From 87d6789d4a3e489c25ccd3680b733b222fa3c0fa Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Wed, 20 Nov 2024 08:35:48 -0800 Subject: [PATCH] server: fix config templating (#1073) * server: fix templated server config for HCL and JSON * reformat some of the config tests so they run locally on macos --- CHANGELOG.md | 6 +++ templates/_helpers.tpl | 4 +- test/unit/server-configmap.bats | 74 ++++++++++++++++++++++++--------- 3 files changed, 62 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06a5dc3b0..17bfb5d46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,13 @@ ## Unreleased +Bugs: +* server: restore support for templated config [GH-1073](https://github.com/hashicorp/vault-helm/pull/1073) + ## 0.29.0 (November 7, 2024) +KNOWN ISSUES: +* Template support in server config stopped working [GH-1072](https://github.com/hashicorp/vault-helm/issues/1072) + Changes: * Default `vault` version updated to 1.18.1 diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2f90ecbdc..255d2e88a 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -1091,7 +1091,7 @@ config file from values {{- $type := typeOf $config -}} {{- if eq $type "string" -}} {{/* Vault supports both HCL and JSON as its configuration format */}} -{{- $json := $config | fromJson -}} +{{- $json := tpl $config . | fromJson -}} {{/* Helm's fromJson does not behave according to the corresponding sprig function nor Helm docs, which claim that it should return empty string on invalid JSON, it actually returns @@ -1109,6 +1109,6 @@ https://github.com/helm/helm/blob/50c22ed7f953fadb32755e5881ba95a92da852b2/pkg/e {{- else }} {{- fail "structured server config is not supported, value must be a string"}} {{- end }} -{{- $config | nindent 4 | trim }} +{{- tpl $config . | nindent 4 | trim }} {{- end -}} {{- end -}} diff --git a/test/unit/server-configmap.bats b/test/unit/server-configmap.bats index 90f69e1fb..f70af832b 100755 --- a/test/unit/server-configmap.bats +++ b/test/unit/server-configmap.bats @@ -57,6 +57,35 @@ load _helpers [ "${actual}" = "true" ] } +@test "server/ConfigMap: raft config templated not JSON" { + cd `chart_dir` + local actual + actual=$(helm template \ + --show-only templates/server-config-configmap.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.ha.raft.enabled=true' \ + --set "server.ha.raft.config=hello = {{ .Chart.Name }}" \ + . | tee /dev/stderr | + yq '.data' | tee /dev/stderr) + local check=$(echo "${actual}" | \ + yq '."extraconfig-from-values.hcl" == "hello = vault\ndisable_mlock = true"') + [ "${check}" = "true" ] +} + +@test "server/ConfigMap: raft config templated JSON" { + cd `chart_dir` + local actual + actual=$(helm template \ + --show-only templates/server-config-configmap.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.ha.raft.enabled=true' \ + --set "server.ha.raft.config=\{\"hello\": \"{{ .Chart.Name }}\"\}" \ + . | tee /dev/stderr | + yq '.data' | tee /dev/stderr) + local check=$(echo "${actual}" | \ + yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"vault\"}"') + [ "${check}" = "true" ] +} @test "server/ConfigMap: disabled by server.dev.enabled true" { cd `chart_dir` @@ -107,10 +136,11 @@ load _helpers --set 'server.standalone.config=\{\"hello\": \"world\"\}' \ . | tee /dev/stderr | yq '.data') - [ "$(echo "${data}" | \ - yq '(. | length) == 1')" = "true" ] - [ "$(echo "${data}" | \ - yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"world\"}"')" = 'true' ] + local checkLength=$(echo "${data}" | yq '(. | length) == 1') + [ "${checkLength}" = "true" ] + local checkExtraConfig=$(echo "${data}" | \ + yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"world\"}"') + [ "${checkExtraConfig}" = 'true' ] data=$(helm template \ --show-only templates/server-config-configmap.yaml \ @@ -118,10 +148,11 @@ load _helpers --set 'server.standalone.config=\{\"foo\": \"bar\"\}' \ . | tee /dev/stderr | yq '.data' | tee /dev/stderr) - [ "$(echo "${data}" | \ - yq '(. | length) == 1')" = "true" ] - [ "$(echo "${data}" | \ - yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"foo\":\"bar\"}"')" = 'true' ] + checkLength=$(echo "${data}" | yq '(. | length) == 1') + [ "${checkLength}" = "true" ] + checkExtraConfig=$(echo "${data}" | \ + yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"foo\":\"bar\"}"') + [ "${checkExtraConfig}" = 'true' ] data=$(helm template \ --show-only templates/server-config-configmap.yaml \ @@ -129,10 +160,11 @@ load _helpers --set 'server.standalone.config=\{\"disable_mlock\": false\,\"foo\":\"bar\"\}' \ . | tee /dev/stderr | yq '.data' | tee /dev/stderr) - [ "$(echo "${data}" | \ - yq '(. | length) == 1')" = "true" ] - [ "$(echo "${data}" | \ - yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')" = 'true' ] + checkLength=$(echo "${data}" | yq '(. | length) == 1') + [ "${checkLength}" = "true" ] + checkExtraConfig=$(echo "${data}" | \ + yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"') + [ "${checkExtraConfig}" = 'true' ] } @test "server/ConfigMap: standalone extraConfig is set as not JSON" { @@ -173,10 +205,11 @@ load _helpers --set 'server.ha.config=\{\"hello\": \"ha-world\"\}' \ . | tee /dev/stderr | yq '.data' | tee /dev/stderr) - [ "$(echo "${data}" | \ - yq '(. | length) == 1')" = "true" ] - [ "$(echo "${data}" | \ - yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"ha-world\"}"')" = 'true' ] + local checkLength=$(echo "${data}" | yq '(. | length) == 1') + [ "${checkLength}" = "true" ] + local checkExtraConfig=$(echo "${data}" | \ + yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"ha-world\"}"') + [ "$checkExtraConfig" = 'true' ] data=$(helm template \ --show-only templates/server-config-configmap.yaml \ @@ -184,10 +217,11 @@ load _helpers --set 'server.ha.config=\{\"foo\": \"bar\"\,\"disable_mlock\":false\}' \ . | tee /dev/stderr | yq '.data' | tee /dev/stderr) - [ "$(echo "${data}" | \ - yq '(. | length) == 1')" = "true" ] - [ "$(echo "${data}" | \ - yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')" = 'true' ] + checkLength=$(echo "${data}" | yq '(. | length) == 1') + [ "$checkLength" = "true" ] + checkExtraConfig=$(echo "${data}" | \ + yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"') + [ "${checkExtraConfig}" = 'true' ] } @test "server/ConfigMap: disabled by injector.externalVaultAddr" {