From 8897fa07a8822f43f5209a41ec20d7edf406c253 Mon Sep 17 00:00:00 2001 From: Brendan Dalpe Date: Sun, 14 Jan 2024 17:17:14 -0600 Subject: [PATCH 1/4] Don't fail validation if a variable expansion operator is found. Fixes #2899 Signed-off-by: Brendan Dalpe --- charts/grafana/templates/_helpers.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index 44c00f3570..dffb2cdffd 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -263,7 +263,9 @@ sensitiveKeys: {{- range $index, $elem := $secret.path -}} {{- if and $shouldContinue (hasKey $currentMap $elem) -}} {{- if eq (len $secret.path) (add1 $index) -}} - {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- if not (regexMatch "\\$(?:__(?:env|file|value))?{[^}]+}" (index $currentMap $elem)) -}} + {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- end -}} {{- else -}} {{- $currentMap = index $currentMap $elem -}} {{- end -}} From eae1303b81f6cdaa4a8bd3703da8326c46febc50 Mon Sep 17 00:00:00 2001 From: MH Date: Mon, 15 Jan 2024 19:08:16 +0800 Subject: [PATCH 2/4] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 0069f17158..f291cf68bd 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.2.1 +version: 7.2.2 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From d7c3c83c70c4e85b7824feacb12fa10de8242381 Mon Sep 17 00:00:00 2001 From: Brendan Dalpe Date: Tue, 16 Jan 2024 08:55:25 -0600 Subject: [PATCH 3/4] Typo s/value/vault/ Signed-off-by: Brendan Dalpe --- charts/grafana/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index dffb2cdffd..6a59d372b2 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -263,7 +263,7 @@ sensitiveKeys: {{- range $index, $elem := $secret.path -}} {{- if and $shouldContinue (hasKey $currentMap $elem) -}} {{- if eq (len $secret.path) (add1 $index) -}} - {{- if not (regexMatch "\\$(?:__(?:env|file|value))?{[^}]+}" (index $currentMap $elem)) -}} + {{- if not (regexMatch "\\$(?:__(?:env|file|vault))?{[^}]+}" (index $currentMap $elem)) -}} {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} {{- end -}} {{- else -}} From 0212c408899a9314320674f1ed5385b616d86507 Mon Sep 17 00:00:00 2001 From: Brendan Dalpe Date: Tue, 16 Jan 2024 09:05:24 -0600 Subject: [PATCH 4/4] Add a help message Signed-off-by: Brendan Dalpe --- charts/grafana/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index 6a59d372b2..790d5a293a 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -264,7 +264,7 @@ sensitiveKeys: {{- if and $shouldContinue (hasKey $currentMap $elem) -}} {{- if eq (len $secret.path) (add1 $index) -}} {{- if not (regexMatch "\\$(?:__(?:env|file|vault))?{[^}]+}" (index $currentMap $elem)) -}} - {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead. You can disable this client-side validation by changing the value of assertNoLeakedSecrets." (join "." $secret.path)) -}} {{- end -}} {{- else -}} {{- $currentMap = index $currentMap $elem -}}