:1:49 } func TestMultilineNoTemplateAssociatedError(t *testing.T) { + modTime := time.Now() c := &chart.Chart{ Metadata: &chart.Metadata{Name: "multiline"}, - Templates: []*chart.File{ - {Name: "templates/svc.yaml", Data: []byte( + Templates: []*common.File{ + {Name: "templates/svc.yaml", ModTime: modTime, Data: []byte( `name: {{ include "nested_helper.name" . }}`, )}, - {Name: "templates/test.yaml", Data: []byte( + {Name: "templates/test.yaml", ModTime: modTime, Data: []byte( `{{ toYaml .Values }}`, )}, - {Name: "charts/common/templates/_helpers_2.tpl", Data: []byte( + {Name: "charts/common/templates/_helpers_2.tpl", ModTime: modTime, Data: []byte( `{{ toYaml .Values }}`, )}, }, @@ -1357,9 +1380,9 @@ func TestMultilineNoTemplateAssociatedError(t *testing.T) { error calling include: template: no template "nested_helper.name" associated with template "gotpl"` - v := chartutil.Values{} + v := common.Values{} - val, _ := chartutil.CoalesceValues(c, v) + val, _ := util.CoalesceValues(c, v) vals := map[string]interface{}{ "Values": val.AsMap(), } @@ -1370,26 +1393,30 @@ template: no template "nested_helper.name" associated with template "gotpl"` } func TestRenderCustomTemplateFuncs(t *testing.T) { + modTime := time.Now() + // Create a chart with two templates that use custom functions c := &chart.Chart{ Metadata: &chart.Metadata{Name: "CustomFunc"}, - Templates: []*chart.File{ + Templates: []*common.File{ { - Name: "templates/manifest", - Data: []byte(`{{exclaim .Values.message}}`), + Name: "templates/manifest", + ModTime: modTime, + Data: []byte(`{{exclaim .Values.message}}`), }, { - Name: "templates/override", - Data: []byte(`{{ upper .Values.message }}`), + Name: "templates/override", + ModTime: modTime, + Data: []byte(`{{ upper .Values.message }}`), }, }, } - v := chartutil.Values{ - "Values": chartutil.Values{ + v := common.Values{ + "Values": common.Values{ "message": "hello", }, "Chart": c.Metadata, - "Release": chartutil.Values{ + "Release": common.Values{ "Name": "TestRelease", }, } @@ -1428,3 +1455,50 @@ func TestRenderCustomTemplateFuncs(t *testing.T) { t.Errorf("Expected %q, got %q", expected, rendered) } } + +func TestTraceableError_SimpleForm(t *testing.T) { + testStrings := []string{ + "function_not_found/templates/secret.yaml: error calling include", + } + for _, errString := range testStrings { + trace, done := parseTemplateSimpleErrorString(errString) + if !done { + t.Errorf("Expected parse to pass but did not") + } + if trace.message != "error calling include" { + t.Errorf("Expected %q, got %q", errString, trace.message) + } + } +} +func TestTraceableError_ExecutingForm(t *testing.T) { + testStrings := [][]string{ + {"function_not_found/templates/secret.yaml:6:11: executing \"function_not_found/templates/secret.yaml\" at : ", "function_not_found/templates/secret.yaml:6:11"}, + {"divide_by_zero/templates/secret.yaml:6:11: executing \"divide_by_zero/templates/secret.yaml\" at : ", "divide_by_zero/templates/secret.yaml:6:11"}, + } + for _, errTuple := range testStrings { + errString := errTuple[0] + expectedLocation := errTuple[1] + trace, done := parseTemplateExecutingAtErrorType(errString) + if !done { + t.Errorf("Expected parse to pass but did not") + } + if trace.location != expectedLocation { + t.Errorf("Expected %q, got %q", expectedLocation, trace.location) + } + } +} + +func TestTraceableError_NoTemplateForm(t *testing.T) { + testStrings := []string{ + "no template \"common.names.get_name\" associated with template \"gotpl\"", + } + for _, errString := range testStrings { + trace, done := parseTemplateNoTemplateError(errString, errString) + if !done { + t.Errorf("Expected parse to pass but did not") + } + if trace.message != errString { + t.Errorf("Expected %q, got %q", errString, trace.message) + } + } +} diff --git a/pkg/engine/files.go b/pkg/engine/files.go index 87166728c..7834cac2c 100644 --- a/pkg/engine/files.go +++ b/pkg/engine/files.go @@ -23,7 +23,7 @@ import ( "github.com/gobwas/glob" - chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/chart/common" ) // files is a map of files in a chart that can be accessed from a template. @@ -31,7 +31,7 @@ type files map[string][]byte // NewFiles creates a new files from chart files. // Given an []*chart.File (the format for files in a chart.Chart), extract a map of files. -func newFiles(from []*chart.File) files { +func newFiles(from []*common.File) files { files := make(map[string][]byte) for _, f := range from { files[f.Name] = f.Data @@ -64,7 +64,7 @@ func (f files) Get(name string) string { } // Glob takes a glob pattern and returns another files object only containing -// matched files. +// matched files. // // This is designed to be called from a template. // diff --git a/pkg/engine/lookup_func.go b/pkg/engine/lookup_func.go index 605b43a48..18ed2b63b 100644 --- a/pkg/engine/lookup_func.go +++ b/pkg/engine/lookup_func.go @@ -35,7 +35,7 @@ type lookupFunc = func(apiversion string, resource string, namespace string, nam // NewLookupFunction returns a function for looking up objects in the cluster. // // If the resource does not exist, no error is raised. -func NewLookupFunction(config *rest.Config) lookupFunc { +func NewLookupFunction(config *rest.Config) lookupFunc { //nolint:revive return newLookupFunction(clientProviderFromConfig{config: config}) } diff --git a/pkg/getter/httpgetter_test.go b/pkg/getter/httpgetter_test.go index f87d71877..b27b9f5d2 100644 --- a/pkg/getter/httpgetter_test.go +++ b/pkg/getter/httpgetter_test.go @@ -306,11 +306,11 @@ func TestDownload(t *testing.T) { func TestDownloadTLS(t *testing.T) { cd := "../../testdata" ca, pub, priv := filepath.Join(cd, "rootca.crt"), filepath.Join(cd, "crt.pem"), filepath.Join(cd, "key.pem") - insecureSkipTLSverify := false + insecureSkipTLSVerify := false tlsSrv := httptest.NewUnstartedServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {})) tlsConf, err := tlsutil.NewTLSConfig( - tlsutil.WithInsecureSkipVerify(insecureSkipTLSverify), + tlsutil.WithInsecureSkipVerify(insecureSkipTLSVerify), tlsutil.WithCertKeyPairFiles(pub, priv), tlsutil.WithCAFile(ca), ) @@ -359,14 +359,14 @@ func TestDownloadTLS(t *testing.T) { func TestDownloadTLSWithRedirect(t *testing.T) { cd := "../../testdata" srv2Resp := "hello" - insecureSkipTLSverify := false + insecureSkipTLSVerify := false // Server 2 that will actually fulfil the request. ca, pub, priv := filepath.Join(cd, "rootca.crt"), filepath.Join(cd, "localhost-crt.pem"), filepath.Join(cd, "key.pem") tlsConf, err := tlsutil.NewTLSConfig( tlsutil.WithCAFile(ca), tlsutil.WithCertKeyPairFiles(pub, priv), - tlsutil.WithInsecureSkipVerify(insecureSkipTLSverify), + tlsutil.WithInsecureSkipVerify(insecureSkipTLSVerify), ) if err != nil { @@ -387,7 +387,7 @@ func TestDownloadTLSWithRedirect(t *testing.T) { tlsConf, err = tlsutil.NewTLSConfig( tlsutil.WithCAFile(ca), tlsutil.WithCertKeyPairFiles(pub, priv), - tlsutil.WithInsecureSkipVerify(insecureSkipTLSverify), + tlsutil.WithInsecureSkipVerify(insecureSkipTLSVerify), ) if err != nil { @@ -520,11 +520,11 @@ func TestHTTPGetterTarDownload(t *testing.T) { b := make([]byte, 512) f.Read(b) - //Get the file size + // Get the file size FileStat, _ := f.Stat() FileSize := strconv.FormatInt(FileStat.Size(), 10) - //Simulating improper header values from bitbucket + // Simulating improper header values from bitbucket w.Header().Set("Content-Type", "application/x-tar") w.Header().Set("Content-Encoding", "gzip") w.Header().Set("Content-Length", FileSize) diff --git a/pkg/getter/ocigetter.go b/pkg/getter/ocigetter.go index 121e000c8..24fc60c56 100644 --- a/pkg/getter/ocigetter.go +++ b/pkg/getter/ocigetter.go @@ -175,6 +175,12 @@ func (g *OCIGetter) newRegistryClient() (*registry.Client, error) { // getPlugin handles plugin-specific OCI pulls func (g *OCIGetter) getPlugin(client *registry.Client, ref string) (*bytes.Buffer, error) { + // Check if this is a provenance file request + requestingProv := strings.HasSuffix(ref, ".prov") + if requestingProv { + ref = strings.TrimSuffix(ref, ".prov") + } + // Extract plugin name from the reference // e.g., "ghcr.io/user/plugin-name:v1.0.0" -> "plugin-name" parts := strings.Split(ref, "/") @@ -190,10 +196,18 @@ func (g *OCIGetter) getPlugin(client *registry.Client, ref string) (*bytes.Buffe pluginName = lastPart[:idx] } - result, err := client.PullPlugin(ref, pluginName) + var pullOpts []registry.PluginPullOption + if requestingProv { + pullOpts = append(pullOpts, registry.PullPluginOptWithProv(true)) + } + + result, err := client.PullPlugin(ref, pluginName, pullOpts...) if err != nil { return nil, err } + if requestingProv { + return bytes.NewBuffer(result.Prov.Data), nil + } return bytes.NewBuffer(result.PluginData), nil } diff --git a/pkg/getter/plugingetter.go b/pkg/getter/plugingetter.go index 2b7669f23..d74611637 100644 --- a/pkg/getter/plugingetter.go +++ b/pkg/getter/plugingetter.go @@ -49,7 +49,7 @@ func collectGetterPlugins(settings *cli.EnvSettings) (Providers, error) { } results := make([]Provider, 0, len(plgs)) for _, plg := range plgs { - if c, ok := plg.Metadata().Config.(*plugin.ConfigGetter); ok { + if c, ok := plg.Metadata().Config.(*schema.ConfigGetterV1); ok { results = append(results, Provider{ Schemes: c.Protocols, New: pluginConstructorBuilder(plg), @@ -109,14 +109,14 @@ func (g *getterPlugin) Get(href string, options ...Option) (*bytes.Buffer, error Protocol: u.Scheme, }, // TODO should we pass Stdin, Stdout, and Stderr through Input here to getter plugins? - //Stdout: os.Stdout, + // Stdout: os.Stdout, } output, err := g.plg.Invoke(context.Background(), input) if err != nil { return nil, fmt.Errorf("plugin %q failed to invoke: %w", g.plg, err) } - outputMessage, ok := output.Message.(*schema.OutputMessageGetterV1) + outputMessage, ok := output.Message.(schema.OutputMessageGetterV1) if !ok { return nil, fmt.Errorf("invalid output message type from plugin %q", g.plg.Metadata().Name) } diff --git a/pkg/getter/plugingetter_test.go b/pkg/getter/plugingetter_test.go index 1c0f5593f..8faaf7329 100644 --- a/pkg/getter/plugingetter_test.go +++ b/pkg/getter/plugingetter_test.go @@ -95,24 +95,24 @@ func TestConvertOptions(t *testing.T) { assert.Equal(t, expected, opts) } -type TestPlugin struct { +type testPlugin struct { t *testing.T dir string } -func (t *TestPlugin) Dir() string { +func (t *testPlugin) Dir() string { return t.dir } -func (t *TestPlugin) Metadata() plugin.Metadata { +func (t *testPlugin) Metadata() plugin.Metadata { return plugin.Metadata{ Name: "fake-plugin", Type: "cli/v1", APIVersion: "v1", Runtime: "subprocess", - Config: &plugin.ConfigCLI{}, + Config: &schema.ConfigCLIV1{}, RuntimeConfig: &plugin.RuntimeConfigSubprocess{ - PlatformCommands: []plugin.PlatformCommand{ + PlatformCommand: []plugin.PlatformCommand{ { Command: "echo fake-plugin", }, @@ -121,22 +121,22 @@ func (t *TestPlugin) Metadata() plugin.Metadata { } } -func (t *TestPlugin) Invoke(_ context.Context, _ *plugin.Input) (*plugin.Output, error) { +func (t *testPlugin) Invoke(_ context.Context, _ *plugin.Input) (*plugin.Output, error) { // Simulate a plugin invocation output := &plugin.Output{ - Message: &schema.OutputMessageGetterV1{ + Message: schema.OutputMessageGetterV1{ Data: []byte("fake-plugin output"), }, } return output, nil } -var _ plugin.Plugin = (*TestPlugin)(nil) +var _ plugin.Plugin = (*testPlugin)(nil) func TestGetterPlugin(t *testing.T) { gp := getterPlugin{ options: []Option{}, - plg: &TestPlugin{t: t, dir: "fake/dir"}, + plg: &testPlugin{t: t, dir: "fake/dir"}, } buf, err := gp.Get("test://example.com", WithTimeout(5*time.Second)) diff --git a/pkg/kube/client.go b/pkg/kube/client.go index 016055392..68f1e6475 100644 --- a/pkg/kube/client.go +++ b/pkg/kube/client.go @@ -39,6 +39,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" + "helm.sh/helm/v4/internal/logging" + "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -47,12 +49,14 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/jsonmergepatch" "k8s.io/apimachinery/pkg/util/mergepatch" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/strategicpatch" "k8s.io/cli-runtime/pkg/genericclioptions" "k8s.io/cli-runtime/pkg/resource" "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" + "k8s.io/client-go/util/csaupgrade" "k8s.io/client-go/util/retry" cmdutil "k8s.io/kubectl/pkg/cmd/util" ) @@ -80,10 +84,20 @@ type Client struct { // Namespace allows to bypass the kubeconfig file for the choice of the namespace Namespace string + // WaitContext is an optional context to use for wait operations. + // If not set, a context will be created internally using the + // timeout provided to the wait functions. + WaitContext context.Context + Waiter kubeClient kubernetes.Interface + + // Embed a LogHolder to provide logger functionality + logging.LogHolder } +var _ Interface = (*Client)(nil) + type WaitStrategy string const ( @@ -131,6 +145,7 @@ func (c *Client) newStatusWatcher() (*statusWaiter, error) { return &statusWaiter{ restMapper: restMapper, client: dynamicClient, + ctx: c.WaitContext, }, nil } @@ -141,7 +156,7 @@ func (c *Client) GetWaiter(strategy WaitStrategy) (Waiter, error) { if err != nil { return nil, err } - return &legacyWaiter{kubeClient: kc}, nil + return &legacyWaiter{kubeClient: kc, ctx: c.WaitContext}, nil case StatusWatcherStrategy: return c.newStatusWatcher() case HookOnlyStrategy: @@ -173,6 +188,7 @@ func New(getter genericclioptions.RESTClientGetter) *Client { c := &Client{ Factory: factory, } + c.SetLogger(slog.Default().Handler()) return c } @@ -212,7 +228,7 @@ type clientCreateOptions struct { type ClientCreateOption func(*clientCreateOptions) error -// ClientUpdateOptionServerSideApply enables performing object apply server-side +// ClientCreateOptionServerSideApply enables performing object apply server-side // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/ // // `forceConflicts` forces conflicts to be resolved (may be when serverSideApply enabled only) @@ -254,7 +270,7 @@ func ClientCreateOptionFieldValidationDirective(fieldValidationDirective FieldVa // Create creates Kubernetes resources specified in the resource list. func (c *Client) Create(resources ResourceList, options ...ClientCreateOption) (*Result, error) { - slog.Debug("creating resource(s)", "resources", len(resources)) + c.Logger().Debug("creating resource(s)", "resources", len(resources)) createOptions := clientCreateOptions{ serverSideApply: true, // Default to server-side apply @@ -269,17 +285,13 @@ func (c *Client) Create(resources ResourceList, options ...ClientCreateOption) ( return nil, fmt.Errorf("invalid client create option(s): %w", err) } - if createOptions.forceConflicts && !createOptions.serverSideApply { - return nil, fmt.Errorf("invalid operation: force conflicts can only be used with server-side apply") - } - makeCreateApplyFunc := func() func(target *resource.Info) error { if createOptions.serverSideApply { - slog.Debug("using server-side apply for resource creation", slog.Bool("forceConflicts", createOptions.forceConflicts), slog.Bool("dryRun", createOptions.dryRun), slog.String("fieldValidationDirective", string(createOptions.fieldValidationDirective))) + c.Logger().Debug("using server-side apply for resource creation", slog.Bool("forceConflicts", createOptions.forceConflicts), slog.Bool("dryRun", createOptions.dryRun), slog.String("fieldValidationDirective", string(createOptions.fieldValidationDirective))) return func(target *resource.Info) error { err := patchResourceServerSide(target, createOptions.dryRun, createOptions.forceConflicts, createOptions.fieldValidationDirective) - logger := slog.With( + logger := c.Logger().With( slog.String("namespace", target.Namespace), slog.String("name", target.Name), slog.String("gvk", target.Mapping.GroupVersionKind.String())) @@ -294,7 +306,7 @@ func (c *Client) Create(resources ResourceList, options ...ClientCreateOption) ( } } - slog.Debug("using client-side apply for resource creation") + c.Logger().Debug("using client-side apply for resource creation") return createResource } @@ -349,7 +361,7 @@ func (c *Client) Get(resources ResourceList, related bool) (map[string][]runtime objs, err = c.getSelectRelationPod(info, objs, isTable, &podSelectors) if err != nil { - slog.Warn("get the relation pod is failed", slog.Any("error", err)) + c.Logger().Warn("get the relation pod is failed", slog.Any("error", err)) } } } @@ -367,7 +379,7 @@ func (c *Client) getSelectRelationPod(info *resource.Info, objs map[string][]run if info == nil { return objs, nil } - slog.Debug("get relation pod of object", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind) + c.Logger().Debug("get relation pod of object", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind) selector, ok, _ := getSelectorFromObject(info.Object) if !ok { return objs, nil @@ -504,7 +516,7 @@ func (c *Client) update(originals, targets ResourceList, updateApplyFunc UpdateA updateErrors := []error{} res := &Result{} - slog.Debug("checking resources for changes", "resources", len(targets)) + c.Logger().Debug("checking resources for changes", "resources", len(targets)) err := targets.Visit(func(target *resource.Info, err error) error { if err != nil { return err @@ -525,7 +537,7 @@ func (c *Client) update(originals, targets ResourceList, updateApplyFunc UpdateA } kind := target.Mapping.GroupVersionKind.Kind - slog.Debug("created a new resource", "namespace", target.Namespace, "name", target.Name, "kind", kind) + c.Logger().Debug("created a new resource", "namespace", target.Namespace, "name", target.Name, "kind", kind) return nil } @@ -553,36 +565,44 @@ func (c *Client) update(originals, targets ResourceList, updateApplyFunc UpdateA } for _, info := range originals.Difference(targets) { - slog.Debug("deleting resource", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind) + c.Logger().Debug("deleting resource", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind) if err := info.Get(); err != nil { - slog.Debug("unable to get object", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) + c.Logger().Debug("unable to get object", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) continue } annotations, err := metadataAccessor.Annotations(info.Object) if err != nil { - slog.Debug("unable to get annotations", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) + c.Logger().Debug("unable to get annotations", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) } if annotations != nil && annotations[ResourcePolicyAnno] == KeepPolicy { - slog.Debug("skipping delete due to annotation", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, "annotation", ResourcePolicyAnno, "value", KeepPolicy) + c.Logger().Debug("skipping delete due to annotation", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, "annotation", ResourcePolicyAnno, "value", KeepPolicy) continue } if err := deleteResource(info, metav1.DeletePropagationBackground); err != nil { - slog.Debug("failed to delete resource", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) + c.Logger().Debug("failed to delete resource", "namespace", info.Namespace, "name", info.Name, "kind", info.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) + if !apierrors.IsNotFound(err) { + updateErrors = append(updateErrors, fmt.Errorf("failed to delete resource %s: %w", info.Name, err)) + } continue } res.Deleted = append(res.Deleted, info) } + + if len(updateErrors) != 0 { + return res, joinErrors(updateErrors, " && ") + } return res, nil } type clientUpdateOptions struct { - threeWayMergeForUnstructured bool - serverSideApply bool - forceReplace bool - forceConflicts bool - dryRun bool - fieldValidationDirective FieldValidationDirective + threeWayMergeForUnstructured bool + serverSideApply bool + forceReplace bool + forceConflicts bool + dryRun bool + fieldValidationDirective FieldValidationDirective + upgradeClientSideFieldManager bool } type ClientUpdateOption func(*clientUpdateOptions) error @@ -640,14 +660,32 @@ func ClientUpdateOptionDryRun(dryRun bool) ClientUpdateOption { // - For server-side apply: the directive is sent to the server to perform the validation // // Defaults to `FieldValidationDirectiveStrict` -func ClientUpdateOptionFieldValidationDirective(fieldValidationDirective FieldValidationDirective) ClientCreateOption { - return func(o *clientCreateOptions) error { +func ClientUpdateOptionFieldValidationDirective(fieldValidationDirective FieldValidationDirective) ClientUpdateOption { + return func(o *clientUpdateOptions) error { o.fieldValidationDirective = fieldValidationDirective return nil } } +// ClientUpdateOptionUpgradeClientSideFieldManager specifies that resources client-side field manager should be upgraded to server-side apply +// (before applying the object server-side) +// This is required when upgrading a chart from client-side to server-side apply, otherwise the client-side field management remains. Conflicting with server-side applied updates. +// +// Note: +// if this option is specified, but the object is not managed by client-side field manager, it will be a no-op. However, the cost of fetching the objects will be incurred. +// +// see: +// - https://github.com/kubernetes/kubernetes/pull/112905 +// - `UpgradeManagedFields` / https://github.com/kubernetes/kubernetes/blob/f47e9696d7237f1011d23c9b55f6947e60526179/staging/src/k8s.io/client-go/util/csaupgrade/upgrade.go#L81 +func ClientUpdateOptionUpgradeClientSideFieldManager(upgradeClientSideFieldManager bool) ClientUpdateOption { + return func(o *clientUpdateOptions) error { + o.upgradeClientSideFieldManager = upgradeClientSideFieldManager + + return nil + } +} + type UpdateApplyFunc func(original, target *resource.Info) error // Update takes the current list of objects and target list of objects and @@ -670,52 +708,65 @@ func (c *Client) Update(originals, targets ResourceList, options ...ClientUpdate errs = append(errs, o(&updateOptions)) } if err := errors.Join(errs...); err != nil { - return nil, fmt.Errorf("invalid client update option(s): %w", err) + return &Result{}, fmt.Errorf("invalid client update option(s): %w", err) } if updateOptions.threeWayMergeForUnstructured && updateOptions.serverSideApply { - return nil, fmt.Errorf("invalid operation: cannot use three-way merge for unstructured and server-side apply together") + return &Result{}, fmt.Errorf("invalid operation: cannot use three-way merge for unstructured and server-side apply together") } if updateOptions.forceConflicts && updateOptions.forceReplace { - return nil, fmt.Errorf("invalid operation: cannot use force conflicts and force replace together") + return &Result{}, fmt.Errorf("invalid operation: cannot use force conflicts and force replace together") } if updateOptions.serverSideApply && updateOptions.forceReplace { - return nil, fmt.Errorf("invalid operation: cannot use server-side apply and force replace together") + return &Result{}, fmt.Errorf("invalid operation: cannot use server-side apply and force replace together") } makeUpdateApplyFunc := func() UpdateApplyFunc { if updateOptions.forceReplace { - slog.Debug( + c.Logger().Debug( "using resource replace update strategy", slog.String("fieldValidationDirective", string(updateOptions.fieldValidationDirective))) return func(original, target *resource.Info) error { if err := replaceResource(target, updateOptions.fieldValidationDirective); err != nil { - slog.Debug("error replacing the resource", "namespace", target.Namespace, "name", target.Name, "kind", target.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) + c.Logger().Debug("error replacing the resource", "namespace", target.Namespace, "name", target.Name, "kind", target.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) return err } originalObject := original.Object kind := target.Mapping.GroupVersionKind.Kind - slog.Debug("replace succeeded", "name", original.Name, "initialKind", originalObject.GetObjectKind().GroupVersionKind().Kind, "kind", kind) + c.Logger().Debug("replace succeeded", "name", original.Name, "initialKind", originalObject.GetObjectKind().GroupVersionKind().Kind, "kind", kind) return nil } } else if updateOptions.serverSideApply { - slog.Debug( + c.Logger().Debug( "using server-side apply for resource update", slog.Bool("forceConflicts", updateOptions.forceConflicts), slog.Bool("dryRun", updateOptions.dryRun), - slog.String("fieldValidationDirective", string(updateOptions.fieldValidationDirective))) - return func(_, target *resource.Info) error { - err := patchResourceServerSide(target, updateOptions.dryRun, updateOptions.forceConflicts, updateOptions.fieldValidationDirective) + slog.String("fieldValidationDirective", string(updateOptions.fieldValidationDirective)), + slog.Bool("upgradeClientSideFieldManager", updateOptions.upgradeClientSideFieldManager)) + return func(original, target *resource.Info) error { - logger := slog.With( + logger := c.Logger().With( slog.String("namespace", target.Namespace), slog.String("name", target.Name), slog.String("gvk", target.Mapping.GroupVersionKind.String())) - if err != nil { + + if updateOptions.upgradeClientSideFieldManager { + patched, err := upgradeClientSideFieldManager(original, updateOptions.dryRun, updateOptions.fieldValidationDirective) + if err != nil { + c.Logger().Debug("Error patching resource to replace CSA field management", slog.Any("error", err)) + return err + } + + if patched { + logger.Debug("Upgraded object client-side field management with server-side apply field management") + } + } + + if err := patchResourceServerSide(target, updateOptions.dryRun, updateOptions.forceConflicts, updateOptions.fieldValidationDirective); err != nil { logger.Debug("Error patching resource", slog.Any("error", err)) return err } @@ -726,7 +777,7 @@ func (c *Client) Update(originals, targets ResourceList, options ...ClientUpdate } } - slog.Debug("using client-side apply for resource update", slog.Bool("threeWayMergeForUnstructured", updateOptions.threeWayMergeForUnstructured)) + c.Logger().Debug("using client-side apply for resource update", slog.Bool("threeWayMergeForUnstructured", updateOptions.threeWayMergeForUnstructured)) return func(original, target *resource.Info) error { return patchResourceClientSide(original.Object, target, updateOptions.threeWayMergeForUnstructured) } @@ -735,32 +786,20 @@ func (c *Client) Update(originals, targets ResourceList, options ...ClientUpdate return c.update(originals, targets, makeUpdateApplyFunc()) } -// Delete deletes Kubernetes resources specified in the resources list with -// background cascade deletion. It will attempt to delete all resources even -// if one or more fail and collect any errors. All successfully deleted items -// will be returned in the `Deleted` ResourceList that is part of the result. -func (c *Client) Delete(resources ResourceList) (*Result, []error) { - return deleteResources(resources, metav1.DeletePropagationBackground) -} - // Delete deletes Kubernetes resources specified in the resources list with // given deletion propagation policy. It will attempt to delete all resources even // if one or more fail and collect any errors. All successfully deleted items // will be returned in the `Deleted` ResourceList that is part of the result. -func (c *Client) DeleteWithPropagationPolicy(resources ResourceList, policy metav1.DeletionPropagation) (*Result, []error) { - return deleteResources(resources, policy) -} - -func deleteResources(resources ResourceList, propagation metav1.DeletionPropagation) (*Result, []error) { +func (c *Client) Delete(resources ResourceList, policy metav1.DeletionPropagation) (*Result, []error) { var errs []error res := &Result{} mtx := sync.Mutex{} err := perform(resources, func(target *resource.Info) error { - slog.Debug("starting delete resource", "namespace", target.Namespace, "name", target.Name, "kind", target.Mapping.GroupVersionKind.Kind) - err := deleteResource(target, propagation) + c.Logger().Debug("starting delete resource", "namespace", target.Namespace, "name", target.Name, "kind", target.Mapping.GroupVersionKind.Kind) + err := deleteResource(target, policy) if err == nil || apierrors.IsNotFound(err) { if err != nil { - slog.Debug("ignoring delete failure", "namespace", target.Namespace, "name", target.Name, "kind", target.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) + c.Logger().Debug("ignoring delete failure", "namespace", target.Namespace, "name", target.Name, "kind", target.Mapping.GroupVersionKind.Kind, slog.Any("error", err)) } mtx.Lock() defer mtx.Unlock() @@ -996,19 +1035,76 @@ func patchResourceClientSide(original runtime.Object, target *resource.Info, thr return nil } +// upgradeClientSideFieldManager is simply a wrapper around csaupgrade.UpgradeManagedFields +// that upgrade CSA managed fields to SSA apply +// see: https://github.com/kubernetes/kubernetes/pull/112905 +func upgradeClientSideFieldManager(info *resource.Info, dryRun bool, fieldValidationDirective FieldValidationDirective) (bool, error) { + + fieldManagerName := getManagedFieldsManager() + + patched := false + err := retry.RetryOnConflict( + retry.DefaultRetry, + func() error { + + if err := info.Get(); err != nil { + return fmt.Errorf("failed to get object %s/%s %s: %w", info.Namespace, info.Name, info.Mapping.GroupVersionKind.String(), err) + } + + helper := resource.NewHelper( + info.Client, + info.Mapping). + DryRun(dryRun). + WithFieldManager(fieldManagerName). + WithFieldValidation(string(fieldValidationDirective)) + + patchData, err := csaupgrade.UpgradeManagedFieldsPatch( + info.Object, + sets.New(fieldManagerName), + fieldManagerName) + if err != nil { + return fmt.Errorf("failed to upgrade managed fields for object %s/%s %s: %w", info.Namespace, info.Name, info.Mapping.GroupVersionKind.String(), err) + } + + if len(patchData) == 0 { + return nil + } + + obj, err := helper.Patch( + info.Namespace, + info.Name, + types.JSONPatchType, + patchData, + nil) + + if err == nil { + patched = true + return info.Refresh(obj, true) + } + + if !apierrors.IsConflict(err) { + return fmt.Errorf("failed to patch object to upgrade CSA field manager %s/%s %s: %w", info.Namespace, info.Name, info.Mapping.GroupVersionKind.String(), err) + } + + return err + }) + + return patched, err +} + // Patch reource using server-side apply func patchResourceServerSide(target *resource.Info, dryRun bool, forceConflicts bool, fieldValidationDirective FieldValidationDirective) error { helper := resource.NewHelper( target.Client, target.Mapping). DryRun(dryRun). - WithFieldManager(ManagedFieldsManager). + WithFieldManager(getManagedFieldsManager()). WithFieldValidation(string(fieldValidationDirective)) // Send the full object to be applied on the server side. data, err := runtime.Encode(unstructured.UnstructuredJSONScheme, target.Object) if err != nil { - return fmt.Errorf("failed to encode object %s/%s with kind %s: %w", target.Namespace, target.Name, target.Mapping.GroupVersionKind.Kind, err) + return fmt.Errorf("failed to encode object %s/%s %s: %w", target.Namespace, target.Name, target.Mapping.GroupVersionKind.String(), err) } options := metav1.PatchOptions{ Force: &forceConflicts, @@ -1026,7 +1122,7 @@ func patchResourceServerSide(target *resource.Info, dryRun bool, forceConflicts } if apierrors.IsConflict(err) { - return fmt.Errorf("conflict occurred while applying %s/%s with kind %s: %w", target.Namespace, target.Name, target.Mapping.GroupVersionKind.Kind, err) + return fmt.Errorf("conflict occurred while applying object %s/%s %s: %w", target.Namespace, target.Name, target.Mapping.GroupVersionKind.String(), err) } return err diff --git a/pkg/kube/client_test.go b/pkg/kube/client_test.go index 5060a5fc2..d49e179e0 100644 --- a/pkg/kube/client_test.go +++ b/pkg/kube/client_test.go @@ -18,6 +18,7 @@ package kube import ( "bytes" + "context" "errors" "fmt" "io" @@ -142,7 +143,7 @@ func NewRequestResponseLogClient(t *testing.T, cb RoundTripperTestFunc) RequestR } // RequestResponseLogClient is a test client that logs requests and responses -// Satifying http.RoundTripper interface, it can be used to mock HTTP requests in tests. +// Satisfying http.RoundTripper interface, it can be used to mock HTTP requests in tests. // Forwarding requests to a callback function (cb) that can be used to simulate server responses. type RequestResponseLogClient struct { t *testing.T @@ -321,6 +322,7 @@ func TestUpdate(t *testing.T) { ThreeWayMergeForUnstructured bool ServerSideApply bool ExpectedActions []string + ExpectedError string } expectedActionsClientSideApply := []string{ @@ -336,12 +338,16 @@ func TestUpdate(t *testing.T) { "/namespaces/default/pods:POST", // retry due to 409 "/namespaces/default/pods/squid:GET", "/namespaces/default/pods/squid:DELETE", + "/namespaces/default/pods/notfound:GET", + "/namespaces/default/pods/notfound:DELETE", } expectedActionsServerSideApply := []string{ + "/namespaces/default/pods/starfish:GET", "/namespaces/default/pods/starfish:GET", "/namespaces/default/pods/starfish:PATCH", "/namespaces/default/pods/otter:GET", + "/namespaces/default/pods/otter:GET", "/namespaces/default/pods/otter:PATCH", "/namespaces/default/pods/dolphin:GET", "/namespaces/default/pods:POST", // create dolphin @@ -349,11 +355,13 @@ func TestUpdate(t *testing.T) { "/namespaces/default/pods:POST", // retry due to 409 "/namespaces/default/pods/squid:GET", "/namespaces/default/pods/squid:DELETE", + "/namespaces/default/pods/notfound:GET", + "/namespaces/default/pods/notfound:DELETE", } testCases := map[string]testCase{ "client-side apply": { - OriginalPods: newPodList("starfish", "otter", "squid"), + OriginalPods: newPodList("starfish", "otter", "squid", "notfound"), TargetPods: func() v1.PodList { listTarget := newPodList("starfish", "otter", "dolphin") listTarget.Items[0].Spec.Containers[0].Ports = []v1.ContainerPort{{Name: "https", ContainerPort: 443}} @@ -363,9 +371,10 @@ func TestUpdate(t *testing.T) { ThreeWayMergeForUnstructured: false, ServerSideApply: false, ExpectedActions: expectedActionsClientSideApply, + ExpectedError: "", }, "client-side apply (three-way merge for unstructured)": { - OriginalPods: newPodList("starfish", "otter", "squid"), + OriginalPods: newPodList("starfish", "otter", "squid", "notfound"), TargetPods: func() v1.PodList { listTarget := newPodList("starfish", "otter", "dolphin") listTarget.Items[0].Spec.Containers[0].Ports = []v1.ContainerPort{{Name: "https", ContainerPort: 443}} @@ -375,9 +384,10 @@ func TestUpdate(t *testing.T) { ThreeWayMergeForUnstructured: true, ServerSideApply: false, ExpectedActions: expectedActionsClientSideApply, + ExpectedError: "", }, "serverSideApply": { - OriginalPods: newPodList("starfish", "otter", "squid"), + OriginalPods: newPodList("starfish", "otter", "squid", "notfound"), TargetPods: func() v1.PodList { listTarget := newPodList("starfish", "otter", "dolphin") listTarget.Items[0].Spec.Containers[0].Ports = []v1.ContainerPort{{Name: "https", ContainerPort: 443}} @@ -387,6 +397,23 @@ func TestUpdate(t *testing.T) { ThreeWayMergeForUnstructured: false, ServerSideApply: true, ExpectedActions: expectedActionsServerSideApply, + ExpectedError: "", + }, + "serverSideApply with forbidden deletion": { + OriginalPods: newPodList("starfish", "otter", "squid", "notfound", "forbidden"), + TargetPods: func() v1.PodList { + listTarget := newPodList("starfish", "otter", "dolphin") + listTarget.Items[0].Spec.Containers[0].Ports = []v1.ContainerPort{{Name: "https", ContainerPort: 443}} + + return listTarget + }(), + ThreeWayMergeForUnstructured: false, + ServerSideApply: true, + ExpectedActions: append(expectedActionsServerSideApply, + "/namespaces/default/pods/forbidden:GET", + "/namespaces/default/pods/forbidden:DELETE", + ), + ExpectedError: "failed to delete resource forbidden:", }, } @@ -442,6 +469,22 @@ func TestUpdate(t *testing.T) { return newResponse(http.StatusOK, &listTarget.Items[1]) case p == "/namespaces/default/pods/squid" && m == http.MethodGet: return newResponse(http.StatusOK, &listTarget.Items[2]) + case p == "/namespaces/default/pods/notfound" && m == http.MethodGet: + // Resource exists in original but will simulate not found on delete + return newResponse(http.StatusOK, &listOriginal.Items[3]) + case p == "/namespaces/default/pods/notfound" && m == http.MethodDelete: + // Simulate a not found during deletion; should not cause update to fail + return newResponse(http.StatusNotFound, notFoundBody()) + case p == "/namespaces/default/pods/forbidden" && m == http.MethodGet: + return newResponse(http.StatusOK, &listOriginal.Items[4]) + case p == "/namespaces/default/pods/forbidden" && m == http.MethodDelete: + // Simulate RBAC forbidden that should cause update to fail + return newResponse(http.StatusForbidden, &metav1.Status{ + Status: metav1.StatusFailure, + Message: "pods \"forbidden\" is forbidden: User \"test-user\" cannot delete resource \"pods\" in API group \"\" in the namespace \"default\"", + Reason: metav1.StatusReasonForbidden, + Code: http.StatusForbidden, + }) default: } @@ -467,8 +510,15 @@ func TestUpdate(t *testing.T) { second, ClientUpdateOptionThreeWayMergeForUnstructured(tc.ThreeWayMergeForUnstructured), ClientUpdateOptionForceReplace(false), - ClientUpdateOptionServerSideApply(tc.ServerSideApply, false)) - require.NoError(t, err) + ClientUpdateOptionServerSideApply(tc.ServerSideApply, false), + ClientUpdateOptionUpgradeClientSideFieldManager(true)) + + if tc.ExpectedError != "" { + require.Error(t, err) + require.Contains(t, err.Error(), tc.ExpectedError) + } else { + require.NoError(t, err) + } assert.Len(t, result.Created, 1, "expected 1 resource created, got %d", len(result.Created)) assert.Len(t, result.Updated, 2, "expected 2 resource updated, got %d", len(result.Updated)) @@ -813,7 +863,7 @@ func TestWaitDelete(t *testing.T) { if len(result.Created) != 1 { t.Errorf("expected 1 resource created, got %d", len(result.Created)) } - if _, err := c.Delete(resources); err != nil { + if _, err := c.Delete(resources, metav1.DeletePropagationBackground); err != nil { t.Fatal(err) } @@ -852,7 +902,7 @@ func TestReal(t *testing.T) { t.Fatal(err) } - if _, errs := c.Delete(resources); errs != nil { + if _, errs := c.Delete(resources, metav1.DeletePropagationBackground); errs != nil { t.Fatal(errs) } @@ -861,7 +911,7 @@ func TestReal(t *testing.T) { t.Fatal(err) } // ensures that delete does not fail if a resource is not found - if _, errs := c.Delete(resources); errs != nil { + if _, errs := c.Delete(resources, metav1.DeletePropagationBackground); errs != nil { t.Fatal(errs) } } @@ -1749,3 +1799,387 @@ func TestDetermineFieldValidationDirective(t *testing.T) { assert.Equal(t, FieldValidationDirectiveIgnore, determineFieldValidationDirective(false)) assert.Equal(t, FieldValidationDirectiveStrict, determineFieldValidationDirective(true)) } + +func TestClientWaitContextCancellationLegacy(t *testing.T) { + podList := newPodList("starfish", "otter") + + ctx, cancel := context.WithCancel(t.Context()) + + c := newTestClient(t) + c.WaitContext = ctx + + requestCount := 0 + c.Factory.(*cmdtesting.TestFactory).Client = &fake.RESTClient{ + NegotiatedSerializer: unstructuredSerializer, + Client: fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) { + requestCount++ + p, m := req.URL.Path, req.Method + t.Logf("got request %s %s", p, m) + + if requestCount == 2 { + cancel() + } + + switch { + case p == "/api/v1/namespaces/default/pods/starfish" && m == http.MethodGet: + pod := &podList.Items[0] + pod.Status.Conditions = []v1.PodCondition{ + { + Type: v1.PodReady, + Status: v1.ConditionFalse, + }, + } + return newResponse(http.StatusOK, pod) + case p == "/api/v1/namespaces/default/pods/otter" && m == http.MethodGet: + pod := &podList.Items[1] + pod.Status.Conditions = []v1.PodCondition{ + { + Type: v1.PodReady, + Status: v1.ConditionFalse, + }, + } + return newResponse(http.StatusOK, pod) + case p == "/namespaces/default/pods" && m == http.MethodPost: + resources, err := c.Build(req.Body, false) + if err != nil { + t.Fatal(err) + } + return newResponse(http.StatusOK, resources[0].Object) + default: + t.Logf("unexpected request: %s %s", req.Method, req.URL.Path) + return newResponse(http.StatusNotFound, notFoundBody()) + } + }), + } + + var err error + c.Waiter, err = c.GetWaiter(LegacyStrategy) + require.NoError(t, err) + + resources, err := c.Build(objBody(&podList), false) + require.NoError(t, err) + + result, err := c.Create( + resources, + ClientCreateOptionServerSideApply(false, false)) + require.NoError(t, err) + assert.Len(t, result.Created, 2, "expected 2 resources created, got %d", len(result.Created)) + + err = c.Wait(resources, time.Second*30) + require.Error(t, err) + assert.Contains(t, err.Error(), "context canceled", "expected context canceled error, got: %v", err) +} + +func TestClientWaitWithJobsContextCancellationLegacy(t *testing.T) { + job := newJob("starfish", 0, intToInt32(1), 0, 0) + + ctx, cancel := context.WithCancel(t.Context()) + + c := newTestClient(t) + c.WaitContext = ctx + + requestCount := 0 + c.Factory.(*cmdtesting.TestFactory).Client = &fake.RESTClient{ + NegotiatedSerializer: unstructuredSerializer, + Client: fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) { + requestCount++ + p, m := req.URL.Path, req.Method + t.Logf("got request %s %s", p, m) + + if requestCount == 2 { + cancel() + } + + switch { + case p == "/apis/batch/v1/namespaces/default/jobs/starfish" && m == http.MethodGet: + job.Status.Succeeded = 0 + return newResponse(http.StatusOK, job) + case p == "/namespaces/default/jobs" && m == http.MethodPost: + resources, err := c.Build(req.Body, false) + if err != nil { + t.Fatal(err) + } + return newResponse(http.StatusOK, resources[0].Object) + default: + t.Logf("unexpected request: %s %s", req.Method, req.URL.Path) + return newResponse(http.StatusNotFound, notFoundBody()) + } + }), + } + + var err error + c.Waiter, err = c.GetWaiter(LegacyStrategy) + require.NoError(t, err) + + resources, err := c.Build(objBody(job), false) + require.NoError(t, err) + + result, err := c.Create( + resources, + ClientCreateOptionServerSideApply(false, false)) + require.NoError(t, err) + assert.Len(t, result.Created, 1, "expected 1 resource created, got %d", len(result.Created)) + + err = c.WaitWithJobs(resources, time.Second*30) + require.Error(t, err) + assert.Contains(t, err.Error(), "context canceled", "expected context canceled error, got: %v", err) +} + +func TestClientWaitForDeleteContextCancellationLegacy(t *testing.T) { + pod := newPod("starfish") + + ctx, cancel := context.WithCancel(t.Context()) + + c := newTestClient(t) + c.WaitContext = ctx + + deleted := false + requestCount := 0 + c.Factory.(*cmdtesting.TestFactory).Client = &fake.RESTClient{ + NegotiatedSerializer: unstructuredSerializer, + Client: fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) { + requestCount++ + p, m := req.URL.Path, req.Method + t.Logf("got request %s %s", p, m) + + if requestCount == 3 { + cancel() + } + + switch { + case p == "/namespaces/default/pods/starfish" && m == http.MethodGet: + if deleted { + return newResponse(http.StatusOK, &pod) + } + return newResponse(http.StatusOK, &pod) + case p == "/namespaces/default/pods/starfish" && m == http.MethodDelete: + deleted = true + return newResponse(http.StatusOK, &pod) + case p == "/namespaces/default/pods" && m == http.MethodPost: + resources, err := c.Build(req.Body, false) + if err != nil { + t.Fatal(err) + } + return newResponse(http.StatusOK, resources[0].Object) + default: + t.Logf("unexpected request: %s %s", req.Method, req.URL.Path) + return newResponse(http.StatusNotFound, notFoundBody()) + } + }), + } + + var err error + c.Waiter, err = c.GetWaiter(LegacyStrategy) + require.NoError(t, err) + + resources, err := c.Build(objBody(&pod), false) + require.NoError(t, err) + + result, err := c.Create( + resources, + ClientCreateOptionServerSideApply(false, false)) + require.NoError(t, err) + assert.Len(t, result.Created, 1, "expected 1 resource created, got %d", len(result.Created)) + + if _, err := c.Delete(resources, metav1.DeletePropagationBackground); err != nil { + t.Fatal(err) + } + + err = c.WaitForDelete(resources, time.Second*30) + require.Error(t, err) + assert.Contains(t, err.Error(), "context canceled", "expected context canceled error, got: %v", err) +} + +func TestClientWaitContextNilDoesNotPanic(t *testing.T) { + podList := newPodList("starfish") + + var created *time.Time + + c := newTestClient(t) + c.WaitContext = nil + + c.Factory.(*cmdtesting.TestFactory).Client = &fake.RESTClient{ + NegotiatedSerializer: unstructuredSerializer, + Client: fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) { + p, m := req.URL.Path, req.Method + t.Logf("got request %s %s", p, m) + switch { + case p == "/api/v1/namespaces/default/pods/starfish" && m == http.MethodGet: + pod := &podList.Items[0] + if created != nil && time.Since(*created) >= time.Second*2 { + pod.Status.Conditions = []v1.PodCondition{ + { + Type: v1.PodReady, + Status: v1.ConditionTrue, + }, + } + } + return newResponse(http.StatusOK, pod) + case p == "/namespaces/default/pods" && m == http.MethodPost: + resources, err := c.Build(req.Body, false) + if err != nil { + t.Fatal(err) + } + now := time.Now() + created = &now + return newResponse(http.StatusOK, resources[0].Object) + default: + t.Fatalf("unexpected request: %s %s", req.Method, req.URL.Path) + return nil, nil + } + }), + } + + var err error + c.Waiter, err = c.GetWaiter(LegacyStrategy) + require.NoError(t, err) + + resources, err := c.Build(objBody(&podList), false) + require.NoError(t, err) + + result, err := c.Create( + resources, + ClientCreateOptionServerSideApply(false, false)) + require.NoError(t, err) + assert.Len(t, result.Created, 1, "expected 1 resource created, got %d", len(result.Created)) + + err = c.Wait(resources, time.Second*30) + require.NoError(t, err) + + assert.GreaterOrEqual(t, time.Since(*created), time.Second*2, "expected to wait at least 2 seconds") +} + +func TestClientWaitContextPreCancelledLegacy(t *testing.T) { + podList := newPodList("starfish") + + ctx, cancel := context.WithCancel(t.Context()) + cancel() + + c := newTestClient(t) + c.WaitContext = ctx + + c.Factory.(*cmdtesting.TestFactory).Client = &fake.RESTClient{ + NegotiatedSerializer: unstructuredSerializer, + Client: fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) { + p, m := req.URL.Path, req.Method + t.Logf("got request %s %s", p, m) + switch { + case p == "/api/v1/namespaces/default/pods/starfish" && m == http.MethodGet: + pod := &podList.Items[0] + return newResponse(http.StatusOK, pod) + case p == "/namespaces/default/pods" && m == http.MethodPost: + resources, err := c.Build(req.Body, false) + if err != nil { + t.Fatal(err) + } + return newResponse(http.StatusOK, resources[0].Object) + default: + t.Fatalf("unexpected request: %s %s", req.Method, req.URL.Path) + return nil, nil + } + }), + } + + var err error + c.Waiter, err = c.GetWaiter(LegacyStrategy) + require.NoError(t, err) + + resources, err := c.Build(objBody(&podList), false) + require.NoError(t, err) + + result, err := c.Create( + resources, + ClientCreateOptionServerSideApply(false, false)) + require.NoError(t, err) + assert.Len(t, result.Created, 1, "expected 1 resource created, got %d", len(result.Created)) + + err = c.Wait(resources, time.Second*30) + require.Error(t, err) + assert.Contains(t, err.Error(), "context canceled", "expected context canceled error, got: %v", err) +} + +func TestClientWaitContextCancellationStatusWatcher(t *testing.T) { + ctx, cancel := context.WithCancel(t.Context()) + + c := newTestClient(t) + c.WaitContext = ctx + + podManifest := ` +apiVersion: v1 +kind: Pod +metadata: + name: test-pod + namespace: default +` + var err error + c.Waiter, err = c.GetWaiter(StatusWatcherStrategy) + require.NoError(t, err) + + resources, err := c.Build(strings.NewReader(podManifest), false) + require.NoError(t, err) + + cancel() + + err = c.Wait(resources, time.Second*30) + require.Error(t, err) + assert.Contains(t, err.Error(), "context canceled", "expected context canceled error, got: %v", err) +} + +func TestClientWaitWithJobsContextCancellationStatusWatcher(t *testing.T) { + ctx, cancel := context.WithCancel(t.Context()) + + c := newTestClient(t) + c.WaitContext = ctx + + jobManifest := ` +apiVersion: batch/v1 +kind: Job +metadata: + name: test-job + namespace: default +` + var err error + c.Waiter, err = c.GetWaiter(StatusWatcherStrategy) + require.NoError(t, err) + + resources, err := c.Build(strings.NewReader(jobManifest), false) + require.NoError(t, err) + + cancel() + + err = c.WaitWithJobs(resources, time.Second*30) + require.Error(t, err) + assert.Contains(t, err.Error(), "context canceled", "expected context canceled error, got: %v", err) +} + +func TestClientWaitForDeleteContextCancellationStatusWatcher(t *testing.T) { + ctx, cancel := context.WithCancel(t.Context()) + + c := newTestClient(t) + c.WaitContext = ctx + + podManifest := ` +apiVersion: v1 +kind: Pod +metadata: + name: test-pod + namespace: default +status: + conditions: + - type: Ready + status: "True" + phase: Running +` + var err error + c.Waiter, err = c.GetWaiter(StatusWatcherStrategy) + require.NoError(t, err) + + resources, err := c.Build(strings.NewReader(podManifest), false) + require.NoError(t, err) + + cancel() + + err = c.WaitForDelete(resources, time.Second*30) + require.Error(t, err) + assert.Contains(t, err.Error(), "context canceled", "expected context canceled error, got: %v", err) +} diff --git a/pkg/kube/fake/fake.go b/pkg/kube/fake/failing_kube_client.go similarity index 82% rename from pkg/kube/fake/fake.go rename to pkg/kube/fake/failing_kube_client.go index 588bba83d..f340c045f 100644 --- a/pkg/kube/fake/fake.go +++ b/pkg/kube/fake/failing_kube_client.go @@ -33,22 +33,24 @@ import ( // delegates all its calls to `PrintingKubeClient` type FailingKubeClient struct { PrintingKubeClient - CreateError error - GetError error - DeleteError error - DeleteWithPropagationError error - UpdateError error - BuildError error - BuildTableError error - BuildDummy bool - DummyResources kube.ResourceList - BuildUnstructuredError error - WaitError error - WaitForDeleteError error - WatchUntilReadyError error - WaitDuration time.Duration + CreateError error + GetError error + DeleteError error + UpdateError error + BuildError error + BuildTableError error + ConnectionError error + BuildDummy bool + DummyResources kube.ResourceList + BuildUnstructuredError error + WaitError error + WaitForDeleteError error + WatchUntilReadyError error + WaitDuration time.Duration } +var _ kube.Interface = &FailingKubeClient{} + // FailingKubeWaiter implements kube.Waiter for testing purposes. // It also has additional errors you can set to fail different functions, otherwise it delegates all its calls to `PrintingKubeWaiter` type FailingKubeWaiter struct { @@ -101,11 +103,12 @@ func (f *FailingKubeWaiter) WaitForDelete(resources kube.ResourceList, d time.Du } // Delete returns the configured error if set or prints -func (f *FailingKubeClient) Delete(resources kube.ResourceList) (*kube.Result, []error) { +func (f *FailingKubeClient) Delete(resources kube.ResourceList, deletionPropagation metav1.DeletionPropagation) (*kube.Result, []error) { if f.DeleteError != nil { return nil, []error{f.DeleteError} } - return f.PrintingKubeClient.Delete(resources) + + return f.PrintingKubeClient.Delete(resources, deletionPropagation) } // WatchUntilReady returns the configured error if set or prints @@ -146,14 +149,6 @@ func (f *FailingKubeClient) BuildTable(r io.Reader, _ bool) (kube.ResourceList, return f.PrintingKubeClient.BuildTable(r, false) } -// DeleteWithPropagationPolicy returns the configured error if set or prints -func (f *FailingKubeClient) DeleteWithPropagationPolicy(resources kube.ResourceList, policy metav1.DeletionPropagation) (*kube.Result, []error) { - if f.DeleteWithPropagationError != nil { - return nil, []error{f.DeleteWithPropagationError} - } - return f.PrintingKubeClient.DeleteWithPropagationPolicy(resources, policy) -} - func (f *FailingKubeClient) GetWaiter(ws kube.WaitStrategy) (kube.Waiter, error) { waiter, _ := f.PrintingKubeClient.GetWaiter(ws) printingKubeWaiter, _ := waiter.(*PrintingKubeWaiter) @@ -166,6 +161,13 @@ func (f *FailingKubeClient) GetWaiter(ws kube.WaitStrategy) (kube.Waiter, error) }, nil } +func (f *FailingKubeClient) IsReachable() error { + if f.ConnectionError != nil { + return f.ConnectionError + } + return f.PrintingKubeClient.IsReachable() +} + func createDummyResourceList() kube.ResourceList { var resInfo resource.Info resInfo.Name = "dummyName" diff --git a/pkg/kube/fake/printer.go b/pkg/kube/fake/printer.go index 16c93615a..a7aad1dac 100644 --- a/pkg/kube/fake/printer.go +++ b/pkg/kube/fake/printer.go @@ -43,6 +43,8 @@ type PrintingKubeWaiter struct { LogOutput io.Writer } +var _ kube.Interface = &PrintingKubeClient{} + // IsReachable checks if the cluster is reachable func (p *PrintingKubeClient) IsReachable() error { return nil @@ -89,7 +91,7 @@ func (p *PrintingKubeWaiter) WatchUntilReady(resources kube.ResourceList, _ time // Delete implements KubeClient delete. // // It only prints out the content to be deleted. -func (p *PrintingKubeClient) Delete(resources kube.ResourceList) (*kube.Result, []error) { +func (p *PrintingKubeClient) Delete(resources kube.ResourceList, _ metav1.DeletionPropagation) (*kube.Result, []error) { _, err := io.Copy(p.Out, bufferize(resources)) if err != nil { return nil, []error{err} diff --git a/pkg/kube/interface.go b/pkg/kube/interface.go index 7339ae0ff..cc934ae1e 100644 --- a/pkg/kube/interface.go +++ b/pkg/kube/interface.go @@ -29,11 +29,18 @@ import ( // // A KubernetesClient must be concurrency safe. type Interface interface { + // Get details of deployed resources. + // The first argument is a list of resources to get. The second argument + // specifies if related pods should be fetched. For example, the pods being + // managed by a deployment. + Get(resources ResourceList, related bool) (map[string][]runtime.Object, error) + // Create creates one or more resources. Create(resources ResourceList, options ...ClientCreateOption) (*Result, error) - // Delete destroys one or more resources. - Delete(resources ResourceList) (*Result, []error) + // Delete destroys one or more resources using the specified deletion propagation policy. + // The 'policy' parameter determines how child resources are handled during deletion. + Delete(resources ResourceList, policy metav1.DeletionPropagation) (*Result, []error) // Update updates one or more resources or creates the resource // if it doesn't exist. @@ -51,6 +58,23 @@ type Interface interface { // Get Waiter gets the Kube.Waiter GetWaiter(ws WaitStrategy) (Waiter, error) + + // GetPodList lists all pods that match the specified listOptions + GetPodList(namespace string, listOptions metav1.ListOptions) (*v1.PodList, error) + + // OutputContainerLogsForPodList outputs the logs for a pod list + OutputContainerLogsForPodList(podList *v1.PodList, namespace string, writerFunc func(namespace, pod, container string) io.Writer) error + + // BuildTable creates a resource list from a Reader. This differs from + // Interface.Build() in that a table kind is returned. A table is useful + // if you want to use a printer to display the information. + // + // Reader must contain a YAML stream (one or more YAML documents separated + // by "\n---\n") + // + // Validates against OpenAPI schema if validate is true. + // TODO Helm 4: Integrate into Build with an argument + BuildTable(reader io.Reader, validate bool) (ResourceList, error) } // Waiter defines methods related to waiting for resource states. @@ -75,49 +99,3 @@ type Waiter interface { // error. WatchUntilReady(resources ResourceList, timeout time.Duration) error } - -// InterfaceLogs was introduced to avoid breaking backwards compatibility for Interface implementers. -// -// TODO Helm 4: Remove InterfaceLogs and integrate its method(s) into the Interface. -type InterfaceLogs interface { - // GetPodList list all pods that match the specified listOptions - GetPodList(namespace string, listOptions metav1.ListOptions) (*v1.PodList, error) - - // OutputContainerLogsForPodList output the logs for a pod list - OutputContainerLogsForPodList(podList *v1.PodList, namespace string, writerFunc func(namespace, pod, container string) io.Writer) error -} - -// InterfaceDeletionPropagation is introduced to avoid breaking backwards compatibility for Interface implementers. -// -// TODO Helm 4: Remove InterfaceDeletionPropagation and integrate its method(s) into the Interface. -type InterfaceDeletionPropagation interface { - // DeleteWithPropagationPolicy destroys one or more resources. The deletion propagation is handled as per the given deletion propagation value. - DeleteWithPropagationPolicy(resources ResourceList, policy metav1.DeletionPropagation) (*Result, []error) -} - -// InterfaceResources is introduced to avoid breaking backwards compatibility for Interface implementers. -// -// TODO Helm 4: Remove InterfaceResources and integrate its method(s) into the Interface. -type InterfaceResources interface { - // Get details of deployed resources. - // The first argument is a list of resources to get. The second argument - // specifies if related pods should be fetched. For example, the pods being - // managed by a deployment. - Get(resources ResourceList, related bool) (map[string][]runtime.Object, error) - - // BuildTable creates a resource list from a Reader. This differs from - // Interface.Build() in that a table kind is returned. A table is useful - // if you want to use a printer to display the information. - // - // Reader must contain a YAML stream (one or more YAML documents separated - // by "\n---\n") - // - // Validates against OpenAPI schema if validate is true. - // TODO Helm 4: Integrate into Build with an argument - BuildTable(reader io.Reader, validate bool) (ResourceList, error) -} - -var _ Interface = (*Client)(nil) -var _ InterfaceLogs = (*Client)(nil) -var _ InterfaceDeletionPropagation = (*Client)(nil) -var _ InterfaceResources = (*Client)(nil) diff --git a/pkg/kube/ready.go b/pkg/kube/ready.go index 7a06c72f9..42e327bdd 100644 --- a/pkg/kube/ready.go +++ b/pkg/kube/ready.go @@ -455,5 +455,8 @@ func getPods(ctx context.Context, client kubernetes.Interface, namespace, select list, err := client.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{ LabelSelector: selector, }) - return list.Items, err + if err != nil { + return nil, fmt.Errorf("failed to list pods: %w", err) + } + return list.Items, nil } diff --git a/pkg/kube/statuswait.go b/pkg/kube/statuswait.go index 2d7cfe971..cd9722eda 100644 --- a/pkg/kube/statuswait.go +++ b/pkg/kube/statuswait.go @@ -36,6 +36,7 @@ import ( "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/client-go/dynamic" + watchtools "k8s.io/client-go/tools/watch" helmStatusReaders "helm.sh/helm/v4/internal/statusreaders" ) @@ -43,6 +44,7 @@ import ( type statusWaiter struct { client dynamic.Interface restMapper meta.RESTMapper + ctx context.Context } func alwaysReady(_ *unstructured.Unstructured) (*status.Result, error) { @@ -53,7 +55,7 @@ func alwaysReady(_ *unstructured.Unstructured) (*status.Result, error) { } func (w *statusWaiter) WatchUntilReady(resourceList ResourceList, timeout time.Duration) error { - ctx, cancel := context.WithTimeout(context.Background(), timeout) + ctx, cancel := w.contextWithTimeout(timeout) defer cancel() slog.Debug("waiting for resources", "count", len(resourceList), "timeout", timeout) sw := watcher.NewDefaultStatusWatcher(w.client, w.restMapper) @@ -74,7 +76,7 @@ func (w *statusWaiter) WatchUntilReady(resourceList ResourceList, timeout time.D } func (w *statusWaiter) Wait(resourceList ResourceList, timeout time.Duration) error { - ctx, cancel := context.WithTimeout(context.TODO(), timeout) + ctx, cancel := w.contextWithTimeout(timeout) defer cancel() slog.Debug("waiting for resources", "count", len(resourceList), "timeout", timeout) sw := watcher.NewDefaultStatusWatcher(w.client, w.restMapper) @@ -82,7 +84,7 @@ func (w *statusWaiter) Wait(resourceList ResourceList, timeout time.Duration) er } func (w *statusWaiter) WaitWithJobs(resourceList ResourceList, timeout time.Duration) error { - ctx, cancel := context.WithTimeout(context.TODO(), timeout) + ctx, cancel := w.contextWithTimeout(timeout) defer cancel() slog.Debug("waiting for resources", "count", len(resourceList), "timeout", timeout) sw := watcher.NewDefaultStatusWatcher(w.client, w.restMapper) @@ -93,7 +95,7 @@ func (w *statusWaiter) WaitWithJobs(resourceList ResourceList, timeout time.Dura } func (w *statusWaiter) WaitForDelete(resourceList ResourceList, timeout time.Duration) error { - ctx, cancel := context.WithTimeout(context.TODO(), timeout) + ctx, cancel := w.contextWithTimeout(timeout) defer cancel() slog.Debug("waiting for resources to be deleted", "count", len(resourceList), "timeout", timeout) sw := watcher.NewDefaultStatusWatcher(w.client, w.restMapper) @@ -179,6 +181,17 @@ func (w *statusWaiter) wait(ctx context.Context, resourceList ResourceList, sw w return nil } +func (w *statusWaiter) contextWithTimeout(timeout time.Duration) (context.Context, context.CancelFunc) { + return contextWithTimeout(w.ctx, timeout) +} + +func contextWithTimeout(ctx context.Context, timeout time.Duration) (context.Context, context.CancelFunc) { + if ctx == nil { + ctx = context.Background() + } + return watchtools.ContextWithOptionalTimeout(ctx, timeout) +} + func statusObserver(cancel context.CancelFunc, desired status.Status) collector.ObserverFunc { return func(statusCollector *collector.ResourceStatusCollector, _ event.Event) { var rss []*event.ResourceStatus diff --git a/pkg/kube/wait.go b/pkg/kube/wait.go index 9bfa1ef6d..f776ae471 100644 --- a/pkg/kube/wait.go +++ b/pkg/kube/wait.go @@ -49,6 +49,7 @@ import ( type legacyWaiter struct { c ReadyChecker kubeClient *kubernetes.Clientset + ctx context.Context } func (hw *legacyWaiter) Wait(resources ResourceList, timeout time.Duration) error { @@ -66,7 +67,7 @@ func (hw *legacyWaiter) WaitWithJobs(resources ResourceList, timeout time.Durati func (hw *legacyWaiter) waitForResources(created ResourceList, timeout time.Duration) error { slog.Debug("beginning wait for resources", "count", len(created), "timeout", timeout) - ctx, cancel := context.WithTimeout(context.Background(), timeout) + ctx, cancel := hw.contextWithTimeout(timeout) defer cancel() numberOfErrors := make([]int, len(created)) @@ -121,7 +122,7 @@ func (hw *legacyWaiter) WaitForDelete(deleted ResourceList, timeout time.Duratio slog.Debug("beginning wait for resources to be deleted", "count", len(deleted), "timeout", timeout) startTime := time.Now() - ctx, cancel := context.WithTimeout(context.Background(), timeout) + ctx, cancel := hw.contextWithTimeout(timeout) defer cancel() err := wait.PollUntilContextCancel(ctx, 2*time.Second, true, func(_ context.Context) (bool, error) { @@ -246,7 +247,7 @@ func (hw *legacyWaiter) watchUntilReady(timeout time.Duration, info *resource.In // In the future, we might want to add some special logic for types // like Ingress, Volume, etc. - ctx, cancel := watchtools.ContextWithOptionalTimeout(context.Background(), timeout) + ctx, cancel := hw.contextWithTimeout(timeout) defer cancel() _, err = watchtools.UntilWithSync(ctx, lw, &unstructured.Unstructured{}, nil, func(e watch.Event) (bool, error) { // Make sure the incoming object is versioned as we use unstructured @@ -327,3 +328,7 @@ func (hw *legacyWaiter) waitForPodSuccess(obj runtime.Object, name string) (bool return false, nil } + +func (hw *legacyWaiter) contextWithTimeout(timeout time.Duration) (context.Context, context.CancelFunc) { + return contextWithTimeout(hw.ctx, timeout) +} diff --git a/pkg/postrender/exec.go b/pkg/postrender/exec.go deleted file mode 100644 index 16d9c09ce..000000000 --- a/pkg/postrender/exec.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package postrender - -import ( - "bytes" - "fmt" - "io" - "os/exec" - "path/filepath" -) - -type execRender struct { - binaryPath string - args []string -} - -// NewExec returns a PostRenderer implementation that calls the provided binary. -// It returns an error if the binary cannot be found. If the path does not -// contain any separators, it will search in $PATH, otherwise it will resolve -// any relative paths to a fully qualified path -func NewExec(binaryPath string, args ...string) (PostRenderer, error) { - fullPath, err := getFullPath(binaryPath) - if err != nil { - return nil, err - } - return &execRender{fullPath, args}, nil -} - -// Run the configured binary for the post render -func (p *execRender) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) { - cmd := exec.Command(p.binaryPath, p.args...) - stdin, err := cmd.StdinPipe() - if err != nil { - return nil, err - } - - var postRendered = &bytes.Buffer{} - var stderr = &bytes.Buffer{} - cmd.Stdout = postRendered - cmd.Stderr = stderr - - go func() { - defer stdin.Close() - io.Copy(stdin, renderedManifests) - }() - err = cmd.Run() - if err != nil { - return nil, fmt.Errorf("error while running command %s. error output:\n%s: %w", p.binaryPath, stderr.String(), err) - } - - // If the binary returned almost nothing, it's likely that it didn't - // successfully render anything - if len(bytes.TrimSpace(postRendered.Bytes())) == 0 { - return nil, fmt.Errorf("post-renderer %q produced empty output", p.binaryPath) - } - - return postRendered, nil -} - -// getFullPath returns the full filepath to the binary to execute. If the path -// does not contain any separators, it will search in $PATH, otherwise it will -// resolve any relative paths to a fully qualified path -func getFullPath(binaryPath string) (string, error) { - // NOTE(thomastaylor312): I am leaving this code commented out here. During - // the implementation of post-render, it was brought up that if we are - // relying on plugins, we should actually use the plugin system so it can - // properly handle multiple OSs. This will be a feature add in the future, - // so I left this code for reference. It can be deleted or reused once the - // feature is implemented - - // Manually check the plugin dir first - // if !strings.Contains(binaryPath, string(filepath.Separator)) { - // // First check the plugin dir - // pluginDir := helmpath.DataPath("plugins") // Default location - // // If location for plugins is explicitly set, check there - // if v, ok := os.LookupEnv("HELM_PLUGINS"); ok { - // pluginDir = v - // } - // // The plugins variable can actually contain multiple paths, so loop through those - // for _, p := range filepath.SplitList(pluginDir) { - // _, err := os.Stat(filepath.Join(p, binaryPath)) - // if err != nil && !errors.Is(err, fs.ErrNotExist) { - // return "", err - // } else if err == nil { - // binaryPath = filepath.Join(p, binaryPath) - // break - // } - // } - // } - - // Now check for the binary using the given path or check if it exists in - // the path and is executable - checkedPath, err := exec.LookPath(binaryPath) - if err != nil { - return "", fmt.Errorf("unable to find binary at %s: %w", binaryPath, err) - } - - return filepath.Abs(checkedPath) -} diff --git a/pkg/postrender/exec_test.go b/pkg/postrender/exec_test.go deleted file mode 100644 index a10ad2cc4..000000000 --- a/pkg/postrender/exec_test.go +++ /dev/null @@ -1,193 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package postrender - -import ( - "bytes" - "os" - "path/filepath" - "runtime" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -const testingScript = `#!/bin/sh -if [ $# -eq 0 ]; then -sed s/FOOTEST/BARTEST/g <&0 -else -sed s/FOOTEST/"$*"/g <&0 -fi -` - -func TestGetFullPath(t *testing.T) { - is := assert.New(t) - t.Run("full path resolves correctly", func(t *testing.T) { - testpath := setupTestingScript(t) - - fullPath, err := getFullPath(testpath) - is.NoError(err) - is.Equal(testpath, fullPath) - }) - - t.Run("relative path resolves correctly", func(t *testing.T) { - testpath := setupTestingScript(t) - - currentDir, err := os.Getwd() - require.NoError(t, err) - relative, err := filepath.Rel(currentDir, testpath) - require.NoError(t, err) - fullPath, err := getFullPath(relative) - is.NoError(err) - is.Equal(testpath, fullPath) - }) - - t.Run("binary in PATH resolves correctly", func(t *testing.T) { - testpath := setupTestingScript(t) - - t.Setenv("PATH", filepath.Dir(testpath)) - - fullPath, err := getFullPath(filepath.Base(testpath)) - is.NoError(err) - is.Equal(testpath, fullPath) - }) - - // NOTE(thomastaylor312): See note in getFullPath for more details why this - // is here - - // t.Run("binary in plugin path resolves correctly", func(t *testing.T) { - // testpath, cleanup := setupTestingScript(t) - // defer cleanup() - - // realPath := os.Getenv("HELM_PLUGINS") - // os.Setenv("HELM_PLUGINS", filepath.Dir(testpath)) - // defer func() { - // os.Setenv("HELM_PLUGINS", realPath) - // }() - - // fullPath, err := getFullPath(filepath.Base(testpath)) - // is.NoError(err) - // is.Equal(testpath, fullPath) - // }) - - // t.Run("binary in multiple plugin paths resolves correctly", func(t *testing.T) { - // testpath, cleanup := setupTestingScript(t) - // defer cleanup() - - // realPath := os.Getenv("HELM_PLUGINS") - // os.Setenv("HELM_PLUGINS", filepath.Dir(testpath)+string(os.PathListSeparator)+"/another/dir") - // defer func() { - // os.Setenv("HELM_PLUGINS", realPath) - // }() - - // fullPath, err := getFullPath(filepath.Base(testpath)) - // is.NoError(err) - // is.Equal(testpath, fullPath) - // }) -} - -func TestExecRun(t *testing.T) { - if runtime.GOOS == "windows" { - // the actual Run test uses a basic sed example, so skip this test on windows - t.Skip("skipping on windows") - } - is := assert.New(t) - testpath := setupTestingScript(t) - - renderer, err := NewExec(testpath) - require.NoError(t, err) - - output, err := renderer.Run(bytes.NewBufferString("FOOTEST")) - is.NoError(err) - is.Contains(output.String(), "BARTEST") -} - -func TestExecRunWithNoOutput(t *testing.T) { - if runtime.GOOS == "windows" { - // the actual Run test uses a basic sed example, so skip this test on windows - t.Skip("skipping on windows") - } - is := assert.New(t) - testpath := setupTestingScript(t) - - renderer, err := NewExec(testpath) - require.NoError(t, err) - - _, err = renderer.Run(bytes.NewBufferString("")) - is.Error(err) -} - -func TestNewExecWithOneArgsRun(t *testing.T) { - if runtime.GOOS == "windows" { - // the actual Run test uses a basic sed example, so skip this test on windows - t.Skip("skipping on windows") - } - is := assert.New(t) - testpath := setupTestingScript(t) - - renderer, err := NewExec(testpath, "ARG1") - require.NoError(t, err) - - output, err := renderer.Run(bytes.NewBufferString("FOOTEST")) - is.NoError(err) - is.Contains(output.String(), "ARG1") -} - -func TestNewExecWithTwoArgsRun(t *testing.T) { - if runtime.GOOS == "windows" { - // the actual Run test uses a basic sed example, so skip this test on windows - t.Skip("skipping on windows") - } - is := assert.New(t) - testpath := setupTestingScript(t) - - renderer, err := NewExec(testpath, "ARG1", "ARG2") - require.NoError(t, err) - - output, err := renderer.Run(bytes.NewBufferString("FOOTEST")) - is.NoError(err) - is.Contains(output.String(), "ARG1 ARG2") -} - -func setupTestingScript(t *testing.T) (filepath string) { - t.Helper() - - tempdir := t.TempDir() - - f, err := os.CreateTemp(tempdir, "post-render-test.sh") - if err != nil { - t.Fatalf("unable to create tempfile for testing: %s", err) - } - - _, err = f.WriteString(testingScript) - if err != nil { - t.Fatalf("unable to write tempfile for testing: %s", err) - } - - err = f.Chmod(0o755) - if err != nil { - t.Fatalf("unable to make tempfile executable for testing: %s", err) - } - - err = f.Close() - if err != nil { - t.Fatalf("unable to close tempfile after writing: %s", err) - } - - return f.Name() -} diff --git a/pkg/postrender/postrender.go b/pkg/postrender/postrender.go deleted file mode 100644 index 3af384290..000000000 --- a/pkg/postrender/postrender.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package postrender contains an interface that can be implemented for custom -// post-renderers and an exec implementation that can be used for arbitrary -// binaries and scripts -package postrender - -import "bytes" - -type PostRenderer interface { - // Run expects a single buffer filled with Helm rendered manifests. It - // expects the modified results to be returned on a separate buffer or an - // error if there was an issue or failure while running the post render step - Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) -} diff --git a/pkg/postrenderer/postrenderer.go b/pkg/postrenderer/postrenderer.go new file mode 100644 index 000000000..55e6d3adf --- /dev/null +++ b/pkg/postrenderer/postrenderer.go @@ -0,0 +1,84 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package postrenderer + +import ( + "bytes" + "context" + "fmt" + "path/filepath" + + "helm.sh/helm/v4/internal/plugin/schema" + + "helm.sh/helm/v4/internal/plugin" + "helm.sh/helm/v4/pkg/cli" +) + +// PostRenderer is an interface different plugin runtimes +// it may be also be used without the factory for custom post-renderers +type PostRenderer interface { + // Run expects a single buffer filled with Helm rendered manifests. It + // expects the modified results to be returned on a separate buffer or an + // error if there was an issue or failure while running the post render step + Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) +} + +// NewPostRendererPlugin creates a PostRenderer that uses the plugin's Runtime +func NewPostRendererPlugin(settings *cli.EnvSettings, pluginName string, args ...string) (PostRenderer, error) { + descriptor := plugin.Descriptor{ + Name: pluginName, + Type: "postrenderer/v1", + } + p, err := plugin.FindPlugin(filepath.SplitList(settings.PluginsDirectory), descriptor) + if err != nil { + return nil, err + } + + return &postRendererPlugin{ + plugin: p, + args: args, + settings: settings, + }, nil +} + +// postRendererPlugin implements PostRenderer by delegating to the plugin's Runtime +type postRendererPlugin struct { + plugin plugin.Plugin + args []string + settings *cli.EnvSettings +} + +// Run implements PostRenderer by using the plugin's Runtime +func (r *postRendererPlugin) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) { + input := &plugin.Input{ + Message: schema.InputMessagePostRendererV1{ + ExtraArgs: r.args, + Manifests: renderedManifests, + }, + } + output, err := r.plugin.Invoke(context.Background(), input) + if err != nil { + return nil, fmt.Errorf("failed to invoke post-renderer plugin %q: %w", r.plugin.Metadata().Name, err) + } + + outputMessage := output.Message.(schema.OutputMessagePostRendererV1) + + // If the binary returned almost nothing, it's likely that it didn't + // successfully render anything + if len(bytes.TrimSpace(outputMessage.Manifests.Bytes())) == 0 { + return nil, fmt.Errorf("post-renderer %q produced empty output", r.plugin.Metadata().Name) + } + + return outputMessage.Manifests, nil +} diff --git a/pkg/postrenderer/postrenderer_test.go b/pkg/postrenderer/postrenderer_test.go new file mode 100644 index 000000000..824a1d179 --- /dev/null +++ b/pkg/postrenderer/postrenderer_test.go @@ -0,0 +1,81 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package postrenderer + +import ( + "bytes" + "runtime" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "helm.sh/helm/v4/pkg/cli" +) + +func TestNewPostRenderPluginRunWithNoOutput(t *testing.T) { + if runtime.GOOS == "windows" { + // the actual Run test uses a basic sed example, so skip this test on windows + t.Skip("skipping on windows") + } + is := assert.New(t) + s := cli.New() + s.PluginsDirectory = "testdata/plugins" + name := "postrenderer-v1" + + renderer, err := NewPostRendererPlugin(s, name, "") + require.NoError(t, err) + + _, err = renderer.Run(bytes.NewBufferString("")) + is.Error(err) +} + +func TestNewPostRenderPluginWithOneArgsRun(t *testing.T) { + if runtime.GOOS == "windows" { + // the actual Run test uses a basic sed example, so skip this test on windows + t.Skip("skipping on windows") + } + is := assert.New(t) + s := cli.New() + s.PluginsDirectory = "testdata/plugins" + name := "postrenderer-v1" + + renderer, err := NewPostRendererPlugin(s, name, "ARG1") + require.NoError(t, err) + + output, err := renderer.Run(bytes.NewBufferString("FOOTEST")) + is.NoError(err) + is.Contains(output.String(), "ARG1") +} + +func TestNewPostRenderPluginWithTwoArgsRun(t *testing.T) { + if runtime.GOOS == "windows" { + // the actual Run test uses a basic sed example, so skip this test on windows + t.Skip("skipping on windows") + } + is := assert.New(t) + s := cli.New() + s.PluginsDirectory = "testdata/plugins" + name := "postrenderer-v1" + + renderer, err := NewPostRendererPlugin(s, name, "ARG1", "ARG2") + require.NoError(t, err) + + output, err := renderer.Run(bytes.NewBufferString("FOOTEST")) + is.NoError(err) + is.Contains(output.String(), "ARG1 ARG2") +} diff --git a/pkg/postrenderer/testdata/plugins/postrenderer-v1/plugin.yaml b/pkg/postrenderer/testdata/plugins/postrenderer-v1/plugin.yaml new file mode 100644 index 000000000..423a5191e --- /dev/null +++ b/pkg/postrenderer/testdata/plugins/postrenderer-v1/plugin.yaml @@ -0,0 +1,8 @@ +name: "postrenderer-v1" +version: "1.2.3" +type: postrenderer/v1 +apiVersion: v1 +runtime: subprocess +runtimeConfig: + platformCommand: + - command: "${HELM_PLUGIN_DIR}/sed-test.sh" diff --git a/pkg/postrenderer/testdata/plugins/postrenderer-v1/sed-test.sh b/pkg/postrenderer/testdata/plugins/postrenderer-v1/sed-test.sh new file mode 100755 index 000000000..a016e398f --- /dev/null +++ b/pkg/postrenderer/testdata/plugins/postrenderer-v1/sed-test.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if [ $# -eq 0 ]; then + sed s/FOOTEST/BARTEST/g <&0 +else + sed s/FOOTEST/"$*"/g <&0 +fi diff --git a/pkg/provenance/doc.go b/pkg/provenance/doc.go index 883c0e724..dd14568d9 100644 --- a/pkg/provenance/doc.go +++ b/pkg/provenance/doc.go @@ -14,15 +14,15 @@ limitations under the License. */ /* -Package provenance provides tools for establishing the authenticity of a chart. +Package provenance provides tools for establishing the authenticity of packages. In Helm, provenance is established via several factors. The primary factor is the -cryptographic signature of a chart. Chart authors may sign charts, which in turn -provide the necessary metadata to ensure the integrity of the chart file, the -Chart.yaml, and the referenced Docker images. +cryptographic signature of a package. Package authors may sign packages, which in turn +provide the necessary metadata to ensure the integrity of the package file, the +metadata, and the referenced Docker images. A provenance file is clear-signed. This provides cryptographic verification that -a particular block of information (Chart.yaml, archive file, images) have not +a particular block of information (metadata, archive file, images) have not been tampered with or altered. To learn more, read the GnuPG documentation on clear signatures: https://www.gnupg.org/gph/en/manual/x135.html diff --git a/pkg/provenance/sign.go b/pkg/provenance/sign.go index 504bc6aa1..57af1ad42 100644 --- a/pkg/provenance/sign.go +++ b/pkg/provenance/sign.go @@ -23,16 +23,12 @@ import ( "fmt" "io" "os" - "path/filepath" "strings" - "golang.org/x/crypto/openpgp" //nolint - "golang.org/x/crypto/openpgp/clearsign" //nolint - "golang.org/x/crypto/openpgp/packet" //nolint + "github.com/ProtonMail/go-crypto/openpgp" //nolint + "github.com/ProtonMail/go-crypto/openpgp/clearsign" //nolint + "github.com/ProtonMail/go-crypto/openpgp/packet" //nolint "sigs.k8s.io/yaml" - - hapi "helm.sh/helm/v4/pkg/chart/v2" - "helm.sh/helm/v4/pkg/chart/v2/loader" ) var defaultPGPConfig = packet.Config{ @@ -58,7 +54,7 @@ type SumCollection struct { // Verification contains information about a verification operation. type Verification struct { - // SignedBy contains the entity that signed a chart. + // SignedBy contains the entity that signed a package. SignedBy *openpgp.Entity // FileHash is the hash, prepended with the scheme, for the file that was verified. FileHash string @@ -68,11 +64,11 @@ type Verification struct { // Signatory signs things. // -// Signatories can be constructed from a PGP private key file using NewFromFiles +// Signatories can be constructed from a PGP private key file using NewFromFiles, // or they can be constructed manually by setting the Entity to a valid // PGP entity. // -// The same Signatory can be used to sign or validate multiple charts. +// The same Signatory can be used to sign or validate multiple packages. type Signatory struct { // The signatory for this instance of Helm. This is used for signing. Entity *openpgp.Entity @@ -197,28 +193,20 @@ func (s *Signatory) DecryptKey(fn PassphraseFetcher) error { return s.Entity.PrivateKey.Decrypt(p) } -// ClearSign signs a chart with the given key. -// -// This takes the path to a chart archive file and a key, and it returns a clear signature. +// ClearSign signs package data with the given key and pre-marshalled metadata. // -// The Signatory must have a valid Entity.PrivateKey for this to work. If it does -// not, an error will be returned. -func (s *Signatory) ClearSign(chartpath string) (string, error) { +// This is the core signing method that works with data in memory. +// The Signatory must have a valid Entity.PrivateKey for this to work. +func (s *Signatory) ClearSign(archiveData []byte, filename string, metadataBytes []byte) (string, error) { if s.Entity == nil { return "", errors.New("private key not found") } else if s.Entity.PrivateKey == nil { return "", errors.New("provided key is not a private key. Try providing a keyring with secret keys") } - if fi, err := os.Stat(chartpath); err != nil { - return "", err - } else if fi.IsDir() { - return "", errors.New("cannot sign a directory") - } - out := bytes.NewBuffer(nil) - b, err := messageBlock(chartpath) + b, err := messageBlock(archiveData, filename, metadataBytes) if err != nil { return "", err } @@ -248,136 +236,114 @@ func (s *Signatory) ClearSign(chartpath string) (string, error) { return out.String(), nil } -// Verify checks a signature and verifies that it is legit for a chart. -func (s *Signatory) Verify(chartpath, sigpath string) (*Verification, error) { +// Verify checks a signature and verifies that it is legit for package data. +// This is the core verification method that works with data in memory. +func (s *Signatory) Verify(archiveData, provData []byte, filename string) (*Verification, error) { ver := &Verification{} - for _, fname := range []string{chartpath, sigpath} { - if fi, err := os.Stat(fname); err != nil { - return ver, err - } else if fi.IsDir() { - return ver, fmt.Errorf("%s cannot be a directory", fname) - } - } // First verify the signature - sig, err := s.decodeSignature(sigpath) - if err != nil { - return ver, fmt.Errorf("failed to decode signature: %w", err) + block, _ := clearsign.Decode(provData) + if block == nil { + return ver, errors.New("signature block not found") } - by, err := s.verifySignature(sig) + by, err := s.verifySignature(block) if err != nil { return ver, err } ver.SignedBy = by - // Second, verify the hash of the tarball. - sum, err := DigestFile(chartpath) + // Second, verify the hash of the data. + sum, err := Digest(bytes.NewBuffer(archiveData)) if err != nil { return ver, err } - _, sums, err := parseMessageBlock(sig.Plaintext) + sums, err := parseMessageBlock(block.Plaintext) if err != nil { return ver, err } sum = "sha256:" + sum - basename := filepath.Base(chartpath) - if sha, ok := sums.Files[basename]; !ok { - return ver, fmt.Errorf("provenance does not contain a SHA for a file named %q", basename) + if sha, ok := sums.Files[filename]; !ok { + return ver, fmt.Errorf("provenance does not contain a SHA for a file named %q", filename) } else if sha != sum { - return ver, fmt.Errorf("sha256 sum does not match for %s: %q != %q", basename, sha, sum) + return ver, fmt.Errorf("sha256 sum does not match for %s: %q != %q", filename, sha, sum) } ver.FileHash = sum - ver.FileName = basename + ver.FileName = filename // TODO: when image signing is added, verify that here. return ver, nil } -func (s *Signatory) decodeSignature(filename string) (*clearsign.Block, error) { - data, err := os.ReadFile(filename) - if err != nil { - return nil, err - } - - block, _ := clearsign.Decode(data) - if block == nil { - // There was no sig in the file. - return nil, errors.New("signature block not found") - } - - return block, nil -} - // verifySignature verifies that the given block is validly signed, and returns the signer. func (s *Signatory) verifySignature(block *clearsign.Block) (*openpgp.Entity, error) { return openpgp.CheckDetachedSignature( s.KeyRing, - bytes.NewBuffer(block.Bytes), + bytes.NewReader(block.Bytes), block.ArmoredSignature.Body, + &defaultPGPConfig, ) } -func messageBlock(chartpath string) (*bytes.Buffer, error) { - var b *bytes.Buffer - // Checksum the archive - chash, err := DigestFile(chartpath) +// messageBlock creates a message block from archive data and pre-marshalled metadata +func messageBlock(archiveData []byte, filename string, metadataBytes []byte) (*bytes.Buffer, error) { + // Checksum the archive data + chash, err := Digest(bytes.NewBuffer(archiveData)) if err != nil { - return b, err + return nil, err } - base := filepath.Base(chartpath) sums := &SumCollection{ Files: map[string]string{ - base: "sha256:" + chash, + filename: "sha256:" + chash, }, } - // Load the archive into memory. - chart, err := loader.LoadFile(chartpath) - if err != nil { - return b, err - } - - // Buffer a hash + checksums YAML file - data, err := yaml.Marshal(chart.Metadata) - if err != nil { - return b, err - } - + // Buffer the metadata + checksums YAML file // FIXME: YAML uses ---\n as a file start indicator, but this is not legal in a PGP // clearsign block. So we use ...\n, which is the YAML document end marker. // http://yaml.org/spec/1.2/spec.html#id2800168 - b = bytes.NewBuffer(data) + b := bytes.NewBuffer(metadataBytes) b.WriteString("\n...\n") - data, err = yaml.Marshal(sums) + data, err := yaml.Marshal(sums) if err != nil { - return b, err + return nil, err } b.Write(data) return b, nil } -// parseMessageBlock -func parseMessageBlock(data []byte) (*hapi.Metadata, *SumCollection, error) { - // This sucks. +// parseMessageBlock parses a message block and returns only checksums (metadata ignored like upstream) +func parseMessageBlock(data []byte) (*SumCollection, error) { + sc := &SumCollection{} + + // We ignore metadata, just like upstream - only need checksums for verification + if err := ParseMessageBlock(data, nil, sc); err != nil { + return sc, err + } + return sc, nil +} + +// ParseMessageBlock parses a message block containing metadata and checksums. +// +// This is the generic version that can work with any metadata type. +// The metadata parameter should be a pointer to a struct that can be unmarshaled from YAML. +func ParseMessageBlock(data []byte, metadata interface{}, sums *SumCollection) error { parts := bytes.Split(data, []byte("\n...\n")) if len(parts) < 2 { - return nil, nil, errors.New("message block must have at least two parts") + return errors.New("message block must have at least two parts") } - md := &hapi.Metadata{} - sc := &SumCollection{} - - if err := yaml.Unmarshal(parts[0], md); err != nil { - return md, sc, err + if metadata != nil { + if err := yaml.Unmarshal(parts[0], metadata); err != nil { + return err + } } - err := yaml.Unmarshal(parts[1], sc) - return md, sc, err + return yaml.Unmarshal(parts[1], sums) } // loadKey loads a GPG key found at a particular path. @@ -406,7 +372,7 @@ func loadKeyRing(ringpath string) (openpgp.EntityList, error) { // It takes the path to the archive file, and returns a string representation of // the SHA256 sum. // -// The intended use of this function is to generate a sum of a chart TGZ file. +// This function can be used to generate a sum of any package archive file. func DigestFile(filename string) (string, error) { f, err := os.Open(filename) if err != nil { diff --git a/pkg/provenance/sign_test.go b/pkg/provenance/sign_test.go index 9a60fd19c..1985e9eea 100644 --- a/pkg/provenance/sign_test.go +++ b/pkg/provenance/sign_test.go @@ -24,7 +24,13 @@ import ( "strings" "testing" - pgperrors "golang.org/x/crypto/openpgp/errors" //nolint + pgperrors "github.com/ProtonMail/go-crypto/openpgp/errors" //nolint + "github.com/ProtonMail/go-crypto/openpgp/packet" //nolint + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "sigs.k8s.io/yaml" + + "helm.sh/helm/v4/pkg/chart/v2/loader" ) const ( @@ -56,6 +62,9 @@ const ( // testTamperedSigBlock is a tampered copy of msgblock.yaml.asc testTamperedSigBlock = "testdata/msgblock.yaml.tampered" + // testMixedKeyring points to a keyring containing RSA and ed25519 keys. + testMixedKeyring = "testdata/helm-mixed-keyring.pub" + // testSumfile points to a SHA256 sum generated by an external tool. // We always want to validate against an external tool's representation to // verify that we haven't done something stupid. This file was generated @@ -75,8 +84,33 @@ files: hashtest-1.2.3.tgz: sha256:c6841b3a895f1444a6738b5d04564a57e860ce42f8519c3be807fb6d9bee7888 ` +// loadChartMetadataForSigning is a test helper that loads chart metadata and marshals it to YAML bytes +func loadChartMetadataForSigning(t *testing.T, chartPath string) []byte { + t.Helper() + + chart, err := loader.LoadFile(chartPath) + if err != nil { + t.Fatal(err) + } + + metadataBytes, err := yaml.Marshal(chart.Metadata) + if err != nil { + t.Fatal(err) + } + + return metadataBytes +} + func TestMessageBlock(t *testing.T) { - out, err := messageBlock(testChartfile) + metadataBytes := loadChartMetadataForSigning(t, testChartfile) + + // Read the chart file data + archiveData, err := os.ReadFile(testChartfile) + if err != nil { + t.Fatal(err) + } + + out, err := messageBlock(archiveData, filepath.Base(testChartfile), metadataBytes) if err != nil { t.Fatal(err) } @@ -88,14 +122,12 @@ func TestMessageBlock(t *testing.T) { } func TestParseMessageBlock(t *testing.T) { - md, sc, err := parseMessageBlock([]byte(testMessageBlock)) + sc, err := parseMessageBlock([]byte(testMessageBlock)) if err != nil { t.Fatal(err) } - if md.Name != "hashtest" { - t.Errorf("Expected name %q, got %q", "hashtest", md.Name) - } + // parseMessageBlock only returns checksums, not metadata (like upstream) if lsc := len(sc.Files); lsc != 1 { t.Errorf("Expected 1 file, got %d", lsc) @@ -221,7 +253,15 @@ func TestClearSign(t *testing.T) { t.Fatal(err) } - sig, err := signer.ClearSign(testChartfile) + metadataBytes := loadChartMetadataForSigning(t, testChartfile) + + // Read the chart file data + archiveData, err := os.ReadFile(testChartfile) + if err != nil { + t.Fatal(err) + } + + sig, err := signer.ClearSign(archiveData, filepath.Base(testChartfile), metadataBytes) if err != nil { t.Fatal(err) } @@ -232,6 +272,56 @@ func TestClearSign(t *testing.T) { } } +func TestMixedKeyringRSASigningAndVerification(t *testing.T) { + signer, err := NewFromFiles(testKeyfile, testMixedKeyring) + require.NoError(t, err) + + require.NotEmpty(t, signer.KeyRing, "expected signer keyring to be loaded") + + hasEdDSA := false + for _, entity := range signer.KeyRing { + if entity.PrimaryKey != nil && entity.PrimaryKey.PubKeyAlgo == packet.PubKeyAlgoEdDSA { + hasEdDSA = true + break + } + + for _, subkey := range entity.Subkeys { + if subkey.PublicKey != nil && subkey.PublicKey.PubKeyAlgo == packet.PubKeyAlgoEdDSA { + hasEdDSA = true + break + } + } + + if hasEdDSA { + break + } + } + + assert.True(t, hasEdDSA, "expected %s to include an Ed25519 public key", testMixedKeyring) + + require.NotNil(t, signer.Entity, "expected signer entity to be loaded") + require.NotNil(t, signer.Entity.PrivateKey, "expected signer private key to be loaded") + assert.Equal(t, packet.PubKeyAlgoRSA, signer.Entity.PrivateKey.PubKeyAlgo, "expected RSA key") + + metadataBytes := loadChartMetadataForSigning(t, testChartfile) + + archiveData, err := os.ReadFile(testChartfile) + require.NoError(t, err) + + sig, err := signer.ClearSign(archiveData, filepath.Base(testChartfile), metadataBytes) + require.NoError(t, err, "failed to sign chart") + + verification, err := signer.Verify(archiveData, []byte(sig), filepath.Base(testChartfile)) + require.NoError(t, err, "failed to verify chart signature") + + require.NotNil(t, verification.SignedBy, "expected verification to include signer") + require.NotNil(t, verification.SignedBy.PrimaryKey, "expected verification to include signer primary key") + assert.Equal(t, packet.PubKeyAlgoRSA, verification.SignedBy.PrimaryKey.PubKeyAlgo, "expected verification to report RSA key") + + _, ok := verification.SignedBy.Identities[testKeyName] + assert.True(t, ok, "expected verification to be signed by %q", testKeyName) +} + // failSigner always fails to sign and returns an error type failSigner struct{} @@ -252,7 +342,15 @@ func TestClearSignError(t *testing.T) { // ensure that signing always fails signer.Entity.PrivateKey.PrivateKey = failSigner{} - sig, err := signer.ClearSign(testChartfile) + metadataBytes := loadChartMetadataForSigning(t, testChartfile) + + // Read the chart file data + archiveData, err := os.ReadFile(testChartfile) + if err != nil { + t.Fatal(err) + } + + sig, err := signer.ClearSign(archiveData, filepath.Base(testChartfile), metadataBytes) if err == nil { t.Fatal("didn't get an error from ClearSign but expected one") } @@ -262,54 +360,25 @@ func TestClearSignError(t *testing.T) { } } -func TestDecodeSignature(t *testing.T) { - // Unlike other tests, this does a round-trip test, ensuring that a signature - // generated by the library can also be verified by the library. - +func TestVerify(t *testing.T) { signer, err := NewFromFiles(testKeyfile, testPubfile) if err != nil { t.Fatal(err) } - sig, err := signer.ClearSign(testChartfile) + // Read the chart file data + archiveData, err := os.ReadFile(testChartfile) if err != nil { t.Fatal(err) } - f, err := os.CreateTemp(t.TempDir(), "helm-test-sig-") - if err != nil { - t.Fatal(err) - } - - tname := f.Name() - defer func() { - os.Remove(tname) - }() - f.WriteString(sig) - f.Close() - - sig2, err := signer.decodeSignature(tname) + // Read the signature file data + sigData, err := os.ReadFile(testSigBlock) if err != nil { t.Fatal(err) } - by, err := signer.verifySignature(sig2) - if err != nil { - t.Fatal(err) - } - - if _, ok := by.Identities[testKeyName]; !ok { - t.Errorf("Expected identity %q", testKeyName) - } -} - -func TestVerify(t *testing.T) { - signer, err := NewFromFiles(testKeyfile, testPubfile) - if err != nil { - t.Fatal(err) - } - - if ver, err := signer.Verify(testChartfile, testSigBlock); err != nil { + if ver, err := signer.Verify(archiveData, sigData, filepath.Base(testChartfile)); err != nil { t.Errorf("Failed to pass verify. Err: %s", err) } else if len(ver.FileHash) == 0 { t.Error("Verification is missing hash.") @@ -319,7 +388,13 @@ func TestVerify(t *testing.T) { t.Errorf("FileName is unexpectedly %q", ver.FileName) } - if _, err = signer.Verify(testChartfile, testTamperedSigBlock); err == nil { + // Read the tampered signature file data + tamperedSigData, err := os.ReadFile(testTamperedSigBlock) + if err != nil { + t.Fatal(err) + } + + if _, err = signer.Verify(archiveData, tamperedSigData, filepath.Base(testChartfile)); err == nil { t.Errorf("Expected %s to fail.", testTamperedSigBlock) } diff --git a/pkg/provenance/testdata/helm-mixed-keyring.pub b/pkg/provenance/testdata/helm-mixed-keyring.pub new file mode 100644 index 000000000..7985bd20f Binary files /dev/null and b/pkg/provenance/testdata/helm-mixed-keyring.pub differ diff --git a/pkg/pusher/ocipusher.go b/pkg/pusher/ocipusher.go index 699d27caf..f03188391 100644 --- a/pkg/pusher/ocipusher.go +++ b/pkg/pusher/ocipusher.go @@ -29,7 +29,6 @@ import ( "helm.sh/helm/v4/internal/tlsutil" "helm.sh/helm/v4/pkg/chart/v2/loader" "helm.sh/helm/v4/pkg/registry" - "helm.sh/helm/v4/pkg/time/ctime" ) // OCIPusher is the default OCI backend handler @@ -91,7 +90,7 @@ func (pusher *OCIPusher) push(chartRef, href string) error { meta.Metadata.Version) // The time the chart was "created" is semantically the time the chart archive file was last written(modified) - chartArchiveFileCreatedTime := ctime.Modified(stat) + chartArchiveFileCreatedTime := stat.ModTime() pushOpts = append(pushOpts, registry.PushOptCreationTime(chartArchiveFileCreatedTime.Format(time.RFC3339))) _, err = client.Push(chartBytes, ref, pushOpts...) @@ -110,9 +109,9 @@ func NewOCIPusher(ops ...Option) (Pusher, error) { } func (pusher *OCIPusher) newRegistryClient() (*registry.Client, error) { - if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" || pusher.opts.insecureSkipTLSverify { + if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" || pusher.opts.insecureSkipTLSVerify { tlsConf, err := tlsutil.NewTLSConfig( - tlsutil.WithInsecureSkipVerify(pusher.opts.insecureSkipTLSverify), + tlsutil.WithInsecureSkipVerify(pusher.opts.insecureSkipTLSVerify), tlsutil.WithCertKeyPairFiles(pusher.opts.certFile, pusher.opts.keyFile), tlsutil.WithCAFile(pusher.opts.caFile), ) diff --git a/pkg/pusher/ocipusher_test.go b/pkg/pusher/ocipusher_test.go index 24f52a7ad..b7d362681 100644 --- a/pkg/pusher/ocipusher_test.go +++ b/pkg/pusher/ocipusher_test.go @@ -40,13 +40,13 @@ func TestNewOCIPusher(t *testing.T) { cd := "../../testdata" join := filepath.Join ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem") - insecureSkipTLSverify := false + insecureSkipTLSVerify := false plainHTTP := false // Test with options p, err = NewOCIPusher( WithTLSClientConfig(pub, priv, ca), - WithInsecureSkipTLSVerify(insecureSkipTLSverify), + WithInsecureSkipTLSVerify(insecureSkipTLSVerify), WithPlainHTTP(plainHTTP), ) if err != nil { @@ -74,8 +74,8 @@ func TestNewOCIPusher(t *testing.T) { t.Errorf("Expected NewOCIPusher to have plainHTTP as %t, got %t", plainHTTP, op.opts.plainHTTP) } - if op.opts.insecureSkipTLSverify != insecureSkipTLSverify { - t.Errorf("Expected NewOCIPusher to have insecureSkipVerifyTLS as %t, got %t", insecureSkipTLSverify, op.opts.insecureSkipTLSverify) + if op.opts.insecureSkipTLSVerify != insecureSkipTLSVerify { + t.Errorf("Expected NewOCIPusher to have insecureSkipVerifyTLS as %t, got %t", insecureSkipTLSVerify, op.opts.insecureSkipTLSVerify) } // Test if setting registryClient is being passed to the ops @@ -422,7 +422,7 @@ func TestOCIPusher_Push_MultipleOptions(t *testing.T) { if !op.opts.plainHTTP { t.Error("Expected plainHTTP option to be applied") } - if !op.opts.insecureSkipTLSverify { - t.Error("Expected insecureSkipTLSverify option to be applied") + if !op.opts.insecureSkipTLSVerify { + t.Error("Expected insecureSkipTLSVerify option to be applied") } } diff --git a/pkg/pusher/pusher.go b/pkg/pusher/pusher.go index e3c767be9..8ce78b011 100644 --- a/pkg/pusher/pusher.go +++ b/pkg/pusher/pusher.go @@ -32,7 +32,7 @@ type options struct { certFile string keyFile string caFile string - insecureSkipTLSverify bool + insecureSkipTLSVerify bool plainHTTP bool } @@ -59,7 +59,7 @@ func WithTLSClientConfig(certFile, keyFile, caFile string) Option { // WithInsecureSkipTLSVerify determines if a TLS Certificate will be checked func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option { return func(opts *options) { - opts.insecureSkipTLSverify = insecureSkipTLSVerify + opts.insecureSkipTLSVerify = insecureSkipTLSVerify } } diff --git a/pkg/registry/util.go b/pkg/registry/chart.go similarity index 59% rename from pkg/registry/util.go rename to pkg/registry/chart.go index b31ab63fe..b00fc616d 100644 --- a/pkg/registry/util.go +++ b/pkg/registry/chart.go @@ -18,19 +18,12 @@ package registry // import "helm.sh/helm/v4/pkg/registry" import ( "bytes" - "fmt" - "io" - "net/http" - "slices" "strings" "time" - "helm.sh/helm/v4/internal/tlsutil" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/chart/v2/loader" - helmtime "helm.sh/helm/v4/pkg/time" - "github.com/Masterminds/semver/v3" ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) @@ -39,52 +32,6 @@ var immutableOciAnnotations = []string{ ocispec.AnnotationTitle, } -// IsOCI determines whether a URL is to be treated as an OCI URL -func IsOCI(url string) bool { - return strings.HasPrefix(url, fmt.Sprintf("%s://", OCIScheme)) -} - -// ContainsTag determines whether a tag is found in a provided list of tags -func ContainsTag(tags []string, tag string) bool { - return slices.Contains(tags, tag) -} - -func GetTagMatchingVersionOrConstraint(tags []string, versionString string) (string, error) { - var constraint *semver.Constraints - if versionString == "" { - // If string is empty, set wildcard constraint - constraint, _ = semver.NewConstraint("*") - } else { - // when customer inputs specific version, check whether there's an exact match first - for _, v := range tags { - if versionString == v { - return v, nil - } - } - - // Otherwise set constraint to the string given - var err error - constraint, err = semver.NewConstraint(versionString) - if err != nil { - return "", err - } - } - - // Otherwise try to find the first available version matching the string, - // in case it is a constraint - for _, v := range tags { - test, err := semver.NewVersion(v) - if err != nil { - continue - } - if constraint.Check(test) { - return v, nil - } - } - - return "", fmt.Errorf("could not locate a version matching provided version string %s", versionString) -} - // extractChartMeta is used to extract a chart metadata from a byte array func extractChartMeta(chartData []byte) (*chart.Metadata, error) { ch, err := loader.LoadArchive(bytes.NewReader(chartData)) @@ -94,35 +41,6 @@ func extractChartMeta(chartData []byte) (*chart.Metadata, error) { return ch.Metadata, nil } -// NewRegistryClientWithTLS is a helper function to create a new registry client with TLS enabled. -func NewRegistryClientWithTLS(out io.Writer, certFile, keyFile, caFile string, insecureSkipTLSverify bool, registryConfig string, debug bool) (*Client, error) { - tlsConf, err := tlsutil.NewTLSConfig( - tlsutil.WithInsecureSkipVerify(insecureSkipTLSverify), - tlsutil.WithCertKeyPairFiles(certFile, keyFile), - tlsutil.WithCAFile(caFile), - ) - if err != nil { - return nil, fmt.Errorf("can't create TLS config for client: %s", err) - } - // Create a new registry client - registryClient, err := NewClient( - ClientOptDebug(debug), - ClientOptEnableCache(true), - ClientOptWriter(out), - ClientOptCredentialsFile(registryConfig), - ClientOptHTTPClient(&http.Client{ - Transport: &http.Transport{ - TLSClientConfig: tlsConf, - Proxy: http.ProxyFromEnvironment, - }, - }), - ) - if err != nil { - return nil, err - } - return registryClient, nil -} - // generateOCIAnnotations will generate OCI annotations to include within the OCI manifest func generateOCIAnnotations(meta *chart.Metadata, creationTime string) map[string]string { @@ -157,7 +75,7 @@ func generateChartOCIAnnotations(meta *chart.Metadata, creationTime string) map[ chartOCIAnnotations = addToMap(chartOCIAnnotations, ocispec.AnnotationURL, meta.Home) if len(creationTime) == 0 { - creationTime = helmtime.Now().UTC().Format(time.RFC3339) + creationTime = time.Now().UTC().Format(time.RFC3339) } chartOCIAnnotations = addToMap(chartOCIAnnotations, ocispec.AnnotationCreated, creationTime) @@ -203,5 +121,4 @@ func addToMap(inputMap map[string]string, newKey string, newValue string) map[st } return inputMap - } diff --git a/pkg/registry/util_test.go b/pkg/registry/chart_test.go similarity index 93% rename from pkg/registry/util_test.go rename to pkg/registry/chart_test.go index c8ce4e4a4..77ccdaab7 100644 --- a/pkg/registry/util_test.go +++ b/pkg/registry/chart_test.go @@ -24,12 +24,11 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" chart "helm.sh/helm/v4/pkg/chart/v2" - helmtime "helm.sh/helm/v4/pkg/time" ) func TestGenerateOCIChartAnnotations(t *testing.T) { - nowString := helmtime.Now().Format(time.RFC3339) + nowString := time.Now().Format(time.RFC3339) tests := []struct { name string @@ -160,7 +159,7 @@ func TestGenerateOCIChartAnnotations(t *testing.T) { func TestGenerateOCIAnnotations(t *testing.T) { - nowString := helmtime.Now().Format(time.RFC3339) + nowString := time.Now().Format(time.RFC3339) tests := []struct { name string @@ -234,15 +233,15 @@ func TestGenerateOCIAnnotations(t *testing.T) { func TestGenerateOCICreatedAnnotations(t *testing.T) { - nowTime := helmtime.Now() + nowTime := time.Now() nowTimeString := nowTime.Format(time.RFC3339) - chart := &chart.Metadata{ + testChart := &chart.Metadata{ Name: "oci", Version: "0.0.1", } - result := generateOCIAnnotations(chart, nowTimeString) + result := generateOCIAnnotations(testChart, nowTimeString) // Check that created annotation exists if _, ok := result[ocispec.AnnotationCreated]; !ok { @@ -250,19 +249,19 @@ func TestGenerateOCICreatedAnnotations(t *testing.T) { } // Verify value of created artifact in RFC3339 format - if _, err := helmtime.Parse(time.RFC3339, result[ocispec.AnnotationCreated]); err != nil { + if _, err := time.Parse(time.RFC3339, result[ocispec.AnnotationCreated]); err != nil { t.Errorf("%s annotation with value '%s' not in RFC3339 format", ocispec.AnnotationCreated, result[ocispec.AnnotationCreated]) } // Verify default creation time set - result = generateOCIAnnotations(chart, "") + result = generateOCIAnnotations(testChart, "") // Check that created annotation exists if _, ok := result[ocispec.AnnotationCreated]; !ok { t.Errorf("%s annotation not created", ocispec.AnnotationCreated) } - if createdTimeAnnotation, err := helmtime.Parse(time.RFC3339, result[ocispec.AnnotationCreated]); err != nil { + if createdTimeAnnotation, err := time.Parse(time.RFC3339, result[ocispec.AnnotationCreated]); err != nil { t.Errorf("%s annotation with value '%s' not in RFC3339 format", ocispec.AnnotationCreated, result[ocispec.AnnotationCreated]) // Verify creation annotation after time test began diff --git a/pkg/registry/client.go b/pkg/registry/client.go index 7ba26ac5c..9eb189216 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -75,11 +75,11 @@ type ( credentialsStore credentials.Store httpClient *http.Client plainHTTP bool - err error // pass any errors from the ClientOption functions } // ClientOption allows specifying various settings configurable by the user for overriding the defaults // used when creating a new default client + // TODO(TerryHowe): ClientOption should return error in v5 ClientOption func(*Client) ) @@ -90,9 +90,6 @@ func NewClient(options ...ClientOption) (*Client, error) { } for _, option := range options { option(client) - if client.err != nil { - return nil, client.err - } } if client.credentialsFile == "" { client.credentialsFile = helmpath.ConfigPath(CredentialsFileBasename) @@ -137,8 +134,6 @@ func NewClient(options ...ClientOption) (*Client, error) { if client.enableCache { authorizer.Cache = auth.NewCache() } - - authorizer.ForceAttemptOAuth2 = true client.authorizer = &authorizer } @@ -251,6 +246,8 @@ func (c *Client) Login(host string, options ...LoginOption) error { return fmt.Errorf("authenticating to %q: %w", host, err) } } + // Always restore to false after probing, to avoid forcing POST to token endpoints like GHCR. + c.authorizer.ForceAttemptOAuth2 = false key := credentials.ServerAddressFromRegistry(host) key = credentials.ServerAddressFromHostname(key) @@ -258,7 +255,7 @@ func (c *Client) Login(host string, options ...LoginOption) error { return err } - fmt.Fprintln(c.out, "Login Succeeded") + _, _ = fmt.Fprintln(c.out, "Login Succeeded") return nil } @@ -386,7 +383,7 @@ func (c *Client) Logout(host string, opts ...LogoutOption) error { if err := credentials.Logout(context.Background(), c.credentialsStore, host); err != nil { return err } - fmt.Fprintf(c.out, "Removing login credentials for %s\n", host) + _, _ = fmt.Fprintf(c.out, "Removing login credentials for %s\n", host) return nil } @@ -456,7 +453,7 @@ func (c *Client) processChartPull(genericResult *GenericPullResult, operation *p provDescriptor = &d case LegacyChartLayerMediaType: chartDescriptor = &d - fmt.Fprintf(c.out, "Warning: chart media type %s is deprecated\n", LegacyChartLayerMediaType) + _, _ = fmt.Fprintf(c.out, "Warning: chart media type %s is deprecated\n", LegacyChartLayerMediaType) } } @@ -529,12 +526,12 @@ func (c *Client) processChartPull(genericResult *GenericPullResult, operation *p result.Prov.Size = provDescriptor.Size } - fmt.Fprintf(c.out, "Pulled: %s\n", result.Ref) - fmt.Fprintf(c.out, "Digest: %s\n", result.Manifest.Digest) + _, _ = fmt.Fprintf(c.out, "Pulled: %s\n", result.Ref) + _, _ = fmt.Fprintf(c.out, "Digest: %s\n", result.Manifest.Digest) if strings.Contains(result.Ref, "_") { - fmt.Fprintf(c.out, "%s contains an underscore.\n", result.Ref) - fmt.Fprint(c.out, registryUnderscoreMessage+"\n") + _, _ = fmt.Fprintf(c.out, "%s contains an underscore.\n", result.Ref) + _, _ = fmt.Fprint(c.out, registryUnderscoreMessage+"\n") } return result, nil @@ -731,11 +728,11 @@ func (c *Client) Push(data []byte, ref string, options ...PushOption) (*PushResu Size: provDescriptor.Size, } } - fmt.Fprintf(c.out, "Pushed: %s\n", result.Ref) - fmt.Fprintf(c.out, "Digest: %s\n", result.Manifest.Digest) + _, _ = fmt.Fprintf(c.out, "Pushed: %s\n", result.Ref) + _, _ = fmt.Fprintf(c.out, "Digest: %s\n", result.Manifest.Digest) if strings.Contains(parsedRef.orasReference.Reference, "_") { - fmt.Fprintf(c.out, "%s contains an underscore.\n", result.Ref) - fmt.Fprint(c.out, registryUnderscoreMessage+"\n") + _, _ = fmt.Fprintf(c.out, "%s contains an underscore.\n", result.Ref) + _, _ = fmt.Fprint(c.out, registryUnderscoreMessage+"\n") } return result, err diff --git a/pkg/registry/client_http_test.go b/pkg/registry/client_http_test.go index 043fd4205..a2c3a1833 100644 --- a/pkg/registry/client_http_test.go +++ b/pkg/registry/client_http_test.go @@ -27,20 +27,17 @@ import ( ) type HTTPRegistryClientTestSuite struct { - TestSuite + TestRegistry } func (suite *HTTPRegistryClientTestSuite) SetupSuite() { // init test client - dockerRegistry := setup(&suite.TestSuite, false, false) - - // Start Docker registry - go dockerRegistry.ListenAndServe() + setup(&suite.TestRegistry, false, false) } func (suite *HTTPRegistryClientTestSuite) TearDownSuite() { - teardown(&suite.TestSuite) - os.RemoveAll(suite.WorkspaceDir) + teardown(&suite.TestRegistry) + _ = os.RemoveAll(suite.WorkspaceDir) } func (suite *HTTPRegistryClientTestSuite) Test_0_Login() { @@ -56,15 +53,15 @@ func (suite *HTTPRegistryClientTestSuite) Test_0_Login() { } func (suite *HTTPRegistryClientTestSuite) Test_1_Push() { - testPush(&suite.TestSuite) + testPush(&suite.TestRegistry) } func (suite *HTTPRegistryClientTestSuite) Test_2_Pull() { - testPull(&suite.TestSuite) + testPull(&suite.TestRegistry) } func (suite *HTTPRegistryClientTestSuite) Test_3_Tags() { - testTags(&suite.TestSuite) + testTags(&suite.TestRegistry) } func (suite *HTTPRegistryClientTestSuite) Test_4_ManInTheMiddle() { diff --git a/pkg/registry/client_insecure_tls_test.go b/pkg/registry/client_insecure_tls_test.go index accbf1670..2774f5e6f 100644 --- a/pkg/registry/client_insecure_tls_test.go +++ b/pkg/registry/client_insecure_tls_test.go @@ -24,20 +24,17 @@ import ( ) type InsecureTLSRegistryClientTestSuite struct { - TestSuite + TestRegistry } func (suite *InsecureTLSRegistryClientTestSuite) SetupSuite() { // init test client - dockerRegistry := setup(&suite.TestSuite, true, true) - - // Start Docker registry - go dockerRegistry.ListenAndServe() + setup(&suite.TestRegistry, true, true) } func (suite *InsecureTLSRegistryClientTestSuite) TearDownSuite() { - teardown(&suite.TestSuite) - os.RemoveAll(suite.WorkspaceDir) + teardown(&suite.TestRegistry) + _ = os.RemoveAll(suite.WorkspaceDir) } func (suite *InsecureTLSRegistryClientTestSuite) Test_0_Login() { @@ -53,15 +50,15 @@ func (suite *InsecureTLSRegistryClientTestSuite) Test_0_Login() { } func (suite *InsecureTLSRegistryClientTestSuite) Test_1_Push() { - testPush(&suite.TestSuite) + testPush(&suite.TestRegistry) } func (suite *InsecureTLSRegistryClientTestSuite) Test_2_Pull() { - testPull(&suite.TestSuite) + testPull(&suite.TestRegistry) } func (suite *InsecureTLSRegistryClientTestSuite) Test_3_Tags() { - testTags(&suite.TestSuite) + testTags(&suite.TestRegistry) } func (suite *InsecureTLSRegistryClientTestSuite) Test_4_Logout() { diff --git a/pkg/registry/client_test.go b/pkg/registry/client_test.go index 2ffd691c2..6ae32e342 100644 --- a/pkg/registry/client_test.go +++ b/pkg/registry/client_test.go @@ -18,6 +18,10 @@ package registry import ( "io" + "net/http" + "net/http/httptest" + "path/filepath" + "strings" "testing" ocispec "github.com/opencontainers/image-spec/specs-go/v1" @@ -51,3 +55,68 @@ func TestTagManifestTransformsReferences(t *testing.T) { _, err = memStore.Resolve(ctx, refWithPlus) require.Error(t, err, "Should NOT find the reference with the original +") } + +// Verifies that Login always restores ForceAttemptOAuth2 to false on success. +func TestLogin_ResetsForceAttemptOAuth2_OnSuccess(t *testing.T) { + t.Parallel() + + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == "/v2/" { + // Accept either HEAD or GET + w.WriteHeader(http.StatusOK) + return + } + http.NotFound(w, r) + })) + defer srv.Close() + + host := strings.TrimPrefix(srv.URL, "http://") + + credFile := filepath.Join(t.TempDir(), "config.json") + c, err := NewClient( + ClientOptWriter(io.Discard), + ClientOptCredentialsFile(credFile), + ) + if err != nil { + t.Fatalf("NewClient error: %v", err) + } + + if c.authorizer == nil || c.authorizer.ForceAttemptOAuth2 { + t.Fatalf("expected ForceAttemptOAuth2 default to be false") + } + + // Call Login with plain HTTP against our test server + if err := c.Login(host, LoginOptPlainText(true), LoginOptBasicAuth("u", "p")); err != nil { + t.Fatalf("Login error: %v", err) + } + + if c.authorizer.ForceAttemptOAuth2 { + t.Errorf("ForceAttemptOAuth2 should be false after successful Login") + } +} + +// Verifies that Login restores ForceAttemptOAuth2 to false even when ping fails. +func TestLogin_ResetsForceAttemptOAuth2_OnFailure(t *testing.T) { + t.Parallel() + + // Start and immediately close, so connections will fail + srv := httptest.NewServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {})) + host := strings.TrimPrefix(srv.URL, "http://") + srv.Close() + + credFile := filepath.Join(t.TempDir(), "config.json") + c, err := NewClient( + ClientOptWriter(io.Discard), + ClientOptCredentialsFile(credFile), + ) + if err != nil { + t.Fatalf("NewClient error: %v", err) + } + + // Invoke Login, expect an error but ForceAttemptOAuth2 must end false + _ = c.Login(host, LoginOptPlainText(true), LoginOptBasicAuth("u", "p")) + + if c.authorizer.ForceAttemptOAuth2 { + t.Errorf("ForceAttemptOAuth2 should be false after failed Login") + } +} diff --git a/pkg/registry/client_tls_test.go b/pkg/registry/client_tls_test.go index 0897858b5..ddeeb3b66 100644 --- a/pkg/registry/client_tls_test.go +++ b/pkg/registry/client_tls_test.go @@ -26,20 +26,17 @@ import ( ) type TLSRegistryClientTestSuite struct { - TestSuite + TestRegistry } func (suite *TLSRegistryClientTestSuite) SetupSuite() { // init test client - dockerRegistry := setup(&suite.TestSuite, true, false) - - // Start Docker registry - go dockerRegistry.ListenAndServe() + setup(&suite.TestRegistry, true, false) } func (suite *TLSRegistryClientTestSuite) TearDownSuite() { - teardown(&suite.TestSuite) - os.RemoveAll(suite.WorkspaceDir) + teardown(&suite.TestRegistry) + _ = os.RemoveAll(suite.WorkspaceDir) } func (suite *TLSRegistryClientTestSuite) Test_0_Login() { @@ -79,15 +76,15 @@ func (suite *TLSRegistryClientTestSuite) Test_1_Login() { } func (suite *TLSRegistryClientTestSuite) Test_1_Push() { - testPush(&suite.TestSuite) + testPush(&suite.TestRegistry) } func (suite *TLSRegistryClientTestSuite) Test_2_Pull() { - testPull(&suite.TestSuite) + testPull(&suite.TestRegistry) } func (suite *TLSRegistryClientTestSuite) Test_3_Tags() { - testTags(&suite.TestSuite) + testTags(&suite.TestRegistry) } func (suite *TLSRegistryClientTestSuite) Test_4_Logout() { diff --git a/pkg/registry/generic.go b/pkg/registry/generic.go index b82132338..fb7e80d10 100644 --- a/pkg/registry/generic.go +++ b/pkg/registry/generic.go @@ -92,7 +92,7 @@ func (c *GenericClient) PullGeneric(ref string, options GenericPullOptions) (*Ge memoryStore := memory.New() var descriptors []ocispec.Descriptor - // Set up repository with authentication and configuration + // Set up a repository with authentication and configuration repository, err := remote.NewRepository(parsedRef.String()) if err != nil { return nil, err @@ -114,7 +114,7 @@ func (c *GenericClient) PullGeneric(ref string, options GenericPullOptions) (*Ge manifest, err := oras.Copy(ctx, repository, parsedRef.String(), memoryStore, "", oras.CopyOptions{ CopyGraphOptions: oras.CopyGraphOptions{ PreCopy: func(ctx context.Context, desc ocispec.Descriptor) error { - // Apply custom PreCopy function if provided + // Apply a custom PreCopy function if provided if options.PreCopy != nil { if err := options.PreCopy(ctx, desc); err != nil { return err diff --git a/internal/chart/v3/util/errors.go b/pkg/registry/main_test.go similarity index 50% rename from internal/chart/v3/util/errors.go rename to pkg/registry/main_test.go index a175b9758..4f6e11e4f 100644 --- a/internal/chart/v3/util/errors.go +++ b/pkg/registry/main_test.go @@ -14,30 +14,38 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util +package registry import ( - "fmt" + "net" + "os" + "testing" + + "github.com/foxcpp/go-mockdns" ) -// ErrNoTable indicates that a chart does not have a matching table. -type ErrNoTable struct { - Key string -} +func TestMain(m *testing.M) { + // A mock DNS server needed for TLS connection testing. + var srv *mockdns.Server + var err error -func (e ErrNoTable) Error() string { return fmt.Sprintf("%q is not a table", e.Key) } + srv, err = mockdns.NewServer(map[string]mockdns.Zone{ + "helm-test-registry.": { + A: []string{"127.0.0.1"}, + }, + }, false) + if err != nil { + panic(err) + } -// ErrNoValue indicates that Values does not contain a key with a value -type ErrNoValue struct { - Key string -} + saveDialFunction := net.DefaultResolver.Dial + srv.PatchNet(net.DefaultResolver) -func (e ErrNoValue) Error() string { return fmt.Sprintf("%q is not a value", e.Key) } + // Run all tests in the package + code := m.Run() -type ErrInvalidChartName struct { - Name string -} + net.DefaultResolver.Dial = saveDialFunction + _ = srv.Close() -func (e ErrInvalidChartName) Error() string { - return fmt.Sprintf("%q is not a valid chart name", e.Name) + os.Exit(code) } diff --git a/pkg/registry/plugin.go b/pkg/registry/plugin.go index 5d22a99ee..e4b4afa24 100644 --- a/pkg/registry/plugin.go +++ b/pkg/registry/plugin.go @@ -38,11 +38,13 @@ type PluginPullOptions struct { // PluginPullResult contains the result of a plugin pull operation type PluginPullResult struct { - Manifest ocispec.Descriptor - PluginData []byte - ProvenanceData []byte // Optional provenance data - Ref string - PluginName string + Manifest ocispec.Descriptor + PluginData []byte + Prov struct { + Data []byte + } + Ref string + PluginName string } // PullPlugin downloads a plugin from an OCI registry using artifact type @@ -96,30 +98,31 @@ func (c *Client) processPluginPull(genericResult *GenericPullResult, pluginName return nil, fmt.Errorf("expected config media type %s for legacy compatibility, got %s", PluginArtifactType, manifest.Config.MediaType) } - // Find the required plugin tarball and optional provenance - expectedTarball := pluginName + ".tgz" - expectedProvenance := pluginName + ".tgz.prov" - + // Find the plugin tarball and optional provenance using NAME-VERSION.tgz format var pluginDescriptor *ocispec.Descriptor var provenanceDescriptor *ocispec.Descriptor + var foundProvenanceName string // Look for layers with the expected titles/annotations for _, layer := range manifest.Layers { d := layer - // Check for title annotation (preferred method) + // Check for title annotation if title, exists := d.Annotations[ocispec.AnnotationTitle]; exists { - switch title { - case expectedTarball: + // Check if this looks like a plugin tarball: {pluginName}-{version}.tgz + if pluginDescriptor == nil && strings.HasPrefix(title, pluginName+"-") && strings.HasSuffix(title, ".tgz") { pluginDescriptor = &d - case expectedProvenance: + } + // Check if this looks like a plugin provenance: {pluginName}-{version}.tgz.prov + if provenanceDescriptor == nil && strings.HasPrefix(title, pluginName+"-") && strings.HasSuffix(title, ".tgz.prov") { provenanceDescriptor = &d + foundProvenanceName = title } } } // Plugin tarball is required if pluginDescriptor == nil { - return nil, fmt.Errorf("required layer %s not found in manifest", expectedTarball) + return nil, fmt.Errorf("required layer matching pattern %s-VERSION.tgz not found in manifest", pluginName) } // Build plugin-specific result @@ -138,21 +141,21 @@ func (c *Client) processPluginPull(genericResult *GenericPullResult, pluginName // Fetch provenance data if available if provenanceDescriptor != nil { - result.ProvenanceData, err = genericClient.GetDescriptorData(genericResult.MemoryStore, *provenanceDescriptor) + result.Prov.Data, err = genericClient.GetDescriptorData(genericResult.MemoryStore, *provenanceDescriptor) if err != nil { return nil, fmt.Errorf("unable to retrieve provenance data with digest %s: %w", provenanceDescriptor.Digest, err) } } - fmt.Fprintf(c.out, "Pulled plugin: %s\n", result.Ref) - fmt.Fprintf(c.out, "Digest: %s\n", result.Manifest.Digest) - if result.ProvenanceData != nil { - fmt.Fprintf(c.out, "Provenance: %s\n", expectedProvenance) + _, _ = fmt.Fprintf(c.out, "Pulled plugin: %s\n", result.Ref) + _, _ = fmt.Fprintf(c.out, "Digest: %s\n", result.Manifest.Digest) + if result.Prov.Data != nil { + _, _ = fmt.Fprintf(c.out, "Provenance: %s\n", foundProvenanceName) } if strings.Contains(result.Ref, "_") { - fmt.Fprintf(c.out, "%s contains an underscore.\n", result.Ref) - fmt.Fprint(c.out, registryUnderscoreMessage+"\n") + _, _ = fmt.Fprintf(c.out, "%s contains an underscore.\n", result.Ref) + _, _ = fmt.Fprint(c.out, registryUnderscoreMessage+"\n") } return result, nil @@ -162,6 +165,7 @@ func (c *Client) processPluginPull(genericResult *GenericPullResult, pluginName type ( pluginPullOperation struct { pluginName string + withProv bool } // PluginPullOption allows customizing plugin pull operations @@ -199,3 +203,10 @@ func GetPluginName(source string) (string, error) { return pluginName, nil } + +// PullPluginOptWithProv configures the pull to fetch provenance data +func PullPluginOptWithProv(withProv bool) PluginPullOption { + return func(operation *pluginPullOperation) { + operation.withProv = withProv + } +} diff --git a/pkg/registry/reference.go b/pkg/registry/reference.go index b5677761d..9a98cf5c9 100644 --- a/pkg/registry/reference.go +++ b/pkg/registry/reference.go @@ -17,6 +17,7 @@ limitations under the License. package registry import ( + "fmt" "strings" "oras.land/oras-go/v2/registry" @@ -31,11 +32,11 @@ type reference struct { } // newReference will parse and validate the reference, and clean tags when -// applicable tags are only cleaned when plus (+) signs are present, and are +// applicable tags are only cleaned when plus (+) signs are present and are // converted to underscores (_) before pushing // See https://github.com/helm/helm/issues/10166 func newReference(raw string) (result reference, err error) { - // Remove oci:// prefix if it is there + // Remove the oci:// prefix if it is there raw = strings.TrimPrefix(raw, OCIScheme+"://") // The sole possible reference modification is replacing plus (+) signs @@ -76,3 +77,8 @@ func (r *reference) String() string { } return r.orasReference.String() } + +// IsOCI determines whether a URL is to be treated as an OCI URL +func IsOCI(url string) bool { + return strings.HasPrefix(url, fmt.Sprintf("%s://", OCIScheme)) +} diff --git a/pkg/registry/utils_test.go b/pkg/registry/registry_test.go similarity index 92% rename from pkg/registry/utils_test.go rename to pkg/registry/registry_test.go index b46317fc6..d4921c50b 100644 --- a/pkg/registry/utils_test.go +++ b/pkg/registry/registry_test.go @@ -29,14 +29,13 @@ import ( "os" "path/filepath" "strings" - "sync" "time" "github.com/distribution/distribution/v3/configuration" "github.com/distribution/distribution/v3/registry" _ "github.com/distribution/distribution/v3/registry/auth/htpasswd" _ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory" - "github.com/foxcpp/go-mockdns" + "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" "golang.org/x/crypto/bcrypt" @@ -58,27 +57,25 @@ var ( testPassword = "mypass" ) -type TestSuite struct { +type TestRegistry struct { suite.Suite Out io.Writer DockerRegistryHost string CompromisedRegistryHost string WorkspaceDir string RegistryClient *Client - - // A mock DNS server needed for TLS connection testing. - srv *mockdns.Server + dockerRegistry *registry.Registry } -func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry { +func setup(suite *TestRegistry, tlsEnabled, insecure bool) { suite.WorkspaceDir = testWorkspaceDir - os.RemoveAll(suite.WorkspaceDir) - os.Mkdir(suite.WorkspaceDir, 0700) + err := os.RemoveAll(suite.WorkspaceDir) + require.NoError(suite.T(), err, "no error removing test workspace dir") + err = os.Mkdir(suite.WorkspaceDir, 0700) + require.NoError(suite.T(), err, "no error creating test workspace dir") + + var out bytes.Buffer - var ( - out bytes.Buffer - err error - ) suite.Out = &out credentialsFile := filepath.Join(suite.WorkspaceDir, CredentialsFileBasename) @@ -128,20 +125,13 @@ func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry { config := &configuration.Configuration{} ln, err := net.Listen("tcp", "127.0.0.1:0") suite.Nil(err, "no error finding free port for test registry") - defer ln.Close() + defer func() { _ = ln.Close() }() // Change the registry host to another host which is not localhost. // This is required because Docker enforces HTTP if the registry // host is localhost/127.0.0.1. port := ln.Addr().(*net.TCPAddr).Port suite.DockerRegistryHost = fmt.Sprintf("helm-test-registry:%d", port) - suite.srv, err = mockdns.NewServer(map[string]mockdns.Zone{ - "helm-test-registry.": { - A: []string{"127.0.0.1"}, - }, - }, false) - suite.Nil(err, "no error creating mock DNS server") - suite.srv.PatchNet(net.DefaultResolver) config.HTTP.Addr = ln.Addr().String() config.HTTP.DrainTimeout = time.Duration(10) * time.Second @@ -166,20 +156,18 @@ func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry { config.HTTP.TLS.ClientCAs = []string{tlsCA} } } - dockerRegistry, err := registry.NewRegistry(context.Background(), config) + suite.dockerRegistry, err = registry.NewRegistry(context.Background(), config) suite.Nil(err, "no error creating test registry") suite.CompromisedRegistryHost = initCompromisedRegistryTestServer() - return dockerRegistry + go func() { + _ = suite.dockerRegistry.ListenAndServe() + }() } -func teardown(suite *TestSuite) { - var lock sync.Mutex - lock.Lock() - defer lock.Unlock() - if suite.srv != nil { - mockdns.UnpatchNet(net.DefaultResolver) - suite.srv.Close() +func teardown(suite *TestRegistry) { + if suite.dockerRegistry != nil { + _ = suite.dockerRegistry.Shutdown(context.Background()) } } @@ -189,7 +177,7 @@ func initCompromisedRegistryTestServer() string { w.Header().Set("Content-Type", "application/vnd.oci.image.manifest.v1+json") w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, `{ "schemaVersion": 2, "config": { + _, _ = fmt.Fprintf(w, `{ "schemaVersion": 2, "config": { "mediaType": "%s", "digest": "sha256:a705ee2789ab50a5ba20930f246dbd5cc01ff9712825bb98f57ee8414377f133", "size": 181 @@ -205,13 +193,13 @@ func initCompromisedRegistryTestServer() string { } else if r.URL.Path == "/v2/testrepo/supposedlysafechart/blobs/sha256:a705ee2789ab50a5ba20930f246dbd5cc01ff9712825bb98f57ee8414377f133" { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusOK) - w.Write([]byte("{\"name\":\"mychart\",\"version\":\"0.1.0\",\"description\":\"A Helm chart for Kubernetes\\n" + + _, _ = w.Write([]byte("{\"name\":\"mychart\",\"version\":\"0.1.0\",\"description\":\"A Helm chart for Kubernetes\\n" + "an 'application' or a 'library' chart.\",\"apiVersion\":\"v2\",\"appVersion\":\"1.16.0\",\"type\":" + "\"application\"}")) } else if r.URL.Path == "/v2/testrepo/supposedlysafechart/blobs/sha256:ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb" { w.Header().Set("Content-Type", ChartLayerMediaType) w.WriteHeader(http.StatusOK) - w.Write([]byte("b")) + _, _ = w.Write([]byte("b")) } else { w.WriteHeader(http.StatusInternalServerError) } @@ -221,7 +209,7 @@ func initCompromisedRegistryTestServer() string { return fmt.Sprintf("localhost:%s", u.Port()) } -func testPush(suite *TestSuite) { +func testPush(suite *TestRegistry) { testingChartCreationTime := "1977-09-02T22:04:05Z" @@ -231,7 +219,7 @@ func testPush(suite *TestSuite) { suite.NotNil(err, "error pushing non-chart bytes") // Load a test chart - chartData, err := os.ReadFile("../repo/repotest/testdata/examplechart-0.1.0.tgz") + chartData, err := os.ReadFile("../repo/v1/repotest/testdata/examplechart-0.1.0.tgz") suite.Nil(err, "no error loading test chart") meta, err := extractChartMeta(chartData) suite.Nil(err, "no error extracting chart meta") @@ -308,7 +296,7 @@ func testPush(suite *TestSuite) { result.Prov.Digest) } -func testPull(suite *TestSuite) { +func testPull(suite *TestRegistry) { // bad/missing ref ref := fmt.Sprintf("%s/testrepo/no-existy:1.2.3", suite.DockerRegistryHost) _, err := suite.RegistryClient.Pull(ref) @@ -387,7 +375,7 @@ func testPull(suite *TestSuite) { suite.Equal(provData, result.Prov.Data) } -func testTags(suite *TestSuite) { +func testTags(suite *TestRegistry) { // Load test chart (to build ref pushed in previous test) chartData, err := os.ReadFile("../downloader/testdata/local-subchart-0.1.0.tgz") suite.Nil(err, "no error loading test chart") diff --git a/pkg/registry/tag.go b/pkg/registry/tag.go new file mode 100644 index 000000000..bfb4b1ef6 --- /dev/null +++ b/pkg/registry/tag.go @@ -0,0 +1,59 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package registry // import "helm.sh/helm/v4/pkg/registry" + +import ( + "fmt" + + "github.com/Masterminds/semver/v3" +) + +func GetTagMatchingVersionOrConstraint(tags []string, versionString string) (string, error) { + var constraint *semver.Constraints + if versionString == "" { + // If the string is empty, set a wildcard constraint + constraint, _ = semver.NewConstraint("*") + } else { + // when customer inputs a specific version, check whether there's an exact match first + for _, v := range tags { + if versionString == v { + return v, nil + } + } + + // Otherwise set constraint to the string given + var err error + constraint, err = semver.NewConstraint(versionString) + if err != nil { + return "", err + } + } + + // Otherwise try to find the first available version matching the string, + // in case it is a constraint + for _, v := range tags { + test, err := semver.NewVersion(v) + if err != nil { + continue + } + if constraint.Check(test) { + return v, nil + } + } + + return "", fmt.Errorf("could not locate a version matching provided version string %s", versionString) +} diff --git a/pkg/registry/tag_test.go b/pkg/registry/tag_test.go new file mode 100644 index 000000000..09f0f12ea --- /dev/null +++ b/pkg/registry/tag_test.go @@ -0,0 +1,122 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package registry + +import ( + "strings" + "testing" +) + +func TestGetTagMatchingVersionOrConstraint_ExactMatch(t *testing.T) { + tags := []string{"1.0.0", "1.2.3", "2.0.0"} + got, err := GetTagMatchingVersionOrConstraint(tags, "1.2.3") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if got != "1.2.3" { + t.Fatalf("expected exact match '1.2.3', got %q", got) + } +} + +func TestGetTagMatchingVersionOrConstraint_EmptyVersionWildcard(t *testing.T) { + // Includes a non-semver tag which should be skipped + tags := []string{"latest", "0.9.0", "1.0.0"} + got, err := GetTagMatchingVersionOrConstraint(tags, "") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + // Should pick the first valid semver tag in order, which is 0.9.0 + if got != "0.9.0" { + t.Fatalf("expected '0.9.0', got %q", got) + } +} + +func TestGetTagMatchingVersionOrConstraint_ConstraintRange(t *testing.T) { + tags := []string{"0.5.0", "1.0.0", "1.1.0", "2.0.0"} + + // Caret range + got, err := GetTagMatchingVersionOrConstraint(tags, "^1.0.0") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if got != "1.0.0" { // first match in order + t.Fatalf("expected '1.0.0', got %q", got) + } + + // Compound range + got, err = GetTagMatchingVersionOrConstraint(tags, ">=1.0.0 <2.0.0") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if got != "1.0.0" { + t.Fatalf("expected '1.0.0', got %q", got) + } +} + +func TestGetTagMatchingVersionOrConstraint_InvalidConstraint(t *testing.T) { + tags := []string{"1.0.0"} + _, err := GetTagMatchingVersionOrConstraint(tags, ">a1") + if err == nil { + t.Fatalf("expected error for invalid constraint") + } +} + +func TestGetTagMatchingVersionOrConstraint_NoMatches(t *testing.T) { + tags := []string{"0.1.0", "0.2.0"} + _, err := GetTagMatchingVersionOrConstraint(tags, ">=1.0.0") + if err == nil { + t.Fatalf("expected error when no tags match") + } + if !strings.Contains(err.Error(), ">=1.0.0") { + t.Fatalf("expected error to contain version string, got: %v", err) + } +} + +func TestGetTagMatchingVersionOrConstraint_SkipsNonSemverTags(t *testing.T) { + tags := []string{"alpha", "1.0.0", "beta", "1.1.0"} + got, err := GetTagMatchingVersionOrConstraint(tags, ">=1.0.0 <2.0.0") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if got != "1.0.0" { + t.Fatalf("expected '1.0.0', got %q", got) + } +} + +func TestGetTagMatchingVersionOrConstraint_OrderMatters_FirstMatchReturned(t *testing.T) { + // Both 1.2.0 and 1.3.0 satisfy >=1.2.0 <2.0.0, but the function returns the first in input order + tags := []string{"1.3.0", "1.2.0"} + got, err := GetTagMatchingVersionOrConstraint(tags, ">=1.2.0 <2.0.0") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if got != "1.3.0" { + t.Fatalf("expected '1.3.0' (first satisfying tag), got %q", got) + } +} + +func TestGetTagMatchingVersionOrConstraint_ExactMatchHasPrecedence(t *testing.T) { + // Exact match should be returned even if another earlier tag would match the parsed constraint + tags := []string{"1.3.0", "1.2.3"} + got, err := GetTagMatchingVersionOrConstraint(tags, "1.2.3") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if got != "1.2.3" { + t.Fatalf("expected exact match '1.2.3', got %q", got) + } +} diff --git a/pkg/registry/transport.go b/pkg/registry/transport.go index 9d6a37326..f039a8159 100644 --- a/pkg/registry/transport.go +++ b/pkg/registry/transport.go @@ -97,7 +97,7 @@ func (t *LoggingTransport) RoundTrip(req *http.Request) (resp *http.Response, er // logHeader prints out the provided header keys and values, with auth header scrubbed. func logHeader(header http.Header) string { if len(header) > 0 { - headers := []string{} + var headers []string for k, v := range header { for _, h := range toScrub { if strings.EqualFold(k, h) { diff --git a/pkg/release/common.go b/pkg/release/common.go new file mode 100644 index 000000000..d33c96646 --- /dev/null +++ b/pkg/release/common.go @@ -0,0 +1,116 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "errors" + "fmt" + "time" + + "helm.sh/helm/v4/pkg/chart" + v1release "helm.sh/helm/v4/pkg/release/v1" +) + +var NewAccessor func(rel Releaser) (Accessor, error) = newDefaultAccessor //nolint:revive + +var NewHookAccessor func(rel Hook) (HookAccessor, error) = newDefaultHookAccessor //nolint:revive + +func newDefaultAccessor(rel Releaser) (Accessor, error) { + switch v := rel.(type) { + case v1release.Release: + return &v1Accessor{&v}, nil + case *v1release.Release: + return &v1Accessor{v}, nil + default: + return nil, fmt.Errorf("unsupported release type: %T", rel) + } +} + +func newDefaultHookAccessor(hook Hook) (HookAccessor, error) { + switch h := hook.(type) { + case v1release.Hook: + return &v1HookAccessor{&h}, nil + case *v1release.Hook: + return &v1HookAccessor{h}, nil + default: + return nil, errors.New("unsupported release hook type") + } +} + +type v1Accessor struct { + rel *v1release.Release +} + +func (a *v1Accessor) Name() string { + return a.rel.Name +} + +func (a *v1Accessor) Namespace() string { + return a.rel.Namespace +} + +func (a *v1Accessor) Version() int { + return a.rel.Version +} + +func (a *v1Accessor) Hooks() []Hook { + var hooks = make([]Hook, len(a.rel.Hooks)) + for i, h := range a.rel.Hooks { + hooks[i] = h + } + return hooks +} + +func (a *v1Accessor) Manifest() string { + return a.rel.Manifest +} + +func (a *v1Accessor) Notes() string { + return a.rel.Info.Notes +} + +func (a *v1Accessor) Labels() map[string]string { + return a.rel.Labels +} + +func (a *v1Accessor) Chart() chart.Charter { + return a.rel.Chart +} + +func (a *v1Accessor) Status() string { + return a.rel.Info.Status.String() +} + +func (a *v1Accessor) ApplyMethod() string { + return a.rel.ApplyMethod +} + +func (a *v1Accessor) DeployedAt() time.Time { + return a.rel.Info.LastDeployed +} + +type v1HookAccessor struct { + hook *v1release.Hook +} + +func (a *v1HookAccessor) Path() string { + return a.hook.Path +} + +func (a *v1HookAccessor) Manifest() string { + return a.hook.Manifest +} diff --git a/pkg/release/v1/status.go b/pkg/release/common/status.go similarity index 99% rename from pkg/release/v1/status.go rename to pkg/release/common/status.go index 8d6459013..fd5010301 100644 --- a/pkg/release/v1/status.go +++ b/pkg/release/common/status.go @@ -13,7 +13,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1 +package common // Status is the status of a release type Status string diff --git a/pkg/release/common_test.go b/pkg/release/common_test.go new file mode 100644 index 000000000..e9f8d364a --- /dev/null +++ b/pkg/release/common_test.go @@ -0,0 +1,65 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/pkg/release/common" + rspb "helm.sh/helm/v4/pkg/release/v1" +) + +func TestNewDefaultAccessor(t *testing.T) { + // Testing the default implementation rather than NewAccessor which can be + // overridden by developers. + is := assert.New(t) + + // Create release + info := &rspb.Info{Status: common.StatusDeployed, LastDeployed: time.Now().Add(1000)} + labels := make(map[string]string) + labels["foo"] = "bar" + rel := &rspb.Release{ + Name: "happy-cats", + Version: 2, + Info: info, + Labels: labels, + Namespace: "default", + ApplyMethod: "csa", + } + + // newDefaultAccessor should not be called directly Instead, NewAccessor should be + // called and it will call NewDefaultAccessor. NewAccessor can be changed to a + // non-default accessor by a user so the test calls the default implementation. + // The accessor provides a means to access data on resources that are different types + // but have the same interface. Instead of properties, methods are used to access + // information. Structs with properties are useful in Go when it comes to marshalling + // and unmarshalling data (e.g. coming and going from JSON or YAML). But, structs + // can't be used with interfaces. The accessors enable access to the underlying data + // in a manner that works with Go interfaces. + accessor, err := newDefaultAccessor(rel) + is.NoError(err) + + // Verify information + is.Equal(rel.Name, accessor.Name()) + is.Equal(rel.Namespace, accessor.Namespace()) + is.Equal(rel.Version, accessor.Version()) + is.Equal(rel.ApplyMethod, accessor.ApplyMethod()) + is.Equal(rel.Labels, accessor.Labels()) +} diff --git a/pkg/release/interfaces.go b/pkg/release/interfaces.go new file mode 100644 index 000000000..aaa5a756f --- /dev/null +++ b/pkg/release/interfaces.go @@ -0,0 +1,46 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "time" + + "helm.sh/helm/v4/pkg/chart" +) + +type Releaser interface{} + +type Hook interface{} + +type Accessor interface { + Name() string + Namespace() string + Version() int + Hooks() []Hook + Manifest() string + Notes() string + Labels() map[string]string + Chart() chart.Charter + Status() string + ApplyMethod() string + DeployedAt() time.Time +} + +type HookAccessor interface { + Path() string + Manifest() string +} diff --git a/pkg/release/v1/responses.go b/pkg/release/responses.go similarity index 92% rename from pkg/release/v1/responses.go rename to pkg/release/responses.go index 2a5608c67..6e0a0eaec 100644 --- a/pkg/release/v1/responses.go +++ b/pkg/release/responses.go @@ -13,12 +13,12 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1 +package release // UninstallReleaseResponse represents a successful response to an uninstall request. type UninstallReleaseResponse struct { // Release is the release that was marked deleted. - Release *Release `json:"release,omitempty"` + Release Releaser `json:"release,omitempty"` // Info is an uninstall message Info string `json:"info,omitempty"` } diff --git a/pkg/release/v1/hook.go b/pkg/release/v1/hook.go index 1ef5c1eb8..f0a370c15 100644 --- a/pkg/release/v1/hook.go +++ b/pkg/release/v1/hook.go @@ -17,7 +17,8 @@ limitations under the License. package v1 import ( - "helm.sh/helm/v4/pkg/time" + "encoding/json" + "time" ) // HookEvent specifies the hook event @@ -97,9 +98,9 @@ type Hook struct { // A HookExecution records the result for the last execution of a hook for a given release. type HookExecution struct { // StartedAt indicates the date/time this hook was started - StartedAt time.Time `json:"started_at,omitempty"` + StartedAt time.Time `json:"started_at,omitzero"` // CompletedAt indicates the date/time this hook was completed. - CompletedAt time.Time `json:"completed_at,omitempty"` + CompletedAt time.Time `json:"completed_at,omitzero"` // Phase indicates whether the hook completed successfully Phase HookPhase `json:"phase"` } @@ -120,3 +121,69 @@ const ( // String converts a hook phase to a printable string func (x HookPhase) String() string { return string(x) } + +// hookExecutionJSON is used for custom JSON marshaling/unmarshaling +type hookExecutionJSON struct { + StartedAt *time.Time `json:"started_at,omitempty"` + CompletedAt *time.Time `json:"completed_at,omitempty"` + Phase HookPhase `json:"phase"` +} + +// UnmarshalJSON implements the json.Unmarshaler interface. +// It handles empty string time fields by treating them as zero values. +func (h *HookExecution) UnmarshalJSON(data []byte) error { + // First try to unmarshal into a map to handle empty string time fields + var raw map[string]interface{} + if err := json.Unmarshal(data, &raw); err != nil { + return err + } + + // Replace empty string time fields with nil + for _, field := range []string{"started_at", "completed_at"} { + if val, ok := raw[field]; ok { + if str, ok := val.(string); ok && str == "" { + raw[field] = nil + } + } + } + + // Re-marshal with cleaned data + cleaned, err := json.Marshal(raw) + if err != nil { + return err + } + + // Unmarshal into temporary struct with pointer time fields + var tmp hookExecutionJSON + if err := json.Unmarshal(cleaned, &tmp); err != nil { + return err + } + + // Copy values to HookExecution struct + if tmp.StartedAt != nil { + h.StartedAt = *tmp.StartedAt + } + if tmp.CompletedAt != nil { + h.CompletedAt = *tmp.CompletedAt + } + h.Phase = tmp.Phase + + return nil +} + +// MarshalJSON implements the json.Marshaler interface. +// It omits zero-value time fields from the JSON output. +func (h HookExecution) MarshalJSON() ([]byte, error) { + tmp := hookExecutionJSON{ + Phase: h.Phase, + } + + if !h.StartedAt.IsZero() { + tmp.StartedAt = &h.StartedAt + } + if !h.CompletedAt.IsZero() { + tmp.CompletedAt = &h.CompletedAt + } + + return json.Marshal(tmp) +} diff --git a/pkg/release/v1/hook_test.go b/pkg/release/v1/hook_test.go new file mode 100644 index 000000000..cea2568bc --- /dev/null +++ b/pkg/release/v1/hook_test.go @@ -0,0 +1,231 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "encoding/json" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestHookExecutionMarshalJSON(t *testing.T) { + started := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + completed := time.Date(2025, 10, 8, 12, 5, 0, 0, time.UTC) + + tests := []struct { + name string + exec HookExecution + expected string + }{ + { + name: "all fields populated", + exec: HookExecution{ + StartedAt: started, + CompletedAt: completed, + Phase: HookPhaseSucceeded, + }, + expected: `{"started_at":"2025-10-08T12:00:00Z","completed_at":"2025-10-08T12:05:00Z","phase":"Succeeded"}`, + }, + { + name: "only phase", + exec: HookExecution{ + Phase: HookPhaseRunning, + }, + expected: `{"phase":"Running"}`, + }, + { + name: "with started time only", + exec: HookExecution{ + StartedAt: started, + Phase: HookPhaseRunning, + }, + expected: `{"started_at":"2025-10-08T12:00:00Z","phase":"Running"}`, + }, + { + name: "failed phase", + exec: HookExecution{ + StartedAt: started, + CompletedAt: completed, + Phase: HookPhaseFailed, + }, + expected: `{"started_at":"2025-10-08T12:00:00Z","completed_at":"2025-10-08T12:05:00Z","phase":"Failed"}`, + }, + { + name: "unknown phase", + exec: HookExecution{ + Phase: HookPhaseUnknown, + }, + expected: `{"phase":"Unknown"}`, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + data, err := json.Marshal(&tt.exec) + require.NoError(t, err) + assert.JSONEq(t, tt.expected, string(data)) + }) + } +} + +func TestHookExecutionUnmarshalJSON(t *testing.T) { + started := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + completed := time.Date(2025, 10, 8, 12, 5, 0, 0, time.UTC) + + tests := []struct { + name string + input string + expected HookExecution + wantErr bool + }{ + { + name: "all fields populated", + input: `{"started_at":"2025-10-08T12:00:00Z","completed_at":"2025-10-08T12:05:00Z","phase":"Succeeded"}`, + expected: HookExecution{ + StartedAt: started, + CompletedAt: completed, + Phase: HookPhaseSucceeded, + }, + }, + { + name: "only phase", + input: `{"phase":"Running"}`, + expected: HookExecution{ + Phase: HookPhaseRunning, + }, + }, + { + name: "empty string time fields", + input: `{"started_at":"","completed_at":"","phase":"Succeeded"}`, + expected: HookExecution{ + Phase: HookPhaseSucceeded, + }, + }, + { + name: "missing time fields", + input: `{"phase":"Failed"}`, + expected: HookExecution{ + Phase: HookPhaseFailed, + }, + }, + { + name: "null time fields", + input: `{"started_at":null,"completed_at":null,"phase":"Unknown"}`, + expected: HookExecution{ + Phase: HookPhaseUnknown, + }, + }, + { + name: "mixed empty and valid time fields", + input: `{"started_at":"2025-10-08T12:00:00Z","completed_at":"","phase":"Running"}`, + expected: HookExecution{ + StartedAt: started, + Phase: HookPhaseRunning, + }, + }, + { + name: "with started time only", + input: `{"started_at":"2025-10-08T12:00:00Z","phase":"Running"}`, + expected: HookExecution{ + StartedAt: started, + Phase: HookPhaseRunning, + }, + }, + { + name: "failed phase with times", + input: `{"started_at":"2025-10-08T12:00:00Z","completed_at":"2025-10-08T12:05:00Z","phase":"Failed"}`, + expected: HookExecution{ + StartedAt: started, + CompletedAt: completed, + Phase: HookPhaseFailed, + }, + }, + { + name: "invalid time format", + input: `{"started_at":"invalid-time","phase":"Running"}`, + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var exec HookExecution + err := json.Unmarshal([]byte(tt.input), &exec) + if tt.wantErr { + assert.Error(t, err) + return + } + require.NoError(t, err) + assert.Equal(t, tt.expected.StartedAt.Unix(), exec.StartedAt.Unix()) + assert.Equal(t, tt.expected.CompletedAt.Unix(), exec.CompletedAt.Unix()) + assert.Equal(t, tt.expected.Phase, exec.Phase) + }) + } +} + +func TestHookExecutionRoundTrip(t *testing.T) { + started := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + completed := time.Date(2025, 10, 8, 12, 5, 0, 0, time.UTC) + + original := HookExecution{ + StartedAt: started, + CompletedAt: completed, + Phase: HookPhaseSucceeded, + } + + data, err := json.Marshal(&original) + require.NoError(t, err) + + var decoded HookExecution + err = json.Unmarshal(data, &decoded) + require.NoError(t, err) + + assert.Equal(t, original.StartedAt.Unix(), decoded.StartedAt.Unix()) + assert.Equal(t, original.CompletedAt.Unix(), decoded.CompletedAt.Unix()) + assert.Equal(t, original.Phase, decoded.Phase) +} + +func TestHookExecutionEmptyStringRoundTrip(t *testing.T) { + // This test specifically verifies that empty string time fields + // are handled correctly during parsing + input := `{"started_at":"","completed_at":"","phase":"Succeeded"}` + + var exec HookExecution + err := json.Unmarshal([]byte(input), &exec) + require.NoError(t, err) + + // Verify time fields are zero values + assert.True(t, exec.StartedAt.IsZero()) + assert.True(t, exec.CompletedAt.IsZero()) + assert.Equal(t, HookPhaseSucceeded, exec.Phase) + + // Marshal back and verify empty time fields are omitted + data, err := json.Marshal(&exec) + require.NoError(t, err) + + var result map[string]interface{} + err = json.Unmarshal(data, &result) + require.NoError(t, err) + + // Zero time values should be omitted + assert.NotContains(t, result, "started_at") + assert.NotContains(t, result, "completed_at") + assert.Equal(t, "Succeeded", result["phase"]) +} diff --git a/pkg/release/v1/info.go b/pkg/release/v1/info.go index ff98ab63e..f895fdf6c 100644 --- a/pkg/release/v1/info.go +++ b/pkg/release/v1/info.go @@ -16,25 +16,110 @@ limitations under the License. package v1 import ( - "k8s.io/apimachinery/pkg/runtime" + "encoding/json" + "time" + + "helm.sh/helm/v4/pkg/release/common" - "helm.sh/helm/v4/pkg/time" + "k8s.io/apimachinery/pkg/runtime" ) // Info describes release information. type Info struct { // FirstDeployed is when the release was first deployed. - FirstDeployed time.Time `json:"first_deployed,omitempty"` + FirstDeployed time.Time `json:"first_deployed,omitzero"` // LastDeployed is when the release was last deployed. - LastDeployed time.Time `json:"last_deployed,omitempty"` + LastDeployed time.Time `json:"last_deployed,omitzero"` // Deleted tracks when this object was deleted. - Deleted time.Time `json:"deleted"` + Deleted time.Time `json:"deleted,omitzero"` // Description is human-friendly "log entry" about this release. Description string `json:"description,omitempty"` // Status is the current state of the release - Status Status `json:"status,omitempty"` + Status common.Status `json:"status,omitempty"` // Contains the rendered templates/NOTES.txt if available Notes string `json:"notes,omitempty"` // Contains the deployed resources information Resources map[string][]runtime.Object `json:"resources,omitempty"` } + +// infoJSON is used for custom JSON marshaling/unmarshaling +type infoJSON struct { + FirstDeployed *time.Time `json:"first_deployed,omitempty"` + LastDeployed *time.Time `json:"last_deployed,omitempty"` + Deleted *time.Time `json:"deleted,omitempty"` + Description string `json:"description,omitempty"` + Status common.Status `json:"status,omitempty"` + Notes string `json:"notes,omitempty"` + Resources map[string][]runtime.Object `json:"resources,omitempty"` +} + +// UnmarshalJSON implements the json.Unmarshaler interface. +// It handles empty string time fields by treating them as zero values. +func (i *Info) UnmarshalJSON(data []byte) error { + // First try to unmarshal into a map to handle empty string time fields + var raw map[string]interface{} + if err := json.Unmarshal(data, &raw); err != nil { + return err + } + + // Replace empty string time fields with nil + for _, field := range []string{"first_deployed", "last_deployed", "deleted"} { + if val, ok := raw[field]; ok { + if str, ok := val.(string); ok && str == "" { + raw[field] = nil + } + } + } + + // Re-marshal with cleaned data + cleaned, err := json.Marshal(raw) + if err != nil { + return err + } + + // Unmarshal into temporary struct with pointer time fields + var tmp infoJSON + if err := json.Unmarshal(cleaned, &tmp); err != nil { + return err + } + + // Copy values to Info struct + if tmp.FirstDeployed != nil { + i.FirstDeployed = *tmp.FirstDeployed + } + if tmp.LastDeployed != nil { + i.LastDeployed = *tmp.LastDeployed + } + if tmp.Deleted != nil { + i.Deleted = *tmp.Deleted + } + i.Description = tmp.Description + i.Status = tmp.Status + i.Notes = tmp.Notes + i.Resources = tmp.Resources + + return nil +} + +// MarshalJSON implements the json.Marshaler interface. +// It omits zero-value time fields from the JSON output. +func (i Info) MarshalJSON() ([]byte, error) { + tmp := infoJSON{ + Description: i.Description, + Status: i.Status, + Notes: i.Notes, + Resources: i.Resources, + } + + if !i.FirstDeployed.IsZero() { + tmp.FirstDeployed = &i.FirstDeployed + } + if !i.LastDeployed.IsZero() { + tmp.LastDeployed = &i.LastDeployed + } + if !i.Deleted.IsZero() { + tmp.Deleted = &i.Deleted + } + + return json.Marshal(tmp) +} diff --git a/pkg/release/v1/info_test.go b/pkg/release/v1/info_test.go new file mode 100644 index 000000000..0fff78f76 --- /dev/null +++ b/pkg/release/v1/info_test.go @@ -0,0 +1,285 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "encoding/json" + "testing" + "time" + + "helm.sh/helm/v4/pkg/release/common" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestInfoMarshalJSON(t *testing.T) { + now := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + later := time.Date(2025, 10, 8, 13, 0, 0, 0, time.UTC) + deleted := time.Date(2025, 10, 8, 14, 0, 0, 0, time.UTC) + + tests := []struct { + name string + info Info + expected string + }{ + { + name: "all fields populated", + info: Info{ + FirstDeployed: now, + LastDeployed: later, + Deleted: deleted, + Description: "Test release", + Status: common.StatusDeployed, + Notes: "Test notes", + }, + expected: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","deleted":"2025-10-08T14:00:00Z","description":"Test release","status":"deployed","notes":"Test notes"}`, + }, + { + name: "only required fields", + info: Info{ + FirstDeployed: now, + LastDeployed: later, + Status: common.StatusDeployed, + }, + expected: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","status":"deployed"}`, + }, + { + name: "zero time values omitted", + info: Info{ + Description: "Test release", + Status: common.StatusDeployed, + }, + expected: `{"description":"Test release","status":"deployed"}`, + }, + { + name: "with pending status", + info: Info{ + FirstDeployed: now, + LastDeployed: later, + Status: common.StatusPendingInstall, + Description: "Installing release", + }, + expected: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","description":"Installing release","status":"pending-install"}`, + }, + { + name: "uninstalled with deleted time", + info: Info{ + FirstDeployed: now, + LastDeployed: later, + Deleted: deleted, + Status: common.StatusUninstalled, + Description: "Uninstalled release", + }, + expected: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","deleted":"2025-10-08T14:00:00Z","description":"Uninstalled release","status":"uninstalled"}`, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + data, err := json.Marshal(&tt.info) + require.NoError(t, err) + assert.JSONEq(t, tt.expected, string(data)) + }) + } +} + +func TestInfoUnmarshalJSON(t *testing.T) { + now := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + later := time.Date(2025, 10, 8, 13, 0, 0, 0, time.UTC) + deleted := time.Date(2025, 10, 8, 14, 0, 0, 0, time.UTC) + + tests := []struct { + name string + input string + expected Info + wantErr bool + }{ + { + name: "all fields populated", + input: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","deleted":"2025-10-08T14:00:00Z","description":"Test release","status":"deployed","notes":"Test notes"}`, + expected: Info{ + FirstDeployed: now, + LastDeployed: later, + Deleted: deleted, + Description: "Test release", + Status: common.StatusDeployed, + Notes: "Test notes", + }, + }, + { + name: "only required fields", + input: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","status":"deployed"}`, + expected: Info{ + FirstDeployed: now, + LastDeployed: later, + Status: common.StatusDeployed, + }, + }, + { + name: "empty string time fields", + input: `{"first_deployed":"","last_deployed":"","deleted":"","description":"Test release","status":"deployed"}`, + expected: Info{ + Description: "Test release", + Status: common.StatusDeployed, + }, + }, + { + name: "missing time fields", + input: `{"description":"Test release","status":"deployed"}`, + expected: Info{ + Description: "Test release", + Status: common.StatusDeployed, + }, + }, + { + name: "null time fields", + input: `{"first_deployed":null,"last_deployed":null,"deleted":null,"description":"Test release","status":"deployed"}`, + expected: Info{ + Description: "Test release", + Status: common.StatusDeployed, + }, + }, + { + name: "mixed empty and valid time fields", + input: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"","deleted":"","status":"deployed"}`, + expected: Info{ + FirstDeployed: now, + Status: common.StatusDeployed, + }, + }, + { + name: "pending install status", + input: `{"first_deployed":"2025-10-08T12:00:00Z","status":"pending-install","description":"Installing"}`, + expected: Info{ + FirstDeployed: now, + Status: common.StatusPendingInstall, + Description: "Installing", + }, + }, + { + name: "uninstalled with deleted time", + input: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","deleted":"2025-10-08T14:00:00Z","status":"uninstalled"}`, + expected: Info{ + FirstDeployed: now, + LastDeployed: later, + Deleted: deleted, + Status: common.StatusUninstalled, + }, + }, + { + name: "failed status", + input: `{"first_deployed":"2025-10-08T12:00:00Z","last_deployed":"2025-10-08T13:00:00Z","status":"failed","description":"Deployment failed"}`, + expected: Info{ + FirstDeployed: now, + LastDeployed: later, + Status: common.StatusFailed, + Description: "Deployment failed", + }, + }, + { + name: "invalid time format", + input: `{"first_deployed":"invalid-time","status":"deployed"}`, + wantErr: true, + }, + { + name: "empty object", + input: `{}`, + expected: Info{ + Status: "", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var info Info + err := json.Unmarshal([]byte(tt.input), &info) + if tt.wantErr { + assert.Error(t, err) + return + } + require.NoError(t, err) + assert.Equal(t, tt.expected.FirstDeployed.Unix(), info.FirstDeployed.Unix()) + assert.Equal(t, tt.expected.LastDeployed.Unix(), info.LastDeployed.Unix()) + assert.Equal(t, tt.expected.Deleted.Unix(), info.Deleted.Unix()) + assert.Equal(t, tt.expected.Description, info.Description) + assert.Equal(t, tt.expected.Status, info.Status) + assert.Equal(t, tt.expected.Notes, info.Notes) + assert.Equal(t, tt.expected.Resources, info.Resources) + }) + } +} + +func TestInfoRoundTrip(t *testing.T) { + now := time.Date(2025, 10, 8, 12, 0, 0, 0, time.UTC) + later := time.Date(2025, 10, 8, 13, 0, 0, 0, time.UTC) + + original := Info{ + FirstDeployed: now, + LastDeployed: later, + Description: "Test release", + Status: common.StatusDeployed, + Notes: "Release notes", + } + + data, err := json.Marshal(&original) + require.NoError(t, err) + + var decoded Info + err = json.Unmarshal(data, &decoded) + require.NoError(t, err) + + assert.Equal(t, original.FirstDeployed.Unix(), decoded.FirstDeployed.Unix()) + assert.Equal(t, original.LastDeployed.Unix(), decoded.LastDeployed.Unix()) + assert.Equal(t, original.Deleted.Unix(), decoded.Deleted.Unix()) + assert.Equal(t, original.Description, decoded.Description) + assert.Equal(t, original.Status, decoded.Status) + assert.Equal(t, original.Notes, decoded.Notes) +} + +func TestInfoEmptyStringRoundTrip(t *testing.T) { + // This test specifically verifies that empty string time fields + // are handled correctly during parsing + input := `{"first_deployed":"","last_deployed":"","deleted":"","status":"deployed","description":"test"}` + + var info Info + err := json.Unmarshal([]byte(input), &info) + require.NoError(t, err) + + // Verify time fields are zero values + assert.True(t, info.FirstDeployed.IsZero()) + assert.True(t, info.LastDeployed.IsZero()) + assert.True(t, info.Deleted.IsZero()) + assert.Equal(t, common.StatusDeployed, info.Status) + assert.Equal(t, "test", info.Description) + + // Marshal back and verify empty time fields are omitted + data, err := json.Marshal(&info) + require.NoError(t, err) + + var result map[string]interface{} + err = json.Unmarshal(data, &result) + require.NoError(t, err) + + // Zero time values should be omitted due to omitzero tag + assert.NotContains(t, result, "first_deployed") + assert.NotContains(t, result, "last_deployed") + assert.NotContains(t, result, "deleted") + assert.Equal(t, "deployed", result["status"]) + assert.Equal(t, "test", result["description"]) +} diff --git a/pkg/release/v1/mock.go b/pkg/release/v1/mock.go index 3d3b0c2e2..dc135a24a 100644 --- a/pkg/release/v1/mock.go +++ b/pkg/release/v1/mock.go @@ -19,9 +19,11 @@ package v1 import ( "fmt" "math/rand" + "time" + "helm.sh/helm/v4/pkg/chart/common" chart "helm.sh/helm/v4/pkg/chart/v2" - "helm.sh/helm/v4/pkg/time" + rcommon "helm.sh/helm/v4/pkg/release/common" ) // MockHookTemplate is the hook template used for all mock release objects. @@ -44,7 +46,7 @@ type MockReleaseOptions struct { Name string Version int Chart *chart.Chart - Status Status + Status rcommon.Status Namespace string Labels map[string]string } @@ -98,13 +100,13 @@ func Mock(opts *MockReleaseOptions) *Release { }, }, }, - Templates: []*chart.File{ - {Name: "templates/foo.tpl", Data: []byte(MockManifest)}, + Templates: []*common.File{ + {Name: "templates/foo.tpl", ModTime: time.Now(), Data: []byte(MockManifest)}, }, } } - scode := StatusDeployed + scode := rcommon.StatusDeployed if len(opts.Status) > 0 { scode = opts.Status } diff --git a/pkg/release/v1/release.go b/pkg/release/v1/release.go index 74e834f7b..454ee6eb7 100644 --- a/pkg/release/v1/release.go +++ b/pkg/release/v1/release.go @@ -17,8 +17,14 @@ package v1 import ( chart "helm.sh/helm/v4/pkg/chart/v2" + "helm.sh/helm/v4/pkg/release/common" ) +type ApplyMethod string + +const ApplyMethodClientSideApply ApplyMethod = "csa" +const ApplyMethodServerSideApply ApplyMethod = "ssa" + // Release describes a deployment of a chart, together with the chart // and the variables used to deploy that chart. type Release struct { @@ -42,10 +48,13 @@ type Release struct { // Labels of the release. // Disabled encoding into Json cause labels are stored in storage driver metadata field. Labels map[string]string `json:"-"` + // ApplyMethod stores whether server-side or client-side apply was used for the release + // Unset (empty string) should be treated as the default of client-side apply + ApplyMethod string `json:"apply_method,omitempty"` // "ssa" | "csa" } // SetStatus is a helper for setting the status on a release. -func (r *Release) SetStatus(status Status, msg string) { +func (r *Release) SetStatus(status common.Status, msg string) { r.Info.Status = status r.Info.Description = msg } diff --git a/pkg/release/util/filter.go b/pkg/release/v1/util/filter.go similarity index 90% rename from pkg/release/util/filter.go rename to pkg/release/v1/util/filter.go index f0a082cfd..dc60195cf 100644 --- a/pkg/release/util/filter.go +++ b/pkg/release/v1/util/filter.go @@ -14,9 +14,12 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util // import "helm.sh/helm/v4/pkg/release/util" +package util // import "helm.sh/helm/v4/pkg/release/v1/util" -import rspb "helm.sh/helm/v4/pkg/release/v1" +import ( + "helm.sh/helm/v4/pkg/release/common" + rspb "helm.sh/helm/v4/pkg/release/v1" +) // FilterFunc returns true if the release object satisfies // the predicate of the underlying filter func. @@ -68,7 +71,7 @@ func All(filters ...FilterFunc) FilterFunc { } // StatusFilter filters a set of releases by status code. -func StatusFilter(status rspb.Status) FilterFunc { +func StatusFilter(status common.Status) FilterFunc { return FilterFunc(func(rls *rspb.Release) bool { if rls == nil { return true diff --git a/pkg/release/util/filter_test.go b/pkg/release/v1/util/filter_test.go similarity index 78% rename from pkg/release/util/filter_test.go rename to pkg/release/v1/util/filter_test.go index 5d2564619..1004a4c57 100644 --- a/pkg/release/util/filter_test.go +++ b/pkg/release/v1/util/filter_test.go @@ -14,25 +14,26 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util // import "helm.sh/helm/v4/pkg/release/util" +package util // import "helm.sh/helm/v4/pkg/release/v1/util" import ( "testing" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" ) func TestFilterAny(t *testing.T) { - ls := Any(StatusFilter(rspb.StatusUninstalled)).Filter(releases) + ls := Any(StatusFilter(common.StatusUninstalled)).Filter(releases) if len(ls) != 2 { t.Fatalf("expected 2 results, got '%d'", len(ls)) } r0, r1 := ls[0], ls[1] switch { - case r0.Info.Status != rspb.StatusUninstalled: + case r0.Info.Status != common.StatusUninstalled: t.Fatalf("expected UNINSTALLED result, got '%s'", r1.Info.Status.String()) - case r1.Info.Status != rspb.StatusUninstalled: + case r1.Info.Status != common.StatusUninstalled: t.Fatalf("expected UNINSTALLED result, got '%s'", r1.Info.Status.String()) } } @@ -40,7 +41,7 @@ func TestFilterAny(t *testing.T) { func TestFilterAll(t *testing.T) { fn := FilterFunc(func(rls *rspb.Release) bool { // true if not uninstalled and version < 4 - v0 := !StatusFilter(rspb.StatusUninstalled).Check(rls) + v0 := !StatusFilter(common.StatusUninstalled).Check(rls) v1 := rls.Version < 4 return v0 && v1 }) @@ -53,7 +54,7 @@ func TestFilterAll(t *testing.T) { switch r0 := ls[0]; { case r0.Version == 4: t.Fatal("got release with status revision 4") - case r0.Info.Status == rspb.StatusUninstalled: + case r0.Info.Status == common.StatusUninstalled: t.Fatal("got release with status UNINSTALLED") } } diff --git a/pkg/release/util/kind_sorter.go b/pkg/release/v1/util/kind_sorter.go similarity index 100% rename from pkg/release/util/kind_sorter.go rename to pkg/release/v1/util/kind_sorter.go diff --git a/pkg/release/util/kind_sorter_test.go b/pkg/release/v1/util/kind_sorter_test.go similarity index 100% rename from pkg/release/util/kind_sorter_test.go rename to pkg/release/v1/util/kind_sorter_test.go diff --git a/pkg/release/util/manifest.go b/pkg/release/v1/util/manifest.go similarity index 100% rename from pkg/release/util/manifest.go rename to pkg/release/v1/util/manifest.go diff --git a/pkg/release/util/manifest_sorter.go b/pkg/release/v1/util/manifest_sorter.go similarity index 97% rename from pkg/release/util/manifest_sorter.go rename to pkg/release/v1/util/manifest_sorter.go index 21fdec7c6..6f7b4ea8b 100644 --- a/pkg/release/util/manifest_sorter.go +++ b/pkg/release/v1/util/manifest_sorter.go @@ -26,7 +26,7 @@ import ( "sigs.k8s.io/yaml" - chartutil "helm.sh/helm/v4/pkg/chart/v2/util" + "helm.sh/helm/v4/pkg/chart/common" release "helm.sh/helm/v4/pkg/release/v1" ) @@ -74,7 +74,7 @@ var events = map[string]release.HookEvent{ // // Files that do not parse into the expected format are simply placed into a map and // returned. -func SortManifests(files map[string]string, _ chartutil.VersionSet, ordering KindSortOrder) ([]*release.Hook, []Manifest, error) { +func SortManifests(files map[string]string, _ common.VersionSet, ordering KindSortOrder) ([]*release.Hook, []Manifest, error) { result := &result{} var sortedFilePaths []string diff --git a/pkg/release/util/manifest_sorter_test.go b/pkg/release/v1/util/manifest_sorter_test.go similarity index 100% rename from pkg/release/util/manifest_sorter_test.go rename to pkg/release/v1/util/manifest_sorter_test.go diff --git a/pkg/release/util/manifest_test.go b/pkg/release/v1/util/manifest_test.go similarity index 95% rename from pkg/release/util/manifest_test.go rename to pkg/release/v1/util/manifest_test.go index cfc19563d..754ac1367 100644 --- a/pkg/release/util/manifest_test.go +++ b/pkg/release/v1/util/manifest_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util // import "helm.sh/helm/v4/pkg/release/util" +package util // import "helm.sh/helm/v4/pkg/release/v1/util" import ( "reflect" diff --git a/pkg/release/util/sorter.go b/pkg/release/v1/util/sorter.go similarity index 89% rename from pkg/release/util/sorter.go rename to pkg/release/v1/util/sorter.go index 1b09d0f3b..47506fbf2 100644 --- a/pkg/release/util/sorter.go +++ b/pkg/release/v1/util/sorter.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util // import "helm.sh/helm/v4/pkg/release/util" +package util // import "helm.sh/helm/v4/pkg/release/v1/util" import ( "sort" @@ -44,7 +44,11 @@ func SortByDate(list []*rspb.Release) { sort.Slice(list, func(i, j int) bool { ti := list[i].Info.LastDeployed.Unix() tj := list[j].Info.LastDeployed.Unix() - return ti < tj + if ti != tj { + return ti < tj + } + // Use name as tie-breaker for stable sorting + return list[i].Name < list[j].Name }) } diff --git a/pkg/release/util/sorter_test.go b/pkg/release/v1/util/sorter_test.go similarity index 83% rename from pkg/release/util/sorter_test.go rename to pkg/release/v1/util/sorter_test.go index 7ca540441..f47db7db8 100644 --- a/pkg/release/util/sorter_test.go +++ b/pkg/release/v1/util/sorter_test.go @@ -14,27 +14,27 @@ See the License for the specific language governing permissions and limitations under the License. */ -package util // import "helm.sh/helm/v4/pkg/release/util" +package util // import "helm.sh/helm/v4/pkg/release/v1/util" import ( "testing" "time" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" - helmtime "helm.sh/helm/v4/pkg/time" ) // note: this test data is shared with filter_test.go. var releases = []*rspb.Release{ - tsRelease("quiet-bear", 2, 2000, rspb.StatusSuperseded), - tsRelease("angry-bird", 4, 3000, rspb.StatusDeployed), - tsRelease("happy-cats", 1, 4000, rspb.StatusUninstalled), - tsRelease("vocal-dogs", 3, 6000, rspb.StatusUninstalled), + tsRelease("quiet-bear", 2, 2000, common.StatusSuperseded), + tsRelease("angry-bird", 4, 3000, common.StatusDeployed), + tsRelease("happy-cats", 1, 4000, common.StatusUninstalled), + tsRelease("vocal-dogs", 3, 6000, common.StatusUninstalled), } -func tsRelease(name string, vers int, dur time.Duration, status rspb.Status) *rspb.Release { - info := &rspb.Info{Status: status, LastDeployed: helmtime.Now().Add(dur)} +func tsRelease(name string, vers int, dur time.Duration, status common.Status) *rspb.Release { + info := &rspb.Info{Status: status, LastDeployed: time.Now().Add(dur)} return &rspb.Release{ Name: name, Version: vers, diff --git a/pkg/repo/chartrepo.go b/pkg/repo/v1/chartrepo.go similarity index 92% rename from pkg/repo/chartrepo.go rename to pkg/repo/v1/chartrepo.go index c54197d60..deef7474e 100644 --- a/pkg/repo/chartrepo.go +++ b/pkg/repo/v1/chartrepo.go @@ -14,9 +14,10 @@ See the License for the specific language governing permissions and limitations under the License. */ -package repo // import "helm.sh/helm/v4/pkg/repo" +package repo // import "helm.sh/helm/v4/pkg/repo/v1" import ( + "bytes" "crypto/rand" "encoding/base64" "encoding/json" @@ -28,6 +29,7 @@ import ( "path/filepath" "strings" + "helm.sh/helm/v4/internal/fileutil" "helm.sh/helm/v4/pkg/getter" "helm.sh/helm/v4/pkg/helmpath" ) @@ -41,7 +43,7 @@ type Entry struct { CertFile string `json:"certFile"` KeyFile string `json:"keyFile"` CAFile string `json:"caFile"` - InsecureSkipTLSverify bool `json:"insecure_skip_tls_verify"` + InsecureSkipTLSVerify bool `json:"insecure_skip_tls_verify"` PassCredentialsAll bool `json:"pass_credentials_all"` } @@ -82,7 +84,7 @@ func (r *ChartRepository) DownloadIndexFile() (string, error) { resp, err := r.Client.Get(indexURL, getter.WithURL(r.Config.URL), - getter.WithInsecureSkipVerifyTLS(r.Config.InsecureSkipTLSverify), + getter.WithInsecureSkipVerifyTLS(r.Config.InsecureSkipTLSVerify), getter.WithTLSClientConfig(r.Config.CertFile, r.Config.KeyFile, r.Config.CAFile), getter.WithBasicAuth(r.Config.Username, r.Config.Password), getter.WithPassCredentialsAll(r.Config.PassCredentialsAll), @@ -108,19 +110,20 @@ func (r *ChartRepository) DownloadIndexFile() (string, error) { } chartsFile := filepath.Join(r.CachePath, helmpath.CacheChartsFile(r.Config.Name)) os.MkdirAll(filepath.Dir(chartsFile), 0755) - os.WriteFile(chartsFile, []byte(charts.String()), 0644) + + fileutil.AtomicWriteFile(chartsFile, bytes.NewReader([]byte(charts.String())), 0644) // Create the index file in the cache directory fname := filepath.Join(r.CachePath, helmpath.CacheIndexFile(r.Config.Name)) os.MkdirAll(filepath.Dir(fname), 0755) - return fname, os.WriteFile(fname, index, 0644) + return fname, fileutil.AtomicWriteFile(fname, bytes.NewReader(index), 0644) } type findChartInRepoURLOptions struct { Username string Password string PassCredentialsAll bool - InsecureSkipTLSverify bool + InsecureSkipTLSVerify bool CertFile string KeyFile string CAFile string @@ -160,10 +163,10 @@ func WithClientTLS(certFile, keyFile, caFile string) FindChartInRepoURLOption { } } -// WithInsecureSkipTLSverify skips TLS verification for repository communication -func WithInsecureSkipTLSverify(insecureSkipTLSverify bool) FindChartInRepoURLOption { +// WithInsecureSkipTLSVerify skips TLS verification for repository communication +func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) FindChartInRepoURLOption { return func(options *findChartInRepoURLOptions) { - options.InsecureSkipTLSverify = insecureSkipTLSverify + options.InsecureSkipTLSVerify = insecureSkipTLSVerify } } @@ -190,7 +193,7 @@ func FindChartInRepoURL(repoURL string, chartName string, getters getter.Provide KeyFile: opts.KeyFile, CAFile: opts.CAFile, Name: name, - InsecureSkipTLSverify: opts.InsecureSkipTLSverify, + InsecureSkipTLSVerify: opts.InsecureSkipTLSVerify, } r, err := NewChartRepository(&c, getters) if err != nil { diff --git a/pkg/repo/chartrepo_test.go b/pkg/repo/v1/chartrepo_test.go similarity index 86% rename from pkg/repo/chartrepo_test.go rename to pkg/repo/v1/chartrepo_test.go index 05e034dd8..a707cf36d 100644 --- a/pkg/repo/chartrepo_test.go +++ b/pkg/repo/v1/chartrepo_test.go @@ -22,8 +22,10 @@ import ( "net/http" "net/http/httptest" "os" + "path/filepath" "runtime" "strings" + "sync" "testing" "time" @@ -31,6 +33,7 @@ import ( "helm.sh/helm/v4/pkg/cli" "helm.sh/helm/v4/pkg/getter" + "helm.sh/helm/v4/pkg/helmpath" ) type CustomGetter struct { @@ -91,6 +94,60 @@ func TestIndexCustomSchemeDownload(t *testing.T) { } } +func TestConcurrenyDownloadIndex(t *testing.T) { + srv, err := startLocalServerForTests(nil) + if err != nil { + t.Fatal(err) + } + defer srv.Close() + + repo, err := NewChartRepository(&Entry{ + Name: "nginx", + URL: srv.URL, + }, getter.All(&cli.EnvSettings{})) + + if err != nil { + t.Fatalf("Problem loading chart repository from %s: %v", srv.URL, err) + } + repo.CachePath = t.TempDir() + + // initial download index + idx, err := repo.DownloadIndexFile() + if err != nil { + t.Fatalf("Failed to download index file to %s: %v", idx, err) + } + + indexFName := filepath.Join(repo.CachePath, helmpath.CacheIndexFile(repo.Config.Name)) + + var wg sync.WaitGroup + + // Simultaneously start multiple goroutines that: + // 1) download index.yaml via DownloadIndexFile (write operation), + // 2) read index.yaml via LoadIndexFile (read operation). + // This checks for race conditions and ensures correct behavior under concurrent read/write access. + for range 150 { + wg.Add(1) + + go func() { + defer wg.Done() + idx, err := repo.DownloadIndexFile() + if err != nil { + t.Errorf("Failed to download index file to %s: %v", idx, err) + } + }() + + wg.Add(1) + go func() { + defer wg.Done() + _, err := LoadIndexFile(indexFName) + if err != nil { + t.Errorf("Failed to load index file: %v", err) + } + }() + } + wg.Wait() +} + // startLocalServerForTests Start the local helm server func startLocalServerForTests(handler http.Handler) (*httptest.Server, error) { if handler == nil { @@ -132,7 +189,7 @@ func TestFindChartInAuthAndTLSAndPassRepoURL(t *testing.T) { srv.URL, "nginx", getter.All(&cli.EnvSettings{}), - WithInsecureSkipTLSverify(true), + WithInsecureSkipTLSVerify(true), ) if err != nil { t.Fatalf("%v", err) diff --git a/pkg/repo/doc.go b/pkg/repo/v1/doc.go similarity index 100% rename from pkg/repo/doc.go rename to pkg/repo/v1/doc.go diff --git a/pkg/repo/error.go b/pkg/repo/v1/error.go similarity index 100% rename from pkg/repo/error.go rename to pkg/repo/v1/error.go diff --git a/pkg/repo/index.go b/pkg/repo/v1/index.go similarity index 98% rename from pkg/repo/index.go rename to pkg/repo/v1/index.go index 4de8bb463..d77d70a7f 100644 --- a/pkg/repo/index.go +++ b/pkg/repo/v1/index.go @@ -215,6 +215,7 @@ func (i IndexFile) Get(name, version string) (*ChartVersion, error) { } if constraint.Check(test) { + slog.Warn("unable to find exact version; falling back to closest available version", "chart", name, "requested", version, "selected", ver.Version) return ver, nil } } diff --git a/pkg/repo/index_test.go b/pkg/repo/v1/index_test.go similarity index 100% rename from pkg/repo/index_test.go rename to pkg/repo/v1/index_test.go diff --git a/pkg/repo/repo.go b/pkg/repo/v1/repo.go similarity index 98% rename from pkg/repo/repo.go rename to pkg/repo/v1/repo.go index 48c0e0193..38d2b0ca1 100644 --- a/pkg/repo/repo.go +++ b/pkg/repo/v1/repo.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package repo // import "helm.sh/helm/v4/pkg/repo" +package repo // import "helm.sh/helm/v4/pkg/repo/v1" import ( "fmt" diff --git a/pkg/repo/repo_test.go b/pkg/repo/v1/repo_test.go similarity index 100% rename from pkg/repo/repo_test.go rename to pkg/repo/v1/repo_test.go diff --git a/pkg/repo/repotest/doc.go b/pkg/repo/v1/repotest/doc.go similarity index 100% rename from pkg/repo/repotest/doc.go rename to pkg/repo/v1/repotest/doc.go diff --git a/pkg/repo/repotest/server.go b/pkg/repo/v1/repotest/server.go similarity index 99% rename from pkg/repo/repotest/server.go rename to pkg/repo/v1/repotest/server.go index 8f9f82281..12b96de5a 100644 --- a/pkg/repo/repotest/server.go +++ b/pkg/repo/v1/repotest/server.go @@ -37,7 +37,7 @@ import ( "helm.sh/helm/v4/pkg/chart/v2/loader" chartutil "helm.sh/helm/v4/pkg/chart/v2/util" ociRegistry "helm.sh/helm/v4/pkg/registry" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) func BasicAuthMiddleware(t *testing.T) http.HandlerFunc { diff --git a/pkg/repo/repotest/server_test.go b/pkg/repo/v1/repotest/server_test.go similarity index 96% rename from pkg/repo/repotest/server_test.go rename to pkg/repo/v1/repotest/server_test.go index 4d62ef8ed..f0e374fc0 100644 --- a/pkg/repo/repotest/server_test.go +++ b/pkg/repo/v1/repotest/server_test.go @@ -25,7 +25,7 @@ import ( "sigs.k8s.io/yaml" "helm.sh/helm/v4/internal/test/ensure" - "helm.sh/helm/v4/pkg/repo" + "helm.sh/helm/v4/pkg/repo/v1" ) // Young'n, in these here parts, we test our tests. @@ -113,7 +113,7 @@ func TestNewTempServer(t *testing.T) { "tls": { options: []ServerOption{ WithChartSourceGlob("testdata/examplechart-0.1.0.tgz"), - WithTLSConfig(MakeTestTLSConfig(t, "../../../testdata")), + WithTLSConfig(MakeTestTLSConfig(t, "../../../../testdata")), }, }, } @@ -212,7 +212,7 @@ func TestNewTempServer_TLS(t *testing.T) { srv := NewTempServer( t, WithChartSourceGlob("testdata/examplechart-0.1.0.tgz"), - WithTLSConfig(MakeTestTLSConfig(t, "../../../testdata")), + WithTLSConfig(MakeTestTLSConfig(t, "../../../../testdata")), ) defer srv.Stop() diff --git a/pkg/repo/repotest/testdata/examplechart-0.1.0.tgz b/pkg/repo/v1/repotest/testdata/examplechart-0.1.0.tgz similarity index 100% rename from pkg/repo/repotest/testdata/examplechart-0.1.0.tgz rename to pkg/repo/v1/repotest/testdata/examplechart-0.1.0.tgz diff --git a/pkg/repo/repotest/testdata/examplechart/.helmignore b/pkg/repo/v1/repotest/testdata/examplechart/.helmignore similarity index 100% rename from pkg/repo/repotest/testdata/examplechart/.helmignore rename to pkg/repo/v1/repotest/testdata/examplechart/.helmignore diff --git a/pkg/repo/repotest/testdata/examplechart/Chart.yaml b/pkg/repo/v1/repotest/testdata/examplechart/Chart.yaml similarity index 100% rename from pkg/repo/repotest/testdata/examplechart/Chart.yaml rename to pkg/repo/v1/repotest/testdata/examplechart/Chart.yaml diff --git a/pkg/repo/repotest/testdata/examplechart/values.yaml b/pkg/repo/v1/repotest/testdata/examplechart/values.yaml similarity index 100% rename from pkg/repo/repotest/testdata/examplechart/values.yaml rename to pkg/repo/v1/repotest/testdata/examplechart/values.yaml diff --git a/pkg/repo/repotest/tlsconfig.go b/pkg/repo/v1/repotest/tlsconfig.go similarity index 100% rename from pkg/repo/repotest/tlsconfig.go rename to pkg/repo/v1/repotest/tlsconfig.go diff --git a/pkg/repo/testdata/chartmuseum-index.yaml b/pkg/repo/v1/testdata/chartmuseum-index.yaml similarity index 100% rename from pkg/repo/testdata/chartmuseum-index.yaml rename to pkg/repo/v1/testdata/chartmuseum-index.yaml diff --git a/pkg/repo/testdata/local-index-annotations.yaml b/pkg/repo/v1/testdata/local-index-annotations.yaml similarity index 100% rename from pkg/repo/testdata/local-index-annotations.yaml rename to pkg/repo/v1/testdata/local-index-annotations.yaml diff --git a/pkg/repo/testdata/local-index-unordered.yaml b/pkg/repo/v1/testdata/local-index-unordered.yaml similarity index 100% rename from pkg/repo/testdata/local-index-unordered.yaml rename to pkg/repo/v1/testdata/local-index-unordered.yaml diff --git a/pkg/repo/testdata/local-index.json b/pkg/repo/v1/testdata/local-index.json similarity index 100% rename from pkg/repo/testdata/local-index.json rename to pkg/repo/v1/testdata/local-index.json diff --git a/pkg/repo/testdata/local-index.yaml b/pkg/repo/v1/testdata/local-index.yaml similarity index 100% rename from pkg/repo/testdata/local-index.yaml rename to pkg/repo/v1/testdata/local-index.yaml diff --git a/pkg/repo/testdata/old-repositories.yaml b/pkg/repo/v1/testdata/old-repositories.yaml similarity index 100% rename from pkg/repo/testdata/old-repositories.yaml rename to pkg/repo/v1/testdata/old-repositories.yaml diff --git a/pkg/repo/testdata/repositories.yaml b/pkg/repo/v1/testdata/repositories.yaml similarity index 100% rename from pkg/repo/testdata/repositories.yaml rename to pkg/repo/v1/testdata/repositories.yaml diff --git a/pkg/repo/testdata/repository/frobnitz-1.2.3.tgz b/pkg/repo/v1/testdata/repository/frobnitz-1.2.3.tgz similarity index 100% rename from pkg/repo/testdata/repository/frobnitz-1.2.3.tgz rename to pkg/repo/v1/testdata/repository/frobnitz-1.2.3.tgz diff --git a/pkg/repo/testdata/repository/sprocket-1.1.0.tgz b/pkg/repo/v1/testdata/repository/sprocket-1.1.0.tgz similarity index 100% rename from pkg/repo/testdata/repository/sprocket-1.1.0.tgz rename to pkg/repo/v1/testdata/repository/sprocket-1.1.0.tgz diff --git a/pkg/repo/testdata/repository/sprocket-1.2.0.tgz b/pkg/repo/v1/testdata/repository/sprocket-1.2.0.tgz similarity index 100% rename from pkg/repo/testdata/repository/sprocket-1.2.0.tgz rename to pkg/repo/v1/testdata/repository/sprocket-1.2.0.tgz diff --git a/pkg/repo/testdata/repository/universe/zarthal-1.0.0.tgz b/pkg/repo/v1/testdata/repository/universe/zarthal-1.0.0.tgz similarity index 100% rename from pkg/repo/testdata/repository/universe/zarthal-1.0.0.tgz rename to pkg/repo/v1/testdata/repository/universe/zarthal-1.0.0.tgz diff --git a/pkg/repo/testdata/server/index.yaml b/pkg/repo/v1/testdata/server/index.yaml similarity index 100% rename from pkg/repo/testdata/server/index.yaml rename to pkg/repo/v1/testdata/server/index.yaml diff --git a/pkg/repo/testdata/server/test.txt b/pkg/repo/v1/testdata/server/test.txt similarity index 100% rename from pkg/repo/testdata/server/test.txt rename to pkg/repo/v1/testdata/server/test.txt diff --git a/pkg/storage/driver/cfgmaps.go b/pkg/storage/driver/cfgmaps.go index de097f294..5af432d8a 100644 --- a/pkg/storage/driver/cfgmaps.go +++ b/pkg/storage/driver/cfgmaps.go @@ -31,6 +31,8 @@ import ( "k8s.io/apimachinery/pkg/util/validation" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" + "helm.sh/helm/v4/internal/logging" + "helm.sh/helm/v4/pkg/release" rspb "helm.sh/helm/v4/pkg/release/v1" ) @@ -43,14 +45,19 @@ const ConfigMapsDriverName = "ConfigMap" // ConfigMapsInterface. type ConfigMaps struct { impl corev1.ConfigMapInterface + + // Embed a LogHolder to provide logger functionality + logging.LogHolder } // NewConfigMaps initializes a new ConfigMaps wrapping an implementation of // the kubernetes ConfigMapsInterface. func NewConfigMaps(impl corev1.ConfigMapInterface) *ConfigMaps { - return &ConfigMaps{ + c := &ConfigMaps{ impl: impl, } + c.SetLogger(slog.Default().Handler()) + return c } // Name returns the name of the driver. @@ -60,7 +67,7 @@ func (cfgmaps *ConfigMaps) Name() string { // Get fetches the release named by key. The corresponding release is returned // or error if not found. -func (cfgmaps *ConfigMaps) Get(key string) (*rspb.Release, error) { +func (cfgmaps *ConfigMaps) Get(key string) (release.Releaser, error) { // fetch the configmap holding the release named by key obj, err := cfgmaps.impl.Get(context.Background(), key, metav1.GetOptions{}) if err != nil { @@ -68,13 +75,13 @@ func (cfgmaps *ConfigMaps) Get(key string) (*rspb.Release, error) { return nil, ErrReleaseNotFound } - slog.Debug("failed to get release", "key", key, slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to get release", "key", key, slog.Any("error", err)) return nil, err } // found the configmap, decode the base64 data string r, err := decodeRelease(obj.Data["release"]) if err != nil { - slog.Debug("failed to decode data", "key", key, slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to decode data", "key", key, slog.Any("error", err)) return nil, err } r.Labels = filterSystemLabels(obj.Labels) @@ -85,24 +92,24 @@ func (cfgmaps *ConfigMaps) Get(key string) (*rspb.Release, error) { // List fetches all releases and returns the list releases such // that filter(release) == true. An error is returned if the // configmap fails to retrieve the releases. -func (cfgmaps *ConfigMaps) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) { +func (cfgmaps *ConfigMaps) List(filter func(release.Releaser) bool) ([]release.Releaser, error) { lsel := kblabels.Set{"owner": "helm"}.AsSelector() opts := metav1.ListOptions{LabelSelector: lsel.String()} list, err := cfgmaps.impl.List(context.Background(), opts) if err != nil { - slog.Debug("failed to list releases", slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to list releases", slog.Any("error", err)) return nil, err } - var results []*rspb.Release + var results []release.Releaser // iterate over the configmaps object list // and decode each release for _, item := range list.Items { rls, err := decodeRelease(item.Data["release"]) if err != nil { - slog.Debug("failed to decode release", "item", item, slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to decode release", "item", item, slog.Any("error", err)) continue } @@ -117,7 +124,7 @@ func (cfgmaps *ConfigMaps) List(filter func(*rspb.Release) bool) ([]*rspb.Releas // Query fetches all releases that match the provided map of labels. // An error is returned if the configmap fails to retrieve the releases. -func (cfgmaps *ConfigMaps) Query(labels map[string]string) ([]*rspb.Release, error) { +func (cfgmaps *ConfigMaps) Query(labels map[string]string) ([]release.Releaser, error) { ls := kblabels.Set{} for k, v := range labels { if errs := validation.IsValidLabelValue(v); len(errs) != 0 { @@ -130,7 +137,7 @@ func (cfgmaps *ConfigMaps) Query(labels map[string]string) ([]*rspb.Release, err list, err := cfgmaps.impl.List(context.Background(), opts) if err != nil { - slog.Debug("failed to query with labels", slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to query with labels", slog.Any("error", err)) return nil, err } @@ -138,11 +145,11 @@ func (cfgmaps *ConfigMaps) Query(labels map[string]string) ([]*rspb.Release, err return nil, ErrReleaseNotFound } - var results []*rspb.Release + var results []release.Releaser for _, item := range list.Items { rls, err := decodeRelease(item.Data["release"]) if err != nil { - slog.Debug("failed to decode release", slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to decode release", slog.Any("error", err)) continue } rls.Labels = item.Labels @@ -153,18 +160,28 @@ func (cfgmaps *ConfigMaps) Query(labels map[string]string) ([]*rspb.Release, err // Create creates a new ConfigMap holding the release. If the // ConfigMap already exists, ErrReleaseExists is returned. -func (cfgmaps *ConfigMaps) Create(key string, rls *rspb.Release) error { +func (cfgmaps *ConfigMaps) Create(key string, rls release.Releaser) error { // set labels for configmaps object meta data var lbs labels + rac, err := release.NewAccessor(rls) + if err != nil { + return err + } + lbs.init() - lbs.fromMap(rls.Labels) + lbs.fromMap(rac.Labels()) lbs.set("createdAt", fmt.Sprintf("%v", time.Now().Unix())) + rel, err := releaserToV1Release(rls) + if err != nil { + return err + } + // create a new configmap to hold the release - obj, err := newConfigMapsObject(key, rls, lbs) + obj, err := newConfigMapsObject(key, rel, lbs) if err != nil { - slog.Debug("failed to encode release", "name", rls.Name, slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to encode release", "name", rac.Name(), slog.Any("error", err)) return err } // push the configmap object out into the kubiverse @@ -173,7 +190,7 @@ func (cfgmaps *ConfigMaps) Create(key string, rls *rspb.Release) error { return ErrReleaseExists } - slog.Debug("failed to create release", slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to create release", slog.Any("error", err)) return err } return nil @@ -181,10 +198,15 @@ func (cfgmaps *ConfigMaps) Create(key string, rls *rspb.Release) error { // Update updates the ConfigMap holding the release. If not found // the ConfigMap is created to hold the release. -func (cfgmaps *ConfigMaps) Update(key string, rls *rspb.Release) error { +func (cfgmaps *ConfigMaps) Update(key string, rel release.Releaser) error { // set labels for configmaps object meta data var lbs labels + rls, err := releaserToV1Release(rel) + if err != nil { + return err + } + lbs.init() lbs.fromMap(rls.Labels) lbs.set("modifiedAt", fmt.Sprintf("%v", time.Now().Unix())) @@ -192,20 +214,20 @@ func (cfgmaps *ConfigMaps) Update(key string, rls *rspb.Release) error { // create a new configmap object to hold the release obj, err := newConfigMapsObject(key, rls, lbs) if err != nil { - slog.Debug("failed to encode release", "name", rls.Name, slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to encode release", "name", rls.Name, slog.Any("error", err)) return err } // push the configmap object out into the kubiverse _, err = cfgmaps.impl.Update(context.Background(), obj, metav1.UpdateOptions{}) if err != nil { - slog.Debug("failed to update release", slog.Any("error", err)) + cfgmaps.Logger().Debug("failed to update release", slog.Any("error", err)) return err } return nil } // Delete deletes the ConfigMap holding the release named by key. -func (cfgmaps *ConfigMaps) Delete(key string) (rls *rspb.Release, err error) { +func (cfgmaps *ConfigMaps) Delete(key string) (rls release.Releaser, err error) { // fetch the release to check existence if rls, err = cfgmaps.Get(key); err != nil { return nil, err diff --git a/pkg/storage/driver/cfgmaps_test.go b/pkg/storage/driver/cfgmaps_test.go index a563eb7d9..8beb45547 100644 --- a/pkg/storage/driver/cfgmaps_test.go +++ b/pkg/storage/driver/cfgmaps_test.go @@ -22,6 +22,8 @@ import ( v1 "k8s.io/api/core/v1" + "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" ) @@ -37,7 +39,7 @@ func TestConfigMapGet(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) cfgmaps := newTestFixtureCfgMaps(t, []*rspb.Release{rel}...) @@ -57,7 +59,7 @@ func TestUncompressedConfigMapGet(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) // Create a test fixture which contains an uncompressed release cfgmap, err := newConfigMapsObject(key, rel, nil) @@ -84,19 +86,35 @@ func TestUncompressedConfigMapGet(t *testing.T) { } } +func convertReleaserToV1(t *testing.T, rel release.Releaser) *rspb.Release { + t.Helper() + switch r := rel.(type) { + case rspb.Release: + return &r + case *rspb.Release: + return r + case nil: + return nil + } + + t.Fatalf("Unsupported release type: %T", rel) + return nil +} + func TestConfigMapList(t *testing.T) { cfgmaps := newTestFixtureCfgMaps(t, []*rspb.Release{ - releaseStub("key-1", 1, "default", rspb.StatusUninstalled), - releaseStub("key-2", 1, "default", rspb.StatusUninstalled), - releaseStub("key-3", 1, "default", rspb.StatusDeployed), - releaseStub("key-4", 1, "default", rspb.StatusDeployed), - releaseStub("key-5", 1, "default", rspb.StatusSuperseded), - releaseStub("key-6", 1, "default", rspb.StatusSuperseded), + releaseStub("key-1", 1, "default", common.StatusUninstalled), + releaseStub("key-2", 1, "default", common.StatusUninstalled), + releaseStub("key-3", 1, "default", common.StatusDeployed), + releaseStub("key-4", 1, "default", common.StatusDeployed), + releaseStub("key-5", 1, "default", common.StatusSuperseded), + releaseStub("key-6", 1, "default", common.StatusSuperseded), }...) // list all deleted releases - del, err := cfgmaps.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusUninstalled + del, err := cfgmaps.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusUninstalled }) // check if err != nil { @@ -107,8 +125,9 @@ func TestConfigMapList(t *testing.T) { } // list all deployed releases - dpl, err := cfgmaps.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusDeployed + dpl, err := cfgmaps.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusDeployed }) // check if err != nil { @@ -119,8 +138,9 @@ func TestConfigMapList(t *testing.T) { } // list all superseded releases - ssd, err := cfgmaps.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusSuperseded + ssd, err := cfgmaps.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusSuperseded }) // check if err != nil { @@ -130,7 +150,7 @@ func TestConfigMapList(t *testing.T) { t.Errorf("Expected 2 superseded, got %d", len(ssd)) } // Check if release having both system and custom labels, this is needed to ensure that selector filtering would work. - rls := ssd[0] + rls := convertReleaserToV1(t, ssd[0]) _, ok := rls.Labels["name"] if !ok { t.Fatalf("Expected 'name' label in results, actual %v", rls.Labels) @@ -143,12 +163,12 @@ func TestConfigMapList(t *testing.T) { func TestConfigMapQuery(t *testing.T) { cfgmaps := newTestFixtureCfgMaps(t, []*rspb.Release{ - releaseStub("key-1", 1, "default", rspb.StatusUninstalled), - releaseStub("key-2", 1, "default", rspb.StatusUninstalled), - releaseStub("key-3", 1, "default", rspb.StatusDeployed), - releaseStub("key-4", 1, "default", rspb.StatusDeployed), - releaseStub("key-5", 1, "default", rspb.StatusSuperseded), - releaseStub("key-6", 1, "default", rspb.StatusSuperseded), + releaseStub("key-1", 1, "default", common.StatusUninstalled), + releaseStub("key-2", 1, "default", common.StatusUninstalled), + releaseStub("key-3", 1, "default", common.StatusDeployed), + releaseStub("key-4", 1, "default", common.StatusDeployed), + releaseStub("key-5", 1, "default", common.StatusSuperseded), + releaseStub("key-6", 1, "default", common.StatusSuperseded), }...) rls, err := cfgmaps.Query(map[string]string{"status": "deployed"}) @@ -172,7 +192,7 @@ func TestConfigMapCreate(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) // store the release in a configmap if err := cfgmaps.Create(key, rel); err != nil { @@ -196,12 +216,12 @@ func TestConfigMapUpdate(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) cfgmaps := newTestFixtureCfgMaps(t, []*rspb.Release{rel}...) // modify release status code - rel.Info.Status = rspb.StatusSuperseded + rel.Info.Status = common.StatusSuperseded // perform the update if err := cfgmaps.Update(key, rel); err != nil { @@ -209,10 +229,11 @@ func TestConfigMapUpdate(t *testing.T) { } // fetch the updated release - got, err := cfgmaps.Get(key) + goti, err := cfgmaps.Get(key) if err != nil { t.Fatalf("Failed to get release with key %q: %s", key, err) } + got := convertReleaserToV1(t, goti) // check release has actually been updated by comparing modified fields if rel.Info.Status != got.Info.Status { @@ -225,7 +246,7 @@ func TestConfigMapDelete(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) cfgmaps := newTestFixtureCfgMaps(t, []*rspb.Release{rel}...) diff --git a/pkg/storage/driver/driver.go b/pkg/storage/driver/driver.go index 4f9d63928..6efd1dbaa 100644 --- a/pkg/storage/driver/driver.go +++ b/pkg/storage/driver/driver.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" + "helm.sh/helm/v4/pkg/release" rspb "helm.sh/helm/v4/pkg/release/v1" ) @@ -58,7 +59,7 @@ func NewErrNoDeployedReleases(releaseName string) error { // Create stores the release or returns ErrReleaseExists // if an identical release already exists. type Creator interface { - Create(key string, rls *rspb.Release) error + Create(key string, rls release.Releaser) error } // Updator is the interface that wraps the Update method. @@ -66,7 +67,7 @@ type Creator interface { // Update updates an existing release or returns // ErrReleaseNotFound if the release does not exist. type Updator interface { - Update(key string, rls *rspb.Release) error + Update(key string, rls release.Releaser) error } // Deletor is the interface that wraps the Delete method. @@ -74,7 +75,7 @@ type Updator interface { // Delete deletes the release named by key or returns // ErrReleaseNotFound if the release does not exist. type Deletor interface { - Delete(key string) (*rspb.Release, error) + Delete(key string) (release.Releaser, error) } // Queryor is the interface that wraps the Get and List methods. @@ -86,9 +87,9 @@ type Deletor interface { // // Query returns the set of all releases that match the provided label set. type Queryor interface { - Get(key string) (*rspb.Release, error) - List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) - Query(labels map[string]string) ([]*rspb.Release, error) + Get(key string) (release.Releaser, error) + List(filter func(release.Releaser) bool) ([]release.Releaser, error) + Query(labels map[string]string) ([]release.Releaser, error) } // Driver is the interface composed of Creator, Updator, Deletor, and Queryor @@ -102,3 +103,18 @@ type Driver interface { Queryor Name() string } + +// releaserToV1Release is a helper function to convert a v1 release passed by interface +// into the type object. +func releaserToV1Release(rel release.Releaser) (*rspb.Release, error) { + switch r := rel.(type) { + case rspb.Release: + return &r, nil + case *rspb.Release: + return r, nil + case nil: + return nil, nil + default: + return nil, fmt.Errorf("unsupported release type: %T", rel) + } +} diff --git a/pkg/storage/driver/memory.go b/pkg/storage/driver/memory.go index 79e7f090e..7ea4a014a 100644 --- a/pkg/storage/driver/memory.go +++ b/pkg/storage/driver/memory.go @@ -17,11 +17,13 @@ limitations under the License. package driver import ( + "log/slog" "strconv" "strings" "sync" - rspb "helm.sh/helm/v4/pkg/release/v1" + "helm.sh/helm/v4/internal/logging" + "helm.sh/helm/v4/pkg/release" ) var _ Driver = (*Memory)(nil) @@ -42,11 +44,15 @@ type Memory struct { namespace string // A map of namespaces to releases cache map[string]memReleases + // Embed a LogHolder to provide logger functionality + logging.LogHolder } // NewMemory initializes a new memory driver. func NewMemory() *Memory { - return &Memory{cache: map[string]memReleases{}, namespace: "default"} + m := &Memory{cache: map[string]memReleases{}, namespace: "default"} + m.SetLogger(slog.Default().Handler()) + return m } // SetNamespace sets a specific namespace in which releases will be accessed. @@ -61,7 +67,7 @@ func (mem *Memory) Name() string { } // Get returns the release named by key or returns ErrReleaseNotFound. -func (mem *Memory) Get(key string) (*rspb.Release, error) { +func (mem *Memory) Get(key string) (release.Releaser, error) { defer unlock(mem.rlock()) keyWithoutPrefix := strings.TrimPrefix(key, "sh.helm.release.v1.") @@ -83,10 +89,10 @@ func (mem *Memory) Get(key string) (*rspb.Release, error) { } // List returns the list of all releases such that filter(release) == true -func (mem *Memory) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) { +func (mem *Memory) List(filter func(release.Releaser) bool) ([]release.Releaser, error) { defer unlock(mem.rlock()) - var ls []*rspb.Release + var ls []release.Releaser for namespace := range mem.cache { if mem.namespace != "" { // Should only list releases of this namespace @@ -109,7 +115,7 @@ func (mem *Memory) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error } // Query returns the set of releases that match the provided set of labels -func (mem *Memory) Query(keyvals map[string]string) ([]*rspb.Release, error) { +func (mem *Memory) Query(keyvals map[string]string) ([]release.Releaser, error) { defer unlock(mem.rlock()) var lbs labels @@ -117,7 +123,7 @@ func (mem *Memory) Query(keyvals map[string]string) ([]*rspb.Release, error) { lbs.init() lbs.fromMap(keyvals) - var ls []*rspb.Release + var ls []release.Releaser for namespace := range mem.cache { if mem.namespace != "" { // Should only query releases of this namespace @@ -150,9 +156,13 @@ func (mem *Memory) Query(keyvals map[string]string) ([]*rspb.Release, error) { } // Create creates a new release or returns ErrReleaseExists. -func (mem *Memory) Create(key string, rls *rspb.Release) error { +func (mem *Memory) Create(key string, rel release.Releaser) error { defer unlock(mem.wlock()) + rls, err := releaserToV1Release(rel) + if err != nil { + return err + } // For backwards compatibility, we protect against an unset namespace namespace := rls.Namespace if namespace == "" { @@ -176,9 +186,14 @@ func (mem *Memory) Create(key string, rls *rspb.Release) error { } // Update updates a release or returns ErrReleaseNotFound. -func (mem *Memory) Update(key string, rls *rspb.Release) error { +func (mem *Memory) Update(key string, rel release.Releaser) error { defer unlock(mem.wlock()) + rls, err := releaserToV1Release(rel) + if err != nil { + return err + } + // For backwards compatibility, we protect against an unset namespace namespace := rls.Namespace if namespace == "" { @@ -196,7 +211,7 @@ func (mem *Memory) Update(key string, rls *rspb.Release) error { } // Delete deletes a release or returns ErrReleaseNotFound. -func (mem *Memory) Delete(key string) (*rspb.Release, error) { +func (mem *Memory) Delete(key string) (release.Releaser, error) { defer unlock(mem.wlock()) keyWithoutPrefix := strings.TrimPrefix(key, "sh.helm.release.v1.") diff --git a/pkg/storage/driver/memory_test.go b/pkg/storage/driver/memory_test.go index ee547b58b..329b82b2f 100644 --- a/pkg/storage/driver/memory_test.go +++ b/pkg/storage/driver/memory_test.go @@ -21,6 +21,10 @@ import ( "reflect" "testing" + "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" ) @@ -38,22 +42,22 @@ func TestMemoryCreate(t *testing.T) { }{ { "create should succeed", - releaseStub("rls-c", 1, "default", rspb.StatusDeployed), + releaseStub("rls-c", 1, "default", common.StatusDeployed), false, }, { "create should fail (release already exists)", - releaseStub("rls-a", 1, "default", rspb.StatusDeployed), + releaseStub("rls-a", 1, "default", common.StatusDeployed), true, }, { "create in namespace should succeed", - releaseStub("rls-a", 1, "mynamespace", rspb.StatusDeployed), + releaseStub("rls-a", 1, "mynamespace", common.StatusDeployed), false, }, { "create in other namespace should fail (release already exists)", - releaseStub("rls-c", 1, "mynamespace", rspb.StatusDeployed), + releaseStub("rls-c", 1, "mynamespace", common.StatusDeployed), true, }, } @@ -104,8 +108,9 @@ func TestMemoryList(t *testing.T) { ts.SetNamespace("default") // list all deployed releases - dpl, err := ts.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusDeployed + dpl, err := ts.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusDeployed }) // check if err != nil { @@ -116,8 +121,9 @@ func TestMemoryList(t *testing.T) { } // list all superseded releases - ssd, err := ts.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusSuperseded + ssd, err := ts.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusSuperseded }) // check if err != nil { @@ -128,8 +134,9 @@ func TestMemoryList(t *testing.T) { } // list all deleted releases - del, err := ts.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusUninstalled + del, err := ts.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusUninstalled }) // check if err != nil { @@ -185,25 +192,25 @@ func TestMemoryUpdate(t *testing.T) { { "update release status", "rls-a.v4", - releaseStub("rls-a", 4, "default", rspb.StatusSuperseded), + releaseStub("rls-a", 4, "default", common.StatusSuperseded), false, }, { "update release does not exist", "rls-c.v1", - releaseStub("rls-c", 1, "default", rspb.StatusUninstalled), + releaseStub("rls-c", 1, "default", common.StatusUninstalled), true, }, { "update release status in namespace", "rls-c.v4", - releaseStub("rls-c", 4, "mynamespace", rspb.StatusSuperseded), + releaseStub("rls-c", 4, "mynamespace", common.StatusSuperseded), false, }, { "update release in namespace does not exist", "rls-a.v1", - releaseStub("rls-a", 1, "mynamespace", rspb.StatusUninstalled), + releaseStub("rls-a", 1, "mynamespace", common.StatusUninstalled), true, }, } @@ -255,17 +262,23 @@ func TestMemoryDelete(t *testing.T) { startLen := len(start) for _, tt := range tests { ts.SetNamespace(tt.namespace) - if rel, err := ts.Delete(tt.key); err != nil { + + rel, err := ts.Delete(tt.key) + var rls *rspb.Release + if err == nil { + rls = convertReleaserToV1(t, rel) + } + if err != nil { if !tt.err { t.Fatalf("Failed %q to get '%s': %q\n", tt.desc, tt.key, err) } continue } else if tt.err { t.Fatalf("Did not get expected error for %q '%s'\n", tt.desc, tt.key) - } else if fmt.Sprintf("%s.v%d", rel.Name, rel.Version) != tt.key { - t.Fatalf("Asked for delete on %s, but deleted %d", tt.key, rel.Version) + } else if fmt.Sprintf("%s.v%d", rls.Name, rls.Version) != tt.key { + t.Fatalf("Asked for delete on %s, but deleted %d", tt.key, rls.Version) } - _, err := ts.Get(tt.key) + _, err = ts.Get(tt.key) if err == nil { t.Errorf("Expected an error when asking for a deleted key") } @@ -282,7 +295,9 @@ func TestMemoryDelete(t *testing.T) { if startLen-2 != endLen { t.Errorf("expected end to be %d instead of %d", startLen-2, endLen) for _, ee := range end { - t.Logf("Name: %s, Version: %d", ee.Name, ee.Version) + rac, err := release.NewAccessor(ee) + assert.NoError(t, err, "unable to get release accessor") + t.Logf("Name: %s, Version: %d", rac.Name(), rac.Version()) } } diff --git a/pkg/storage/driver/mock_test.go b/pkg/storage/driver/mock_test.go index 7dba5fea2..e62b02f43 100644 --- a/pkg/storage/driver/mock_test.go +++ b/pkg/storage/driver/mock_test.go @@ -31,10 +31,11 @@ import ( kblabels "k8s.io/apimachinery/pkg/labels" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" ) -func releaseStub(name string, vers int, namespace string, status rspb.Status) *rspb.Release { +func releaseStub(name string, vers int, namespace string, status common.Status) *rspb.Release { return &rspb.Release{ Name: name, Version: vers, @@ -55,20 +56,20 @@ func tsFixtureMemory(t *testing.T) *Memory { t.Helper() hs := []*rspb.Release{ // rls-a - releaseStub("rls-a", 4, "default", rspb.StatusDeployed), - releaseStub("rls-a", 1, "default", rspb.StatusSuperseded), - releaseStub("rls-a", 3, "default", rspb.StatusSuperseded), - releaseStub("rls-a", 2, "default", rspb.StatusSuperseded), + releaseStub("rls-a", 4, "default", common.StatusDeployed), + releaseStub("rls-a", 1, "default", common.StatusSuperseded), + releaseStub("rls-a", 3, "default", common.StatusSuperseded), + releaseStub("rls-a", 2, "default", common.StatusSuperseded), // rls-b - releaseStub("rls-b", 4, "default", rspb.StatusDeployed), - releaseStub("rls-b", 1, "default", rspb.StatusSuperseded), - releaseStub("rls-b", 3, "default", rspb.StatusSuperseded), - releaseStub("rls-b", 2, "default", rspb.StatusSuperseded), + releaseStub("rls-b", 4, "default", common.StatusDeployed), + releaseStub("rls-b", 1, "default", common.StatusSuperseded), + releaseStub("rls-b", 3, "default", common.StatusSuperseded), + releaseStub("rls-b", 2, "default", common.StatusSuperseded), // rls-c in other namespace - releaseStub("rls-c", 4, "mynamespace", rspb.StatusDeployed), - releaseStub("rls-c", 1, "mynamespace", rspb.StatusSuperseded), - releaseStub("rls-c", 3, "mynamespace", rspb.StatusSuperseded), - releaseStub("rls-c", 2, "mynamespace", rspb.StatusSuperseded), + releaseStub("rls-c", 4, "mynamespace", common.StatusDeployed), + releaseStub("rls-c", 1, "mynamespace", common.StatusSuperseded), + releaseStub("rls-c", 3, "mynamespace", common.StatusSuperseded), + releaseStub("rls-c", 2, "mynamespace", common.StatusSuperseded), } mem := NewMemory() diff --git a/pkg/storage/driver/records_test.go b/pkg/storage/driver/records_test.go index 34b2fb80c..24e4ccb4e 100644 --- a/pkg/storage/driver/records_test.go +++ b/pkg/storage/driver/records_test.go @@ -20,13 +20,13 @@ import ( "reflect" "testing" - rspb "helm.sh/helm/v4/pkg/release/v1" + "helm.sh/helm/v4/pkg/release/common" ) func TestRecordsAdd(t *testing.T) { rs := records([]*record{ - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }) var tests = []struct { @@ -39,13 +39,13 @@ func TestRecordsAdd(t *testing.T) { "add valid key", "rls-a.v3", false, - newRecord("rls-a.v3", releaseStub("rls-a", 3, "default", rspb.StatusSuperseded)), + newRecord("rls-a.v3", releaseStub("rls-a", 3, "default", common.StatusSuperseded)), }, { "add already existing key", "rls-a.v1", true, - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusDeployed)), }, } @@ -70,8 +70,8 @@ func TestRecordsRemove(t *testing.T) { } rs := records([]*record{ - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }) startLen := rs.Len() @@ -98,8 +98,8 @@ func TestRecordsRemove(t *testing.T) { func TestRecordsRemoveAt(t *testing.T) { rs := records([]*record{ - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }) if len(rs) != 2 { @@ -114,8 +114,8 @@ func TestRecordsRemoveAt(t *testing.T) { func TestRecordsGet(t *testing.T) { rs := records([]*record{ - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }) var tests = []struct { @@ -126,7 +126,7 @@ func TestRecordsGet(t *testing.T) { { "get valid key", "rls-a.v1", - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), }, { "get invalid key", @@ -145,8 +145,8 @@ func TestRecordsGet(t *testing.T) { func TestRecordsIndex(t *testing.T) { rs := records([]*record{ - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }) var tests = []struct { @@ -176,8 +176,8 @@ func TestRecordsIndex(t *testing.T) { func TestRecordsExists(t *testing.T) { rs := records([]*record{ - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }) var tests = []struct { @@ -207,8 +207,8 @@ func TestRecordsExists(t *testing.T) { func TestRecordsReplace(t *testing.T) { rs := records([]*record{ - newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v1", releaseStub("rls-a", 1, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }) var tests = []struct { @@ -220,13 +220,13 @@ func TestRecordsReplace(t *testing.T) { { "replace with existing key", "rls-a.v2", - newRecord("rls-a.v3", releaseStub("rls-a", 3, "default", rspb.StatusSuperseded)), - newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", rspb.StatusDeployed)), + newRecord("rls-a.v3", releaseStub("rls-a", 3, "default", common.StatusSuperseded)), + newRecord("rls-a.v2", releaseStub("rls-a", 2, "default", common.StatusDeployed)), }, { "replace with non existing key", "rls-a.v4", - newRecord("rls-a.v4", releaseStub("rls-a", 4, "default", rspb.StatusDeployed)), + newRecord("rls-a.v4", releaseStub("rls-a", 4, "default", common.StatusDeployed)), nil, }, } diff --git a/pkg/storage/driver/secrets.go b/pkg/storage/driver/secrets.go index 23a8f5cab..85f3497e7 100644 --- a/pkg/storage/driver/secrets.go +++ b/pkg/storage/driver/secrets.go @@ -31,6 +31,8 @@ import ( "k8s.io/apimachinery/pkg/util/validation" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" + "helm.sh/helm/v4/internal/logging" + "helm.sh/helm/v4/pkg/release" rspb "helm.sh/helm/v4/pkg/release/v1" ) @@ -43,14 +45,18 @@ const SecretsDriverName = "Secret" // SecretsInterface. type Secrets struct { impl corev1.SecretInterface + // Embed a LogHolder to provide logger functionality + logging.LogHolder } // NewSecrets initializes a new Secrets wrapping an implementation of // the kubernetes SecretsInterface. func NewSecrets(impl corev1.SecretInterface) *Secrets { - return &Secrets{ + s := &Secrets{ impl: impl, } + s.SetLogger(slog.Default().Handler()) + return s } // Name returns the name of the driver. @@ -60,7 +66,7 @@ func (secrets *Secrets) Name() string { // Get fetches the release named by key. The corresponding release is returned // or error if not found. -func (secrets *Secrets) Get(key string) (*rspb.Release, error) { +func (secrets *Secrets) Get(key string) (release.Releaser, error) { // fetch the secret holding the release named by key obj, err := secrets.impl.Get(context.Background(), key, metav1.GetOptions{}) if err != nil { @@ -81,7 +87,7 @@ func (secrets *Secrets) Get(key string) (*rspb.Release, error) { // List fetches all releases and returns the list releases such // that filter(release) == true. An error is returned if the // secret fails to retrieve the releases. -func (secrets *Secrets) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) { +func (secrets *Secrets) List(filter func(release.Releaser) bool) ([]release.Releaser, error) { lsel := kblabels.Set{"owner": "helm"}.AsSelector() opts := metav1.ListOptions{LabelSelector: lsel.String()} @@ -90,14 +96,14 @@ func (secrets *Secrets) List(filter func(*rspb.Release) bool) ([]*rspb.Release, return nil, fmt.Errorf("list: failed to list: %w", err) } - var results []*rspb.Release + var results []release.Releaser // iterate over the secrets object list // and decode each release for _, item := range list.Items { rls, err := decodeRelease(string(item.Data["release"])) if err != nil { - slog.Debug("list failed to decode release", "key", item.Name, slog.Any("error", err)) + secrets.Logger().Debug("list failed to decode release", "key", item.Name, slog.Any("error", err)) continue } @@ -112,7 +118,7 @@ func (secrets *Secrets) List(filter func(*rspb.Release) bool) ([]*rspb.Release, // Query fetches all releases that match the provided map of labels. // An error is returned if the secret fails to retrieve the releases. -func (secrets *Secrets) Query(labels map[string]string) ([]*rspb.Release, error) { +func (secrets *Secrets) Query(labels map[string]string) ([]release.Releaser, error) { ls := kblabels.Set{} for k, v := range labels { if errs := validation.IsValidLabelValue(v); len(errs) != 0 { @@ -132,11 +138,11 @@ func (secrets *Secrets) Query(labels map[string]string) ([]*rspb.Release, error) return nil, ErrReleaseNotFound } - var results []*rspb.Release + var results []release.Releaser for _, item := range list.Items { rls, err := decodeRelease(string(item.Data["release"])) if err != nil { - slog.Debug("failed to decode release", "key", item.Name, slog.Any("error", err)) + secrets.Logger().Debug("failed to decode release", "key", item.Name, slog.Any("error", err)) continue } rls.Labels = item.Labels @@ -147,10 +153,15 @@ func (secrets *Secrets) Query(labels map[string]string) ([]*rspb.Release, error) // Create creates a new Secret holding the release. If the // Secret already exists, ErrReleaseExists is returned. -func (secrets *Secrets) Create(key string, rls *rspb.Release) error { +func (secrets *Secrets) Create(key string, rel release.Releaser) error { // set labels for secrets object meta data var lbs labels + rls, err := releaserToV1Release(rel) + if err != nil { + return err + } + lbs.init() lbs.fromMap(rls.Labels) lbs.set("createdAt", fmt.Sprintf("%v", time.Now().Unix())) @@ -173,10 +184,15 @@ func (secrets *Secrets) Create(key string, rls *rspb.Release) error { // Update updates the Secret holding the release. If not found // the Secret is created to hold the release. -func (secrets *Secrets) Update(key string, rls *rspb.Release) error { +func (secrets *Secrets) Update(key string, rel release.Releaser) error { // set labels for secrets object meta data var lbs labels + rls, err := releaserToV1Release(rel) + if err != nil { + return err + } + lbs.init() lbs.fromMap(rls.Labels) lbs.set("modifiedAt", fmt.Sprintf("%v", time.Now().Unix())) @@ -195,7 +211,7 @@ func (secrets *Secrets) Update(key string, rls *rspb.Release) error { } // Delete deletes the Secret holding the release named by key. -func (secrets *Secrets) Delete(key string) (rls *rspb.Release, err error) { +func (secrets *Secrets) Delete(key string) (rls release.Releaser, err error) { // fetch the release to check existence if rls, err = secrets.Get(key); err != nil { return nil, err diff --git a/pkg/storage/driver/secrets_test.go b/pkg/storage/driver/secrets_test.go index 9e45bae67..f4aa1176c 100644 --- a/pkg/storage/driver/secrets_test.go +++ b/pkg/storage/driver/secrets_test.go @@ -22,6 +22,8 @@ import ( v1 "k8s.io/api/core/v1" + "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" ) @@ -37,7 +39,7 @@ func TestSecretGet(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) secrets := newTestFixtureSecrets(t, []*rspb.Release{rel}...) @@ -57,7 +59,7 @@ func TestUNcompressedSecretGet(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) // Create a test fixture which contains an uncompressed release secret, err := newSecretsObject(key, rel, nil) @@ -86,17 +88,18 @@ func TestUNcompressedSecretGet(t *testing.T) { func TestSecretList(t *testing.T) { secrets := newTestFixtureSecrets(t, []*rspb.Release{ - releaseStub("key-1", 1, "default", rspb.StatusUninstalled), - releaseStub("key-2", 1, "default", rspb.StatusUninstalled), - releaseStub("key-3", 1, "default", rspb.StatusDeployed), - releaseStub("key-4", 1, "default", rspb.StatusDeployed), - releaseStub("key-5", 1, "default", rspb.StatusSuperseded), - releaseStub("key-6", 1, "default", rspb.StatusSuperseded), + releaseStub("key-1", 1, "default", common.StatusUninstalled), + releaseStub("key-2", 1, "default", common.StatusUninstalled), + releaseStub("key-3", 1, "default", common.StatusDeployed), + releaseStub("key-4", 1, "default", common.StatusDeployed), + releaseStub("key-5", 1, "default", common.StatusSuperseded), + releaseStub("key-6", 1, "default", common.StatusSuperseded), }...) // list all deleted releases - del, err := secrets.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusUninstalled + del, err := secrets.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusUninstalled }) // check if err != nil { @@ -107,8 +110,9 @@ func TestSecretList(t *testing.T) { } // list all deployed releases - dpl, err := secrets.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusDeployed + dpl, err := secrets.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusDeployed }) // check if err != nil { @@ -119,8 +123,9 @@ func TestSecretList(t *testing.T) { } // list all superseded releases - ssd, err := secrets.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusSuperseded + ssd, err := secrets.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusSuperseded }) // check if err != nil { @@ -130,7 +135,7 @@ func TestSecretList(t *testing.T) { t.Errorf("Expected 2 superseded, got %d", len(ssd)) } // Check if release having both system and custom labels, this is needed to ensure that selector filtering would work. - rls := ssd[0] + rls := convertReleaserToV1(t, ssd[0]) _, ok := rls.Labels["name"] if !ok { t.Fatalf("Expected 'name' label in results, actual %v", rls.Labels) @@ -143,12 +148,12 @@ func TestSecretList(t *testing.T) { func TestSecretQuery(t *testing.T) { secrets := newTestFixtureSecrets(t, []*rspb.Release{ - releaseStub("key-1", 1, "default", rspb.StatusUninstalled), - releaseStub("key-2", 1, "default", rspb.StatusUninstalled), - releaseStub("key-3", 1, "default", rspb.StatusDeployed), - releaseStub("key-4", 1, "default", rspb.StatusDeployed), - releaseStub("key-5", 1, "default", rspb.StatusSuperseded), - releaseStub("key-6", 1, "default", rspb.StatusSuperseded), + releaseStub("key-1", 1, "default", common.StatusUninstalled), + releaseStub("key-2", 1, "default", common.StatusUninstalled), + releaseStub("key-3", 1, "default", common.StatusDeployed), + releaseStub("key-4", 1, "default", common.StatusDeployed), + releaseStub("key-5", 1, "default", common.StatusSuperseded), + releaseStub("key-6", 1, "default", common.StatusSuperseded), }...) rls, err := secrets.Query(map[string]string{"status": "deployed"}) @@ -172,7 +177,7 @@ func TestSecretCreate(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) // store the release in a secret if err := secrets.Create(key, rel); err != nil { @@ -196,12 +201,12 @@ func TestSecretUpdate(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) secrets := newTestFixtureSecrets(t, []*rspb.Release{rel}...) // modify release status code - rel.Info.Status = rspb.StatusSuperseded + rel.Info.Status = common.StatusSuperseded // perform the update if err := secrets.Update(key, rel); err != nil { @@ -209,10 +214,11 @@ func TestSecretUpdate(t *testing.T) { } // fetch the updated release - got, err := secrets.Get(key) + goti, err := secrets.Get(key) if err != nil { t.Fatalf("Failed to get release with key %q: %s", key, err) } + got := convertReleaserToV1(t, goti) // check release has actually been updated by comparing modified fields if rel.Info.Status != got.Info.Status { @@ -225,7 +231,7 @@ func TestSecretDelete(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) secrets := newTestFixtureSecrets(t, []*rspb.Release{rel}...) diff --git a/pkg/storage/driver/sql.go b/pkg/storage/driver/sql.go index 46f6c6b2e..b6ea3916d 100644 --- a/pkg/storage/driver/sql.go +++ b/pkg/storage/driver/sql.go @@ -32,6 +32,8 @@ import ( // Import pq for postgres dialect _ "github.com/lib/pq" + "helm.sh/helm/v4/internal/logging" + "helm.sh/helm/v4/pkg/release" rspb "helm.sh/helm/v4/pkg/release/v1" ) @@ -88,6 +90,8 @@ type SQL struct { db *sqlx.DB namespace string statementBuilder sq.StatementBuilderType + // Embed a LogHolder to provide logger functionality + logging.LogHolder } // Name returns the name of the driver. @@ -108,13 +112,13 @@ func (s *SQL) checkAlreadyApplied(migrations []*migrate.Migration) bool { records, err := migrate.GetMigrationRecords(s.db.DB, postgreSQLDialect) migrate.SetDisableCreateTable(false) if err != nil { - slog.Debug("failed to get migration records", slog.Any("error", err)) + s.Logger().Debug("failed to get migration records", slog.Any("error", err)) return false } for _, record := range records { if _, ok := migrationsIDs[record.Id]; ok { - slog.Debug("found previous migration", "id", record.Id, "appliedAt", record.AppliedAt) + s.Logger().Debug("found previous migration", "id", record.Id, "appliedAt", record.AppliedAt) delete(migrationsIDs, record.Id) } } @@ -122,7 +126,7 @@ func (s *SQL) checkAlreadyApplied(migrations []*migrate.Migration) bool { // check if all migrations applied if len(migrationsIDs) != 0 { for id := range migrationsIDs { - slog.Debug("find unapplied migration", "id", id) + s.Logger().Debug("find unapplied migration", "id", id) } return false } @@ -156,9 +160,9 @@ func (s *SQL) ensureDBSetup() error { CREATE INDEX ON %s (%s); CREATE INDEX ON %s (%s); CREATE INDEX ON %s (%s); - + GRANT ALL ON %s TO PUBLIC; - + ALTER TABLE %s ENABLE ROW LEVEL SECURITY; `, sqlReleaseTableName, @@ -208,7 +212,7 @@ func (s *SQL) ensureDBSetup() error { %s VARCHAR(%d) ); CREATE INDEX ON %s (%s, %s); - + GRANT ALL ON %s TO PUBLIC; ALTER TABLE %s ENABLE ROW LEVEL SECURITY; `, @@ -292,12 +296,13 @@ func NewSQL(connectionString string, namespace string) (*SQL, error) { } driver.namespace = namespace + driver.SetLogger(slog.Default().Handler()) return driver, nil } // Get returns the release named by key. -func (s *SQL) Get(key string) (*rspb.Release, error) { +func (s *SQL) Get(key string) (release.Releaser, error) { var record SQLReleaseWrapper qb := s.statementBuilder. @@ -308,24 +313,24 @@ func (s *SQL) Get(key string) (*rspb.Release, error) { query, args, err := qb.ToSql() if err != nil { - slog.Debug("failed to build query", slog.Any("error", err)) + s.Logger().Debug("failed to build query", slog.Any("error", err)) return nil, err } // Get will return an error if the result is empty if err := s.db.Get(&record, query, args...); err != nil { - slog.Debug("got SQL error when getting release", "key", key, slog.Any("error", err)) + s.Logger().Debug("got SQL error when getting release", "key", key, slog.Any("error", err)) return nil, ErrReleaseNotFound } release, err := decodeRelease(record.Body) if err != nil { - slog.Debug("failed to decode data", "key", key, slog.Any("error", err)) + s.Logger().Debug("failed to decode data", "key", key, slog.Any("error", err)) return nil, err } if release.Labels, err = s.getReleaseCustomLabels(key, s.namespace); err != nil { - slog.Debug("failed to get release custom labels", "namespace", s.namespace, "key", key, slog.Any("error", err)) + s.Logger().Debug("failed to get release custom labels", "namespace", s.namespace, "key", key, slog.Any("error", err)) return nil, err } @@ -333,7 +338,7 @@ func (s *SQL) Get(key string) (*rspb.Release, error) { } // List returns the list of all releases such that filter(release) == true -func (s *SQL) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) { +func (s *SQL) List(filter func(release.Releaser) bool) ([]release.Releaser, error) { sb := s.statementBuilder. Select(sqlReleaseTableKeyColumn, sqlReleaseTableNamespaceColumn, sqlReleaseTableBodyColumn). From(sqlReleaseTableName). @@ -346,26 +351,26 @@ func (s *SQL) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) { query, args, err := sb.ToSql() if err != nil { - slog.Debug("failed to build query", slog.Any("error", err)) + s.Logger().Debug("failed to build query", slog.Any("error", err)) return nil, err } var records = []SQLReleaseWrapper{} if err := s.db.Select(&records, query, args...); err != nil { - slog.Debug("failed to list", slog.Any("error", err)) + s.Logger().Debug("failed to list", slog.Any("error", err)) return nil, err } - var releases []*rspb.Release + var releases []release.Releaser for _, record := range records { release, err := decodeRelease(record.Body) if err != nil { - slog.Debug("failed to decode release", "record", record, slog.Any("error", err)) + s.Logger().Debug("failed to decode release", "record", record, slog.Any("error", err)) continue } if release.Labels, err = s.getReleaseCustomLabels(record.Key, record.Namespace); err != nil { - slog.Debug("failed to get release custom labels", "namespace", record.Namespace, "key", record.Key, slog.Any("error", err)) + s.Logger().Debug("failed to get release custom labels", "namespace", record.Namespace, "key", record.Key, slog.Any("error", err)) return nil, err } maps.Copy(release.Labels, getReleaseSystemLabels(release)) @@ -379,7 +384,7 @@ func (s *SQL) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) { } // Query returns the set of releases that match the provided set of labels. -func (s *SQL) Query(labels map[string]string) ([]*rspb.Release, error) { +func (s *SQL) Query(labels map[string]string) ([]release.Releaser, error) { sb := s.statementBuilder. Select(sqlReleaseTableKeyColumn, sqlReleaseTableNamespaceColumn, sqlReleaseTableBodyColumn). From(sqlReleaseTableName) @@ -393,7 +398,7 @@ func (s *SQL) Query(labels map[string]string) ([]*rspb.Release, error) { if _, ok := labelMap[key]; ok { sb = sb.Where(sq.Eq{key: labels[key]}) } else { - slog.Debug("unknown label", "key", key) + s.Logger().Debug("unknown label", "key", key) return nil, fmt.Errorf("unknown label %s", key) } } @@ -406,13 +411,13 @@ func (s *SQL) Query(labels map[string]string) ([]*rspb.Release, error) { // Build our query query, args, err := sb.ToSql() if err != nil { - slog.Debug("failed to build query", slog.Any("error", err)) + s.Logger().Debug("failed to build query", slog.Any("error", err)) return nil, err } var records = []SQLReleaseWrapper{} if err := s.db.Select(&records, query, args...); err != nil { - slog.Debug("failed to query with labels", slog.Any("error", err)) + s.Logger().Debug("failed to query with labels", slog.Any("error", err)) return nil, err } @@ -420,16 +425,16 @@ func (s *SQL) Query(labels map[string]string) ([]*rspb.Release, error) { return nil, ErrReleaseNotFound } - var releases []*rspb.Release + var releases []release.Releaser for _, record := range records { release, err := decodeRelease(record.Body) if err != nil { - slog.Debug("failed to decode release", "record", record, slog.Any("error", err)) + s.Logger().Debug("failed to decode release", "record", record, slog.Any("error", err)) continue } if release.Labels, err = s.getReleaseCustomLabels(record.Key, record.Namespace); err != nil { - slog.Debug("failed to get release custom labels", "namespace", record.Namespace, "key", record.Key, slog.Any("error", err)) + s.Logger().Debug("failed to get release custom labels", "namespace", record.Namespace, "key", record.Key, slog.Any("error", err)) return nil, err } @@ -444,7 +449,12 @@ func (s *SQL) Query(labels map[string]string) ([]*rspb.Release, error) { } // Create creates a new release. -func (s *SQL) Create(key string, rls *rspb.Release) error { +func (s *SQL) Create(key string, rel release.Releaser) error { + rls, err := releaserToV1Release(rel) + if err != nil { + return err + } + namespace := rls.Namespace if namespace == "" { namespace = defaultNamespace @@ -453,13 +463,13 @@ func (s *SQL) Create(key string, rls *rspb.Release) error { body, err := encodeRelease(rls) if err != nil { - slog.Debug("failed to encode release", slog.Any("error", err)) + s.Logger().Debug("failed to encode release", slog.Any("error", err)) return err } transaction, err := s.db.Beginx() if err != nil { - slog.Debug("failed to start SQL transaction", slog.Any("error", err)) + s.Logger().Debug("failed to start SQL transaction", slog.Any("error", err)) return fmt.Errorf("error beginning transaction: %v", err) } @@ -488,7 +498,7 @@ func (s *SQL) Create(key string, rls *rspb.Release) error { int(time.Now().Unix()), ).ToSql() if err != nil { - slog.Debug("failed to build insert query", slog.Any("error", err)) + s.Logger().Debug("failed to build insert query", slog.Any("error", err)) return err } @@ -502,17 +512,17 @@ func (s *SQL) Create(key string, rls *rspb.Release) error { Where(sq.Eq{sqlReleaseTableNamespaceColumn: s.namespace}). ToSql() if buildErr != nil { - slog.Debug("failed to build select query", "error", buildErr) + s.Logger().Debug("failed to build select query", "error", buildErr) return err } var record SQLReleaseWrapper if err := transaction.Get(&record, selectQuery, args...); err == nil { - slog.Debug("release already exists", "key", key) + s.Logger().Debug("release already exists", "key", key) return ErrReleaseExists } - slog.Debug("failed to store release in SQL database", "key", key, slog.Any("error", err)) + s.Logger().Debug("failed to store release in SQL database", "key", key, slog.Any("error", err)) return err } @@ -535,13 +545,13 @@ func (s *SQL) Create(key string, rls *rspb.Release) error { if err != nil { defer transaction.Rollback() - slog.Debug("failed to build insert query", slog.Any("error", err)) + s.Logger().Debug("failed to build insert query", slog.Any("error", err)) return err } if _, err := transaction.Exec(insertLabelsQuery, args...); err != nil { defer transaction.Rollback() - slog.Debug("failed to write Labels", slog.Any("error", err)) + s.Logger().Debug("failed to write Labels", slog.Any("error", err)) return err } } @@ -551,7 +561,11 @@ func (s *SQL) Create(key string, rls *rspb.Release) error { } // Update updates a release. -func (s *SQL) Update(key string, rls *rspb.Release) error { +func (s *SQL) Update(key string, rel release.Releaser) error { + rls, err := releaserToV1Release(rel) + if err != nil { + return err + } namespace := rls.Namespace if namespace == "" { namespace = defaultNamespace @@ -560,7 +574,7 @@ func (s *SQL) Update(key string, rls *rspb.Release) error { body, err := encodeRelease(rls) if err != nil { - slog.Debug("failed to encode release", slog.Any("error", err)) + s.Logger().Debug("failed to encode release", slog.Any("error", err)) return err } @@ -577,12 +591,12 @@ func (s *SQL) Update(key string, rls *rspb.Release) error { ToSql() if err != nil { - slog.Debug("failed to build update query", slog.Any("error", err)) + s.Logger().Debug("failed to build update query", slog.Any("error", err)) return err } if _, err := s.db.Exec(query, args...); err != nil { - slog.Debug("failed to update release in SQL database", "key", key, slog.Any("error", err)) + s.Logger().Debug("failed to update release in SQL database", "key", key, slog.Any("error", err)) return err } @@ -590,10 +604,10 @@ func (s *SQL) Update(key string, rls *rspb.Release) error { } // Delete deletes a release or returns ErrReleaseNotFound. -func (s *SQL) Delete(key string) (*rspb.Release, error) { +func (s *SQL) Delete(key string) (release.Releaser, error) { transaction, err := s.db.Beginx() if err != nil { - slog.Debug("failed to start SQL transaction", slog.Any("error", err)) + s.Logger().Debug("failed to start SQL transaction", slog.Any("error", err)) return nil, fmt.Errorf("error beginning transaction: %v", err) } @@ -604,20 +618,20 @@ func (s *SQL) Delete(key string) (*rspb.Release, error) { Where(sq.Eq{sqlReleaseTableNamespaceColumn: s.namespace}). ToSql() if err != nil { - slog.Debug("failed to build select query", slog.Any("error", err)) + s.Logger().Debug("failed to build select query", slog.Any("error", err)) return nil, err } var record SQLReleaseWrapper err = transaction.Get(&record, selectQuery, args...) if err != nil { - slog.Debug("release not found", "key", key, slog.Any("error", err)) + s.Logger().Debug("release not found", "key", key, slog.Any("error", err)) return nil, ErrReleaseNotFound } release, err := decodeRelease(record.Body) if err != nil { - slog.Debug("failed to decode release", "key", key, slog.Any("error", err)) + s.Logger().Debug("failed to decode release", "key", key, slog.Any("error", err)) transaction.Rollback() return nil, err } @@ -629,18 +643,18 @@ func (s *SQL) Delete(key string) (*rspb.Release, error) { Where(sq.Eq{sqlReleaseTableNamespaceColumn: s.namespace}). ToSql() if err != nil { - slog.Debug("failed to build delete query", slog.Any("error", err)) + s.Logger().Debug("failed to build delete query", slog.Any("error", err)) return nil, err } _, err = transaction.Exec(deleteQuery, args...) if err != nil { - slog.Debug("failed perform delete query", slog.Any("error", err)) + s.Logger().Debug("failed perform delete query", slog.Any("error", err)) return release, err } if release.Labels, err = s.getReleaseCustomLabels(key, s.namespace); err != nil { - slog.Debug("failed to get release custom labels", "namespace", s.namespace, "key", key, slog.Any("error", err)) + s.Logger().Debug("failed to get release custom labels", "namespace", s.namespace, "key", key, slog.Any("error", err)) return nil, err } @@ -651,7 +665,7 @@ func (s *SQL) Delete(key string) (*rspb.Release, error) { ToSql() if err != nil { - slog.Debug("failed to build delete Labels query", slog.Any("error", err)) + s.Logger().Debug("failed to build delete Labels query", slog.Any("error", err)) return nil, err } _, err = transaction.Exec(deleteCustomLabelsQuery, args...) diff --git a/pkg/storage/driver/sql_test.go b/pkg/storage/driver/sql_test.go index bd2918aad..d85691a6f 100644 --- a/pkg/storage/driver/sql_test.go +++ b/pkg/storage/driver/sql_test.go @@ -14,6 +14,7 @@ limitations under the License. package driver import ( + "database/sql/driver" "fmt" "reflect" "regexp" @@ -23,9 +24,38 @@ import ( sqlmock "github.com/DATA-DOG/go-sqlmock" migrate "github.com/rubenv/sql-migrate" + "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" ) +const recentTimestampTolerance = time.Second + +func recentUnixTimestamp() sqlmock.Argument { + return recentUnixTimestampArgument{} +} + +type recentUnixTimestampArgument struct{} + +func (recentUnixTimestampArgument) Match(value driver.Value) bool { + var ts int64 + switch v := value.(type) { + case int: + ts = int64(v) + case int64: + ts = v + default: + return false + } + + diff := time.Since(time.Unix(ts, 0)) + if diff < 0 { + diff = -diff + } + + return diff <= recentTimestampTolerance +} + func TestSQLName(t *testing.T) { sqlDriver, _ := newTestFixtureSQL(t) if sqlDriver.Name() != SQLDriverName { @@ -38,7 +68,7 @@ func TestSQLGet(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) body, _ := encodeRelease(rel) @@ -81,12 +111,12 @@ func TestSQLGet(t *testing.T) { func TestSQLList(t *testing.T) { releases := []*rspb.Release{} - releases = append(releases, releaseStub("key-1", 1, "default", rspb.StatusUninstalled)) - releases = append(releases, releaseStub("key-2", 1, "default", rspb.StatusUninstalled)) - releases = append(releases, releaseStub("key-3", 1, "default", rspb.StatusDeployed)) - releases = append(releases, releaseStub("key-4", 1, "default", rspb.StatusDeployed)) - releases = append(releases, releaseStub("key-5", 1, "default", rspb.StatusSuperseded)) - releases = append(releases, releaseStub("key-6", 1, "default", rspb.StatusSuperseded)) + releases = append(releases, releaseStub("key-1", 1, "default", common.StatusUninstalled)) + releases = append(releases, releaseStub("key-2", 1, "default", common.StatusUninstalled)) + releases = append(releases, releaseStub("key-3", 1, "default", common.StatusDeployed)) + releases = append(releases, releaseStub("key-4", 1, "default", common.StatusDeployed)) + releases = append(releases, releaseStub("key-5", 1, "default", common.StatusSuperseded)) + releases = append(releases, releaseStub("key-6", 1, "default", common.StatusSuperseded)) sqlDriver, mock := newTestFixtureSQL(t) @@ -119,8 +149,9 @@ func TestSQLList(t *testing.T) { } // list all deleted releases - del, err := sqlDriver.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusUninstalled + del, err := sqlDriver.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusUninstalled }) // check if err != nil { @@ -131,8 +162,9 @@ func TestSQLList(t *testing.T) { } // list all deployed releases - dpl, err := sqlDriver.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusDeployed + dpl, err := sqlDriver.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusDeployed }) // check if err != nil { @@ -143,8 +175,9 @@ func TestSQLList(t *testing.T) { } // list all superseded releases - ssd, err := sqlDriver.List(func(rel *rspb.Release) bool { - return rel.Info.Status == rspb.StatusSuperseded + ssd, err := sqlDriver.List(func(rel release.Releaser) bool { + rls := convertReleaserToV1(t, rel) + return rls.Info.Status == common.StatusSuperseded }) // check if err != nil { @@ -159,7 +192,7 @@ func TestSQLList(t *testing.T) { } // Check if release having both system and custom labels, this is needed to ensure that selector filtering would work. - rls := ssd[0] + rls := convertReleaserToV1(t, ssd[0]) _, ok := rls.Labels["name"] if !ok { t.Fatalf("Expected 'name' label in results, actual %v", rls.Labels) @@ -175,7 +208,7 @@ func TestSqlCreate(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) sqlDriver, mock := newTestFixtureSQL(t) body, _ := encodeRelease(rel) @@ -197,7 +230,7 @@ func TestSqlCreate(t *testing.T) { mock.ExpectBegin() mock. ExpectExec(regexp.QuoteMeta(query)). - WithArgs(key, sqlReleaseDefaultType, body, rel.Name, rel.Namespace, int(rel.Version), rel.Info.Status.String(), sqlReleaseDefaultOwner, int(time.Now().Unix())). + WithArgs(key, sqlReleaseDefaultType, body, rel.Name, rel.Namespace, int(rel.Version), rel.Info.Status.String(), sqlReleaseDefaultOwner, recentUnixTimestamp()). WillReturnResult(sqlmock.NewResult(1, 1)) labelsQuery := fmt.Sprintf( @@ -232,7 +265,7 @@ func TestSqlCreateAlreadyExists(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) sqlDriver, mock := newTestFixtureSQL(t) body, _ := encodeRelease(rel) @@ -255,7 +288,7 @@ func TestSqlCreateAlreadyExists(t *testing.T) { mock.ExpectBegin() mock. ExpectExec(regexp.QuoteMeta(insertQuery)). - WithArgs(key, sqlReleaseDefaultType, body, rel.Name, rel.Namespace, int(rel.Version), rel.Info.Status.String(), sqlReleaseDefaultOwner, int(time.Now().Unix())). + WithArgs(key, sqlReleaseDefaultType, body, rel.Name, rel.Namespace, int(rel.Version), rel.Info.Status.String(), sqlReleaseDefaultOwner, recentUnixTimestamp()). WillReturnError(fmt.Errorf("dialect dependent SQL error")) selectQuery := fmt.Sprintf( @@ -293,7 +326,7 @@ func TestSqlUpdate(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) sqlDriver, mock := newTestFixtureSQL(t) body, _ := encodeRelease(rel) @@ -313,7 +346,7 @@ func TestSqlUpdate(t *testing.T) { mock. ExpectExec(regexp.QuoteMeta(query)). - WithArgs(body, rel.Name, int(rel.Version), rel.Info.Status.String(), sqlReleaseDefaultOwner, int(time.Now().Unix()), key, namespace). + WithArgs(body, rel.Name, int(rel.Version), rel.Info.Status.String(), sqlReleaseDefaultOwner, recentUnixTimestamp(), key, namespace). WillReturnResult(sqlmock.NewResult(0, 1)) if err := sqlDriver.Update(key, rel); err != nil { @@ -342,9 +375,9 @@ func TestSqlQuery(t *testing.T) { "owner": sqlReleaseDefaultOwner, } - supersededRelease := releaseStub("smug-pigeon", 1, "default", rspb.StatusSuperseded) + supersededRelease := releaseStub("smug-pigeon", 1, "default", common.StatusSuperseded) supersededReleaseBody, _ := encodeRelease(supersededRelease) - deployedRelease := releaseStub("smug-pigeon", 2, "default", rspb.StatusDeployed) + deployedRelease := releaseStub("smug-pigeon", 2, "default", common.StatusDeployed) deployedReleaseBody, _ := encodeRelease(deployedRelease) // Let's actually start our test @@ -454,7 +487,7 @@ func TestSqlDelete(t *testing.T) { name := "smug-pigeon" namespace := "default" key := testKey(name, vers) - rel := releaseStub(name, vers, namespace, rspb.StatusDeployed) + rel := releaseStub(name, vers, namespace, common.StatusDeployed) body, _ := encodeRelease(rel) diff --git a/pkg/storage/storage.go b/pkg/storage/storage.go index b43f7c0f2..07dc12c7b 100644 --- a/pkg/storage/storage.go +++ b/pkg/storage/storage.go @@ -22,8 +22,11 @@ import ( "log/slog" "strings" - relutil "helm.sh/helm/v4/pkg/release/util" + "helm.sh/helm/v4/internal/logging" + "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" + relutil "helm.sh/helm/v4/pkg/release/v1/util" "helm.sh/helm/v4/pkg/storage/driver" ) @@ -42,75 +45,115 @@ type Storage struct { // be retained, including the most recent release. Values of 0 or less are // ignored (meaning no limits are imposed). MaxHistory int + + // Embed a LogHolder to provide logger functionality + logging.LogHolder } // Get retrieves the release from storage. An error is returned // if the storage driver failed to fetch the release, or the // release identified by the key, version pair does not exist. -func (s *Storage) Get(name string, version int) (*rspb.Release, error) { - slog.Debug("getting release", "key", makeKey(name, version)) +func (s *Storage) Get(name string, version int) (release.Releaser, error) { + s.Logger().Debug("getting release", "key", makeKey(name, version)) return s.Driver.Get(makeKey(name, version)) } // Create creates a new storage entry holding the release. An // error is returned if the storage driver fails to store the // release, or a release with an identical key already exists. -func (s *Storage) Create(rls *rspb.Release) error { - slog.Debug("creating release", "key", makeKey(rls.Name, rls.Version)) +func (s *Storage) Create(rls release.Releaser) error { + rac, err := release.NewAccessor(rls) + if err != nil { + return err + } + s.Logger().Debug("creating release", "key", makeKey(rac.Name(), rac.Version())) if s.MaxHistory > 0 { // Want to make space for one more release. - if err := s.removeLeastRecent(rls.Name, s.MaxHistory-1); err != nil && + if err := s.removeLeastRecent(rac.Name(), s.MaxHistory-1); err != nil && !errors.Is(err, driver.ErrReleaseNotFound) { return err } } - return s.Driver.Create(makeKey(rls.Name, rls.Version), rls) + return s.Driver.Create(makeKey(rac.Name(), rac.Version()), rls) } // Update updates the release in storage. An error is returned if the // storage backend fails to update the release or if the release // does not exist. -func (s *Storage) Update(rls *rspb.Release) error { - slog.Debug("updating release", "key", makeKey(rls.Name, rls.Version)) - return s.Driver.Update(makeKey(rls.Name, rls.Version), rls) +func (s *Storage) Update(rls release.Releaser) error { + rac, err := release.NewAccessor(rls) + if err != nil { + return err + } + s.Logger().Debug("updating release", "key", makeKey(rac.Name(), rac.Version())) + return s.Driver.Update(makeKey(rac.Name(), rac.Version()), rls) } // Delete deletes the release from storage. An error is returned if // the storage backend fails to delete the release or if the release // does not exist. -func (s *Storage) Delete(name string, version int) (*rspb.Release, error) { - slog.Debug("deleting release", "key", makeKey(name, version)) +func (s *Storage) Delete(name string, version int) (release.Releaser, error) { + s.Logger().Debug("deleting release", "key", makeKey(name, version)) return s.Driver.Delete(makeKey(name, version)) } // ListReleases returns all releases from storage. An error is returned if the // storage backend fails to retrieve the releases. -func (s *Storage) ListReleases() ([]*rspb.Release, error) { - slog.Debug("listing all releases in storage") - return s.List(func(_ *rspb.Release) bool { return true }) +func (s *Storage) ListReleases() ([]release.Releaser, error) { + s.Logger().Debug("listing all releases in storage") + return s.List(func(_ release.Releaser) bool { return true }) +} + +// releaserToV1Release is a helper function to convert a v1 release passed by interface +// into the type object. +func releaserToV1Release(rel release.Releaser) (*rspb.Release, error) { + switch r := rel.(type) { + case rspb.Release: + return &r, nil + case *rspb.Release: + return r, nil + case nil: + return nil, nil + default: + return nil, fmt.Errorf("unsupported release type: %T", rel) + } } // ListUninstalled returns all releases with Status == UNINSTALLED. An error is returned // if the storage backend fails to retrieve the releases. -func (s *Storage) ListUninstalled() ([]*rspb.Release, error) { - slog.Debug("listing uninstalled releases in storage") - return s.List(func(rls *rspb.Release) bool { - return relutil.StatusFilter(rspb.StatusUninstalled).Check(rls) +func (s *Storage) ListUninstalled() ([]release.Releaser, error) { + s.Logger().Debug("listing uninstalled releases in storage") + return s.List(func(rls release.Releaser) bool { + rel, err := releaserToV1Release(rls) + if err != nil { + // This will only happen if calling code does not pass the proper types. This is + // a problem with the application and not user data. + s.Logger().Error("unable to convert release to typed release", slog.Any("error", err)) + panic(fmt.Sprintf("unable to convert release to typed release: %s", err)) + } + return relutil.StatusFilter(common.StatusUninstalled).Check(rel) }) } // ListDeployed returns all releases with Status == DEPLOYED. An error is returned // if the storage backend fails to retrieve the releases. -func (s *Storage) ListDeployed() ([]*rspb.Release, error) { - slog.Debug("listing all deployed releases in storage") - return s.List(func(rls *rspb.Release) bool { - return relutil.StatusFilter(rspb.StatusDeployed).Check(rls) +func (s *Storage) ListDeployed() ([]release.Releaser, error) { + s.Logger().Debug("listing all deployed releases in storage") + return s.List(func(rls release.Releaser) bool { + rel, err := releaserToV1Release(rls) + if err != nil { + // This will only happen if calling code does not pass the proper types. This is + // a problem with the application and not user data. + s.Logger().Error("unable to convert release to typed release", slog.Any("error", err)) + panic(fmt.Sprintf("unable to convert release to typed release: %s", err)) + } + return relutil.StatusFilter(common.StatusDeployed).Check(rel) }) } // Deployed returns the last deployed release with the provided release name, or // returns driver.NewErrNoDeployedReleases if not found. -func (s *Storage) Deployed(name string) (*rspb.Release, error) { +func (s *Storage) Deployed(name string) (release.Releaser, error) { ls, err := s.DeployedAll(name) if err != nil { return nil, err @@ -120,17 +163,35 @@ func (s *Storage) Deployed(name string) (*rspb.Release, error) { return nil, driver.NewErrNoDeployedReleases(name) } + rls, err := releaseListToV1List(ls) + if err != nil { + return nil, err + } + // If executed concurrently, Helm's database gets corrupted // and multiple releases are DEPLOYED. Take the latest. - relutil.Reverse(ls, relutil.SortByRevision) + relutil.Reverse(rls, relutil.SortByRevision) - return ls[0], nil + return rls[0], nil +} + +func releaseListToV1List(ls []release.Releaser) ([]*rspb.Release, error) { + rls := make([]*rspb.Release, 0, len(ls)) + for _, val := range ls { + rel, err := releaserToV1Release(val) + if err != nil { + return nil, err + } + rls = append(rls, rel) + } + + return rls, nil } // DeployedAll returns all deployed releases with the provided name, or // returns driver.NewErrNoDeployedReleases if not found. -func (s *Storage) DeployedAll(name string) ([]*rspb.Release, error) { - slog.Debug("getting deployed releases", "name", name) +func (s *Storage) DeployedAll(name string) ([]release.Releaser, error) { + s.Logger().Debug("getting deployed releases", "name", name) ls, err := s.Query(map[string]string{ "name": name, @@ -148,8 +209,8 @@ func (s *Storage) DeployedAll(name string) ([]*rspb.Release, error) { // History returns the revision history for the release with the provided name, or // returns driver.ErrReleaseNotFound if no such release name exists. -func (s *Storage) History(name string) ([]*rspb.Release, error) { - slog.Debug("getting release history", "name", name) +func (s *Storage) History(name string) ([]release.Releaser, error) { + s.Logger().Debug("getting release history", "name", name) return s.Query(map[string]string{"name": name, "owner": "helm"}) } @@ -170,23 +231,31 @@ func (s *Storage) removeLeastRecent(name string, maximum int) error { if len(h) <= maximum { return nil } + rls, err := releaseListToV1List(h) + if err != nil { + return err + } // We want oldest to newest - relutil.SortByRevision(h) + relutil.SortByRevision(rls) lastDeployed, err := s.Deployed(name) if err != nil && !errors.Is(err, driver.ErrNoDeployedReleases) { return err } - var toDelete []*rspb.Release - for _, rel := range h { + var toDelete []release.Releaser + for _, rel := range rls { // once we have enough releases to delete to reach the maximum, stop - if len(h)-len(toDelete) == maximum { + if len(rls)-len(toDelete) == maximum { break } if lastDeployed != nil { - if rel.Version != lastDeployed.Version { + ldac, err := release.NewAccessor(lastDeployed) + if err != nil { + return err + } + if rel.Version != ldac.Version() { toDelete = append(toDelete, rel) } } else { @@ -198,13 +267,18 @@ func (s *Storage) removeLeastRecent(name string, maximum int) error { // multiple invocations of this function will eventually delete them all. errs := []error{} for _, rel := range toDelete { - err = s.deleteReleaseVersion(name, rel.Version) + rac, err := release.NewAccessor(rel) + if err != nil { + errs = append(errs, err) + continue + } + err = s.deleteReleaseVersion(name, rac.Version()) if err != nil { errs = append(errs, err) } } - slog.Debug("pruned records", "count", len(toDelete), "release", name, "errors", len(errs)) + s.Logger().Debug("pruned records", "count", len(toDelete), "release", name, "errors", len(errs)) switch c := len(errs); c { case 0: return nil @@ -219,15 +293,15 @@ func (s *Storage) deleteReleaseVersion(name string, version int) error { key := makeKey(name, version) _, err := s.Delete(name, version) if err != nil { - slog.Debug("error pruning release", "key", key, slog.Any("error", err)) + s.Logger().Debug("error pruning release", "key", key, slog.Any("error", err)) return err } return nil } // Last fetches the last revision of the named release. -func (s *Storage) Last(name string) (*rspb.Release, error) { - slog.Debug("getting last revision", "name", name) +func (s *Storage) Last(name string) (release.Releaser, error) { + s.Logger().Debug("getting last revision", "name", name) h, err := s.History(name) if err != nil { return nil, err @@ -235,9 +309,13 @@ func (s *Storage) Last(name string) (*rspb.Release, error) { if len(h) == 0 { return nil, fmt.Errorf("no revision for release %q", name) } + rls, err := releaseListToV1List(h) + if err != nil { + return nil, err + } - relutil.Reverse(h, relutil.SortByRevision) - return h[0], nil + relutil.Reverse(rls, relutil.SortByRevision) + return rls[0], nil } // makeKey concatenates the Kubernetes storage object type, a release name and version @@ -257,7 +335,16 @@ func Init(d driver.Driver) *Storage { if d == nil { d = driver.NewMemory() } - return &Storage{ + s := &Storage{ Driver: d, } + + // Get logger from driver if it implements the LoggerSetterGetter interface + if ls, ok := d.(logging.LoggerSetterGetter); ok { + ls.SetLogger(s.Logger().Handler()) + } else { + // If the driver does not implement the LoggerSetterGetter interface, set the default logger + s.SetLogger(slog.Default().Handler()) + } + return s } diff --git a/pkg/storage/storage_test.go b/pkg/storage/storage_test.go index d3025eca3..5b2a3bba5 100644 --- a/pkg/storage/storage_test.go +++ b/pkg/storage/storage_test.go @@ -22,6 +22,10 @@ import ( "reflect" "testing" + "github.com/stretchr/testify/assert" + + "helm.sh/helm/v4/pkg/release" + "helm.sh/helm/v4/pkg/release/common" rspb "helm.sh/helm/v4/pkg/release/v1" "helm.sh/helm/v4/pkg/storage/driver" ) @@ -56,13 +60,13 @@ func TestStorageUpdate(t *testing.T) { rls := ReleaseTestData{ Name: "angry-beaver", Version: 1, - Status: rspb.StatusDeployed, + Status: common.StatusDeployed, }.ToRelease() assertErrNil(t.Fatal, storage.Create(rls), "StoreRelease") // modify the release - rls.Info.Status = rspb.StatusUninstalled + rls.Info.Status = common.StatusUninstalled assertErrNil(t.Fatal, storage.Update(rls), "UpdateRelease") // retrieve the updated release @@ -106,13 +110,16 @@ func TestStorageDelete(t *testing.T) { t.Errorf("unexpected error: %s", err) } + rhist, err := releaseListToV1List(hist) + assert.NoError(t, err) + // We have now deleted one of the two records. - if len(hist) != 1 { + if len(rhist) != 1 { t.Errorf("expected 1 record for deleted release version, got %d", len(hist)) } - if hist[0].Version != 2 { - t.Errorf("Expected version to be 2, got %d", hist[0].Version) + if rhist[0].Version != 2 { + t.Errorf("Expected version to be 2, got %d", rhist[0].Version) } } @@ -123,13 +130,13 @@ func TestStorageList(t *testing.T) { // setup storage with test releases setup := func() { // release records - rls0 := ReleaseTestData{Name: "happy-catdog", Status: rspb.StatusSuperseded}.ToRelease() - rls1 := ReleaseTestData{Name: "livid-human", Status: rspb.StatusSuperseded}.ToRelease() - rls2 := ReleaseTestData{Name: "relaxed-cat", Status: rspb.StatusSuperseded}.ToRelease() - rls3 := ReleaseTestData{Name: "hungry-hippo", Status: rspb.StatusDeployed}.ToRelease() - rls4 := ReleaseTestData{Name: "angry-beaver", Status: rspb.StatusDeployed}.ToRelease() - rls5 := ReleaseTestData{Name: "opulent-frog", Status: rspb.StatusUninstalled}.ToRelease() - rls6 := ReleaseTestData{Name: "happy-liger", Status: rspb.StatusUninstalled}.ToRelease() + rls0 := ReleaseTestData{Name: "happy-catdog", Status: common.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: "livid-human", Status: common.StatusSuperseded}.ToRelease() + rls2 := ReleaseTestData{Name: "relaxed-cat", Status: common.StatusSuperseded}.ToRelease() + rls3 := ReleaseTestData{Name: "hungry-hippo", Status: common.StatusDeployed}.ToRelease() + rls4 := ReleaseTestData{Name: "angry-beaver", Status: common.StatusDeployed}.ToRelease() + rls5 := ReleaseTestData{Name: "opulent-frog", Status: common.StatusUninstalled}.ToRelease() + rls6 := ReleaseTestData{Name: "happy-liger", Status: common.StatusUninstalled}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'rls0'") @@ -144,7 +151,7 @@ func TestStorageList(t *testing.T) { var listTests = []struct { Description string NumExpected int - ListFunc func() ([]*rspb.Release, error) + ListFunc func() ([]release.Releaser, error) }{ {"ListDeployed", 2, storage.ListDeployed}, {"ListReleases", 7, storage.ListReleases}, @@ -175,10 +182,10 @@ func TestStorageDeployed(t *testing.T) { // setup storage with test releases setup := func() { // release records - rls0 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusSuperseded}.ToRelease() - rls1 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusSuperseded}.ToRelease() - rls2 := ReleaseTestData{Name: name, Version: 3, Status: rspb.StatusSuperseded}.ToRelease() - rls3 := ReleaseTestData{Name: name, Version: 4, Status: rspb.StatusDeployed}.ToRelease() + rls0 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusSuperseded}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 3, Status: common.StatusSuperseded}.ToRelease() + rls3 := ReleaseTestData{Name: name, Version: 4, Status: common.StatusDeployed}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'angry-bird' (v1)") @@ -194,15 +201,18 @@ func TestStorageDeployed(t *testing.T) { t.Fatalf("Failed to query for deployed release: %s\n", err) } + rel, err := releaserToV1Release(rls) + assert.NoError(t, err) + switch { case rls == nil: t.Fatalf("Release is nil") - case rls.Name != name: - t.Fatalf("Expected release name %q, actual %q\n", name, rls.Name) - case rls.Version != vers: - t.Fatalf("Expected release version %d, actual %d\n", vers, rls.Version) - case rls.Info.Status != rspb.StatusDeployed: - t.Fatalf("Expected release status 'DEPLOYED', actual %s\n", rls.Info.Status.String()) + case rel.Name != name: + t.Fatalf("Expected release name %q, actual %q\n", name, rel.Name) + case rel.Version != vers: + t.Fatalf("Expected release version %d, actual %d\n", vers, rel.Version) + case rel.Info.Status != common.StatusDeployed: + t.Fatalf("Expected release status 'DEPLOYED', actual %s\n", rel.Info.Status.String()) } } @@ -215,10 +225,10 @@ func TestStorageDeployedWithCorruption(t *testing.T) { // setup storage with test releases setup := func() { // release records (notice odd order and corruption) - rls0 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusSuperseded}.ToRelease() - rls1 := ReleaseTestData{Name: name, Version: 4, Status: rspb.StatusDeployed}.ToRelease() - rls2 := ReleaseTestData{Name: name, Version: 3, Status: rspb.StatusSuperseded}.ToRelease() - rls3 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusDeployed}.ToRelease() + rls0 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 4, Status: common.StatusDeployed}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 3, Status: common.StatusSuperseded}.ToRelease() + rls3 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusDeployed}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'angry-bird' (v1)") @@ -234,15 +244,18 @@ func TestStorageDeployedWithCorruption(t *testing.T) { t.Fatalf("Failed to query for deployed release: %s\n", err) } + rel, err := releaserToV1Release(rls) + assert.NoError(t, err) + switch { case rls == nil: t.Fatalf("Release is nil") - case rls.Name != name: - t.Fatalf("Expected release name %q, actual %q\n", name, rls.Name) - case rls.Version != vers: - t.Fatalf("Expected release version %d, actual %d\n", vers, rls.Version) - case rls.Info.Status != rspb.StatusDeployed: - t.Fatalf("Expected release status 'DEPLOYED', actual %s\n", rls.Info.Status.String()) + case rel.Name != name: + t.Fatalf("Expected release name %q, actual %q\n", name, rel.Name) + case rel.Version != vers: + t.Fatalf("Expected release version %d, actual %d\n", vers, rel.Version) + case rel.Info.Status != common.StatusDeployed: + t.Fatalf("Expected release status 'DEPLOYED', actual %s\n", rel.Info.Status.String()) } } @@ -254,10 +267,10 @@ func TestStorageHistory(t *testing.T) { // setup storage with test releases setup := func() { // release records - rls0 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusSuperseded}.ToRelease() - rls1 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusSuperseded}.ToRelease() - rls2 := ReleaseTestData{Name: name, Version: 3, Status: rspb.StatusSuperseded}.ToRelease() - rls3 := ReleaseTestData{Name: name, Version: 4, Status: rspb.StatusDeployed}.ToRelease() + rls0 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusSuperseded}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 3, Status: common.StatusSuperseded}.ToRelease() + rls3 := ReleaseTestData{Name: name, Version: 4, Status: common.StatusDeployed}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'angry-bird' (v1)") @@ -286,22 +299,22 @@ type MaxHistoryMockDriver struct { func NewMaxHistoryMockDriver(d driver.Driver) *MaxHistoryMockDriver { return &MaxHistoryMockDriver{Driver: d} } -func (d *MaxHistoryMockDriver) Create(key string, rls *rspb.Release) error { +func (d *MaxHistoryMockDriver) Create(key string, rls release.Releaser) error { return d.Driver.Create(key, rls) } -func (d *MaxHistoryMockDriver) Update(key string, rls *rspb.Release) error { +func (d *MaxHistoryMockDriver) Update(key string, rls release.Releaser) error { return d.Driver.Update(key, rls) } -func (d *MaxHistoryMockDriver) Delete(_ string) (*rspb.Release, error) { +func (d *MaxHistoryMockDriver) Delete(_ string) (release.Releaser, error) { return nil, errMaxHistoryMockDriverSomethingHappened } -func (d *MaxHistoryMockDriver) Get(key string) (*rspb.Release, error) { +func (d *MaxHistoryMockDriver) Get(key string) (release.Releaser, error) { return d.Driver.Get(key) } -func (d *MaxHistoryMockDriver) List(filter func(*rspb.Release) bool) ([]*rspb.Release, error) { +func (d *MaxHistoryMockDriver) List(filter func(release.Releaser) bool) ([]release.Releaser, error) { return d.Driver.List(filter) } -func (d *MaxHistoryMockDriver) Query(labels map[string]string) ([]*rspb.Release, error) { +func (d *MaxHistoryMockDriver) Query(labels map[string]string) ([]release.Releaser, error) { return d.Driver.Query(labels) } func (d *MaxHistoryMockDriver) Name() string { @@ -319,14 +332,14 @@ func TestMaxHistoryErrorHandling(t *testing.T) { // setup storage with test releases setup := func() { // release records - rls1 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusSuperseded}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Driver.Create(makeKey(rls1.Name, rls1.Version), rls1), "Storing release 'angry-bird' (v1)") } setup() - rls2 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusSuperseded}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusSuperseded}.ToRelease() wantErr := errMaxHistoryMockDriverSomethingHappened gotErr := storage.Create(rls2) if !errors.Is(gotErr, wantErr) { @@ -345,10 +358,10 @@ func TestStorageRemoveLeastRecent(t *testing.T) { // setup storage with test releases setup := func() { // release records - rls0 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusSuperseded}.ToRelease() - rls1 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusSuperseded}.ToRelease() - rls2 := ReleaseTestData{Name: name, Version: 3, Status: rspb.StatusSuperseded}.ToRelease() - rls3 := ReleaseTestData{Name: name, Version: 4, Status: rspb.StatusDeployed}.ToRelease() + rls0 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusSuperseded}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 3, Status: common.StatusSuperseded}.ToRelease() + rls3 := ReleaseTestData{Name: name, Version: 4, Status: common.StatusDeployed}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'angry-bird' (v1)") @@ -367,22 +380,25 @@ func TestStorageRemoveLeastRecent(t *testing.T) { } storage.MaxHistory = 3 - rls5 := ReleaseTestData{Name: name, Version: 5, Status: rspb.StatusDeployed}.ToRelease() + rls5 := ReleaseTestData{Name: name, Version: 5, Status: common.StatusDeployed}.ToRelease() assertErrNil(t.Fatal, storage.Create(rls5), "Storing release 'angry-bird' (v5)") // On inserting the 5th record, we expect two records to be pruned from history. hist, err := storage.History(name) + assert.NoError(t, err) + rhist, err := releaseListToV1List(hist) + assert.NoError(t, err) if err != nil { t.Fatal(err) - } else if len(hist) != storage.MaxHistory { - for _, item := range hist { + } else if len(rhist) != storage.MaxHistory { + for _, item := range rhist { t.Logf("%s %v", item.Name, item.Version) } - t.Fatalf("expected %d items in history, got %d", storage.MaxHistory, len(hist)) + t.Fatalf("expected %d items in history, got %d", storage.MaxHistory, len(rhist)) } // We expect the existing records to be 3, 4, and 5. - for i, item := range hist { + for i, item := range rhist { v := item.Version if expect := i + 3; v != expect { t.Errorf("Expected release %d, got %d", expect, v) @@ -399,10 +415,10 @@ func TestStorageDoNotDeleteDeployed(t *testing.T) { // setup storage with test releases setup := func() { // release records - rls0 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusSuperseded}.ToRelease() - rls1 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusDeployed}.ToRelease() - rls2 := ReleaseTestData{Name: name, Version: 3, Status: rspb.StatusFailed}.ToRelease() - rls3 := ReleaseTestData{Name: name, Version: 4, Status: rspb.StatusFailed}.ToRelease() + rls0 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusDeployed}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 3, Status: common.StatusFailed}.ToRelease() + rls3 := ReleaseTestData{Name: name, Version: 4, Status: common.StatusFailed}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'angry-bird' (v1)") @@ -412,7 +428,7 @@ func TestStorageDoNotDeleteDeployed(t *testing.T) { } setup() - rls5 := ReleaseTestData{Name: name, Version: 5, Status: rspb.StatusFailed}.ToRelease() + rls5 := ReleaseTestData{Name: name, Version: 5, Status: common.StatusFailed}.ToRelease() assertErrNil(t.Fatal, storage.Create(rls5), "Storing release 'angry-bird' (v5)") // On inserting the 5th record, we expect a total of 3 releases, but we expect version 2 @@ -421,10 +437,12 @@ func TestStorageDoNotDeleteDeployed(t *testing.T) { if err != nil { t.Fatal(err) } else if len(hist) != storage.MaxHistory { - for _, item := range hist { + rhist, err := releaseListToV1List(hist) + assert.NoError(t, err) + for _, item := range rhist { t.Logf("%s %v", item.Name, item.Version) } - t.Fatalf("expected %d items in history, got %d", storage.MaxHistory, len(hist)) + t.Fatalf("expected %d items in history, got %d", storage.MaxHistory, len(rhist)) } expectedVersions := map[int]bool{ @@ -433,7 +451,9 @@ func TestStorageDoNotDeleteDeployed(t *testing.T) { 5: true, } - for _, item := range hist { + rhist, err := releaseListToV1List(hist) + assert.NoError(t, err) + for _, item := range rhist { if !expectedVersions[item.Version] { t.Errorf("Release version %d, found when not expected", item.Version) } @@ -448,10 +468,10 @@ func TestStorageLast(t *testing.T) { // Set up storage with test releases. setup := func() { // release records - rls0 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusSuperseded}.ToRelease() - rls1 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusSuperseded}.ToRelease() - rls2 := ReleaseTestData{Name: name, Version: 3, Status: rspb.StatusSuperseded}.ToRelease() - rls3 := ReleaseTestData{Name: name, Version: 4, Status: rspb.StatusFailed}.ToRelease() + rls0 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusSuperseded}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusSuperseded}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 3, Status: common.StatusSuperseded}.ToRelease() + rls3 := ReleaseTestData{Name: name, Version: 4, Status: common.StatusFailed}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'angry-bird' (v1)") @@ -467,8 +487,11 @@ func TestStorageLast(t *testing.T) { t.Fatalf("Failed to query for release history (%q): %s\n", name, err) } - if h.Version != 4 { - t.Errorf("Expected revision 4, got %d", h.Version) + rel, err := releaserToV1Release(h) + assert.NoError(t, err) + + if rel.Version != 4 { + t.Errorf("Expected revision 4, got %d", rel.Version) } } @@ -483,10 +506,10 @@ func TestUpgradeInitiallyFailedReleaseWithHistoryLimit(t *testing.T) { // setup storage with test releases setup := func() { // release records - rls0 := ReleaseTestData{Name: name, Version: 1, Status: rspb.StatusFailed}.ToRelease() - rls1 := ReleaseTestData{Name: name, Version: 2, Status: rspb.StatusFailed}.ToRelease() - rls2 := ReleaseTestData{Name: name, Version: 3, Status: rspb.StatusFailed}.ToRelease() - rls3 := ReleaseTestData{Name: name, Version: 4, Status: rspb.StatusFailed}.ToRelease() + rls0 := ReleaseTestData{Name: name, Version: 1, Status: common.StatusFailed}.ToRelease() + rls1 := ReleaseTestData{Name: name, Version: 2, Status: common.StatusFailed}.ToRelease() + rls2 := ReleaseTestData{Name: name, Version: 3, Status: common.StatusFailed}.ToRelease() + rls3 := ReleaseTestData{Name: name, Version: 4, Status: common.StatusFailed}.ToRelease() // create the release records in the storage assertErrNil(t.Fatal, storage.Create(rls0), "Storing release 'angry-bird' (v1)") @@ -507,7 +530,7 @@ func TestUpgradeInitiallyFailedReleaseWithHistoryLimit(t *testing.T) { setup() - rls5 := ReleaseTestData{Name: name, Version: 5, Status: rspb.StatusFailed}.ToRelease() + rls5 := ReleaseTestData{Name: name, Version: 5, Status: common.StatusFailed}.ToRelease() err := storage.Create(rls5) if err != nil { t.Fatalf("Failed to create a new release version: %s", err) @@ -518,13 +541,15 @@ func TestUpgradeInitiallyFailedReleaseWithHistoryLimit(t *testing.T) { t.Fatalf("unexpected error: %s", err) } - for i, rel := range hist { + rhist, err := releaseListToV1List(hist) + assert.NoError(t, err) + for i, rel := range rhist { wantVersion := i + 2 if rel.Version != wantVersion { t.Fatalf("Expected history release %d version to equal %d, got %d", i+1, wantVersion, rel.Version) } - wantStatus := rspb.StatusFailed + wantStatus := common.StatusFailed if rel.Info.Status != wantStatus { t.Fatalf("Expected history release %d status to equal %q, got %q", i+1, wantStatus, rel.Info.Status) } @@ -536,7 +561,7 @@ type ReleaseTestData struct { Version int Manifest string Namespace string - Status rspb.Status + Status common.Status } func (test ReleaseTestData) ToRelease() *rspb.Release { diff --git a/pkg/strvals/literal_parser_test.go b/pkg/strvals/literal_parser_test.go index 4e74423d6..6a76458f5 100644 --- a/pkg/strvals/literal_parser_test.go +++ b/pkg/strvals/literal_parser_test.go @@ -17,6 +17,7 @@ package strvals import ( "fmt" + "strings" "testing" "sigs.k8s.io/yaml" @@ -416,14 +417,14 @@ func TestParseLiteralInto(t *testing.T) { } func TestParseLiteralNestedLevels(t *testing.T) { - var keyMultipleNestedLevels string + var keyMultipleNestedLevels strings.Builder for i := 1; i <= MaxNestedNameLevel+2; i++ { tmpStr := fmt.Sprintf("name%d", i) if i <= MaxNestedNameLevel+1 { tmpStr = tmpStr + "." } - keyMultipleNestedLevels += tmpStr + keyMultipleNestedLevels.WriteString(tmpStr) } tests := []struct { @@ -439,7 +440,7 @@ func TestParseLiteralNestedLevels(t *testing.T) { "", }, { - str: keyMultipleNestedLevels + "=value", + str: keyMultipleNestedLevels.String() + "=value", err: true, errStr: fmt.Sprintf("value name nested level is greater than maximum supported nested level of %d", MaxNestedNameLevel), }, diff --git a/pkg/strvals/parser.go b/pkg/strvals/parser.go index c65e98c84..86e349f37 100644 --- a/pkg/strvals/parser.go +++ b/pkg/strvals/parser.go @@ -237,7 +237,7 @@ func (t *parser) key(data map[string]interface{}, nestedNameLevel int) (reterr e _, err = t.emptyVal() return err } - //End of key. Consume =, Get value. + // End of key. Consume =, Get value. // FIXME: Get value list first vl, e := t.valList() switch e { diff --git a/pkg/strvals/parser_test.go b/pkg/strvals/parser_test.go index a0c67b791..73403fc52 100644 --- a/pkg/strvals/parser_test.go +++ b/pkg/strvals/parser_test.go @@ -17,6 +17,7 @@ package strvals import ( "fmt" + "strings" "testing" "sigs.k8s.io/yaml" @@ -757,13 +758,13 @@ func TestToYAML(t *testing.T) { } func TestParseSetNestedLevels(t *testing.T) { - var keyMultipleNestedLevels string + var keyMultipleNestedLevels strings.Builder for i := 1; i <= MaxNestedNameLevel+2; i++ { tmpStr := fmt.Sprintf("name%d", i) if i <= MaxNestedNameLevel+1 { tmpStr = tmpStr + "." } - keyMultipleNestedLevels += tmpStr + keyMultipleNestedLevels.WriteString(tmpStr) } tests := []struct { str string @@ -778,7 +779,7 @@ func TestParseSetNestedLevels(t *testing.T) { "", }, { - str: keyMultipleNestedLevels + "=value", + str: keyMultipleNestedLevels.String() + "=value", err: true, errStr: fmt.Sprintf("value name nested level is greater than maximum supported nested level of %d", MaxNestedNameLevel), diff --git a/pkg/time/ctime/ctime.go b/pkg/time/ctime/ctime.go deleted file mode 100644 index 63a41c0bf..000000000 --- a/pkg/time/ctime/ctime.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -package ctime - -import ( - "os" - "time" -) - -func Created(fi os.FileInfo) time.Time { - return modified(fi) -} - -func Modified(fi os.FileInfo) time.Time { - return modified(fi) -} diff --git a/pkg/time/ctime/ctime_linux.go b/pkg/time/ctime/ctime_linux.go deleted file mode 100644 index d8a6ea1a1..000000000 --- a/pkg/time/ctime/ctime_linux.go +++ /dev/null @@ -1,30 +0,0 @@ -//go:build linux - -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -package ctime - -import ( - "os" - "syscall" - "time" -) - -func modified(fi os.FileInfo) time.Time { - st := fi.Sys().(*syscall.Stat_t) - //nolint - return time.Unix(int64(st.Mtim.Sec), int64(st.Mtim.Nsec)) -} diff --git a/pkg/time/ctime/ctime_other.go b/pkg/time/ctime/ctime_other.go deleted file mode 100644 index 12afc6df2..000000000 --- a/pkg/time/ctime/ctime_other.go +++ /dev/null @@ -1,27 +0,0 @@ -//go:build !linux - -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -package ctime - -import ( - "os" - "time" -) - -func modified(fi os.FileInfo) time.Time { - return fi.ModTime() -} diff --git a/pkg/time/time.go b/pkg/time/time.go deleted file mode 100644 index 16973b455..000000000 --- a/pkg/time/time.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package time contains a wrapper for time.Time in the standard library and -// associated methods. This package mainly exists to work around an issue in Go -// where the serializer doesn't omit an empty value for time: -// https://github.com/golang/go/issues/11939. As such, this can be removed if a -// proposal is ever accepted for Go -package time - -import ( - "bytes" - "time" -) - -// emptyString contains an empty JSON string value to be used as output -var emptyString = `""` - -// Time is a convenience wrapper around stdlib time, but with different -// marshalling and unmarshalling for zero values -type Time struct { - time.Time -} - -// Now returns the current time. It is a convenience wrapper around time.Now() -func Now() Time { - return Time{time.Now()} -} - -func (t Time) MarshalJSON() ([]byte, error) { - if t.IsZero() { - return []byte(emptyString), nil - } - - return t.Time.MarshalJSON() -} - -func (t *Time) UnmarshalJSON(b []byte) error { - if bytes.Equal(b, []byte("null")) { - return nil - } - // If it is empty, we don't have to set anything since time.Time is not a - // pointer and will be set to the zero value - if bytes.Equal([]byte(emptyString), b) { - return nil - } - - return t.Time.UnmarshalJSON(b) -} - -func Parse(layout, value string) (Time, error) { - t, err := time.Parse(layout, value) - return Time{Time: t}, err -} - -func ParseInLocation(layout, value string, loc *time.Location) (Time, error) { - t, err := time.ParseInLocation(layout, value, loc) - return Time{Time: t}, err -} - -func Date(year int, month time.Month, day, hour, minute, second, nanoSecond int, loc *time.Location) Time { - return Time{Time: time.Date(year, month, day, hour, minute, second, nanoSecond, loc)} -} - -func Unix(sec int64, nsec int64) Time { return Time{Time: time.Unix(sec, nsec)} } - -func (t Time) Add(d time.Duration) Time { return Time{Time: t.Time.Add(d)} } -func (t Time) AddDate(years int, months int, days int) Time { - return Time{Time: t.Time.AddDate(years, months, days)} -} -func (t Time) After(u Time) bool { return t.Time.After(u.Time) } -func (t Time) Before(u Time) bool { return t.Time.Before(u.Time) } -func (t Time) Equal(u Time) bool { return t.Time.Equal(u.Time) } -func (t Time) In(loc *time.Location) Time { return Time{Time: t.Time.In(loc)} } -func (t Time) Local() Time { return Time{Time: t.Time.Local()} } -func (t Time) Round(d time.Duration) Time { return Time{Time: t.Time.Round(d)} } -func (t Time) Sub(u Time) time.Duration { return t.Time.Sub(u.Time) } -func (t Time) Truncate(d time.Duration) Time { return Time{Time: t.Time.Truncate(d)} } -func (t Time) UTC() Time { return Time{Time: t.Time.UTC()} } diff --git a/pkg/time/time_test.go b/pkg/time/time_test.go deleted file mode 100644 index 342ca4a10..000000000 --- a/pkg/time/time_test.go +++ /dev/null @@ -1,153 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package time - -import ( - "encoding/json" - "testing" - "time" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -var ( - timeParseString = `"1977-09-02T22:04:05Z"` - timeString = "1977-09-02 22:04:05 +0000 UTC" -) - -func givenTime(t *testing.T) Time { - t.Helper() - result, err := Parse(time.RFC3339, "1977-09-02T22:04:05Z") - require.NoError(t, err) - return result -} - -func TestDate(t *testing.T) { - testingTime := givenTime(t) - got := Date(1977, 9, 2, 22, 04, 05, 0, time.UTC) - assert.Equal(t, timeString, got.String()) - assert.True(t, testingTime.Equal(got)) - assert.True(t, got.Equal(testingTime)) -} - -func TestNow(t *testing.T) { - testingTime := givenTime(t) - got := Now() - assert.True(t, testingTime.Before(got)) - assert.True(t, got.After(testingTime)) -} - -func TestTime_Add(t *testing.T) { - testingTime := givenTime(t) - got := testingTime.Add(time.Hour) - assert.Equal(t, timeString, testingTime.String()) - assert.Equal(t, "1977-09-02 23:04:05 +0000 UTC", got.String()) -} - -func TestTime_AddDate(t *testing.T) { - testingTime := givenTime(t) - got := testingTime.AddDate(1, 1, 1) - assert.Equal(t, "1978-10-03 22:04:05 +0000 UTC", got.String()) -} - -func TestTime_In(t *testing.T) { - testingTime := givenTime(t) - edt, err := time.LoadLocation("America/New_York") - assert.NoError(t, err) - got := testingTime.In(edt) - assert.Equal(t, "America/New_York", got.Location().String()) -} - -func TestTime_MarshalJSONNonZero(t *testing.T) { - testingTime := givenTime(t) - res, err := json.Marshal(testingTime) - assert.NoError(t, err) - assert.Equal(t, timeParseString, string(res)) -} - -func TestTime_MarshalJSONZeroValue(t *testing.T) { - res, err := json.Marshal(Time{}) - assert.NoError(t, err) - assert.Equal(t, `""`, string(res)) -} - -func TestTime_Round(t *testing.T) { - testingTime := givenTime(t) - got := testingTime.Round(time.Hour) - assert.Equal(t, timeString, testingTime.String()) - assert.Equal(t, "1977-09-02 22:00:00 +0000 UTC", got.String()) -} - -func TestTime_Sub(t *testing.T) { - testingTime := givenTime(t) - before, err := Parse(time.RFC3339, "1977-09-01T22:04:05Z") - require.NoError(t, err) - got := testingTime.Sub(before) - assert.Equal(t, "24h0m0s", got.String()) -} - -func TestTime_Truncate(t *testing.T) { - testingTime := givenTime(t) - got := testingTime.Truncate(time.Hour) - assert.Equal(t, timeString, testingTime.String()) - assert.Equal(t, "1977-09-02 22:00:00 +0000 UTC", got.String()) -} - -func TestTime_UTC(t *testing.T) { - edtTime, err := Parse(time.RFC3339, "1977-09-03T05:04:05+07:00") - require.NoError(t, err) - got := edtTime.UTC() - assert.Equal(t, timeString, got.String()) -} - -func TestTime_UnmarshalJSONNonZeroValue(t *testing.T) { - testingTime := givenTime(t) - var myTime Time - err := json.Unmarshal([]byte(timeParseString), &myTime) - assert.NoError(t, err) - assert.True(t, testingTime.Equal(myTime)) -} - -func TestTime_UnmarshalJSONEmptyString(t *testing.T) { - var myTime Time - err := json.Unmarshal([]byte(emptyString), &myTime) - assert.NoError(t, err) - assert.True(t, myTime.IsZero()) -} - -func TestTime_UnmarshalJSONNullString(t *testing.T) { - var myTime Time - err := json.Unmarshal([]byte("null"), &myTime) - assert.NoError(t, err) - assert.True(t, myTime.IsZero()) -} - -func TestTime_UnmarshalJSONZeroValue(t *testing.T) { - // This test ensures that we can unmarshal any time value that was output - // with the current go default value of "0001-01-01T00:00:00Z" - var myTime Time - err := json.Unmarshal([]byte(`"0001-01-01T00:00:00Z"`), &myTime) - assert.NoError(t, err) - assert.True(t, myTime.IsZero()) -} - -func TestUnix(t *testing.T) { - got := Unix(242085845, 0) - assert.Equal(t, int64(242085845), got.Unix()) - assert.Equal(t, timeString, got.UTC().String()) -} diff --git a/scripts/coverage.sh b/scripts/coverage.sh index 2164d94da..4a29a68ad 100755 --- a/scripts/coverage.sh +++ b/scripts/coverage.sh @@ -18,10 +18,23 @@ set -euo pipefail covermode=${COVERMODE:-atomic} coverdir=$(mktemp -d /tmp/coverage.XXXXXXXXXX) +trap 'rm -rf "${coverdir}"' EXIT profile="${coverdir}/cover.out" +html=false +target="./..." # by default the whole repository is tested +for arg in "$@"; do + case "${arg}" in + --html) + html=true + ;; + *) + target="${arg}" + ;; + esac +done generate_cover_data() { - for d in $(go list ./...) ; do + for d in $(go list "$target"); do ( local output="${coverdir}/${d//\//-}.cover" go test -coverprofile="${output}" -covermode="$covermode" "$d" @@ -35,9 +48,7 @@ generate_cover_data() { generate_cover_data go tool cover -func "${profile}" -case "${1-}" in - --html) +if [ "${html}" = "true" ] ; then go tool cover -html "${profile}" - ;; -esac +fi diff --git a/scripts/get b/scripts/get index 45ae3275b..25fd08e76 100755 --- a/scripts/get +++ b/scripts/get @@ -60,7 +60,7 @@ runAsRoot() { # verifySupported checks that the os/arch combination is supported for # binary builds. verifySupported() { - local supported="darwin-amd64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nlinux-riscv64\nwindows-amd64\nwindows-arm64" + local supported="darwin-amd64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-loong64\nlinux-ppc64le\nlinux-s390x\nwindows-amd64\nwindows-arm64" if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then echo "No prebuilt binary for ${OS}-${ARCH}." echo "To build from source, go to https://github.com/helm/helm" diff --git a/scripts/get-helm-3 b/scripts/get-helm-3 index 3aa44daee..5f265a52f 100755 --- a/scripts/get-helm-3 +++ b/scripts/get-helm-3 @@ -69,7 +69,7 @@ runAsRoot() { # verifySupported checks that the os/arch combination is supported for # binary builds, as well whether or not necessary tools are present. verifySupported() { - local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nlinux-riscv64\nwindows-amd64\nwindows-arm64" + local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-loong64\nlinux-ppc64le\nlinux-s390x\nlinux-riscv64\nwindows-amd64\nwindows-arm64" if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then echo "No prebuilt binary for ${OS}-${ARCH}." echo "To build from source, go to https://github.com/helm/helm" @@ -114,7 +114,7 @@ verifySupported() { checkDesiredVersion() { if [ "x$DESIRED_VERSION" == "x" ]; then # Get tag from release URL - local latest_release_url="https://get.helm.sh/helm-latest-version" + local latest_release_url="https://get.helm.sh/helm3-latest-version" local latest_release_response="" if [ "${HAS_CURL}" == "true" ]; then latest_release_response=$( curl -L --silent --show-error --fail "$latest_release_url" 2>&1 || true ) diff --git a/scripts/get-helm-4 b/scripts/get-helm-4 new file mode 100644 index 000000000..1c90bbad5 --- /dev/null +++ b/scripts/get-helm-4 @@ -0,0 +1,347 @@ +#!/usr/bin/env bash + +# Copyright The Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The install script is based off of the MIT-licensed script from glide, +# the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get + +: ${BINARY_NAME:="helm"} +: ${USE_SUDO:="true"} +: ${DEBUG:="false"} +: ${VERIFY_CHECKSUM:="true"} +: ${VERIFY_SIGNATURES:="false"} +: ${HELM_INSTALL_DIR:="/usr/local/bin"} +: ${GPG_PUBRING:="pubring.kbx"} + +HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)" +HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)" +HAS_OPENSSL="$(type "openssl" &> /dev/null && echo true || echo false)" +HAS_GPG="$(type "gpg" &> /dev/null && echo true || echo false)" +HAS_GIT="$(type "git" &> /dev/null && echo true || echo false)" +HAS_TAR="$(type "tar" &> /dev/null && echo true || echo false)" + +# initArch discovers the architecture for this system. +initArch() { + ARCH=$(uname -m) + case $ARCH in + armv5*) ARCH="armv5";; + armv6*) ARCH="armv6";; + armv7*) ARCH="arm";; + aarch64) ARCH="arm64";; + x86) ARCH="386";; + x86_64) ARCH="amd64";; + i686) ARCH="386";; + i386) ARCH="386";; + esac +} + +# initOS discovers the operating system for this system. +initOS() { + OS=$(echo `uname`|tr '[:upper:]' '[:lower:]') + + case "$OS" in + # Minimalist GNU for Windows + mingw*|cygwin*) OS='windows';; + esac +} + +# runs the given command as root (detects if we are root already) +runAsRoot() { + if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then + sudo "${@}" + else + "${@}" + fi +} + +# verifySupported checks that the os/arch combination is supported for +# binary builds, as well whether or not necessary tools are present. +verifySupported() { + local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-loong64\nlinux-ppc64le\nlinux-s390x\nlinux-riscv64\nwindows-amd64\nwindows-arm64" + if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then + echo "No prebuilt binary for ${OS}-${ARCH}." + echo "To build from source, go to https://github.com/helm/helm" + exit 1 + fi + + if [ "${HAS_CURL}" != "true" ] && [ "${HAS_WGET}" != "true" ]; then + echo "Either curl or wget is required" + exit 1 + fi + + if [ "${VERIFY_CHECKSUM}" == "true" ] && [ "${HAS_OPENSSL}" != "true" ]; then + echo "In order to verify checksum, openssl must first be installed." + echo "Please install openssl or set VERIFY_CHECKSUM=false in your environment." + exit 1 + fi + + if [ "${VERIFY_SIGNATURES}" == "true" ]; then + if [ "${HAS_GPG}" != "true" ]; then + echo "In order to verify signatures, gpg must first be installed." + echo "Please install gpg or set VERIFY_SIGNATURES=false in your environment." + exit 1 + fi + if [ "${OS}" != "linux" ]; then + echo "Signature verification is currently only supported on Linux." + echo "Please set VERIFY_SIGNATURES=false or verify the signatures manually." + exit 1 + fi + fi + + if [ "${HAS_GIT}" != "true" ]; then + echo "[WARNING] Could not find git. It is required for plugin installation." + fi + + if [ "${HAS_TAR}" != "true" ]; then + echo "[ERROR] Could not find tar. It is required to extract the helm binary archive." + exit 1 + fi +} + +# checkDesiredVersion checks if the desired version is available. +checkDesiredVersion() { + if [ "x$DESIRED_VERSION" == "x" ]; then + # Get tag from release URL + local latest_release_url="https://get.helm.sh/helm4-latest-version" + local latest_release_response="" + if [ "${HAS_CURL}" == "true" ]; then + latest_release_response=$( curl -L --silent --show-error --fail "$latest_release_url" 2>&1 || true ) + elif [ "${HAS_WGET}" == "true" ]; then + latest_release_response=$( wget "$latest_release_url" -q -O - 2>&1 || true ) + fi + TAG=$( echo "$latest_release_response" | grep '^v[0-9]' ) + if [ "x$TAG" == "x" ]; then + printf "Could not retrieve the latest release tag information from %s: %s\n" "${latest_release_url}" "${latest_release_response}" + exit 1 + fi + else + TAG=$DESIRED_VERSION + fi +} + +# checkHelmInstalledVersion checks which version of helm is installed and +# if it needs to be changed. +checkHelmInstalledVersion() { + if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then + local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}") + if [[ "$version" == "$TAG" ]]; then + echo "Helm ${version} is already ${DESIRED_VERSION:-latest}" + return 0 + else + echo "Helm ${TAG} is available. Changing from version ${version}." + return 1 + fi + else + return 1 + fi +} + +# downloadFile downloads the latest binary package and also the checksum +# for that binary. +downloadFile() { + HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz" + DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST" + CHECKSUM_URL="$DOWNLOAD_URL.sha256" + HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)" + HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST" + HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256" + echo "Downloading $DOWNLOAD_URL" + if [ "${HAS_CURL}" == "true" ]; then + curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE" + curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE" + elif [ "${HAS_WGET}" == "true" ]; then + wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL" + wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL" + fi +} + +# verifyFile verifies the SHA256 checksum of the binary package +# and the GPG signatures for both the package and checksum file +# (depending on settings in environment). +verifyFile() { + if [ "${VERIFY_CHECKSUM}" == "true" ]; then + verifyChecksum + fi + if [ "${VERIFY_SIGNATURES}" == "true" ]; then + verifySignatures + fi +} + +# installFile installs the Helm binary. +installFile() { + HELM_TMP="$HELM_TMP_ROOT/$BINARY_NAME" + mkdir -p "$HELM_TMP" + tar xf "$HELM_TMP_FILE" -C "$HELM_TMP" + HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/helm" + echo "Preparing to install $BINARY_NAME into ${HELM_INSTALL_DIR}" + runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR/$BINARY_NAME" + echo "$BINARY_NAME installed into $HELM_INSTALL_DIR/$BINARY_NAME" +} + +# verifyChecksum verifies the SHA256 checksum of the binary package. +verifyChecksum() { + printf "Verifying checksum... " + local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}') + local expected_sum=$(cat ${HELM_SUM_FILE}) + if [ "$sum" != "$expected_sum" ]; then + echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting." + exit 1 + fi + echo "Done." +} + +# verifySignatures obtains the latest KEYS file from GitHub main branch +# as well as the signature .asc files from the specific GitHub release, +# then verifies that the release artifacts were signed by a maintainer's key. +verifySignatures() { + printf "Verifying signatures... " + local keys_filename="KEYS" + local github_keys_url="https://raw.githubusercontent.com/helm/helm/main/${keys_filename}" + if [ "${HAS_CURL}" == "true" ]; then + curl -SsL "${github_keys_url}" -o "${HELM_TMP_ROOT}/${keys_filename}" + elif [ "${HAS_WGET}" == "true" ]; then + wget -q -O "${HELM_TMP_ROOT}/${keys_filename}" "${github_keys_url}" + fi + local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg" + local gpg_homedir="${HELM_TMP_ROOT}/gnupg" + mkdir -p -m 0700 "${gpg_homedir}" + local gpg_stderr_device="/dev/null" + if [ "${DEBUG}" == "true" ]; then + gpg_stderr_device="/dev/stderr" + fi + gpg --batch --quiet --homedir="${gpg_homedir}" --import "${HELM_TMP_ROOT}/${keys_filename}" 2> "${gpg_stderr_device}" + gpg --batch --no-default-keyring --keyring "${gpg_homedir}/${GPG_PUBRING}" --export > "${gpg_keyring}" + local github_release_url="https://github.com/helm/helm/releases/download/${TAG}" + if [ "${HAS_CURL}" == "true" ]; then + curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" + curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" + elif [ "${HAS_WGET}" == "true" ]; then + wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" + wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" + fi + local error_text="If you think this might be a potential security issue," + error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md" + local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') + if [[ ${num_goodlines_sha} -lt 2 ]]; then + echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!" + echo -e "${error_text}" + exit 1 + fi + local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') + if [[ ${num_goodlines_tar} -lt 2 ]]; then + echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!" + echo -e "${error_text}" + exit 1 + fi + echo "Done." +} + +# fail_trap is executed if an error occurs. +fail_trap() { + result=$? + if [ "$result" != "0" ]; then + if [[ -n "$INPUT_ARGUMENTS" ]]; then + echo "Failed to install $BINARY_NAME with the arguments provided: $INPUT_ARGUMENTS" + help + else + echo "Failed to install $BINARY_NAME" + fi + echo -e "\tFor support, go to https://github.com/helm/helm." + fi + cleanup + exit $result +} + +# testVersion tests the installed client to make sure it is working. +testVersion() { + set +e + HELM="$(command -v $BINARY_NAME)" + if [ "$?" = "1" ]; then + echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?' + exit 1 + fi + set -e +} + +# help provides possible cli installation arguments +help () { + echo "Accepted cli arguments are:" + echo -e "\t[--help|-h ] ->> prints this help" + echo -e "\t[--version|-v ] . When not defined it fetches the latest release tag from the Helm CDN" + echo -e "\te.g. --version v4.0.0 or -v canary" + echo -e "\t[--no-sudo] ->> install without sudo" +} + +# cleanup temporary files to avoid https://github.com/helm/helm/issues/2977 +cleanup() { + if [[ -d "${HELM_TMP_ROOT:-}" ]]; then + rm -rf "$HELM_TMP_ROOT" + fi +} + +# Execution + +#Stop execution on any error +trap "fail_trap" EXIT +set -e + +# Set debug if desired +if [ "${DEBUG}" == "true" ]; then + set -x +fi + +# Parsing input arguments (if any) +export INPUT_ARGUMENTS="${@}" +set -u +while [[ $# -gt 0 ]]; do + case $1 in + '--version'|-v) + shift + if [[ $# -ne 0 ]]; then + export DESIRED_VERSION="${1}" + if [[ "$1" != "v"* ]]; then + echo "Expected version arg ('${DESIRED_VERSION}') to begin with 'v', fixing..." + export DESIRED_VERSION="v${1}" + fi + else + echo -e "Please provide the desired version. e.g. --version v4.0.0 or -v canary" + exit 0 + fi + ;; + '--no-sudo') + USE_SUDO="false" + ;; + '--help'|-h) + help + exit 0 + ;; + *) exit 1 + ;; + esac + shift +done +set +u + +initArch +initOS +verifySupported +checkDesiredVersion +if ! checkHelmInstalledVersion; then + downloadFile + verifyFile + installFile +fi +testVersion +cleanup diff --git a/scripts/release-notes.sh b/scripts/release-notes.sh index cea9bf4dc..48328cb38 100755 --- a/scripts/release-notes.sh +++ b/scripts/release-notes.sh @@ -87,6 +87,7 @@ Download Helm ${RELEASE}. The common platform binaries are here: - [Linux arm](https://get.helm.sh/helm-${RELEASE}-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-arm.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-arm.tar.gz.sha256)) - [Linux arm64](https://get.helm.sh/helm-${RELEASE}-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-arm64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-arm64.tar.gz.sha256)) - [Linux i386](https://get.helm.sh/helm-${RELEASE}-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-386.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-386.tar.gz.sha256)) +- [Linux loong64](https://get.helm.sh/helm-${RELEASE}-linux-loong64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-loong64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-loong64.tar.gz.sha256)) - [Linux ppc64le](https://get.helm.sh/helm-${RELEASE}-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-ppc64le.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-ppc64le.tar.gz.sha256)) - [Linux s390x](https://get.helm.sh/helm-${RELEASE}-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-s390x.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-s390x.tar.gz.sha256)) - [Linux riscv64](https://get.helm.sh/helm-${RELEASE}-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-riscv64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-riscv64.tar.gz.sha256))