Add imagePullSecrets parsing in helm v2-alpha plugin

Author: zarcen

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/chart_converter.go

@@ -105,7 +105,7 @@ func (c *ChartConverter) ExtractDeploymentConfig() map[string]interface{} {
 	}
 
 	extractPodSecurityContext(specMap, config)
-
+	extractPodImagePullSecrets(specMap, config)
 	container := firstManagerContainer(specMap)
 	if container == nil {
 		return config
@@ -135,6 +135,20 @@ func extractDeploymentSpec(deployment *unstructured.Unstructured) map[string]int
 	return specMap
 }
 
+func extractPodImagePullSecrets(specMap map[string]interface{}, config map[string]interface{}) {
+	imagePullSecrets, found, err := unstructured.NestedFieldNoCopy(specMap, "imagePullSecrets")
+	if !found || err != nil {
+		return
+	}
+
+	imagePullSecretsList, ok := imagePullSecrets.([]interface{})
+	if !ok || len(imagePullSecretsList) == 0 {
+		return
+	}
+
+	config["imagePullSecrets"] = imagePullSecretsList
+}
+
 func extractPodSecurityContext(specMap map[string]interface{}, config map[string]interface{}) {
 	podSecurityContext, found, err := unstructured.NestedFieldNoCopy(specMap, "securityContext")
 	if !found || err != nil {

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/chart_converter_test.go

@@ -274,6 +274,39 @@ var _ = Describe("ChartConverter", func() {
 			Expect(config["webhookPort"]).To(Equal(9444))
 		})
 
+		It("should extract image pull secrets", func() {
+			// Set up deployment with image pull secrets
+			containers := []interface{}{
+				map[string]interface{}{
+					"name":  "manager",
+					"image": "controller:latest",
+				},
+			}
+			imagePullSecrets := []interface{}{
+				map[string]interface{}{
+					"name": "test-secret",
+				},
+			}
+			// Set the image pull secrets
+			err := unstructured.SetNestedSlice(
+				resources.Deployment.Object,
+				imagePullSecrets,
+				"spec", "template", "spec", "imagePullSecrets",
+			)
+			Expect(err).NotTo(HaveOccurred())
+			// Set the containers
+			err = unstructured.SetNestedSlice(
+				resources.Deployment.Object,
+				containers,
+				"spec", "template", "spec", "containers",
+			)
+			Expect(err).NotTo(HaveOccurred())
+
+			config := converter.ExtractDeploymentConfig()
+			Expect(config).To(HaveKey("imagePullSecrets"))
+			Expect(config["imagePullSecrets"]).To(Equal(imagePullSecrets))
+		})
+
 		It("should handle deployment without containers", func() {
 			config := converter.ExtractDeploymentConfig()
 			Expect(config).To(BeEmpty())

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/helm_templater.go

@@ -183,6 +183,7 @@ func (t *HelmTemplater) templateDeploymentFields(yamlContent string) string {
 	// Template configuration fields
 	yamlContent = t.templateImageReference(yamlContent)
 	yamlContent = t.templateEnvironmentVariables(yamlContent)
+	yamlContent = t.templateImagePullSecrets(yamlContent)
 	yamlContent = t.templatePodSecurityContext(yamlContent)
 	yamlContent = t.templateContainerSecurityContext(yamlContent)
 	yamlContent = t.templateResources(yamlContent)
@@ -325,6 +326,57 @@ func (t *HelmTemplater) templateVolumes(yamlContent string) string {
 	return yamlContent
 }
 
+// templateImagePullSecrets exposes imagePullSecrets via values.yaml
+func (t *HelmTemplater) templateImagePullSecrets(yamlContent string) string {
+	if !strings.Contains(yamlContent, "imagePullSecrets:") {
+		return yamlContent
+	}
+
+	lines := strings.Split(yamlContent, "\n")
+	for i := 0; i < len(lines); i++ {
+		if strings.TrimSpace(lines[i]) != "imagePullSecrets:" {
+			continue
+		}
+		indentStr, indentLen := leadingWhitespace(lines[i])
+		end := i + 1
+		for ; end < len(lines); end++ {
+			trimmed := strings.TrimSpace(lines[end])
+			if trimmed == "" {
+				break
+			}
+			lineIndent := len(lines[end]) - len(strings.TrimLeft(lines[end], " \t"))
+			if lineIndent <= indentLen {
+				break
+			}
+		}
+
+		if end >= len(lines) {
+			break
+		}
+
+		if i+1 < len(lines) && strings.Contains(lines[i+1], ".Values.manager.imagePullSecrets") {
+			return yamlContent
+		}
+
+		childIndent := indentStr + "  "
+		childIndentWidth := strconv.Itoa(len(childIndent))
+
+		block := []string{
+			indentStr + "{{- if .Values.manager.imagePullSecrets }}",
+			indentStr + "imagePullSecrets:",
+			childIndent + "{{- toYaml .Values.manager.imagePullSecrets | nindent " + childIndentWidth + " }}",
+			indentStr + "{{- end }}",
+		}
+
+		newLines := append([]string{}, lines[:i]...)
+		newLines = append(newLines, block...)
+		newLines = append(newLines, lines[end:]...)
+		return strings.Join(newLines, "\n")
+	}
+
+	return yamlContent
+}
+
 // templatePodSecurityContext exposes podSecurityContext via values.yaml
 func (t *HelmTemplater) templatePodSecurityContext(yamlContent string) string {
 	if !strings.Contains(yamlContent, "securityContext:") {

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/templates/values_basic.go

@@ -228,6 +228,25 @@ func (f *HelmValuesBasic) addDeploymentConfig(buf *bytes.Buffer) {
 		buf.WriteString("  env: []\n\n")
 	}
 
+	// Add image pull secrets
+	if imagePullSecrets, exists := f.DeploymentConfig["imagePullSecrets"]; exists && imagePullSecrets != nil {
+		buf.WriteString("  # Image pull secrets\n")
+		buf.WriteString("  imagePullSecrets:\n")
+		if imagePullSecretsYaml, err := yaml.Marshal(imagePullSecrets); err == nil {
+			lines := bytes.Split(imagePullSecretsYaml, []byte("\n"))
+			for _, line := range lines {
+				if len(line) > 0 {
+					buf.WriteString("    ")
+					buf.Write(line)
+					buf.WriteString("\n")
+				}
+			}
+		}
+		buf.WriteString("\n")
+	} else {
+		f.addDefaultImagePullSecrets(buf)
+	}
+
 	// Add podSecurityContext
 	if podSecCtx, exists := f.DeploymentConfig["podSecurityContext"]; exists && podSecCtx != nil {
 		buf.WriteString("  # Pod-level security settings\n")
@@ -291,6 +310,7 @@ func (f *HelmValuesBasic) addDefaultDeploymentSections(buf *bytes.Buffer) {
 	buf.WriteString("  # Environment variables\n")
 	buf.WriteString("  env: []\n\n")
 
+	f.addDefaultImagePullSecrets(buf)
 	f.addDefaultPodSecurityContext(buf)
 	f.addDefaultSecurityContext(buf)
 	f.addDefaultResources(buf)
@@ -323,6 +343,12 @@ func (f *HelmValuesBasic) addArgsSection(buf *bytes.Buffer) {
 	buf.WriteString("  args: []\n\n")
 }
 
+// addDefaultImagePullSecrets adds default imagePullSecrets section
+func (f *HelmValuesBasic) addDefaultImagePullSecrets(buf *bytes.Buffer) {
+	buf.WriteString("  # Image pull secrets\n")
+	buf.WriteString("  imagePullSecrets: []\n\n")
+}
+
 // addDefaultPodSecurityContext adds default podSecurityContext section
 func (f *HelmValuesBasic) addDefaultPodSecurityContext(buf *bytes.Buffer) {
 	buf.WriteString("  # Pod-level security settings\n")

testdata/project-v4-with-plugins/dist/chart/values.yaml

@@ -18,6 +18,9 @@ manager:
     - name: MEMCACHED_IMAGE
       value: memcached:1.6.26-alpine3.19
 
+  # Image pull secrets
+  imagePullSecrets: []
+
   # Pod-level security settings
   podSecurityContext:
     runAsNonRoot: true