When --skip-schema-validation is set, any schema contain in the helm chart is ignored. Defaults to 'false'.
Closes#10398
Signed-off-by: anessi <16045045+anessi@users.noreply.github.com>
Test to check deprecation warnings on resource templates that are
created by `helm create` against the latest Kubernetes version. This
test is run in a separate Makefile command to avoid failing other unit
tests configured to run with a specific Kubernetes version(s).
For resources that are disabled by default (like hpa and ingress),
to avoid skipping them from the helm linter test, they are enabled in
the test.
Fixes#11495
Signed-off-by: Bhargav Ravuri <bhargav.ravuri@infracloud.io>
Noteis:
1. This moves golangci scanning to a GitHub action. This will
enable inline pointers to issues in the PR where linting fails.
2. Go 1.21 is specified in the go.mod because Kubernetes libs
require it.
3. The lint issues were removed. Some were fixed while others
were handled by skipping linting or using _ as an argument.
Many of these can be refactored later for better cleanup.
Signed-off-by: Matt Farina <matt.farina@suse.com>
This commit replaces `ensure.TempDir` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.
Prior to this commit, temporary directory created using `ensure.TempDir`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
defer func() {
if err := os.RemoveAll(dir); err != nil {
t.Fatal(err)
}
}
is also tedious, but `t.TempDir` handles this for us nicely.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Some charts don't need a templates directory. The warning appears to originate back when helm expected all charts to contain templates. In CI situations where linting is performed with --strict the lint warning causes unneccessary failures for charts that quite legitimately do not contain a templates directory.
As discussed in #8033 there are no longer any scenarios understood where this warning is helpful so this commit removes it.
Signed-off-by: James Blair <mail@jamesblair.net>
First, some notes about priority and how some code flow works.
For Helm handling values, the expected order of precidence is:
1. User specified values (e.g CLI)
2. Imported values
3. Parent chart values
4. Subchart values
Helm handles dependency values slightly differently. If there are dependencies
in the charts folder that are not marked as dependencies all of the values,
including nil values, are pulled in. If those charts are listed as a
dependency in the Chart.yaml file than they are processed for import handling.
Prior to the changes here, it caused nil values at the top level to NOT remove
values specified.
The changes:
1. The order of priority was chagned from the list above. Parnet chart values
would override specifically imported values. This is due to a change from
just over a year ago that introduced a bug. That was undone by changing the
precidence when maps were merged.
2. To handle merging while retaining the nil values, which was causing
inconsistent behavior, a new set of Merge functions were introduced. These
functions are just like coalesce except that they DO NOT remove nil/null values.
The new functions are used in a backward compatible manner meaning some new
functions were introduced that called them.
Specific issues fixed (that are known):
Closes#9027
Can now delete subkeys from charts when specified in the parent. This behavior
was previously inconsistent. Sometimes they could be deleted and other times
it did not work. Now it is consistent.
Closes#10899
Imported values (from library or other subcharts) are now used following the
order above.
The previous behavior was inconsistent. import-values using just a string
would import them. When named with a child/parent it did not work if the
parent already had a value. If string and named were mixed the imports
worked if the string happened first but just for the string not the named.
If the named parent/child went first then none of them worked for cases
where the parent already had a value. It was inconsistent and the tests
sometimes mirrored the functionality rather than expected behavior.
Tests for this fall into the sub-packages and are in the template tests
to verify it's happening in the output. Including having values passed
at the CLI as the ultimate highest priority to be used.
This relates to a fix that went in for #9940. The expected values there don't
fit the precedence above where the parent value would override the imported
value. That fix/change introduced more bugs.
Closes#10052
This is the case where imported values using the parent/child designation
just didn't work right. That has been fixed and there are tests. The underlying
issue had to do with the precedence order handling.
Note, a lot of tests were added. Hope we got it more right this time.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Report charts with the following bad dependency specifications as bad charts:
dependencies:
- name: foo
alias: baz # ← baz used twice
version: 1.0.0
- name: bar
alias: baz # ← baz used twice
version: 1.0.0
dependencies:
- name: foo
alias: bar # ← shadows chart below
version: 1.0.0
- name: bar
version: 1.0.0
dependencies:
- name: foo
version: 1.0.0
- name: foo # ← chart with same name as above (although version or repo will be different, this will not work currently)
version: 1.2.3
Closes#9169
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
At this time both Go 1.19 and 1.20 are supported. The version
specified in the go.mod file is the minimum version we expect Helm
to be compiled against. This is the oldest supported version to
support environments where others compile Helm. The Helm project
is using Go 1.20 to build Helm itself.
Updating to Go 1.19 also includes dealing with io/ioutil
deprecation and some additional linting issues around staticcheck.
All the staticcheck issues were in test files so linting was
skipped for those.
Signed-off-by: Matt Farina <matt.farina@suse.com>
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
This bug came about because of three issues that this change
corrects:
- The CI scripts run on a pull request did not test building
Helm. This means that a failure to set a variable using LDFLAGS
had no opportunity to be caught.
- #8608 provided a means to match the k8s version used in linting
and chartutil with the version of the package we pull in. With
one problem. It attempts to set a const as if it were a string.
This is ignored and everyone missed it.
- #10325 moved those constants to vars so it could be set. This
looked good and passed tests but missed that you can't set an
int as if it were a string. See first bullet.
This change fixes this by moved the internal representation to
be a string. These are internal variables not exposed in the public
API which makes this change non-breaking to the API.
Closes#10367
Signed-off-by: Matt Farina <matt.farina@suse.com>
When running helm lint, import-values for dependencies are ignored,
also added test for linting chart with import-values
Closes#9658
Signed-off-by: Stuart Drennan <stuart.drennan@gmail.com>
The 'helm.sh/resource-policy' annotation is only supported on top level
objects. The annotation is ignored if given on a nested object within a
list.
Ref #9829
Signed-off-by: Adam Reese <adam@reese.io>
Signed-off-by: Simon Croome <simon@croome.org>
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
Signed-off-by: Simon Croome <simon.croome@storageos.com>
* Reduce linting severity for users of out-of-date kubernetes
Fixes#8596
Signed-off-by: Joe Julian <me@joejulian.name>
* add more verbose deprecation info
Signed-off-by: Joe Julian <me@joejulian.name>
* use new upstream deprecations
Signed-off-by: Joe Julian <me@joejulian.name>
* do not error for custom resources
Signed-off-by: Joe Julian <me@joejulian.name>
* Define deprecation version in lint rules by LDFLAG
Signed-off-by: Joe Julian <me@joejulian.name>
* make comment clearer
Signed-off-by: Joe Julian <me@joejulian.name>
* Extend the k8s version discovery and constants to chartutil
Signed-off-by: Joe Julian <me@joejulian.name>
* remove awk dependency
Signed-off-by: Joe Julian <me@joejulian.name>
* align k8s version constant names between capabilities.go and deprecations.go
Signed-off-by: Joe Julian <me@joejulian.name>
* show the error if the unexpected happens
Signed-off-by: Joe Julian <me@joejulian.name>
* bump k8sVersionMinor and golden chart templates for k8s 1.20
Signed-off-by: Joe Julian <me@joejulian.name>
* bump for tests to match 1.20.1
Signed-off-by: Joe Julian <me@joejulian.name>
* add output to get debug info on linter failing
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* trap cases where the YAML indent is incorrect.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
When the engine stored templates in the map the keys were generated
based on path and not filepath. filepath was being used in the linter
when retrieving content from the keys. On Windows the keys ended up
being different.
This change is to use path joins to create the lookup key. Since the
name path was used in the code it needed to be changed in order to
import the package.
Tests already exist and were failing on windows. This got in because
CI is not run on Windows.
Closes#6418
Signed-off-by: Matt Farina <matt@mattfarina.com>
Since Tiller is no longer part of Helm v3, internal documentation
language about Tiller can be removed
Signed-off-by: Matt Farina <matt@mattfarina.com>
* fix: make the linter coalesce the passed-in values before running values tests
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fixed typo
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Add api group:
- apiextensions.k8s.io/v1beta1
- rbac.authorization.k8s.io/v1alpha1
Also, some kinds moved from extensions/v1 to extensions/v1beta1
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* fix: add new static linter and fix issues it found
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fixed two additional linter errors.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Fixes#5733
This adds two specific checks. A warning if a chart has a `crd-install` hook
and an error if the chart contains `.Release.Time`. Further checks can be added
down the road as needed using the same pattern I use here
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Kubernetes updated to 1.16.1
* SemVer and Sprig updated to latest releases that leverage go
modules
* Tests and checks updated. These already landed in v2 via PR 6457
Signed-off-by: Matt Farina <matt@mattfarina.com>
This commit replaces usage of github.com/ghodss/yaml with it's forked
version maintained by SIG community. The replaced library has
low-to-none support activity unlike the latter. We believe the new
Helm branch could benefit from using the community-supported version on
a long-term run as yaml parser is a key component of Helm chart rendering
engine.
This commit locks sigs.k8s.io/yaml dependency version on 1.1.0 which
is backwards compatible with ghodss/yaml 1.0.0.
This change also resolves the outdated dependency version lock for
ghodss/yaml (currently 1.0.0) and makes it possible to port changes from
https://github.com/helm/helm/pull/6010 to dev-v3.
Signed-off-by: Oleg Sidorov <oleg.sidorov@booking.com>
Have updated the required filter so that it doesn't break when linting a
chart. This work is based off #4221 and #4748 which didn't make it into
the v3 branch.
Signed-off-by: Thomas O'Donnell <andy.tom@gmail.com>
* Add the Schema type and a function to read it
* Added a function to read a schema from a file
* Check that values.yaml matches schema
This commit uses the gojsonschema package to validate a values.yaml file
against a corresponding values.schema.yaml file.
* Add functionality to generate a schema from a values.yaml
* Add Schema to Chart and loader
* Clean up implementation in chartutil
* Add tests for helm install with schema
* Add schema validation to helm lint
* Clean up "matchSchema"
* Modify error output
* Add documentation
* Fix a linter issue
* Fix a test that broke during a rebase
* Clean up documentation
* Specify JSONSchema spec
Since JSONSchema is still in a draft state as of this commit, we need to
specify a particular version of the JSONSchema spec
* Switch to using builtin functionality for file extensions
* Switch to using a third-party library for JSON conversion
* Use the constants from the gojsonschema package
* Updates to unit tests
* Minor change to avoid string cast
* Remove JSON Schema generation
* Change Schema type from map[string]interface{} to []byte
* Convert all Schema YAML to JSON
* Fix some tests that were broken by a rebase
* Fix up YAML/JSON conversions
* This checks subcharts for schema validation
The final coalesced values for a given chart will be validated against
that chart's schema, as well as any dependent subchart's schema
* Add unit tests for ValidateAgainstSchema
* Remove nonessential test files
* Remove a misleading unit test
The TestReadSchema unit test was simply testing the ReadValues function,
which is already being validated in the TestReadValues unit test
* Update documentation to reflect changes to subchart schemas
Make template specific functions private to ensure they not misused and
make unit tests simpler. We may export the template helpers later if
needed.
This lays the foundation for the new chart pipeline.
Signed-off-by: Adam Reese <adam@reese.io>
* Remove helmVersion constraint from charts
* Guard compile time set variables behind `internal/`
* Allow configuration of UserAgent for HTTPGetter
Signed-off-by: Adam Reese <adam@reese.io>
Justen Stall
Zach Burgess
Matt Farina
anessi
Bhargav Ravuri
Robert Sirchia
Antoine Deschênes
Joe Julian
Matt Farina
Eng Zer Jun
James Blair
Daniel Strobusch
wujunwei
Sverre Boschman
Stuart Drennan
Adam Reese
Martin Hickey
Mark Sagi-Kazar
Adam Reese
Simon Croome
Josh Soref
Matthew Luckam
rimas
Scaat Feng
Nandor Kracser
Christophe VILA
Matt Butcher
Matthew Fisher
Karuppiah Natarajan
Kim Bao Long
Scott Morgan
Taylor Thomas
Vibhav Bobade
Oleg Sidorov
Thomas O'Donnell
Luis Davim
Ian Howell
roc