truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-13 16:59:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

NAS-122681 / 23.10 / Handle longer ints in few places that might have one (#1358)

Browse Source 
* Handle longer ints in few places that might have one

* add tests

* add note

* Add some more checking
This commit is contained in:
Stavros Kois
2023-07-15 23:14:46 +03:00
committed by GitHub
parent 1dd9059ee1
commit 087d5be7cc
10 changed files with 186 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
library/common-test/tests/container/envFixed_test.yaml
View File

@@ -376,7 +376,65 @@ tests:
- name: S6_READ_ONLY_ROOT
value: "1"
# Failures
- it: should create the correct fixed envs with large int values
set:
image: *image
workload:
workload-name:
enabled: true
primary: true
type: Deployment
podSpec:
securityContext:
fsGroup: 100000514
containers:
container-name1:
enabled: true
primary: true
imageSelector: image
probes: *probes
fixedEnv:
PUID: 200000514
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
asserts:
- documentIndex: &deploymentDoc 0
isKind:
of: Deployment
- documentIndex: *deploymentDoc
isAPIVersion:
of: apps/v1
- documentIndex: *deploymentDoc
isSubset:
path: spec.template.spec.containers[0]
content:
env:
- name: TZ
value: UTC
- name: UMASK
value: "002"
- name: UMASK_SET
value: "002"
- name: NVIDIA_VISIBLE_DEVICES
value: "void"
- name: PUID
value: "200000514"
- name: USER_ID
value: "200000514"
- name: UID
value: "200000514"
- name: PGID
value: "100000514"
- name: GROUP_ID
value: "100000514"
- name: GID
value: "100000514"
- name: S6_READ_ONLY_ROOT
value: "1"
# # Failures
- it: it should fail with NVIDIA_CAPS having invalid values
set:
image: *image

32
library/common-test/tests/container/envList_test.yaml
View File

@@ -35,6 +35,14 @@ tests:
value: "{{ .Values.some_other_value }}"
- name: env3
value: ""
- name: env4
value: 100000514
- name: env5
value: "100000514"
- name: env6
value: 100text000514
- name: env7
value: "100.400"
asserts:
- documentIndex: &deploymentDoc 0
isKind:
@@ -60,6 +68,30 @@ tests:
content:
name: env3
value: ""
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: env4
value: "100000514"
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: env5
value: "100000514"
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: env6
value: "100text000514"
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: env7
value: "100.400"
# Failures
- it: it should fail with empty name

28
library/common-test/tests/container/env_test.yaml
View File

@@ -66,6 +66,10 @@ tests:
fieldPath: metadata.name
VAR8: ""
VAR9: false
VAR10: "100000514"
VAR11: 100000514
VAR12: 1000text00514
VAR13: "100.40"
asserts:
- documentIndex: &deploymentDoc 2
isKind:
@@ -141,6 +145,30 @@ tests:
content:
name: VAR9
value: "false"
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: VAR10
value: "100000514"
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: VAR11
value: "100000514"
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: VAR12
value: "1000text00514"
- documentIndex: *deploymentDoc
contains:
path: spec.template.spec.containers[0].env
content:
name: VAR13
value: "100.40"
# Failures
- it: it should fail invalid ref

29
library/common-test/tests/pod/securityContext.yaml
View File

@@ -134,6 +134,35 @@ tests:
- name: some_other_name
value: "some_different_value"
- it: should pass with fsGroup and supplementalGroups with long int
set:
workload:
workload-name1:
enabled: true
primary: true
type: Deployment
podSpec:
securityContext:
fsGroup: 100000514
fsGroupChangePolicy: Always
supplementalGroups:
- 1002
- 100000514
asserts:
- documentIndex: *deploymentDoc
isKind:
of: Deployment
- documentIndex: *deploymentDoc
equal:
path: spec.template.spec.securityContext
value:
fsGroup: 100000514
fsGroupChangePolicy: Always
supplementalGroups:
- 1002
- 100000514
sysctls: []
- it: should pass with sysctls automatically appended based on services
set:
some_sysctl_name: some_name

2
library/common/Chart.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: v2
name: common
description: A library chart for iX Official Catalog
type: library
version: 1.0.11
version: 1.0.12
appVersion: v1
annotations:
title: Common Library Chart

23
library/common/templates/helpers/_makeIntOrNoop.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{- define "ix.v1.common.helper.makeIntOrNoop" -}}
{{- $value := . -}}
{{/*
Ints in Helm can be either int, int64 or float64.
Values that start with zero should not be converted
to int again as this will strip leading zeros.
Numbers converted to E notation by Helm will
always contain the "e" character. So we only
convert those.
*/}}
{{- if and
(mustHas (kindOf $value) (list "int" "int64" "float64"))
(not (hasPrefix "0" ($value | toString)))
(contains "e" ($value | toString | lower))
-}}
{{- $value | int -}}
{{- else -}}
{{- $value -}}
{{- end -}}
{{- end -}}

7
library/common/templates/lib/container/_env.tpl
View File

@@ -15,9 +15,12 @@ objectData: The object data to be used to render the container.
{{- $value := "" -}}
{{/* Only tpl valid values, there are cases that empty values after merges can be "<nil>" */}}
{{- if not (kindIs "invalid" $v) -}}
{{- $value = tpl (toString $v) $rootCtx -}}
{{- $value = $v -}}
{{- if kindIs "string" $v -}}
{{- $value = tpl $v $rootCtx -}}
{{- end -}}
{{- end }}
value: {{ $value | quote }}
value: {{ include "ix.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- else if kindIs "map" $v }}
valueFrom:
{{- $refs := (list "configMapKeyRef" "secretKeyRef" "fieldRef") -}}

8
library/common/templates/lib/container/_envList.tpl
View File

@@ -12,8 +12,12 @@ objectData: The object data to be used to render the container.
{{- if not $env.name -}}
{{- fail "Container - Expected non-empty <envList.name>" -}}
{{- end -}} {{/* Empty value is valid */}}
{{- include "ix.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) }}
{{- include "ix.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "envList" "key" $env.name) -}}
{{- $value := $env.value -}}
{{- if kindIs "string" $env.value -}}
{{- $value = tpl $env.value $rootCtx -}}
{{- end }}
- name: {{ $env.name | quote }}
value: {{ tpl (toString $env.value) $rootCtx | quote }}
value: {{ include "ix.v1.common.helper.makeIntOrNoop" $value | quote }}
{{- end -}}
{{- end -}}

2
library/common/templates/lib/container/_fixedEnv.tpl
View File

@@ -69,6 +69,6 @@ objectData: The object data to be used to render the container.
{{- range $env := $fixed -}}
{{- include "ix.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }}
- name: {{ $env.k | quote }}
value: {{ $env.v | quote }}
value: {{ (include "ix.v1.common.helper.makeIntOrNoop" $env.v) | quote }}
{{- end -}}
{{- end -}}

4
library/common/templates/lib/pod/_podSecurityContext.tpl
View File

@@ -64,12 +64,12 @@ objectData: The object data to be used to render the Pod.
{{- if not (mustHas $secContext.fsGroupChangePolicy $policies) -}}
{{- fail (printf "Pod - Expected <fsGroupChangePolicy> to be one of [%s], but got [%s]" (join ", " $policies) $secContext.fsGroupChangePolicy) -}}
{{- end }}
fsGroup: {{ $secContext.fsGroup }}
fsGroup: {{ include "ix.v1.common.helper.makeIntOrNoop" $secContext.fsGroup }}
fsGroupChangePolicy: {{ $secContext.fsGroupChangePolicy }}
{{- with $secContext.supplementalGroups }}
supplementalGroups:
{{- range . }}
- {{ . }}
- {{ include "ix.v1.common.helper.makeIntOrNoop" . }}
{{- end -}}
{{- else }}
supplementalGroups: []