Truncate release name to 27 characters and resource name to 63

chart/templates/_helpers.tpl

@@ -7,7 +7,7 @@
 Expand the name of the chart.
 */}}
 {{- define "vso.chart.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- default .Chart.Name .Values.nameOverride | trunc 27 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
@@ -17,13 +17,13 @@ If release name contains chart name it will be used as a full name.
 */}}
 {{- define "vso.chart.fullname" -}}
 {{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- .Values.fullnameOverride | trunc 27 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- .Release.Name | trunc 27 | trimSuffix "-" }}
 {{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-%s" .Release.Name $name | trunc 27 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}

chart/templates/default-transit-auth-method.yaml

@@ -7,7 +7,7 @@
 apiVersion: secrets.hashicorp.com/v1beta1
 kind: VaultAuth
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-default-transit-auth
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "default-transit-auth" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
     control-plane: controller-manager
@@ -20,7 +20,7 @@ spec:
   namespace: {{ .Values.controller.manager.clientCache.storageEncryption.namespace }}
   method: {{ .Values.controller.manager.clientCache.storageEncryption.method }}
   mount: {{ .Values.controller.manager.clientCache.storageEncryption.mount }}
-  {{- $kubeServiceAccount := .Values.controller.manager.clientCache.storageEncryption.kubernetes.serviceAccount | default (printf "%s-controller-manager" (include "vso.chart.fullname" .)) -}}
+  {{- $kubeServiceAccount := .Values.controller.manager.clientCache.storageEncryption.kubernetes.serviceAccount | default (printf "%s-controller-manager" (include "vso.chart.fullname" .)) | trunc 63 | trimSuffix "-" -}}
   {{- include "vso.vaultAuthMethod" (list .Values.controller.manager.clientCache.storageEncryption $kubeServiceAccount . ) }}
   storageEncryption:
     keyName: {{ .Values.controller.manager.clientCache.storageEncryption.keyName }}

chart/templates/deployment.yaml

@@ -6,7 +6,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-controller-manager
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
   {{- include "vso.chart.labels" . | nindent 4 }}
@@ -15,7 +15,7 @@ metadata:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-controller-manager
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
     control-plane: controller-manager
@@ -115,7 +115,7 @@ spec:
           name: podinfo
       securityContext:
         {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
-      serviceAccountName: {{ include "vso.chart.fullname" . }}-controller-manager
+      serviceAccountName: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }}
       terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
       {{- if .Values.controller.hostAliases }}
       hostAliases:
@@ -147,7 +147,7 @@ spec:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-pre-delete-controller-cleanup
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "pre-delete-controller-cleanup" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
   {{- include "vso.chart.labels" . | nindent 4 }}
@@ -159,9 +159,9 @@ metadata:
 spec:
   template:
     metadata:
-      name: {{ include "vso.chart.fullname" . }}-pre-delete-controller-cleanup
+      name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "pre-delete-controller-cleanup" | trunc 63 | trimSuffix "-" }}
     spec:
-      serviceAccountName: {{ include "vso.chart.fullname" . }}-controller-manager
+      serviceAccountName: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }}
       securityContext:
         {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
       containers:

chart/templates/leader-election-rbac.yaml

@@ -6,7 +6,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-leader-election-role
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "leader-election-role" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: controller-manager
@@ -47,16 +47,16 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-leader-election-rolebinding
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "leader-election-rolebinding" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: controller-manager
   {{- include "vso.chart.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: '{{ include "vso.chart.fullname" . }}-leader-election-role'
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "leader-election-role" | trunc 63 | trimSuffix "-" }}
 subjects:
 - kind: ServiceAccount
-  name: '{{ include "vso.chart.fullname" . }}-controller-manager'
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}

chart/templates/manager-config.yaml

@@ -6,7 +6,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-manager-config
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-config" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: controller-manager

chart/templates/manager-rbac.yaml

@@ -5,7 +5,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-manager-role
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-role" | trunc 63 | trimSuffix "-" }}
   labels:
     app.kubernetes.io/component: controller-manager
   {{- include "vso.chart.labels" . | nindent 4 }}
@@ -268,15 +268,15 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-manager-rolebinding
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-rolebinding" | trunc 63 | trimSuffix "-" }}
   labels:
     app.kubernetes.io/component: controller-manager
   {{- include "vso.chart.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: '{{ include "vso.chart.fullname" . }}-manager-role'
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "manager-role" | trunc 63 | trimSuffix "-" }}
 subjects:
 - kind: ServiceAccount
-  name: '{{ include "vso.chart.fullname" . }}-controller-manager'
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}

chart/templates/metrics-reader-rbac.yaml

@@ -6,7 +6,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-metrics-reader
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "metrics-reader" | trunc 63 | trimSuffix "-" }}
   labels:
     app.kubernetes.io/component: controller-manager
   {{- include "vso.chart.labels" . | nindent 4 }}

chart/templates/metrics-service.yaml

@@ -6,7 +6,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-metrics-service
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "metrics-service" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: controller-manager

chart/templates/prometheus-servicemonitor.yaml

@@ -8,7 +8,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-controller-manager-metrics-monitor
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager-metrics-monitor" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}
   labels:
     control-plane: controller-manager

chart/templates/proxy-rbac.yaml

@@ -6,7 +6,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-proxy-role
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "proxy-role" | trunc 63 | trimSuffix "-" }}
   labels:
     app.kubernetes.io/component: controller-manager
   {{- include "vso.chart.labels" . | nindent 4 }}
@@ -27,15 +27,15 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "vso.chart.fullname" . }}-proxy-rolebinding
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "proxy-rolebinding" | trunc 63 | trimSuffix "-" }}
   labels:
     app.kubernetes.io/component: controller-manager
   {{- include "vso.chart.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: '{{ include "vso.chart.fullname" . }}-proxy-role'
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "proxy-role" | trunc 63 | trimSuffix "-" }}
 subjects:
 - kind: ServiceAccount
-  name: '{{ include "vso.chart.fullname" . }}-controller-manager'
+  name: {{ printf "%s-%s" (include "vso.chart.fullname" .) "controller-manager" | trunc 63 | trimSuffix "-" }}
   namespace: {{ .Release.Namespace }}

test/unit/default-transit-auth-method.bats

@@ -35,7 +35,7 @@ load _helpers
         . | tee /dev/stderr)
 
     actual=$(echo "$object" | yq '.spec.kubernetes.serviceAccount' | tee /dev/stderr)
-    [ "${actual}" = "release-name-vault-secrets-operator-controller-manager" ]
+    [ "${actual}" = "release-name-vault-secrets-controller-manager" ]
 }
 
 @test "defaultTransitAuthMethod/CR: default vaultConnectionRef is used by default" {
@@ -58,7 +58,7 @@ load _helpers
         . | tee /dev/stderr)
 
     local actual=$(echo "$object" | yq '.metadata.name' | tee /dev/stderr)
-    [ "${actual}" = "release-name-vault-secrets-operator-default-transit-auth" ]
+    [ "${actual}" = "release-name-vault-secrets-default-transit-auth" ]
     actual=$(echo "$object" | yq '.metadata.namespace' | tee /dev/stderr)
     [ "${actual}" = "default" ]
 
@@ -67,7 +67,7 @@ load _helpers
     actual=$(echo "$object" | yq '.spec.mount' | tee /dev/stderr)
     [ "${actual}" = "kubernetes" ]
     actual=$(echo "$object" | yq '.spec.kubernetes.serviceAccount' | tee /dev/stderr)
-    [ "${actual}" = "release-name-vault-secrets-operator-controller-manager" ]
+    [ "${actual}" = "release-name-vault-secrets-controller-manager" ]
 }
 
 @test "defaultTransitAuthMethod/CR: settings can be modified for kubernetes auth method" {
@@ -122,7 +122,7 @@ load _helpers
         . | tee /dev/stderr)
 
     local actual=$(echo "$object" | yq '.metadata.name' | tee /dev/stderr)
-    [ "${actual}" = "release-name-vault-secrets-operator-default-transit-auth" ]
+    [ "${actual}" = "release-name-vault-secrets-default-transit-auth" ]
     actual=$(echo "$object" | yq '.metadata.namespace' | tee /dev/stderr)
     [ "${actual}" = "default" ]
 

test/unit/deployment.bats

@@ -24,6 +24,61 @@ load _helpers
   [ "${actual}" = "2" ]
 }
 
+#--------------------------------------------------------------------
+# resource names
+
+@test "controller/Deployment: resource names are correct when release name is short" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/deployment.yaml  \
+      --set fullnameOverride=foo \
+      . | tee /dev/stderr)
+
+  # ServiceAccount
+  local object=$(echo "$actual" | yq 'select(.kind == "ServiceAccount") .metadata.name' | tee /dev/stderr)
+  [ "${object}" = "foo-controller-manager" ]
+
+  # Deployment
+  object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .metadata.name' | tee /dev/stderr)
+  [ "${object}" = "foo-controller-manager" ]
+  object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .spec.template.spec.serviceAccountName' | tee /dev/stderr)
+  [ "${object}" = "foo-controller-manager" ]
+
+  # Pre-Delete Job
+  object=$(echo "$actual" | yq 'select(.kind == "Job") .metadata.name' | tee /dev/stderr)
+  [ "${object}" = "foo-pre-delete-controller-cleanup" ]
+  object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.metadata.name' | tee /dev/stderr)
+  [ "${object}" = "foo-pre-delete-controller-cleanup" ]
+  object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.spec.serviceAccountName' | tee /dev/stderr)
+  [ "${object}" = "foo-controller-manager" ]
+}
+
+@test "controller/Deployment: resource names are correct when release name is >30 chars" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/deployment.yaml  \
+      --set fullnameOverride=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz \
+      . | tee /dev/stderr)
+
+  # ServiceAccount
+  local object=$(echo "$actual" | yq 'select(.kind == "ServiceAccount") .metadata.name' | tee /dev/stderr)
+  [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ]
+
+  # Deployment
+  object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .metadata.name' | tee /dev/stderr)
+  [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ]
+  object=$(echo "$actual" | yq 'select(.kind == "Deployment" and .metadata.labels."control-plane" == "controller-manager") .spec.template.spec.serviceAccountName' | tee /dev/stderr)
+  [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ]
+
+  # Pre-Delete Job
+  object=$(echo "$actual" | yq 'select(.kind == "Job") .metadata.name' | tee /dev/stderr)
+  [ "${object}" = "abcdefghijklmnopqrstuvwxyza-pre-delete-controller-cleanup" ]
+  object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.metadata.name' | tee /dev/stderr)
+  [ "${object}" = "abcdefghijklmnopqrstuvwxyza-pre-delete-controller-cleanup" ]
+  object=$(echo "$actual" | yq 'select(.kind == "Job") .spec.template.spec.serviceAccountName' | tee /dev/stderr)
+  [ "${object}" = "abcdefghijklmnopqrstuvwxyza-controller-manager" ]
+}
+
 #--------------------------------------------------------------------
 # resources
 

test/unit/helpers.bats

@@ -8,13 +8,13 @@ load _helpers
 # These tests use test-runner.yaml to test the chart.fullname helper
 # since we need an existing template that calls the chart.fullname helper.
 
-@test "helper/chart.fullname: defaults to release-name-vault-secrets-operator-test" {
+@test "helper/chart.fullname: defaults to release-name-vault-secrets-test" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/tests/test-runner.yaml \
       . | tee /dev/stderr |
       yq -r '.metadata.name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-vault-secrets-operator-test" ]
+  [ "${actual}" = "release-name-vault-secrets-test" ]
 }
 
 @test "helper/chart.fullname: fullnameOverride overrides the name" {
@@ -27,14 +27,14 @@ load _helpers
   [ "${actual}" = "override-test" ]
 }
 
-@test "helper/chart.fullname: fullnameOverride is truncated to 63 chars" {
+@test "helper/chart.fullname: fullnameOverride is truncated to 27 chars" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/tests/test-runner.yaml \
       --set fullnameOverride=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz \
       . | tee /dev/stderr |
       yq -r '.metadata.name' | tee /dev/stderr)
-  [ "${actual}" = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk-test" ]
+  [ "${actual}" = "abcdefghijklmnopqrstuvwxyza-test" ]
 }
 
 @test "helper/chart.fullname: fullnameOverride has trailing '-' trimmed" {