From a72f86c1ab6e03a8c6ba71192e969685d1bccb2a Mon Sep 17 00:00:00 2001
From: Frederic MARTIN <frederic@martin.lc>
Date: Tue, 2 Jul 2024 17:29:48 +0200
Subject: [PATCH] Better handling of PATH env var with initConfig (#401)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 👔 add new exclusion for PATH env

* ⬆️ bump chart

* ⬆️ bump chart minor

* ✨ Add new PATH envvar logic

* ✅ Add test for new logic

* 📝 update doc
---
 charts/atlantis/Chart.yaml                  |  2 +-
 charts/atlantis/README.md                   |  1 +
 charts/atlantis/templates/_helpers.tpl      | 13 +++++
 charts/atlantis/templates/statefulset.yaml  |  4 +-
 charts/atlantis/tests/statefulset_test.yaml | 57 +++++++++++++++++++++
 charts/atlantis/values.schema.json          |  4 ++
 charts/atlantis/values.yaml                 |  3 ++
 7 files changed, 81 insertions(+), 3 deletions(-)

diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
index 77b47afd..b2ce180c 100644
--- a/charts/atlantis/Chart.yaml
+++ b/charts/atlantis/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.28.3
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 5.2.1
+version: 5.3.0
 keywords:
   - terraform
 home: https://www.runatlantis.io
diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md
index 02b719f3..a2384cd2 100644
--- a/charts/atlantis/README.md
+++ b/charts/atlantis/README.md
@@ -105,6 +105,7 @@ extraManifests:
 | extraArgs | list | `[]` | Optionally specify extra arguments for the Atlantis pod. Check values.yaml for examples. |
 | extraContainers | list | `[]` | Optionally specify extra containers for the Atlantis pod. Check values.yaml for examples. |
 | extraManifests | list | `[]` | Optionally specify additional manifests to be created. Check values.yaml for examples. |
+| extraPath | string | `""` | Additional path (`:` separated) that will be appended to the system `PATH` environment variable. |
 | extraVolumeMounts | list | `[]` | Optionally specify additional volume mounts for the container. Check values.yaml for examples. |
 | extraVolumes | list | `[]` | Optionally specify additional volumes for the pod. Check values.yaml for examples. |
 | fullnameOverride | string | `""` | Provide a name to substitute for the full names of resources. |
diff --git a/charts/atlantis/templates/_helpers.tpl b/charts/atlantis/templates/_helpers.tpl
index f4f983e6..1369ab3a 100644
--- a/charts/atlantis/templates/_helpers.tpl
+++ b/charts/atlantis/templates/_helpers.tpl
@@ -128,3 +128,16 @@ heritage: {{ .Release.Service }}
 {{ toYaml .Values.commonLabels }}
 {{- end }}
 {{- end -}}
+
+{{/*
+Define PATH environment variable that will be used system-wide.
+*/}}
+{{- define "atlantis.pathEnvironmentVariable" -}}
+{{- if .Values.extraPath }}
+{{- printf "%s:" .Values.extraPath -}}
+{{- end -}}
+{{- if .Values.initConfig.sharedDir }}
+{{- printf "%s:" .Values.initConfig.sharedDir -}}
+{{- end -}}
+{{- printf "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" }}
+{{- end -}}
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index 5f5f7a86..595ab3d7 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -251,6 +251,8 @@ spec:
           {{- toYaml . | nindent 10 }}
           {{- end }}
           {{- end }}
+          - name: PATH
+            value: {{ template "atlantis.pathEnvironmentVariable" . }}
           {{- range $key, $value := .Values.environment }}
           - name: {{ $key }}
             value: {{ $value | quote }}
@@ -485,8 +487,6 @@ spec:
             value: {{ .Values.aws.directory }}/config
           {{- end }}
           {{- if .Values.initConfig.enabled }}
-          - name: PATH
-            value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:{{ .Values.initConfig.sharedDir }}
           - name: INIT_SHARED_DIR
             value: {{ .Values.initConfig.sharedDir }}
           {{- end }}
diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml
index e84acc6e..ef60faa3 100644
--- a/charts/atlantis/tests/statefulset_test.yaml
+++ b/charts/atlantis/tests/statefulset_test.yaml
@@ -117,6 +117,8 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].env
           value:
+            - name: PATH
+              value: /plugins:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
             - name: ATLANTIS_DATA_DIR
               value: /atlantis-data
             - name: ATLANTIS_REPO_ALLOWLIST
@@ -895,3 +897,58 @@ tests:
       - equal:
           path: spec.template.spec.terminationGracePeriodSeconds
           value: 30
+  - it: extraPath
+    template: statefulset.yaml
+    set:
+      extraPath: "/foo:/bar"
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].env
+          value:
+            - name: PATH
+              value: /foo:/bar:/plugins:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+            - name: ATLANTIS_DATA_DIR
+              value: /atlantis-data
+            - name: ATLANTIS_REPO_ALLOWLIST
+              value: <replace-me>
+            - name: ATLANTIS_PORT
+              value: "4141"
+            - name: ATLANTIS_ATLANTIS_URL
+              value: http://
+  - it: sharedDirPath
+    template: statefulset.yaml
+    set:
+      initConfig.sharedDir: "/home/atlantis"
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].env
+          value:
+            - name: PATH
+              value: /home/atlantis:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+            - name: ATLANTIS_DATA_DIR
+              value: /atlantis-data
+            - name: ATLANTIS_REPO_ALLOWLIST
+              value: <replace-me>
+            - name: ATLANTIS_PORT
+              value: "4141"
+            - name: ATLANTIS_ATLANTIS_URL
+              value: http://
+  - it: extraPathWithSharedDirPath
+    template: statefulset.yaml
+    set:
+      initConfig.sharedDir: "/home/atlantis"
+      extraPath: "/foo:/bar"
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].env
+          value:
+            - name: PATH
+              value: /foo:/bar:/home/atlantis:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+            - name: ATLANTIS_DATA_DIR
+              value: /atlantis-data
+            - name: ATLANTIS_REPO_ALLOWLIST
+              value: <replace-me>
+            - name: ATLANTIS_PORT
+              value: "4141"
+            - name: ATLANTIS_ATLANTIS_URL
+              value: http://
diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json
index 164e740c..2403a5d1 100644
--- a/charts/atlantis/values.schema.json
+++ b/charts/atlantis/values.schema.json
@@ -866,6 +866,10 @@
       "type": "string",
       "description": "Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key."
     },
+    "extraPath": {
+      "type": "string",
+      "description": "Additional paths that will be appended to the system `PATH` environment variable. These paths should be separated with `:` to match system notation."
+    },
     "environment": {
       "type": "object",
       "description": "Map of environment variables for the container.",
diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
index b5567c6e..8d67ad0f 100644
--- a/charts/atlantis/values.yaml
+++ b/charts/atlantis/values.yaml
@@ -470,6 +470,9 @@ enableKubernetesBackend: false
 # -- TLS Secret Name for Atlantis pod.
 tlsSecretName: ""
 
+# -- Additional path (`:` separated) that will be appended to the system `PATH` environment variable.
+extraPath: ""
+
 # -- Environtment values to add to the Atlantis pod.
 # Check values.yaml for examples.
 environment: {}