add some sanity checks for paths and reduce complexity on portal generation by a lot

library/common-test/tests/container_in_deployment/probe_test.yaml

@@ -192,6 +192,16 @@ tests:
       - failedTemplate:
           errorMessage: Invalid probe type (not_valid_type) on probe (liveness) in (RELEASE-NAME-common-test) container. Valid types are tcp, http, https, grpc, exec, auto
 
+  - it: should fail with probe path not starting with /
+    set:
+      probes:
+        liveness:
+          type: http
+          path: a/random/path
+    asserts:
+      - failedTemplate:
+          errorMessage: Probe in container (RELEASE-NAME-common-test) with path (a/random/path), must start with a forward slash -> / <-
+
   - it: should fail with httpHeader value is defined as list
     set:
       probes:

library/common-test/tests/container_in_deployment/volumeMounts_test.yaml

@@ -21,6 +21,16 @@ tests:
       - failedTemplate:
           errorMessage: <mountPath> must be defined, alternatively use the <noMount> flag.
 
+  - it: should fail when mountPath does not start with /
+    set:
+      persistence:
+        vol1:
+          enabled: true
+          mountPath: relative/path/to/dir
+    asserts:
+      - failedTemplate:
+          errorMessage: Mount path (relative/path/to/dir), must start with a forward slash -> / <-
+
   - it: should fail with empty readOnly
     set:
       persistence:

library/common-test/tests/deployment/volume_hostPath_test.yaml

@@ -21,7 +21,19 @@ tests:
           noMount: true
     asserts:
       - failedTemplate:
-          errorMessage: hostPath not set on item some_volume
+          errorMessage: hostPath not set on item (some_volume)
+
+  - it: should fail with hostPath not starting with /
+    set:
+      persistence:
+        some_volume:
+          type: hostPath
+          enabled: true
+          mountPath: /some/path
+          hostPath: some/relative/path
+    asserts:
+      - failedTemplate:
+          errorMessage: Host path (some/relative/path) on item (some_volume) must start with a forward slash -> / <-
 
   - it: should fail with ValidateHostPath globally set on and invalid hostPath (/mnt/pool)
     set:

library/common-test/tests/deployment/volume_nfs_test.yaml

@@ -37,12 +37,24 @@ tests:
         some_volume:
           type: nfs
           enabled: true
-          path: some_path
+          path: /some_path
           noMount: true
     asserts:
       - failedTemplate:
           errorMessage: NFS Server not set on item some_volume
 
+  - it: should fail with path not starting with /
+    set:
+      persistence:
+        some_volume:
+          type: nfs
+          enabled: true
+          path: some/relative/path
+          noMount: true
+    asserts:
+      - failedTemplate:
+          errorMessage: NFS path (some/relative/path) on (some_volume) must start with a forward slash -> / <-
+
   - it: should fail with not set path on nfs
     set:
       persistence:

library/common-test/tests/portal/portal_host_test.yaml

@@ -26,7 +26,7 @@ tests:
               targetPort: 80
     asserts:
       - failedTemplate:
-          errorMessage: You have defined empty <host> in <portal>. Define a path or remove the key.
+          errorMessage: You have defined empty <host> in <portal>. Define a host or remove the key.
 
   - it: should pass with defaults on single service/port
     documentIndex: &portalDoc 2

library/common-test/tests/portal/portal_path_test.yaml

@@ -28,6 +28,24 @@ tests:
       - failedTemplate:
           errorMessage: You have defined empty <path> in <portal>. Define a path or remove the key.
 
+  - it: should fail with portal override with path not starting with /
+    set:
+      portal:
+        main:
+          main:
+            path: a/relative/path
+      service:
+        main:
+          enabled: true
+          ports:
+            main:
+              enabled: true
+              port: 10000
+              targetPort: 80
+    asserts:
+      - failedTemplate:
+          errorMessage: Portal path (a/relative/path) must start with a forward slash -> / <-
+
   - it: should pass with defaults on single service/port
     documentIndex: &portalDoc 2
     set:

library/common-test/values.yaml

@@ -3,3 +3,31 @@ service:
     ports:
       main:
         port: 65535
+
+# jobs:
+#   jobname:
+#     enabled: true
+#     nameOverride: ""
+#     cron:
+#       enabled: false
+#       annotations: {}
+#       labels: {}
+#       schedule: "* *"
+#       timezone:
+#       concurrencyPolicy:
+#       failedJobsHistoryLimit: 0
+#       successfulJobsHistoryLimit: 0
+#       startingDeadlineSeconds:
+#     annotations:
+#     labels:
+#     backoffLimit: 5
+#     ttlSecondsAfterFinished: 100
+#     activeDeadlineSeconds: 100
+#     parallelism: 1
+#     completions: 1
+#     completionMode: Indexed
+
+#     containers:
+#       containername:
+#         imageSelector: asdfas
+#         restartPolicy: Never

library/common/1.0.0/templates/lib/container/_volumeMounts.tpl

@@ -62,12 +62,15 @@
   {{- $root := .root -}}
   {{- $item := .item -}}
   {{- $name := .name -}}
-
   {{- if not $item.mountPath -}} {{/* Make sure that we have a mountPath */}}
     {{- fail "<mountPath> must be defined, alternatively use the <noMount> flag." -}}
   {{- end -}}
+  {{- $mountPath := (tpl $item.mountPath $root) -}}
+  {{- if not (hasPrefix "/" $mountPath) -}}
+    {{- fail (printf "Mount path (%s), must start with a forward slash -> / <-" $mountPath) -}}
+  {{- end }}
 - name: {{ tpl $name $root }}
-  mountPath: {{ tpl $item.mountPath $root }}
+  mountPath: {{ $mountPath }}
   {{- with $item.subPath }}
   subPath: {{ tpl . $root }}
   {{- end -}}

library/common/1.0.0/templates/lib/container/probes/_httpGet.tpl

@@ -9,10 +9,14 @@
   {{- end -}}
   {{- if not $probe.path -}}
     {{- fail (printf "<path> must be defined for <http>/<https> probe types in probe (%s) in (%s) container." $probe.name $containerName) -}}
-  {{- end }}
+  {{- end -}}
+  {{- $probePath := tpl $probe.path $root -}}
+  {{- if not (hasPrefix "/" $probePath) -}}
+    {{- fail (printf "Probe in container (%s) with path (%s), must start with a forward slash -> / <-" $containerName $probePath) -}}
+  {{- end -}}
 
 httpGet:
-  path: {{ tpl $probe.path $root }}
+  path: {{ $probePath }}
   scheme: {{ $probe.type | upper }}
   port: {{ $probe.port }}
   {{- with $probe.httpHeaders }}

library/common/1.0.0/templates/lib/pod/volumes/_hostPath.tpl

@@ -3,10 +3,15 @@
   {{- $vol := .volume -}}
   {{- $root := .root -}}
 
-  {{- include "ix.v1.common.controller.volumes.hostPath.validation" (dict "volume" $vol "root" $root) }} {{/* hostPath validation (if enabled) */}}
+  {{- include "ix.v1.common.controller.volumes.hostPath.validation" (dict "volume" $vol "root" $root) -}} {{/* hostPath validation (if enabled) */}}
+  {{- if not $vol.hostPath -}}
+    {{- fail (printf "hostPath not set on item (%s)" $index) -}}
+  {{- else if not (hasPrefix "/" $vol.hostPath) -}}
+    {{- fail (printf "Host path (%s) on item (%s) must start with a forward slash -> / <-" $vol.hostPath $index) -}}
+  {{- end }}
 - name: {{ $index }}
   hostPath:
-    path: {{ required (printf "hostPath not set on item %s" $index) $vol.hostPath }}
+    path: {{ $vol.hostPath }}
   {{- with $vol.hostPathType -}}
     {{- $type := (tpl . $root) -}}
     {{- include "ix.v1.common.controller.hostPathType.validation" (dict "index" $index "type" $type) }}

library/common/1.0.0/templates/lib/pod/volumes/_nfs.tpl

@@ -1,9 +1,14 @@
 {{- define "ix.v1.common.controller.volumes.nfs" -}}
   {{- $index := .index -}}
   {{- $vol := .volume -}}
-  {{- $root := .root }}
+  {{- $root := .root -}}
+  {{- if not $vol.path  -}}
+    {{- fail (printf "NFS Path not set on item %s" $index) -}}
+  {{- else if not (hasPrefix "/" $vol.path ) -}}
+    {{- fail (printf "NFS path (%s) on (%s) must start with a forward slash -> / <-" $vol.path $index) -}}
+  {{- end }}
 - name: {{ $index }}
   nfs:
     server: {{ required (printf "NFS Server not set on item %s" $index) $vol.server }}
-    path: {{ required (printf "NFS Path not set on item %s" $index) $vol.path }}
+    path: {{ $vol.path }}
 {{- end -}}

library/common/1.0.0/templates/lib/portal/_host.tpl

@@ -16,19 +16,18 @@
   {{/* If ingress is added at any point, here is the place to implement */}}
 
   {{/* Check if there are any overrides in .Values.portal */}}
-  {{- range $name, $svc := $root.Values.portal -}}
-    {{- if eq $svcName $name -}}
-      {{- range $name, $port := $svc -}}
-        {{- if eq $portName $name -}}
-          {{- if (hasKey $port "host") -}}
-            {{- $portalHost = (tpl (toString $port.host) $root) -}}
-            {{- if or (eq $portalHost "<nil>") (not $portalHost) -}} {{/* toString on a nil key returns the string "<nil>" */}}
-              {{- fail "You have defined empty <host> in <portal>. Define a path or remove the key." -}}
-            {{- end -}}
-          {{- end -}}
+  {{- $tmpSVCPortal := get $root.Values.portal $svcName -}}
+  {{- if $tmpSVCPortal -}}
+    {{- $tmpPortPortal := get $tmpSVCPortal $portName -}}
+    {{- if $tmpPortPortal -}}
+      {{- if (hasKey $tmpPortPortal "host") -}}
+        {{- if or (kindIs "invalid" $tmpPortPortal.host) (not $tmpPortPortal.host) -}}
+          {{- fail "You have defined empty <host> in <portal>. Define a host or remove the key." -}}
         {{- end -}}
+        {{- $portalHost = (tpl (toString $tmpPortPortal.host) $root) -}}
       {{- end -}}
     {{- end -}}
   {{- end -}}
-{{- $portalHost -}}
+
+  {{- $portalHost -}}
 {{- end -}}

library/common/1.0.0/templates/lib/portal/_path.tpl

@@ -9,19 +9,21 @@
   {{/* If ingress is added at any point, here is the place to implement */}}
 
   {{/* Check if there are any overrides in .Values.portal */}}
-  {{- range $name, $svc := $root.Values.portal -}}
-    {{- if eq $svcName $name -}}
-      {{- range $name, $port := $svc -}}
-        {{- if eq $portName $name -}}
-          {{- if (hasKey $port "path") -}}
-            {{- $portalPath = (tpl (toString $port.path) $root) -}}
-            {{- if or (eq $portalPath "<nil>") (not $portalPath) -}} {{/* toString on a nil key returns the string "<nil>" */}}
-              {{- fail "You have defined empty <path> in <portal>. Define a path or remove the key." -}}
-            {{- end -}}
-          {{- end -}}
+  {{- $tmpSVCPortal := get $root.Values.portal $svcName -}}
+  {{- if $tmpSVCPortal -}}
+    {{- $tmpPortPortal := get $tmpSVCPortal $portName -}}
+    {{- if $tmpPortPortal -}}
+      {{- if (hasKey $tmpPortPortal "path") -}}
+        {{- if or (kindIs "invalid" $tmpPortPortal.path) (not $tmpPortPortal.path) -}}
+          {{- fail "You have defined empty <path> in <portal>. Define a path or remove the key." -}}
+        {{- end -}}
+        {{- $portalPath = (tpl (toString $tmpPortPortal.path) $root) -}}
+        {{- if not (hasPrefix "/" $portalPath) -}}
+          {{- fail (printf "Portal path (%s) must start with a forward slash -> / <-" $portalPath) -}}
         {{- end -}}
       {{- end -}}
     {{- end -}}
   {{- end -}}
-{{- $portalPath -}}
+
+  {{- $portalPath -}}
 {{- end -}}

library/common/1.0.0/templates/lib/portal/_port.tpl

@@ -20,19 +20,18 @@
   {{/* If ingress is added at any point, here is the place to implement */}}
 
   {{/* Check if there are any overrides in .Values.portal */}}
-  {{- range $name, $svc := $root.Values.portal -}}
-    {{- if eq $svcName $name -}}
-      {{- range $name, $port := $svc -}}
-        {{- if eq $portName $name -}}
-          {{- if (hasKey $port "port") -}}
-            {{- $portalPort = (tpl (toString $port.port) $root) -}}
-            {{- if or (lt (int $portalPort) 1) (gt (int $portalPort) 65535) (eq (int $portalPort) 0) -}}
-              {{- fail (printf "Port (%s) in <portal> is out of range. Range is 1-65535" $portalPort) -}}
-            {{- end -}}
-          {{- end -}}
+  {{- $tmpSVCPortal := get $root.Values.portal $svcName -}}
+  {{- if $tmpSVCPortal -}}
+    {{- $tmpPortPortal := get $tmpSVCPortal $portName -}}
+    {{- if $tmpPortPortal -}}
+      {{- if (hasKey $tmpPortPortal "port") -}}
+        {{- $portalPort = (tpl (toString $tmpPortPortal.port) $root) -}}
+        {{- if or (lt (int $portalPort) 1) (gt (int $portalPort) 65535) (eq (int $portalPort) 0) -}}
+          {{- fail (printf "Port (%s) in <portal> is out of range. Range is 1-65535" $portalPort) -}}
         {{- end -}}
       {{- end -}}
     {{- end -}}
   {{- end -}}
-{{- $portalPort -}}
+
+  {{- $portalPort -}}
 {{- end -}}

library/common/1.0.0/templates/lib/portal/_protocol.tpl

@@ -16,19 +16,18 @@
   {{/* If ingress is added at any point, here is the place to implement */}}
 
   {{/* Check if there are any overrides in .Values.portal */}}
-  {{- range $name, $svc := $root.Values.portal -}}
-    {{- if eq $svcName $name -}}
-      {{- range $name, $port := $svc -}}
-        {{- if eq $portName $name -}}
-          {{- if (hasKey $port "protocol") -}}
-            {{- $portalProtocol = ((tpl (toString $port.protocol) $root) | lower) -}}
-            {{- if not (has $portalProtocol (list "http" "https")) -}}
-              {{- fail (printf "Invalid protocol (%s). Only HTTP/HTTPS protocols are allowed for <portal>" $portalProtocol) -}}
-            {{- end -}}
-          {{- end -}}
+  {{- $tmpSVCPortal := get $root.Values.portal $svcName -}}
+  {{- if $tmpSVCPortal -}}
+    {{- $tmpPortPortal := get $tmpSVCPortal $portName -}}
+    {{- if $tmpPortPortal -}}
+      {{- if (hasKey $tmpPortPortal "protocol") -}}
+        {{- $portalProtocol = ((tpl (toString $tmpPortPortal.protocol) $root) | lower) -}}
+        {{- if not (has $portalProtocol (list "http" "https")) -}}
+          {{- fail (printf "Invalid protocol (%s). Only HTTP/HTTPS protocols are allowed for <portal>" $portalProtocol) -}}
         {{- end -}}
       {{- end -}}
     {{- end -}}
   {{- end -}}
-{{- $portalProtocol -}}
+
+  {{- $portalProtocol -}}
 {{- end -}}