From 0da3baa3ebe2a922617f10be3e9149a648fd7699 Mon Sep 17 00:00:00 2001
From: Matteo Gastaldello <matteo.gastaldellomiotto@gmail.com>
Date: Tue, 9 Jul 2024 14:59:44 +0200
Subject: [PATCH] fix: handle relative urls in index.yaml when getting helm
 repositories

* fix: remove unused security context

* fix: remove security context from spec.containers

* fix: handle relative urls in index.yaml when getting helm repositories
---
 internal/helm/getter/helm.go              | 13 ++++++++++++-
 internal/templates/assets/deployment.yaml | 20 ++++++++++----------
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/internal/helm/getter/helm.go b/internal/helm/getter/helm.go
index d9fe383..a099e00 100644
--- a/internal/helm/getter/helm.go
+++ b/internal/helm/getter/helm.go
@@ -2,6 +2,7 @@ package getter
 
 import (
 	"fmt"
+	"net/url"
 	"strings"
 
 	"github.com/krateoplatformops/core-provider/internal/helm/repo"
@@ -40,8 +41,18 @@ func (g *repoGetter) Get(opts GetOptions) ([]byte, string, error) {
 		return nil, "", fmt.Errorf("no package url found in index @ %s/%s", res.Name, res.Version)
 	}
 
+	chartUrlStr := res.URLs[0]
+	_, err = url.ParseRequestURI(chartUrlStr)
+	if err != nil {
+		chartUrlStr = fmt.Sprintf("%s/%s", opts.URI, chartUrlStr)
+		_, err = url.ParseRequestURI(chartUrlStr)
+		if err != nil {
+			return nil, "", fmt.Errorf("invalid chart url: %s", chartUrlStr)
+		}
+	}
+
 	newopts := GetOptions{
-		URI:                   res.URLs[0],
+		URI:                   chartUrlStr,
 		Version:               res.Version,
 		Repo:                  res.Name,
 		InsecureSkipVerifyTLS: opts.InsecureSkipVerifyTLS,
diff --git a/internal/templates/assets/deployment.yaml b/internal/templates/assets/deployment.yaml
index 5c973e3..d1f0a53 100644
--- a/internal/templates/assets/deployment.yaml
+++ b/internal/templates/assets/deployment.yaml
@@ -44,21 +44,21 @@ spec:
           name: metrics
           protocol: TCP
         resources: {}
-        securityContext:
-          allowPrivilegeEscalation: false
-          privileged: false
-          runAsGroup: 2000
-          runAsNonRoot: true
-          runAsUser: 2000
+        # securityContext:
+        #   allowPrivilegeEscalation: false
+        #   privileged: false
+        #   runAsGroup: 2000
+        #   runAsNonRoot: true
+        #   runAsUser: 2000
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       schedulerName: default-scheduler
-      securityContext:
-        runAsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
+      # securityContext:
+      #   runAsGroup: 2000
+      #   runAsNonRoot: true
+      #   runAsUser: 2000
       serviceAccount: {{ .name }}
       serviceAccountName: {{ .name }}
       terminationGracePeriodSeconds: 30
\ No newline at end of file