chartutil: add Literal mode to ValuesReference (helm --set-literal semantics)#1218
Merged
Merged
Conversation
gecube
force-pushed
the
feat/valuesfrom-literal
branch
from
b4592f9 to
53e9227
Compare
gecube
added a commit
to gecube/helm-controller
that referenced
this pull request
May 25, 2026
Exposes the new `literal` field on `valuesFrom` entries, mirroring the addition to `meta.ValuesReference` in fluxcd/pkg#1218. When set together with `targetPath`, the referenced value is passed to Helm verbatim (equivalent of `helm --set-literal`) instead of being parsed by `strvals.ParseInto`, so file content containing commas, brackets, braces or equal signs survives the round-trip intact. This commit ships only the OpenAPI schema (so the field is validated by the API server) and the user-facing documentation. The runtime support lives in fluxcd/pkg/chartutil; once that PR merges and a `fluxcd/pkg` release is cut, a follow-up will bump the dependency here so helm-controller actually honours the field. Until then, setting `literal: true` is accepted by the API but has no effect — the field is forward-compatible. Addresses fluxcd#1317. Signed-off-by: George Gaál <gb12335@gmail.com>
Member
|
Does this solves fluxcd/flux2#2625? |
Contributor
Author
|
@stefanprodan Hi! I think that yes, I did not find that issue before, but came from the other end - I got a very weird error when trying to put the configmap in yaml format as a key with valuesFrom. So now it looks like that in fact it is the same thing |
Member
|
Please add a test that replicates fluxcd/flux2#2625 and let's see if it passes |
Contributor
Author
|
Ok, thanks, I will do it tomorrow and return asap |
gecube
added a commit
to gecube/pkg
that referenced
this pull request
Jun 4, 2026
Replicates the exact scenario from fluxcd/flux2#2625: a Secret named `kafka` with a `brokers` key whose value is a comma-separated list of `host:port` endpoints (`kafka01.net:9092,kafka02.net:9092,...`), referenced via `valuesFrom` with `targetPath: kafka.brokers`. Without Literal mode the strvals parser splits on the commas and tries to interpret each `host:port` segment as a key/value pair, producing the exact error the issue reports: key "net:9092" has no value (cannot end with ,) Two integration cases in TestChartValuesFromReferences pin the bug and its fix: - non-literal path fails (`wantErr: true`) — documents the original defect. - `Literal: true` succeeds and preserves the broker list verbatim at `kafka.brokers` — confirms the new mode resolves it. A unit case in TestReplacePathLiteralValue exercises the same input through the lower-level helper. Requested by stefanprodan in fluxcd#1218 review. Signed-off-by: George Gaál <gb12335@gmail.com>
Contributor
Author
|
@stefanprodan please check |
Member
|
@gecube Please rebase and force-push 🙏 |
gecube
force-pushed
the
feat/valuesfrom-literal
branch
from
4f6d31e to
48faddc
Compare
Contributor
Author
|
@matheuscscp done, thanks |
Member
|
@gecube Strange, I still see the
Assuming |
When a HelmRelease consumer references a ConfigMap or Secret via valuesFrom with a targetPath set, the referenced value is currently fed to Helm's strvals.ParseInto parser — the same parser as `helm --set`. That treats commas, square brackets, braces and equal signs in the value as syntactic metacharacters, so arbitrary file content (Spring application.yml with flow sequences, HOCON application.conf, JSON, multi-line strings with trailing commas, …) is misparsed or causes hard errors like `error parsing index: strconv.Atoi: parsing " \"foo\", \"bar\" "`. The existing single/double-quote workaround (introduced in helm-controller fluxcd#298) is impractical for delivering raw config files from kustomize configMapGenerator / secretGenerator: the generated CM data is the file content as-is, with no opportunity to wrap it. This commit adds a new boolean field `Literal` to meta.ValuesReference. When set together with TargetPath, ChartValuesFromReferences calls a new ReplacePathLiteralValue helper that pre-escapes strvals metacharacters in the value before delegating to strvals.ParseIntoString. The result is a verbatim value preserved at the target path, while the path itself still honours `\.` escapes (which the alternative helm strvals.ParseLiteralInto does not). Has no effect when TargetPath is empty (root YAML merge is unchanged). Default Literal=false preserves backward compatibility with all existing HelmReleases. Resolves fluxcd/helm-controller#1317, addresses parts of fluxcd#460, fluxcd#853, flux2#1756. The CRD schema bump and consumer wiring in helm-controller is a separate follow-up PR. Signed-off-by: George Gaál <gb12335@gmail.com>
gecube
force-pushed
the
feat/valuesfrom-literal
branch
from
48faddc to
bf5caf5
Compare
gecube
added a commit
to gecube/helm-controller
that referenced
this pull request
Jun 4, 2026
The OpenAPI schema for the new `literal` field on `valuesFrom` entries landed via the CRD regeneration in fluxcd#1506 (k8s 1.36 / Go 1.26 bump, which picked up the corresponding field from the regenerated meta package). This commit ships only the matching user-facing documentation in docs/spec/v2/helmreleases.md. The runtime support lives in fluxcd/pkg/chartutil (fluxcd/pkg#1218); once that merges and a release is cut, a follow-up here will bump the dependency so helm-controller actually honours the field. Until then, setting `literal: true` is accepted by the API but has no effect. Addresses fluxcd#1317. Closes fluxcd/flux2#2625. Signed-off-by: George Gaál <gb12335@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When a
HelmReleaseconsumes aConfigMaporSecretviavaluesFromwith atargetPathset, the referenced value is currently passed to Helm'sstrvals.ParseInto— the same parser ashelm --set. That treats,,[,],{,},=and\in the value as syntactic metacharacters, so arbitrary file content (Springapplication.ymlwith flow sequences, HOCONapplication.conf, JSON blobs, multi-line YAML with trailing commas, …) is misparsed or fails outright with errors like:The single/double-quote workaround introduced in helm-controller#298 (
'<value>'→ParseIntoString) is impractical for delivering raw config files via kustomizeconfigMapGenerator/secretGenerator: the generated CM data is the file content as-is, with no opportunity to wrap it without sidecar files or build steps. Flux's kustomize-controller explicitly disables Kustomize plugins (PluginConfig: kustypes.DisabledPluginConfig()), so a transformer-based workaround isn't available either.Solution
Adds a
Literal boolfield tometa.ValuesReference. WhenLiteral: truetogether withTargetPath,ChartValuesFromReferencescalls a newReplacePathLiteralValuehelper instead ofReplacePathValue. The helper pre-escapes strvals metacharacters in the value, then delegates tostrvals.ParseIntoString— that combination yields:,/[/{/=interpretation; no type coercion to int/bool/list/map).externalConfig.application\.yml.contentresolves to the literal keyapplication.yml, which the alternativestrvals.ParseLiteralIntodoes not).Literalhas no effect whenTargetPathis empty (the root YAML-merge path is unchanged). DefaultLiteral: falseis fully backward compatible.Why not
strvals.ParseLiteralInto?It is the obvious choice and was the first thing I tried. It correctly preserves value metacharacters, but does not support
\.escapes in the path:Charts that use filenames as map keys (a common Helm pattern for per-file config) need the
\.escape, so I went with pre-escaping the value and routing throughParseIntoString. Documented in the function doc comment.API
Tests
chartutil/values_test.gogains:TestChartValuesFromReferences— new cases:non-literal target path mangles value with commas— pinning the current bug as a regression test.literal target path preserves helm-set metacharacters— Spring-style YAML with flow sequence.literal target path preserves multi-line HOCON with equals and braces— HOCON content read from a Secret.literal flag without targetPath is ignored (root YAML merge)— documents the no-effect branch.TestReplacePathLiteralValue— 10 unit cases covering commas, braces, brackets, equals, multi-line YAML, HOCON, JSON, boolean-shaped strings, and the\.path escape.All existing tests continue to pass.
Backward compatibility
omitempty; defaults tofalse.*out = *in) —ValuesReferenceis a plain value type, no regeneration needed.ReplacePathValuewhenLiteral: false).Follow-up
This PR ships the API + behaviour in
fluxcd/pkg. A follow-up PR influxcd/helm-controllerwill:fluxcd/pkgdependency to a release containing this change.config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yamlso the field is openAPI-validated by the API server.valuesFrom literalsection todocs/spec/v2/helmreleases.md.Related
--set-literalsemantics invaluesFrom + targetPath)valuesFrom)--set-literalupstream in helm#9182 (v3.12); this brings the equivalent to Flux.