fix: media-pvc template extraLabels

[runderwoodcr14]

Description

• Currently when trying to use media-pvc template it fails with the following error:

install.go:214: [debug] Original chart version: ""

Error: template: defectdojo/templates/media-pvc.yaml:13:20: executing "defectdojo/templates/media-pvc.yaml" at <.Values.extraLabels>: nil pointer evaluating interface {}.extraLabels
helm.go:84: [debug] template: defectdojo/templates/media-pvc.yaml:13:20: executing "defectdojo/templates/media-pvc.yaml" at <.Values.extraLabels>: nil pointer evaluating interface {}.extraLabels

The main issue is related to having in the template the following:

{{ with .Values.django.mediaPersistentVolume }}

the “dot” (.) now refers to .Values.django.mediaPersistentVolume. In other words, inside that with block, writing

{{ .Values.extraLabels }}

will try to look up .extraLabels inside .Values.django.mediaPersistentVolume, rather than at the top-level values.

You can see that its already using {{ $.Release.Name }} and similar in the labels block, which explicitly steps back to the “root” context using the $. extraLabels is defined at the top level of the values.yaml, then is also needed to use:

{{- with $.Values.extraLabels }}
  {{- toYaml . | nindent 4 }}
{{- end }}

Test results

# Source: defectdojo/templates/media-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    defectdojo.org/component: django
    app.kubernetes.io/name: defectdojo
    app.kubernetes.io/instance: dd
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: defectdojo-1.6.170
  name: dd-django-media
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi

Documentation

Please update any documentation when needed in the documentation folder)

Checklist

This checklist is for your information.

• Make sure to rebase your PR against the very latest dev.
• Features/Changes should be submitted against the dev.
• Bugfixes should be submitted against the bugfix branch.
• Give a meaningful name to your PR, as it may end up being used in the release notes.
• Your code is flake8 compliant.
• Your code is python 3.11 compliant.
• If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
• Model changes must include the necessary migrations in the dojo/db_migrations folder.
• Add applicable tests to the unit tests.
• Add the proper label to categorize your PR.

[dryrunsecurity]

DryRun Security Summary

The code change modifies the way extra labels are accessed in the Kubernetes Persistent Volume Claim (PVC) configuration for DefectDojo's media files, switching from a 'with' statement to direct value access using '$.Values.extraLabels' syntax.

Expand for full summary

Summary:

The provided code change is related to the Kubernetes Persistent Volume Claim (PVC) for the DefectDojo application's media files. The changes are made in the helm/defectdojo/templates/media-pvc.yaml file, which is responsible for defining the PVC for the media files. The main change is the way the extraLabels field in the metadata section is accessed, using the $.Values.extraLabels syntax instead of the previous with .Values.extraLabels approach. This change ensures that the extraLabels are properly applied to the PVC metadata.

From an application security perspective, the changes in this pull request do not appear to have any direct security implications. However, it's important to consider the proper management and security of persistent storage, such as PVCs, as an important aspect of application security. This includes ensuring appropriate access control, data encryption, backup and restoration procedures, and resource limits to prevent potential security issues.

Files Changed:

• helm/defectdojo/templates/media-pvc.yaml: The changes in this file are related to the configuration of the Kubernetes Persistent Volume Claim (PVC) for the DefectDojo application's media files. The main change is the way the extraLabels field in the metadata section is accessed, using the $.Values.extraLabels syntax instead of the previous with .Values.extraLabels approach. This change ensures that the extraLabels are properly applied to the PVC metadata.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[kiblik]

I bumped into the same issue. At that moment, I applied a local workaround because I needed to have it working fast and I forgot to propose the fix. Thank you for it.

For other, until this is not merged and released, this worked for me (add to your values.yaml):

  django:
    mediaPersistentVolume:
      Values:
        extraLabels:

[kiblik]

I still do not understand how it wasn't detected in tests.