When using the --verify flag on the pull command the output was
an internal Go object rather than useful detail. This is a bug.
The output new displays who signed the chart along with the
hash.
Fixes#7624
Signed-off-by: Matt Farina <matt@mattfarina.com>
The memory driver is used for go tests. It can also be used from the
command-line by setting the environment variable HELM_DRIVER=memory.
In the latter case however, there was no way to pre-provision some
releases.
This commit introduces the HELM_MEMORY_DRIVER_DATA variable which
can be used to provide a colon-separated list of yaml files specifying
releases to provision automatically.
For example:
HELM_DRIVER=memory \
HELM_MEMORY_DRIVER_DATA=./testdata/releases.yaml \
helm list --all-namespaces
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
This is a copy of the --disable-openapi-validation flag from the install command as introduced by Matthew Fisher.
See commit 67e57a5fbb
It allows upgrading releases without the need to validate the Kubernetes OpenAPI Schema.
Signed-off-by: Sebastian Voinea <sebastian.voinea@gmx.de>
The template command uses the memory driver. This driver now supports
namespaces, so the template code-path now specifies the namespace as
required by the memory driver.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
* Allow template output to use release name
helm template output command uses the chart name only when writing
templates to disk. This changes will also use the release name
to avoid colloiding the path when output nore than one release
of smae chart.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comment:
- https://github.com/helm/helm/pull/7503/files#r374130090
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
These flags snuck in through a feature that was reverted and removed in Helm 2, but snuck into Helm 3.
They were never hooked up or used, so they were a no-op. This shouldn't affect anyone.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
Use the same install order for hooks as for normal resources (non-hooks) for hooks with equal weight.
This makes resource handling more consistent and helps, when there are hook consisting of several resources like e.g. a service account and a job using this service account.
The sort functions are changed from an in place search to an out of place sort to avoid inout parameters.
Closes#7416.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
I was looking into the `get` command, and got tripped up by the
`Version` variable. It was unclear to me what Version represents, since
it's called REVISION when doing e.g., `helm list`.
But even after knowing this, it was not very clear to me why we
(implicitly) set the Version variable to 0 but never seem to use it.
`mhickey` explained to me on Slack that this gets the latest revision of
the release. Makes sense, but I added a comment about that too, to
clarify.
Signed-off-by: Andreas Lindhé <andreas@lindhe.io>
The 'helm install' command returned confusing error messages if a flag was misspecified (e.g. `helm install name chart --set value foo`). This lead to an error indicating that a name should be specified for the command. Now an explicit check is done on the number of arguments passed, returning a message indicating the invalid arguments (`foo` in the example`).
Closes#7225
Signed-off-by: Lennard Eijsackers <lennardeijsackers92@gmail.com>
The existing unit test doesn't cover the most important functionality
of filterList(). Adding that check. Separately test the specific
namespace-related behavior.
Remove the dead variable anotherOldOne.
Signed-off-by: Jakub Bielecki <jakub.bielecki@codilime.com>
When enabled, during the rendering process, this feature flag will not validate rendered templates against the Kubernetes OpenAPI Schema.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* fix(helm): add --description flag to 'helm install', 'helm upgrade', and 'helm uninstall'
When added, this flag allow us to add a custom description to the release. E.g. '--description "my custom description"'
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
* fix(helm): fixed style issues on top of previous commit (3a43a9a487)
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
* fix(helm): fixed wrong test issue on top of previous commit (3a43a9a)
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
Fixes a few bugs related to tls config when installing charts:
1. When installing via relative path, tls config for the selected
repository was not being set.
2. The `--ca-file` flag was not being passed when constructing the
downloader.
3. Setting tls config was not checking for zero value in repo
config, causing flag to get overwritten with empty string.
There's still a few oddities here. I would expect that the flag
passed in on the command line would override the repo config, but
that's not currently the case. Also, we always set the cert, key
and ca files as a trio, when they should be set individually
depending on combination of flags / repo config.
Signed-off-by: James McElwain <jmcelwain@gmail.com>
The 'helm get values' has its own Run() method in the action package.
So, unlike the other 'get' variants, it needs to check for the
reachability of the cluster itself.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
When reporting an incompatible Kubernetes version, due to a version constraint from the kubeVersion field, the error message should report with the correct field name.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
This was a missed update when we updated the k8s libraries. I validated
that this works for CRD installs with v1beta1 and v1
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This blocks a particular error (caused by upstream discovery client),
printing a warning instead of failing. It's not a great solution, but is
a stop-gap until Client-Go gets fixed.
Closes#6361
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
When 'helm3 lint <chart-name>.tar.gz' is run, this will lint Chart.yaml in the package
Closes#6535
Signed-off-by: Kamalashree N <nagaraj.kamalashree@gmail.com>
This is a v3 port of #6612. There have been significant changes due to the way
Helm 3 refactored things. I chose to add the method for getting logs to the
testing client because it seemed like something that someone using Helm
as an SDK might want. It takes a writer because it is more efficient (less
copying) and can write to any sort of buffer desired
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
this was partially fixed in #6430 but the fix only
worked for values without nesting. this PR fixes it.
this is done by doing a deep copy of values rather
than a top level keys copy. deep copy ensures
values are not mutated during coalesce()
execution which leads to bugs like #6659
the deep copy code has been copied from:
https://gist.github.com/soroushjp/0ec92102641ddfc3ad5515ca76405f4d
which is in turn inspired by this stackoverflow answer:
http://stackoverflow.com/a/28579297/1366283
Signed-off-by: Karuppiah Natarajan <karuppiah7890@gmail.com>
This package mainly exists to workaround an issue in Go
where the serializer doesn't omit an empty value for time:
https://github.com/golang/go/issues/11939. This replaces all
release and hook object time references with the new time package
so things actually marshal correctly
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
The recent init action config switched the order of how variables get bound
and where. This led to the namespace variable not being propagated down into
the calls to kubernetes.
Co-authored-by: Matthew Fisher <matt.fisher@microsoft.com>
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This is a port of #5392. It also takes care of the small chore to update the default k8s
version to 1.16, which is the latest supported version
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
There were two different methods and varying ways to output the status of a release.
This standardizes all of the outputs, but requires a breaking change. Output will
not perfectly match previous v3 output, and we had to break the printing function
in the `action` package, but now things are much more standardized.
Fixes#6238
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Kubernetes updated to 1.16.1
* SemVer and Sprig updated to latest releases that leverage go
modules
* Tests and checks updated. These already landed in v2 via PR 6457
Signed-off-by: Matt Farina <matt@mattfarina.com>
Currently, if using the --atomic flag or deleting a release that failed due to an already existing
resource, Helm will deleting those resources that aren't managed by it. This PR fixes the issue
by checking for pre-existing resources during install and upgrade. This is done as a validation
step so the release will not even be started if resources currently exist. This PR is inspired by
@xchapter7x's work in #3477.
This also fixes a small bug in upgrade where deletes fail if the resource was already deletes
Fixes#6407
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Port Helm 2 PR 4088 to Helm 3
Not a direct port as is but refactored for Helm 3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update unit test to test string retunred for different order
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
As part of this port, I removed some now superfluous code from the `action` package.
This is technically a breaking change, but since the package was introduced in v3, it
is highly unlikely anyone is using it and we are still within the beta window.
Also closes#6437
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
we want to force a cache invalidation to ensure that the Capabilities object always has the latest information from the server (Kubernetes server version, available API versions, etc). `kubectl version` forces a cache invalidation every time it's invoked, so this seems like a safe change that is identical to kubectl's behaviour.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
This ports the functionality of cleanup on fail to v3 as introduced in #4871. This has been tested manually
and would be a good candidate for a new acceptance test.
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* fix: clear the discovery cache after CRDs are installed
This fixes an issue in which a chart could not contain both a CRD and an instance of that CRD. It works around a stale cache by force cache invalidation whenever a CRD is added.
Closes#6316
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: wait for CRD to register before allowing CRDs to be installed
This fixes an issue with the previous version of this patch in which the CRD would not be available quickly enough.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* feat: use Wait() to wait for CRDs to be ready
This forward-ports the CRD wait logic to Helm 3, and then uses that to wait for CRDs to be registered.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* ref: moved the scheme modification to an appropriate place.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: turned warnings into fatal errors, fixed spelling, clear cache once
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Have fixed a minor error in the lint action that was causing Error
messages from linting chart getting added to the returned results
multiple times.
Signed-off-by: Thomas O'Donnell <andy.tom@gmail.com>
Also:
* add --insecure flag to "registry login"
* fix bug parsing correct tag when port number present
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
* allow repository config via cli
* make `helm repo add` create repo config file if it does not exist
* squash a ton of bugs
Signed-off-by: Adam Reese <adam@reese.io>
Go 1.12.8 introduced some breaking fixes (see 3226f2d492)
for a CVE. This broke the way we were doing registry reference parsing.
This removes the call to the containerd libraries in favor of our own
parsing and adds additional unit tests
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
No more magic separating the metadata from chart tarball - charts are
pushed to registry as a single tarball layer with Chart.yaml in tact.
No more fragile custom symlink chart storage, now following
the OCI Image Layout Specification for chart filesystem cache.
Also:
- Update to ORAS 0.6.0
- Simplify registry client setup with NewClientWithDefaults()
- Remove needless annotations and constants
Fixes#6068Fixes#6141
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
These packages are generally used only for logic inside of Helm and
can later be re-exported as needed
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
The adds the -d flag to "helm chart export" to save chart to different
directory.
Also, allow loading with "helm chart save" from both dir and tarball, as
well as make expirimental error more copy-paste friendly.
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
This adds a new `gates` package used for interacting with feature gates. It also marks the OCI registry work as experimental, signalling to users that it is not a stable feature of Helm.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
This updates commands install, upgrade, delete, and test to share the
same implementation for hook execution.
BREAKING CHANGES:
- The `test-failure` hook annotation is removed.
Signed-off-by: Jacob LeGrone <git@jacob.work>
This changes most of the KubeClient interface to only ever build objects once and
then pass in everything as lists of resources. As a consequence, we needed to refactor
several of the actions. I took the opportunity to refactor out some duplicated
code while I was in the same area
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This feature flag allows `helm template` to be used against a live cluster. Some charts need CRDs to be applied to the cluster before calling `helm install`. This allows users to validate their templates will render with those resources set.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
This restores the ability to pass in parameters at runtime to the
ChartDownloader, enabling users to pass in parameters like the --username
and --password flags.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
This commit replaces usage of github.com/ghodss/yaml with it's forked
version maintained by SIG community. The replaced library has
low-to-none support activity unlike the latter. We believe the new
Helm branch could benefit from using the community-supported version on
a long-term run as yaml parser is a key component of Helm chart rendering
engine.
This commit locks sigs.k8s.io/yaml dependency version on 1.1.0 which
is backwards compatible with ghodss/yaml 1.0.0.
This change also resolves the outdated dependency version lock for
ghodss/yaml (currently 1.0.0) and makes it possible to port changes from
https://github.com/helm/helm/pull/6010 to dev-v3.
Signed-off-by: Oleg Sidorov <oleg.sidorov@booking.com>
In my previous PR, I did not notice that the wait functionality had been completely removed
from the actions. This restores wait functionality to upgrade and rollback
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
instead of hard-coding the parameters being passed in the constructor, we should pass in an Options struct that can be used to pass in those parameters.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* move the main interface to it's own file
* removed summarizeKeptManifests() which was the last place kube.Get()
was called
* when polling for hooks, use external types
* refactor out legacyschema
* refactor detecting selectors from object
* refactor creating test client
Signed-off-by: Adam Reese <adam@reese.io>
* Add the Schema type and a function to read it
* Added a function to read a schema from a file
* Check that values.yaml matches schema
This commit uses the gojsonschema package to validate a values.yaml file
against a corresponding values.schema.yaml file.
* Add functionality to generate a schema from a values.yaml
* Add Schema to Chart and loader
* Clean up implementation in chartutil
* Add tests for helm install with schema
* Add schema validation to helm lint
* Clean up "matchSchema"
* Modify error output
* Add documentation
* Fix a linter issue
* Fix a test that broke during a rebase
* Clean up documentation
* Specify JSONSchema spec
Since JSONSchema is still in a draft state as of this commit, we need to
specify a particular version of the JSONSchema spec
* Switch to using builtin functionality for file extensions
* Switch to using a third-party library for JSON conversion
* Use the constants from the gojsonschema package
* Updates to unit tests
* Minor change to avoid string cast
* Remove JSON Schema generation
* Change Schema type from map[string]interface{} to []byte
* Convert all Schema YAML to JSON
* Fix some tests that were broken by a rebase
* Fix up YAML/JSON conversions
* This checks subcharts for schema validation
The final coalesced values for a given chart will be validated against
that chart's schema, as well as any dependent subchart's schema
* Add unit tests for ValidateAgainstSchema
* Remove nonessential test files
* Remove a misleading unit test
The TestReadSchema unit test was simply testing the ReadValues function,
which is already being validated in the TestReadValues unit test
* Update documentation to reflect changes to subchart schemas
Most users want to see the release name and the namespace it was deployed to,
as those are the unique identifiers where the release is stored. I also added
integration tests for `helm list` to better test the command output.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
Make template specific functions private to ensure they not misused and
make unit tests simpler. We may export the template helpers later if
needed.
This lays the foundation for the new chart pipeline.
Signed-off-by: Adam Reese <adam@reese.io>
* Remove helmVersion constraint from charts
* Guard compile time set variables behind `internal/`
* Allow configuration of UserAgent for HTTPGetter
Signed-off-by: Adam Reese <adam@reese.io>
* feat: add pkg/action to encapsulate action logic
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* feat: replace client/server internals with action package
While we removed Tiller, we left the internal client/server architecture mostly intact. This replaces that architecture with the `pkg/action` package.
This implements the action package for list, but nothing else.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* feat: Add install and refactor some tests
This adds install to the action package, and then fixes up a lot of testing.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: Move a bunch of sorters to the releaseutils package
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: updated APIs and fixed a failed test
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* Use var for timestamper, instead of adding as a struct field
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>