public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix verify stage for helmfile when use oci as chart (#1661) 

* fix verify stage for helmfile when use oci as chart

Signed-off-by: yxxhero <aiopsclub@163.com>
This commit is contained in:
yxxhero 2024-09-04 08:17:58 +08:00 committed by GitHub
parent 5a48c1d8bb
commit 5ccb35df5a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 161 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
pkg/state/state.go
View File

@ -2579,11 +2579,33 @@ func (st *HelmState) appendExtraSyncFlags(flags []string, opt *SyncOpts) []strin
return flags return flags
} }
// appendVerifyFlags append the --verify flags related to verify
func (st *HelmState) appendVerifyFlags(flags []string, release *ReleaseSpec) []string {
repo, _ := st.GetRepositoryAndNameFromChartName(release.Chart)
switch {
case release.Verify != nil:
// If the release has a verify flag, use it
v := *release.Verify
if v {
flags = append(flags, "--verify")
}
return flags
case repo != nil && repo.Verify:
flags = append(flags, "--verify")
case st.HelmDefaults.Verify:
flags = append(flags, "--verify")
}
return flags
}
// appendKeyringFlags append all the helm command-line flags related to keyring // appendKeyringFlags append all the helm command-line flags related to keyring
func (st *HelmState) appendKeyringFlags(flags []string, release *ReleaseSpec) []string { func (st *HelmState) appendKeyringFlags(flags []string, release *ReleaseSpec) []string {
repo, _ := st.GetRepositoryAndNameFromChartName(release.Chart)
switch { switch {
case release.Keyring != "": case release.Keyring != "":
flags = append(flags, "--keyring", release.Keyring) flags = append(flags, "--keyring", release.Keyring)
case repo != nil && repo.Keyring != "":
flags = append(flags, "--keyring", repo.Keyring)
case st.HelmDefaults.Keyring != "": case st.HelmDefaults.Keyring != "":
flags = append(flags, "--keyring", st.HelmDefaults.Keyring) flags = append(flags, "--keyring", st.HelmDefaults.Keyring)
} }
@ -2642,13 +2664,6 @@ func (st *HelmState) timeoutFlags(release *ReleaseSpec) []string {
func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSpec, workerIndex int, opt *SyncOpts) ([]string, []string, error) { func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSpec, workerIndex int, opt *SyncOpts) ([]string, []string, error) {
flags := st.chartVersionFlags(release) flags := st.chartVersionFlags(release)
if release.Verify != nil && *release.Verify || release.Verify == nil && st.HelmDefaults.Verify {
flags = append(flags, "--verify")
}
flags = st.appendKeyringFlags(flags, release)
if release.EnableDNS != nil && *release.EnableDNS || release.EnableDNS == nil && st.HelmDefaults.EnableDNS { if release.EnableDNS != nil && *release.EnableDNS || release.EnableDNS == nil && st.HelmDefaults.EnableDNS {
flags = append(flags, "--enable-dns") flags = append(flags, "--enable-dns")
} }
@ -2656,6 +2671,12 @@ func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSp
flags = st.appendWaitFlags(flags, release, opt) flags = st.appendWaitFlags(flags, release, opt)
flags = st.appendWaitForJobsFlags(flags, release, opt) flags = st.appendWaitForJobsFlags(flags, release, opt)
// non-OCI chart should be verified here
if !st.IsOCIChart(release.Chart) {
flags = st.appendVerifyFlags(flags, release)
flags = st.appendKeyringFlags(flags, release)
}
flags = append(flags, st.timeoutFlags(release)...) flags = append(flags, st.timeoutFlags(release)...)
if release.Force != nil && *release.Force || release.Force == nil && st.HelmDefaults.Force { if release.Force != nil && *release.Force || release.Force == nil && st.HelmDefaults.Force {
@ -3716,6 +3737,11 @@ func (st *HelmState) getOCIChart(release *ReleaseSpec, tempDir string, helm helm
st.logger.Debugf("chart already exists at %s", chartPath) st.logger.Debugf("chart already exists at %s", chartPath)
} else { } else {
flags := st.chartOCIFlags(release) flags := st.chartOCIFlags(release)
// apprnd flags about keyring and verify
flags = st.appendVerifyFlags(flags, release)
flags = st.appendKeyringFlags(flags, release)
err := helm.ChartPull(qualifiedChartName, chartPath, flags...) err := helm.ChartPull(qualifiedChartName, chartPath, flags...)
if err != nil { if err != nil {
return nil, err return nil, err
@ -3737,6 +3763,19 @@ func (st *HelmState) getOCIChart(release *ReleaseSpec, tempDir string, helm helm
return &chartPath, nil return &chartPath, nil
} }
// IsOCIChart returns true if the chart is an OCI chart
func (st *HelmState) IsOCIChart(chart string) bool {
if strings.HasPrefix(chart, "oci://") {
return true
}
repo, _ := st.GetRepositoryAndNameFromChartName(chart)
if repo == nil {
return false
}
return repo.OCI
}
func (st *HelmState) getOCIQualifiedChartName(release *ReleaseSpec, helm helmexec.Interface) (qualifiedChartName, chartName, chartVersion string, err error) { func (st *HelmState) getOCIQualifiedChartName(release *ReleaseSpec, helm helmexec.Interface) (qualifiedChartName, chartName, chartVersion string, err error) {
chartVersion = "latest" chartVersion = "latest"
if release.Version != "" { if release.Version != "" {

115
pkg/state/state_test.go
View File

@ -4088,3 +4088,118 @@ func TestHelmState_chartOCIFlags(t *testing.T) {
}) })
} }
} }
func TestIsOCIChart(t *testing.T) {
cases := []struct {
st *HelmState
chart string
expected bool
}{
{&HelmState{}, "oci://myrepo/mychart", true},
{&HelmState{}, "oci://myrepo/mychart:1.0.0", true},
{&HelmState{}, "myrepo/mychart", false},
{&HelmState{}, "myrepo/mychart:1.0.0", false},
{
&HelmState{
ReleaseSetSpec: ReleaseSetSpec{
Repositories: []RepositorySpec{
{
Name: "ocirepo",
URL: "ocirepo.com",
OCI: true,
},
},
},
},
"ocirepo/chart",
true,
},
{
&HelmState{
ReleaseSetSpec: ReleaseSetSpec{
Repositories: []RepositorySpec{
{
Name: "nonocirepo",
URL: "nonocirepo.com",
},
},
},
},
"nonocirepo/chart",
false,
},
}
for _, c := range cases {
actual := c.st.IsOCIChart(c.chart)
if actual != c.expected {
t.Errorf("IsOCIChart(%s) = %t; expected %t", c.chart, actual, c.expected)
}
}
}
func TestAppendVerifyFlags(t *testing.T) {
st := &HelmState{}
tests := []struct {
name string
repo []RepositorySpec
helmDefaults HelmSpec
release *ReleaseSpec
expected []string
}{
{
name: "Release with true verify flag",
release: &ReleaseSpec{Verify: boolValue(true)},
repo: nil,
helmDefaults: HelmSpec{},
expected: []string{"--verify"},
},
{
name: "Release with false verify flag",
release: &ReleaseSpec{Verify: boolValue(false)},
repo: nil,
helmDefaults: HelmSpec{},
expected: []string(nil),
},
{
name: "Repository with verify flag",
helmDefaults: HelmSpec{},
repo: []RepositorySpec{
{
Name: "myrepo",
Verify: true,
},
},
release: &ReleaseSpec{
Chart: "myrepo/mychart",
},
expected: []string{"--verify"},
},
{
name: "Helm defaults with verify flag",
repo: nil,
helmDefaults: HelmSpec{
Verify: true,
},
release: &ReleaseSpec{},
expected: []string{"--verify"},
},
{
name: "No verify flag",
repo: nil,
helmDefaults: HelmSpec{},
release: &ReleaseSpec{},
expected: []string(nil),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
st.ReleaseSetSpec.Repositories = tt.repo
st.ReleaseSetSpec.HelmDefaults = tt.helmDefaults
flags := st.appendVerifyFlags(nil, tt.release)
assert.Equal(t, tt.expected, flags)
})
}
}