Skip to content
Permalink
Browse files
fix(bundles): fix subcharts dependencies not published, and excess fi…
…les published into the bundle

* Only publish builtin helm chart files such as README.md, values.schema.json, LICENSE etc.

* Do not publish arbitrary files from .helm dir, because these could contain custom secret-values and other unnecessary files

* Do publish .helm/charts/CHART dir content in the case when CHART specified as a local dependency

Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
  • Loading branch information
distorhead committed Oct 12, 2022
1 parent f3f5817 commit fd15dddb43bb62a74198174ef3d2f3d22aabcc94
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 17 deletions.
@@ -7,6 +7,7 @@ import (
"io/ioutil"
"os"
"path/filepath"
"strings"
"text/template"

"helm.sh/helm/v3/pkg/chart"
@@ -223,3 +224,34 @@ func readBundleJsonMap(path string) (map[string]string, error) {
return res, nil
}
}

var (
AllowedBundleChartFiles = []string{
"Chart.yaml",
"LICENSE",
"README.md",
"values.yaml",
"values.schema.json",
}
AllowedBundleChartDirs = []string{
"charts/",
"crds/",
"templates/",
}
)

func CheckBundlePathAllowed(path string) bool {
for _, p := range AllowedBundleChartFiles {
if p == path {
return true
}
}

for _, d := range AllowedBundleChartDirs {
if strings.HasPrefix(path, d) {
return true
}
}

return false
}
@@ -7,6 +7,7 @@ import (
"io/ioutil"
"os"
"path/filepath"
"strings"
"text/template"

"github.com/mitchellh/copystructure"
@@ -329,36 +330,47 @@ func (wc *WerfChart) CreateNewBundle(ctx context.Context, destDir, chartVersion
}

for _, f := range wc.HelmChart.Templates {
p := filepath.Join(destDir, f.Name)
dir := filepath.Dir(p)

if err := os.MkdirAll(dir, os.ModePerm); err != nil {
return nil, fmt.Errorf("error creating dir %q: %w", dir, err)
if err := writeChartFile(ctx, destDir, f.Name, f.Data); err != nil {
return nil, fmt.Errorf("error writing chart template: %w", err)
}
}

if err := ioutil.WriteFile(p, append(f.Data, []byte("\n")...), os.ModePerm); err != nil {
return nil, fmt.Errorf("unable to write %q: %w", p, err)
for _, f := range wc.HelmChart.Files {
if !CheckBundlePathAllowed(f.Name) {
continue
}
if err := writeChartFile(ctx, destDir, f.Name, f.Data); err != nil {
return nil, fmt.Errorf("error writing miscellaneous chart file: %w", err)
}
}

for _, f := range wc.HelmChart.Files {
p := filepath.Join(destDir, f.Name)
dir := filepath.Dir(p)
for _, dep := range wc.HelmChart.Metadata.Dependencies {
var depPath string

if err := os.MkdirAll(dir, os.ModePerm); err != nil {
return nil, fmt.Errorf("error creating dir %q: %w", dir, err)
switch {
case dep.Repository == "":
depPath = filepath.Join("charts", dep.Name)
case strings.HasPrefix(dep.Repository, "file://"):
depPath = strings.TrimPrefix(dep.Repository, "file://")
default:
continue
}

if err := ioutil.WriteFile(p, append(f.Data, []byte("\n")...), os.ModePerm); err != nil {
return nil, fmt.Errorf("unable to write %q: %w", p, err)
for _, f := range wc.HelmChart.Raw {
if strings.HasPrefix(f.Name, depPath) {
if err := writeChartFile(ctx, destDir, f.Name, f.Data); err != nil {
return nil, fmt.Errorf("error writing subchart file: %w", err)
}
}
}
}

if wc.HelmChart.Schema != nil {
schemaFile := filepath.Join(destDir, "values.schema.json")
if data, err := json.Marshal(wc.HelmChart.Schema); err != nil {
return nil, fmt.Errorf("unable to prepare values.schema.json data: %w", err)
} else if err := ioutil.WriteFile(schemaFile, append(data, []byte("\n")...), os.ModePerm); err != nil {
if err := writeChartFile(ctx, destDir, "values.schema.json", wc.HelmChart.Schema); err != nil {
return nil, fmt.Errorf("error writing chart values schema: %w", err)
}
if err := ioutil.WriteFile(schemaFile, wc.HelmChart.Schema, os.ModePerm); err != nil {
return nil, fmt.Errorf("unable to write %q: %w", schemaFile, err)
}
}
@@ -380,3 +392,18 @@ func (wc *WerfChart) CreateNewBundle(ctx context.Context, destDir, chartVersion
IgnoreInvalidAnnotationsAndLabels: wc.extraAnnotationsAndLabelsPostRenderer.IgnoreInvalidAnnotationsAndLabels,
})
}

func writeChartFile(ctx context.Context, destDir, fileName string, fileData []byte) error {
p := filepath.Join(destDir, fileName)
dir := filepath.Dir(p)

logboek.Context(ctx).Debug().LogF("Writing chart file %q\n", p)

if err := os.MkdirAll(dir, os.ModePerm); err != nil {
return fmt.Errorf("error creating dir %q: %w", dir, err)
}
if err := ioutil.WriteFile(p, fileData, os.ModePerm); err != nil {
return fmt.Errorf("unable to write %q: %w", p, err)
}
return nil
}

0 comments on commit fd15ddd

Please sign in to comment.