From 329b84239b28689fcf86636e9ece1b02030cdb6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Val=C3=A9r=20Orlovsk=C3=BD?= <valer.orlovsky@gmail.com>
Date: Tue, 5 Nov 2024 15:39:18 +0100
Subject: [PATCH] fix(chart): explicitly set namespace based on release (#435)

On `helm install` or `upgrade`, the `--namespace` flag is respected
regardless. However, when using this chart for static templating, the
`--namespace` flag is ignored because the templates do not explicitly
set `.metadata.namespace` to `.Release.Namespace`, making it cumbersome
to customize the namespace.

Signed-off-by: valorl <11498571+valorl@users.noreply.github.com>
---
 charts/atlantis/Chart.yaml                    |  2 +-
 .../atlantis/templates/configmap-config.yaml  |  1 +
 .../templates/configmap-gitconfig-init.yaml   |  1 +
 .../templates/configmap-init-config.yaml      |  1 +
 .../templates/configmap-repo-config.yaml      |  1 +
 charts/atlantis/templates/ingress.yaml        |  1 +
 charts/atlantis/templates/podmonitor.yaml     |  1 +
 charts/atlantis/templates/pvc.yaml            |  1 +
 charts/atlantis/templates/role.yaml           |  1 +
 charts/atlantis/templates/rolebinding.yaml    |  1 +
 charts/atlantis/templates/secret-api.yaml     |  1 +
 charts/atlantis/templates/secret-aws.yaml     |  1 +
 .../atlantis/templates/secret-basic-auth.yaml |  1 +
 .../atlantis/templates/secret-gitconfig.yaml  |  1 +
 charts/atlantis/templates/secret-netrc.yaml   |  1 +
 charts/atlantis/templates/secret-redis.yaml   |  1 +
 .../templates/secret-service-account.yaml     |  1 +
 charts/atlantis/templates/secret-webhook.yaml |  1 +
 charts/atlantis/templates/service.yaml        |  1 +
 charts/atlantis/templates/serviceaccount.yaml |  1 +
 charts/atlantis/templates/servicemonitor.yaml |  1 +
 charts/atlantis/templates/statefulset.yaml    |  1 +
 .../tests/test-atlantis-configmap.yaml        |  1 +
 .../templates/tests/test-atlantis-pod.yaml    |  1 +
 .../atlantis/templates/webhook-ingress.yaml   |  1 +
 charts/atlantis/tests/misc_test.yaml          | 47 +++++++++++++++++++
 26 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 charts/atlantis/tests/misc_test.yaml

diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
index cb5f1e1c..a8572d37 100644
--- a/charts/atlantis/Chart.yaml
+++ b/charts/atlantis/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.30.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 5.9.0
+version: 5.9.1
 keywords:
   - terraform
 home: https://www.runatlantis.io
diff --git a/charts/atlantis/templates/configmap-config.yaml b/charts/atlantis/templates/configmap-config.yaml
index 4873ffa7..f7a7f782 100644
--- a/charts/atlantis/templates/configmap-config.yaml
+++ b/charts/atlantis/templates/configmap-config.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
   {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/configmap-gitconfig-init.yaml b/charts/atlantis/templates/configmap-gitconfig-init.yaml
index b4865d06..575fe189 100644
--- a/charts/atlantis/templates/configmap-gitconfig-init.yaml
+++ b/charts/atlantis/templates/configmap-gitconfig-init.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-gitconfig-init
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/configmap-init-config.yaml b/charts/atlantis/templates/configmap-init-config.yaml
index 93c8d64e..dd3761c6 100644
--- a/charts/atlantis/templates/configmap-init-config.yaml
+++ b/charts/atlantis/templates/configmap-init-config.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-init-config
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/configmap-repo-config.yaml b/charts/atlantis/templates/configmap-repo-config.yaml
index 4a959ead..d63499da 100644
--- a/charts/atlantis/templates/configmap-repo-config.yaml
+++ b/charts/atlantis/templates/configmap-repo-config.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-repo-config
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/ingress.yaml b/charts/atlantis/templates/ingress.yaml
index 924bfad4..735f18e4 100644
--- a/charts/atlantis/templates/ingress.yaml
+++ b/charts/atlantis/templates/ingress.yaml
@@ -18,6 +18,7 @@ apiVersion: {{ $apiVersion }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- if .Values.ingress.labels }}
diff --git a/charts/atlantis/templates/podmonitor.yaml b/charts/atlantis/templates/podmonitor.yaml
index d63e0091..b2a81d4f 100644
--- a/charts/atlantis/templates/podmonitor.yaml
+++ b/charts/atlantis/templates/podmonitor.yaml
@@ -3,6 +3,7 @@ apiVersion: monitoring.googleapis.com/v1
 kind: PodMonitoring
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- if or .Values.service.annotations .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/pvc.yaml b/charts/atlantis/templates/pvc.yaml
index 42fd9209..2d394d2c 100644
--- a/charts/atlantis/templates/pvc.yaml
+++ b/charts/atlantis/templates/pvc.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: {{ template "atlantis.fullname" . }}-data
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/role.yaml b/charts/atlantis/templates/role.yaml
index ec735f7e..33e2ca8c 100644
--- a/charts/atlantis/templates/role.yaml
+++ b/charts/atlantis/templates/role.yaml
@@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/rolebinding.yaml b/charts/atlantis/templates/rolebinding.yaml
index add6277b..e52cfcde 100644
--- a/charts/atlantis/templates/rolebinding.yaml
+++ b/charts/atlantis/templates/rolebinding.yaml
@@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/secret-api.yaml b/charts/atlantis/templates/secret-api.yaml
index c3cfb50a..1fe2e761 100644
--- a/charts/atlantis/templates/secret-api.yaml
+++ b/charts/atlantis/templates/secret-api.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.apiSecretName" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/secret-aws.yaml b/charts/atlantis/templates/secret-aws.yaml
index afe7b835..0e202fab 100644
--- a/charts/atlantis/templates/secret-aws.yaml
+++ b/charts/atlantis/templates/secret-aws.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-aws
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/secret-basic-auth.yaml b/charts/atlantis/templates/secret-basic-auth.yaml
index 96a1ca71..66b7c469 100644
--- a/charts/atlantis/templates/secret-basic-auth.yaml
+++ b/charts/atlantis/templates/secret-basic-auth.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-basic-auth
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/secret-gitconfig.yaml b/charts/atlantis/templates/secret-gitconfig.yaml
index 28b04275..05cbcabb 100644
--- a/charts/atlantis/templates/secret-gitconfig.yaml
+++ b/charts/atlantis/templates/secret-gitconfig.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-gitconfig
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/secret-netrc.yaml b/charts/atlantis/templates/secret-netrc.yaml
index ddb95e0c..d985664a 100644
--- a/charts/atlantis/templates/secret-netrc.yaml
+++ b/charts/atlantis/templates/secret-netrc.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-netrc
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/secret-redis.yaml b/charts/atlantis/templates/secret-redis.yaml
index 88641d3d..d43082ad 100644
--- a/charts/atlantis/templates/secret-redis.yaml
+++ b/charts/atlantis/templates/secret-redis.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-redis
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/secret-service-account.yaml b/charts/atlantis/templates/secret-service-account.yaml
index a31f85f8..b0ea4793 100644
--- a/charts/atlantis/templates/secret-service-account.yaml
+++ b/charts/atlantis/templates/secret-service-account.yaml
@@ -4,6 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $name }}
+  namespace: {{ $.Release.Namespace }}
   labels:
     component: service-account-secret
     {{- include "atlantis.labels" $ | nindent 4 }}
diff --git a/charts/atlantis/templates/secret-webhook.yaml b/charts/atlantis/templates/secret-webhook.yaml
index 68dfab97..efa1833f 100644
--- a/charts/atlantis/templates/secret-webhook.yaml
+++ b/charts/atlantis/templates/secret-webhook.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-webhook
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/service.yaml b/charts/atlantis/templates/service.yaml
index 75b43f0f..fd7820da 100644
--- a/charts/atlantis/templates/service.yaml
+++ b/charts/atlantis/templates/service.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- if or .Values.service.annotations .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/serviceaccount.yaml b/charts/atlantis/templates/serviceaccount.yaml
index c8941035..e7996418 100644
--- a/charts/atlantis/templates/serviceaccount.yaml
+++ b/charts/atlantis/templates/serviceaccount.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "atlantis.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- if or .Values.serviceAccount.annotations .Values.extraAnnotations }}
diff --git a/charts/atlantis/templates/servicemonitor.yaml b/charts/atlantis/templates/servicemonitor.yaml
index aecb96f7..2ed73003 100644
--- a/charts/atlantis/templates/servicemonitor.yaml
+++ b/charts/atlantis/templates/servicemonitor.yaml
@@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- with .Values.servicemonitor.additionalLabels }}
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index bef7e729..36e7b086 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- with .Values.statefulSet.labels }}
diff --git a/charts/atlantis/templates/tests/test-atlantis-configmap.yaml b/charts/atlantis/templates/tests/test-atlantis-configmap.yaml
index 22a4e056..6184c8b4 100644
--- a/charts/atlantis/templates/tests/test-atlantis-configmap.yaml
+++ b/charts/atlantis/templates/tests/test-atlantis-configmap.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-tests
+  namespace: {{ .Release.Namespace }}
 data:
   tests.bats: |-
     setup() {
diff --git a/charts/atlantis/templates/tests/test-atlantis-pod.yaml b/charts/atlantis/templates/tests/test-atlantis-pod.yaml
index b7031b38..7d13208d 100644
--- a/charts/atlantis/templates/tests/test-atlantis-pod.yaml
+++ b/charts/atlantis/templates/tests/test-atlantis-pod.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: "{{ .Release.Name }}-ui-test"
+  namespace: {{ .Release.Namespace }}
   annotations:
     helm.sh/hook: test
     {{- with .Values.test.annotations }}
diff --git a/charts/atlantis/templates/webhook-ingress.yaml b/charts/atlantis/templates/webhook-ingress.yaml
index d051fb05..96c422db 100644
--- a/charts/atlantis/templates/webhook-ingress.yaml
+++ b/charts/atlantis/templates/webhook-ingress.yaml
@@ -18,6 +18,7 @@ apiVersion: {{ $apiVersion }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}-secondary
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- with .Values.webhook_ingress.labels }}
diff --git a/charts/atlantis/tests/misc_test.yaml b/charts/atlantis/tests/misc_test.yaml
new file mode 100644
index 00000000..4d837dc4
--- /dev/null
+++ b/charts/atlantis/tests/misc_test.yaml
@@ -0,0 +1,47 @@
+suite: test miscellaneous cases
+templates:
+  - "*.yaml"
+chart:
+  appVersion: test-appVersion
+release:
+  name: my-release
+  namespace: my-namespace
+tests:
+  - it: ensure namespaces are specified in all resources
+    set:
+      config: "dummy"
+      gitconfigReadOnly: false
+      gitconfig: "dummy"
+      initConfig:
+        enabled: true
+      repoConfig: "dummy"
+      podMonitor:
+        enabled: true
+      servicemonitor:
+        enabled: true
+      enableKubernetesBackend: true
+      api:
+        secret: "dummy"
+      aws:
+        config: "dummy"
+      basicAuth:
+        username: "dummy"
+        password: "dummy"
+      netrc: "dummy"
+      redis:
+        password: "dummy"
+      serviceAccountSecrets:
+        credentials: "dummy"
+      webhook_ingress:
+        enabled: true
+      extraManifests:
+      - apiVersion: v1
+        kind: Pod
+        metadata:
+          name: dummy
+          namespace: "my-namespace"
+
+    asserts:
+      - equal:
+          path: metadata.namespace
+          value: my-namespace