Passing literal values to helm requires escaping

[baracoder]

Describe the bug

Following a guide I have to pass a json file as a value of a chart:

helm repo add 1password https://1password.github.io/connect-helm-charts/
helm install connect 1password/connect --set-file connect.credentials=1password-credentials.json

The file 1password-credentials.json looks like this:

{
  "verifier": {
    "salt": "xxx",
    "localHash": "xxxx"
  },
  "encCredentials": {
    "kid": "xxx",
    "enc": "xxx",
    "cty": "b5+jwk+json",
    "iv": "xxx",
    "data": "xxx-xxx-xxx"
  },
  "version": "2",
  "deviceUuid": "xxx",
  "uniqueKey": {
    "alg": "xxx",
    "ext": true,
    "k": "xxx-xxx",
    "key_ops": [
      "encrypt",
      "decrypt"
    ],
    "kty": "xxx",
    "kid": "xxx"
  }
}

To do it using flux, I have created a HelmRepository and HelmRelease like this:

apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
  name: 1password
spec:
  interval: 10m
  url: https://1password.github.io/connect-helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: connect
  namespace: 1password
spec:
  interval: 5m
  chart:
    spec:
      chart: connect
      version: '1.4.0'
      sourceRef:
        kind: HelmRepository
        name: 1password
        namespace: 1password
      interval: 5m
  valuesFrom:
    - kind: Secret
      name: 1password-credentials
      valuesKey: 1password-credentials
      targetPath: connect.credentials

Now simply creating a secret with the file contents

kubectl create secret generic 1password-credentials --from-file=1password-credentials=1password-credentials.json -n 1password

fails as helm will try and fail to parse those.
I had to use a workaround mentioned here to escape the whole file contents:

cat 1password-credentials.json | jq -aRs . | sed 's/\([][{},.]\)/\\\1/g' > 1password-credentials-escaped.txt
kubectl create secret generic 1password-credentials \
    --from-file=1password-credentials=1password-credentials-escaped.txt \
    -n 1password

I think an option to pass literal values to helm like with --set-file would be useful.

Steps to reproduce

1. Create Secret from the file kubectl create secret generic 1password-credentials --from-file=1password-credentials=1password-credentials.json -n 1password
2. Create HelmRepository and HelmRelease objects (see description)
3. Observe HelmRelease failing to deploy:

unable to merge value from key '1password-credentials' in Secret '1password/1password-credentials' into target path 'connect.credentials': key "\"localHash\":\"xxx\"}" has no value (cannot end with ,)

Expected behavior

Value is passed as a whole to targetPath: connect.credentials

Screenshots and recordings

No response

OS / Distro

N/A

Flux version

0.16.0

Flux check

N/A

Git provider

No response

Container Registry provider

No response

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[hiddeco]

Upgrading to the latest and greatest patch release will likely resolve this issue, given fluxcd/helm-controller#298 was included in 0.11.2: https://github.com/fluxcd/helm-controller/blob/main/CHANGELOG.md#0112

[baracoder]

Thank you @hiddeco. I should have seen the separate helm-controller repo. There is also fluxcd/helm-controller#42 mentioning --set-file directly.
If I understand fluxcd/helm-controller#298 correctly, it will make sed 's/\([][{},.]\)/\\\1/g' unnecessary but still require to quote & escape the contents of a file like this

echo { "a": "a1" } | jq -aRs .
"{ a: a1 }\n"