Skip to content

Commit

Permalink
feat: skip validation of helm release information (#425)
Browse files Browse the repository at this point in the history 
* feat: skip validation of helm release information
  • Loading branch information
@niv1612
niv1612 authored Jul 23, 2023
1 parent bafa687 commit 6f34712
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
9 changes: 9 additions & 0 deletions pkg/services/resourceFilterService_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,15 @@ func TestPrerequisitesFilters(t *testing.T) {
ShouldValidate: false,
}, ShouldResourceBeValidated(admissionReviewReq, rootObject))
})
t.Run("resource should be skipped because it has Secret kind and name related to Helm release metadata", func(t *testing.T) {
admissionReviewReq, rootObject := extractAdmissionReviewReqAndRootObject(templateResource)
admissionReviewReq.Request.Kind.Kind = "Secret"
rootObject.Metadata.Name = "sh.helm.release.v1.my-release2.v3.v3"
rootObject.Metadata.Labels["owner"] = "helm"
assert.Equal(t, ShouldValidatedResourceData{
ShouldValidate: false,
}, ShouldResourceBeValidated(admissionReviewReq, rootObject))
})
t.Run("resource should be skipped because namespace is kube-public", func(t *testing.T) {
admissionReviewReq, rootObject := extractAdmissionReviewReqAndRootObject(templateResource)
admissionReviewReq.Request.Namespace = "kube-public"
Expand Down
14 changes: 14 additions & 0 deletions pkg/services/resourcesFilterService.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ func ShouldResourceBeValidated(admissionReviewReq *admission.AdmissionReview, ro
}

resourceKind := admissionReviewReq.Request.Kind.Kind
resourceName := rootObject.Metadata.Name
resourceLabels := rootObject.Metadata.Labels
managedFields := rootObject.Metadata.ManagedFields
userInfo := admissionReviewReq.Request.UserInfo
resourceAnnotations := rootObject.Metadata.Annotations
Expand All @@ -47,6 +49,14 @@ func ShouldResourceBeValidated(admissionReviewReq *admission.AdmissionReview, ro
isNamespaceThatShouldBeSkipped := isNamespaceThatShouldBeSkipped(admissionReviewReq)
arePrerequisitesMet := isMetadataNameExists && !isUnsupportedKind && !isResourceDeleted && !isNamespaceThatShouldBeSkipped

// if the resource is a helm release metadata, we don't want to validate it
// https://stackoverflow.com/questions/66244697/where-does-helm-store-installation-state
if isHelmReleaseMetadata(resourceName, resourceLabels) {
return ShouldValidatedResourceData{
ShouldValidate: false,
}
}

if !arePrerequisitesMet {
return ShouldValidatedResourceData{
ShouldValidate: false,
Expand Down Expand Up @@ -137,6 +147,10 @@ func isNamespaceThatShouldBeSkipped(admissionReviewReq *admission.AdmissionRevie
return slices.Contains(namespacesToSkip, admissionReviewReq.Request.Namespace)
}

func isHelmReleaseMetadata(resourceName string, labels map[string]string) bool {
return strings.Contains(resourceName, "sh.helm.release.v1.") && labels["owner"] == "helm"
}

func isObjectAndOldObjectEqual(admissionReviewReq *admission.AdmissionReview) bool {
if admissionReviewReq.Request.OldObject.Raw == nil {
return false
Expand Down

0 comments on commit 6f34712

Please sign in to comment.