From 2ec095116667a2d5ea97978432dfc5ac9c745eb8 Mon Sep 17 00:00:00 2001
From: UncleGedd <42304551+UncleGedd@users.noreply.github.com>
Date: Fri, 17 Nov 2023 13:31:40 -0600
Subject: [PATCH] fix: ensure empty helm overrides don't break secrets (#207)

---
 src/pkg/bundle/deploy.go                      | 20 ++++++++-----
 .../bundles/07-helm-overrides/uds-bundle.yaml | 14 +++++++--
 .../bundles/07-helm-overrides/uds-config.yaml |  4 ++-
 src/test/common.go                            | 10 +++++++
 src/test/e2e/bundle_test.go                   | 18 ++++++++++--
 .../packages/helm/unicorn-podinfo/.helmignore | 23 +++++++++++++++
 .../packages/helm/unicorn-podinfo/Chart.lock  |  6 ++++
 .../packages/helm/unicorn-podinfo/Chart.yaml  | 29 +++++++++++++++++++
 .../unicorn-podinfo/templates/secret.yaml     |  7 +++++
 .../packages/helm/unicorn-podinfo/values.yaml |  5 ++++
 src/test/packages/helm/zarf.yaml              |  6 ++--
 11 files changed, 126 insertions(+), 16 deletions(-)
 create mode 100644 src/test/packages/helm/unicorn-podinfo/.helmignore
 create mode 100644 src/test/packages/helm/unicorn-podinfo/Chart.lock
 create mode 100644 src/test/packages/helm/unicorn-podinfo/Chart.yaml
 create mode 100644 src/test/packages/helm/unicorn-podinfo/templates/secret.yaml
 create mode 100644 src/test/packages/helm/unicorn-podinfo/values.yaml

diff --git a/src/pkg/bundle/deploy.go b/src/pkg/bundle/deploy.go
index c4829759..0ff9d5f6 100644
--- a/src/pkg/bundle/deploy.go
+++ b/src/pkg/bundle/deploy.go
@@ -219,17 +219,21 @@ func (b *Bundler) loadChartOverrides(pkg types.BundleZarfPackage) (ZarfOverrideM
 
 	// Loop through each path in Overrides.Variables
 	for _, override := range pkg.Overrides.Variables {
-		// Set the default value
-		val := override.Default
-
-		// If the variable is set, override the default value, why is this lowercase?
-		name := strings.ToLower(override.Name)
-		if setVal, ok := b.cfg.DeployOpts.ZarfPackageVariables[pkg.Name].Set[name]; ok {
-			val = setVal
+		var overrideVal interface{}
+		configFileOverride, existsInConfig := b.cfg.DeployOpts.ZarfPackageVariables[pkg.Name].Set[strings.ToLower(override.Name)]
+		if override.Default == nil && !existsInConfig {
+			// no default or config value, use values from underlying chart
+			continue
+		} else if existsInConfig {
+			// if the config value is set, use it
+			overrideVal = configFileOverride
+		} else {
+			// use default value if no config value is set
+			overrideVal = override.Default
 		}
 
 		// Add the override to the map, or return an error if the path is invalid
-		if err := addOverrideValue(overrideMap, override.Path, val); err != nil {
+		if err := addOverrideValue(overrideMap, override.Path, overrideVal); err != nil {
 			return nil, err
 		}
 	}
diff --git a/src/test/bundles/07-helm-overrides/uds-bundle.yaml b/src/test/bundles/07-helm-overrides/uds-bundle.yaml
index ef4c68da..3965586d 100644
--- a/src/test/bundles/07-helm-overrides/uds-bundle.yaml
+++ b/src/test/bundles/07-helm-overrides/uds-bundle.yaml
@@ -11,11 +11,21 @@ zarf-packages:
 
     overrides:
       values:
-        - path: "podinfo-component/podinfo-chart/replicaCount"
+        - path: "podinfo-component/unicorn-podinfo/podinfo.replicaCount"
           value: 2
 
       variables:
         - name: UI_COLOR
-          path: "podinfo-component/podinfo-chart/ui.color"
+          path: "podinfo-component/unicorn-podinfo/podinfo.ui.color"
           description: "Set the color for podinfo's UI"
           default: "blue"
+
+        # no default, but set in uds-config.yaml
+        - name: UI_MSG
+          path: "podinfo-component/unicorn-podinfo/podinfo.ui.message"
+          description: "Set the message for podinfo's UI"
+
+          # if no default and not set in uds-config.yaml, use the value in the underlying chart's values.yaml
+        - name: SECRET_VAL
+          path: "podinfo-component/unicorn-podinfo/testSecret"
+          description: "testing a secret value"
diff --git a/src/test/bundles/07-helm-overrides/uds-config.yaml b/src/test/bundles/07-helm-overrides/uds-config.yaml
index 61f81350..e6ea48f7 100644
--- a/src/test/bundles/07-helm-overrides/uds-config.yaml
+++ b/src/test/bundles/07-helm-overrides/uds-config.yaml
@@ -3,4 +3,6 @@ bundle:
     zarf-packages:
       helm:
         set:
-          UI_COLOR: green # overrides UI_COLOR in uds-bundle.yaml
+          # overrides variables in uds-bundle.yaml
+          UI_COLOR: green
+          UI_MSG: "Hello Unicorn"
\ No newline at end of file
diff --git a/src/test/common.go b/src/test/common.go
index c5b6a49b..dc7fcffb 100644
--- a/src/test/common.go
+++ b/src/test/common.go
@@ -192,3 +192,13 @@ func (e2e *UDSE2ETest) GetGitRevision() (string, error) {
 
 	return strings.TrimSpace(out), nil
 }
+
+// HelmDepUpdate runs 'helm dependency update .' on the given path
+func (e2e *UDSE2ETest) HelmDepUpdate(t *testing.T, path string) {
+	cmd := "helm"
+	args := strings.Split(fmt.Sprintf("dependency update ."), " ")
+	tmp := exec.PrintCfg()
+	tmp.Dir = path
+	_, _, err := exec.CmdWithContext(context.TODO(), tmp, cmd, args...)
+	require.NoError(t, err)
+}
diff --git a/src/test/e2e/bundle_test.go b/src/test/e2e/bundle_test.go
index 705493d9..74760d0b 100644
--- a/src/test/e2e/bundle_test.go
+++ b/src/test/e2e/bundle_test.go
@@ -206,6 +206,7 @@ func TestBundleWithGitRepo(t *testing.T) {
 
 func TestBundleWithHelmOverrides(t *testing.T) {
 	deployZarfInit(t)
+	e2e.HelmDepUpdate(t, "src/test/packages/helm/unicorn-podinfo")
 	e2e.CreateZarfPkg(t, "src/test/packages/helm")
 	bundleDir := "src/test/bundles/07-helm-overrides"
 	bundlePath := filepath.Join(bundleDir, fmt.Sprintf("uds-bundle-helm-overrides-%s-0.0.1.tar.zst", e2e.Arch))
@@ -216,17 +217,30 @@ func TestBundleWithHelmOverrides(t *testing.T) {
 	deploy(t, bundlePath)
 
 	// check values overrides
-	cmd := strings.Split("tools kubectl get deployment -n podinfo podinfo-chart -o=jsonpath='{.spec.replicas}'", " ")
+	cmd := strings.Split("tools kubectl get deploy -n podinfo unicorn-podinfo -o=jsonpath='{.spec.replicas}'", " ")
 	outputNumReplicas, _, err := e2e.UDS(cmd...)
 	require.Equal(t, "'2'", outputNumReplicas)
 	require.NoError(t, err)
 
 	// check variables overrides
-	cmd = strings.Split("tools kubectl get deploy -n podinfo podinfo-chart -o=jsonpath='{.spec.template.spec.containers[0].env[?(@.name==\"PODINFO_UI_COLOR\")].value}'", " ")
+	cmd = strings.Split("tools kubectl get deploy -n podinfo unicorn-podinfo -o=jsonpath='{.spec.template.spec.containers[0].env[?(@.name==\"PODINFO_UI_COLOR\")].value}'", " ")
 	outputUIColor, _, err := e2e.UDS(cmd...)
 	require.Equal(t, "'green'", outputUIColor)
 	require.NoError(t, err)
 
+	// check variables overrides, no default but set in config
+	cmd = strings.Split("tools kubectl get deploy -n podinfo unicorn-podinfo -o=jsonpath='{.spec.template.spec.containers[0].env[?(@.name==\"PODINFO_UI_MESSAGE\")].value}'", " ")
+	outputMsg, _, err := e2e.UDS(cmd...)
+	require.Equal(t, "'Hello Unicorn'", outputMsg)
+	require.NoError(t, err)
+
+	// check variables overrides, no default and not set in config
+	cmd = strings.Split("tools kubectl get secret test-secret -n podinfo -o jsonpath=\"{.data.test}\"", " ")
+	secretValue, _, err := e2e.UDS(cmd...)
+	// expect the value to be from the underlying chart's values.yaml, no overrides
+	require.Equal(t, "\"dGVzdC1zZWNyZXQ=\"", secretValue)
+	require.NoError(t, err)
+
 	remove(t, bundlePath)
 }
 
diff --git a/src/test/packages/helm/unicorn-podinfo/.helmignore b/src/test/packages/helm/unicorn-podinfo/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/src/test/packages/helm/unicorn-podinfo/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/src/test/packages/helm/unicorn-podinfo/Chart.lock b/src/test/packages/helm/unicorn-podinfo/Chart.lock
new file mode 100644
index 00000000..f863c35f
--- /dev/null
+++ b/src/test/packages/helm/unicorn-podinfo/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: podinfo
+  repository: https://stefanprodan.github.io/podinfo
+  version: 6.5.3
+digest: sha256:052cb665b3d4b817c8d7c977689f91aabdd704010203d07233d9dff6b1de9865
+generated: "2023-11-17T09:56:11.701225-06:00"
diff --git a/src/test/packages/helm/unicorn-podinfo/Chart.yaml b/src/test/packages/helm/unicorn-podinfo/Chart.yaml
new file mode 100644
index 00000000..7506dca5
--- /dev/null
+++ b/src/test/packages/helm/unicorn-podinfo/Chart.yaml
@@ -0,0 +1,29 @@
+apiVersion: v2
+name: unicorn-podinfo
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
+
+dependencies:
+  - name: podinfo
+    version: 6.5.3
+    repository: https://stefanprodan.github.io/podinfo
diff --git a/src/test/packages/helm/unicorn-podinfo/templates/secret.yaml b/src/test/packages/helm/unicorn-podinfo/templates/secret.yaml
new file mode 100644
index 00000000..148062e3
--- /dev/null
+++ b/src/test/packages/helm/unicorn-podinfo/templates/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-secret
+type: Opaque
+data:
+  test: {{ .Values.testSecret }}
\ No newline at end of file
diff --git a/src/test/packages/helm/unicorn-podinfo/values.yaml b/src/test/packages/helm/unicorn-podinfo/values.yaml
new file mode 100644
index 00000000..56233936
--- /dev/null
+++ b/src/test/packages/helm/unicorn-podinfo/values.yaml
@@ -0,0 +1,5 @@
+testSecret: "dGVzdC1zZWNyZXQ=" # test-secret
+podinfo:
+  ui:
+    color: "purple"
+    message: "Hello from podinfo"
\ No newline at end of file
diff --git a/src/test/packages/helm/zarf.yaml b/src/test/packages/helm/zarf.yaml
index 4ebd8d85..450e9d00 100644
--- a/src/test/packages/helm/zarf.yaml
+++ b/src/test/packages/helm/zarf.yaml
@@ -10,7 +10,7 @@ components:
     images:
       - ghcr.io/stefanprodan/podinfo:6.5.3
     charts:
-      - name: podinfo-chart
-        url: oci://ghcr.io/stefanprodan/charts/podinfo
+      - name: unicorn-podinfo
+        localPath: ./unicorn-podinfo
         namespace: podinfo
-        version: 6.5.3
\ No newline at end of file
+        version: 0.0.1
\ No newline at end of file