Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

improve handling of Helm index with broken helm chart versions #13176

Closed
bb-Ricardo opened this issue Jul 12, 2024 · 1 comment · Fixed by #13177
Closed

improve handling of Helm index with broken helm chart versions #13176

bb-Ricardo opened this issue Jul 12, 2024 · 1 comment · Fixed by #13177

Comments

@bb-Ricardo
Copy link
Contributor

bb-Ricardo commented Jul 12, 2024

While trying to figure out the issue fluxcd/source-controller#1515 in the flux source controller of filtering chart versions from a Helm index with broken dependencies we stumbled over this issue #12748 where it has already been fixed in Helm.

On further investigation it appeared that the exclusion of invalid versions in

func loadIndex(data []byte, source string) (*IndexFile, error) {
was not ideal.

even though the copied slice cvs was adjusted to the correct size, the original slice i.Entries still remained the original size. It just contained copies of references of valid versions.

example of i.Entries before filtering:

[0xc000130f30 0xc0001315f0  0xc000131a70 0xc00021f710]

assuming chart versions at location 0xc0001315f0 and 0xc000131a70 are invalid. The content of cvs after validating the versions looked like this (which is correct):

[0xc000130f30 0xc00021f710]

But i.Entries still remains the original size:

[0xc000130f30 0xc00021f710 0xc00021f710 0xc00021f710]

Technically it does not contain any invalid version. But later on the index gets further sorted and filtered which unnecessarily contains duplicate versions.

a simple reassignment of cvs to i.Entries[name] solves this issue.

Additionally:

If the last chart in the index is malformed, it will not be removed

bb-Ricardo added a commit to bb-Ricardo/helm that referenced this issue Jul 12, 2024
…13176

Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
bb-Ricardo added a commit to bb-Ricardo/helm that referenced this issue Jul 14, 2024
…#13176

Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
@gjenkins8
Copy link
Contributor

First comment: agree, if entries are excluded due to validation failure, then the filtered entries slice should be assigned back to i.Entries. In that sense, it seems like #13177 is a fix here.

Second comment: #12789 doesn't exclude "bad" entries. It actually does the opposite: it allows bad entries (entries which fail validation) to be included. By ignoring the validation error. And as such, it actually reduces the expose to the bug presented here. I mention, because I want to ensure the fix proposed is the right one (and there isn't another cause)

bb-Ricardo added a commit to bb-Ricardo/helm that referenced this issue Aug 14, 2024
Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
robertsirc pushed a commit to bb-Ricardo/helm that referenced this issue Oct 4, 2024
Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
mattfarina added a commit that referenced this issue Oct 4, 2024
Improves handling of Helm index with broken helm chart versions #13176
mattfarina pushed a commit that referenced this issue Oct 9, 2024
Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
(cherry picked from commit 154b477)
mattfarina pushed a commit that referenced this issue Oct 9, 2024
Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
(cherry picked from commit af13b0d)
mattfarina pushed a commit that referenced this issue Oct 9, 2024
Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
(cherry picked from commit cdbef2b)
tmeijn pushed a commit to tmeijn/dotfiles that referenced this issue Oct 15, 2024
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [helm/helm](https://github.com/helm/helm) | patch | `v3.16.1` -> `v3.16.2` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>helm/helm (helm/helm)</summary>

### [`v3.16.2`](https://github.com/helm/helm/releases/tag/v3.16.2): Helm v3.16.2

[Compare Source](helm/helm@v3.16.1...v3.16.2)

Helm v3.16.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

-   Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com):
    -   for questions and just to hang out
    -   for discussing MRs, code, and bugs
-   Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622)
-   Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0)

#### Installation and Upgrading

Download Helm v3.16.2. The common platform binaries are here:

-   [MacOS amd64](https://get.helm.sh/helm-v3.16.2-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-darwin-amd64.tar.gz.sha256sum) / 33efd48492f2358a49a231873e8baf41f702b5ab059333ae9c31e5517633c16e)
-   [MacOS arm64](https://get.helm.sh/helm-v3.16.2-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-darwin-arm64.tar.gz.sha256sum) / 56413c7fbb496d2789881039cab61d849727c7b35db00826fae7a2685a403344)
-   [Linux amd64](https://get.helm.sh/helm-v3.16.2-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-linux-amd64.tar.gz.sha256sum) / 9318379b847e333460d33d291d4c088156299a26cd93d570a7f5d0c36e50b5bb)
-   [Linux arm](https://get.helm.sh/helm-v3.16.2-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-linux-arm.tar.gz.sha256sum) / f0f606d0806a518b749bd82e8dbfe6a803aa33340215590ef3977c60e366ba82)
-   [Linux arm64](https://get.helm.sh/helm-v3.16.2-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-linux-arm64.tar.gz.sha256sum) / 1888301aeb7d08a03b6d9f4d2b73dcd09b89c41577e80e3455c113629fc657a4)
-   [Linux i386](https://get.helm.sh/helm-v3.16.2-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-linux-386.tar.gz.sha256sum) / 4fb0cdf74a8a23622aac5980fbbc91cd95b08de5624ac0beba271d7b3b1a128d)
-   [Linux ppc64le](https://get.helm.sh/helm-v3.16.2-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-linux-ppc64le.tar.gz.sha256sum) / 32a1b6073064a4a86d2a684180b6662ea202d1294b09ca52a6ba9d4cf071fec7)
-   [Linux s390x](https://get.helm.sh/helm-v3.16.2-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-linux-s390x.tar.gz.sha256sum) / a2e80592b9e45487d8bb6b10721c759287cf18be4389b53d67c7cf1e91c84959)
-   [Linux riscv64](https://get.helm.sh/helm-v3.16.2-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.16.2-linux-riscv64.tar.gz.sha256sum) / c9730c8e6a1b2b30e119270793772bcac835737a16e613aabc36b07b8e027009)
-   [Windows amd64](https://get.helm.sh/helm-v3.16.2-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.16.2-windows-amd64.zip.sha256sum) / 57821dd47d5728912e14000ee62262680e9039e8d05e18342cc010d5ac7908d7)
-   [Windows arm64](https://get.helm.sh/helm-v3.16.2-windows-arm64.zip) ([checksum](https://get.helm.sh/helm-v3.16.2-windows-arm64.zip.sha256sum) / d746889023a6df98f71d2785835e32cd6fbbf81e21a21d5e9d4542ed3cfe168d)

This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E  ` and can be found at [@&#8203;mattfarina](https://github.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`.

The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`.

#### What's Next

-   3.16.3 is the next patch release and will be on November 13, 2024
-   3.17.0 is the next feature release and will be on January 15, 2025

#### Changelog

-   Revering change unrelated to issue [#&#8203;13176](helm/helm#13176) [`13654a5`](helm/helm@13654a5) (ricardo.bartels@telekom.de)
-   adds tests for handling of Helm index with broken chart versions [#&#8203;13176](helm/helm#13176) [`9fc8f1b`](helm/helm@9fc8f1b) (ricardo.bartels@telekom.de)
-   improves handling of Helm index with broken helm chart versions [#&#8203;13176](helm/helm#13176) [`961194d`](helm/helm@961194d) (ricardo.bartels@telekom.de)
-   Bump the k8s-io group with 7 updates [`f6be62b`](helm/helm@f6be62b) (dependabot\[bot])
-   adding check-latest:true [`27d44cf`](helm/helm@27d44cf) (Robert Sirchia)
-   Grammar fixes [`46e0a0f`](helm/helm@46e0a0f) (Nathan Baulch)
-   Fix typos [`a1bd541`](helm/helm@a1bd541) (Nathan Baulch)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants