feat: add alpha-config helpers and deprecation guards#405
feat: add alpha-config helpers and deprecation guards#405pierluigilenoci wants to merge 3 commits intooauth2-proxy:mainfrom
Conversation
- Add alpha-config.source and alpha-config.name template helpers to centralize alpha config type detection and name resolution - Add deprecation guards: fail fast when existingConfig and existingSecret are both set, or when external sources are combined with generated alpha content - Simplify secret-alpha.yaml and deployment.yaml volume definitions using the new helpers - Only compute checksum/alpha-config for generated alpha configs - Document mutual exclusivity of existingConfig/existingSecret - Add CI test for alphaConfig.existingSecret scenario Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
There was a problem hiding this comment.
Pull request overview
This PR improves the Helm chart’s alpha config handling by centralizing alpha config source/name resolution into reusable helpers, simplifying templates that mount/generate alpha config, and adding guardrails against invalid value combinations.
Changes:
- Add
oauth2-proxy.alpha-config.sourceandoauth2-proxy.alpha-config.namehelpers to standardize alpha config selection and naming. - Add fail-fast guards for invalid alpha config combinations (external sources vs generated content; existingConfig vs existingSecret).
- Update deployment/secret templates and add a CT install values file to cover the
alphaConfig.existingSecretscenario.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| helm/oauth2-proxy/values.yaml | Documents mutual exclusivity for alphaConfig.existingConfig and alphaConfig.existingSecret. |
| helm/oauth2-proxy/templates/_helpers.tpl | Introduces centralized alpha-config source + name helpers. |
| helm/oauth2-proxy/templates/secret-alpha.yaml | Generates alpha Secret only when the resolved source is generated, and uses helper for naming. |
| helm/oauth2-proxy/templates/deployment.yaml | Uses resolved alpha source to control checksum annotation and volume mounts/names. |
| helm/oauth2-proxy/templates/deprecation.yaml | Adds guardrails to reject invalid alpha config combinations (currently gated by checkDeprecation). |
| helm/oauth2-proxy/ci/alphaconfig-7-existing-secret-values.yaml | Adds CI install scenario for alphaConfig.existingSecret. |
| helm/oauth2-proxy/Chart.yaml | Bumps chart version and updates Artifact Hub change notes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Use fully qualified field names (alphaConfig.serverConfigData, etc.) in the error message for clarity. Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fullname is already 63 chars max; appending '-alpha' could exceed the Kubernetes name limit. Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@pierluigilenoci I would like to kindly ask you why you ping me? I have no maintainer or merge power here. |
Summary
Structural improvements to alpha config handling, cherry-picked from the non-bugfix parts of #402:
alpha-config.sourceandalpha-config.nametemplate helpers to centralize scattered inline conditionals for alpha config type detection and name resolutionexistingConfig+existingSecretset togetherconfigData,configFile, etc.)secret-alpha.yamlanddeployment.yamlvolume definitions using the new helperschecksum/alpha-configannotation for generated alpha configs (not external)existingConfig/existingSecretinvalues.yamlalphaConfig.existingSecretscenarioNot included (intentionally):
legacy-config.mode→legacy-config.source(breaking for custom templates)legacy/source,alpha/source)no-configmode (already in fix: add no-config legacy mode for external config management #404)Test plan
helm lintpasses for all 24 CI value fileshelm templatewithalphaconfig-7-existing-secret-values.yamlmounts external secret correctly (no generated secret)helm templatewithalphaconfig-1-legacy-true-values.yamlstill generates alpha secret with checksumexistingConfig+existingSecret, external + generated)