Helm 3 template errors with network policy templates

[nkaravias]

When attempting to install the forseti chart with default values there seems to be a templating issue. This seems to be related to https://github.com/helm/helm/issues/7711, so the answer might simply need to be a change in some of the templates and a new release.

helm version
version.BuildInfo{Version:"v3.4.2", GitCommit:"23dd3af5e19a02d4f4baa5b2f242645a1a3af629", GitTreeState:"dirty", GoVersion:"go1.15.5"}

Following the instructions from: https://github.com/forseti-security/helm-charts/tree/master/charts/forseti-security, installing without tiller:

• Fetch the chart tarball for 2.2.0: helm fetch forseti-security/forseti-security --version=2.2.0
• Render the chart into deployable manifests:

  FORSETI_NAMESPACE=test
  SERVER_BUCKET=some-random-bucket
  VERSION=2.2.0
  helm template --debug --set production=false \
            --namespace $FORSETI_NAMESPACE \
            --set-string server.config.contents="$(gsutil cat gs://${SERVER_BUCKET}/configs/forseti_conf_server.yaml | base64 -)" \
            --values=forseti-values.yaml \
            forseti-security-${VERSION}.tgz

  The following error is thrown:

  
  install.go:172: [debug] Original chart version: ""
  install.go:189: [debug] CHART PATH: /.../helm/forseti-security-2.2.0.tgz

Error: template: forseti-security/templates/orchestrator/network-policies/default-deny-ingress-egress.yaml:15:6: executing "forseti-security/templates/orchestrator/network-policies/default-deny-ingress-egress.yaml" at <(.Values.networkPolicy.enabled) and (.Values.orchestrator.enabled)>: can't give argument to non-function .Values.networkPolicy.enabled helm.go:81: [debug] template: forseti-security/templates/orchestrator/network-policies/default-deny-ingress-egress.yaml:15:6: executing "forseti-security/templates/orchestrator/network-policies/default-deny-ingress-egress.yaml" at <(.Values.networkPolicy.enabled) and (.Values.orchestrator.enabled)>: can't give argument to non-function .Values.networkPolicy.enabled

If I modify the offending network policy templates (for example https://github.com/forseti-security/helm-charts/blob/master/charts/forseti-security/templates/orchestrator/network-policies/default-deny-ingress-egress.yaml#L15)
and break the composite if block into two separate ones this seems to work:

{{ if (.Values.networkPolicy.enabled) and (.Values.orchestrator.enabled) }}

into

{{ if .Values.networkPolicy.enabled }} {{ if .Values.orchestrator.enabled }}

[robhyb19]

@nkaravias Ran into this issue while trying to install via the helm terraform provider (0.10.x which is on helm 2). Downloading the chart locally and making the changes you mentioned above fixed the issue. I've tried see if there are any compatibility issues where helm 2 can't leverage composite statements and haven't found any.

Any idea why the composite if block is causing this problem?

[bacongobbler]

Any idea why the composite if block is causing this problem?

Go's text/template syntax does not support this style. More recent versions of Go detect this and now report back an error. See https://golang.org/doc/go1.14 for more details.

Switching to the correct if and ( ... ) ( ... ) will work with both Helm 2 and Helm 3. if ( ... ) and ( ... ) never worked in the first place.

[tony-mw]

It looks like this PR fixed the issue: #81 - however, it doesnt look like this fix has made it into a release. It would be great if we could get a release that includes this fix