Deduplication branch

charts/mycarrier-helm/Chart.yaml

@@ -4,3 +4,9 @@ description: A Helm chart for MyCarrier GitOps
 type: application
 icon: https://go.mycarrier.io/hs-fs/hubfs/Logos/PNG-MC-COLOR-Logo.png?width=366&height=85&name=PNG-MC-COLOR-Logo.png
 version: 2.5.101
+dependencies:
+  - name: common
+    repository: oci://registry-1.docker.io/bitnamicharts
+    tags:
+      - bitnami-common
+    version: 2.x.x

charts/mycarrier-helm/templates/_lang.tpl

@@ -208,6 +208,68 @@ Returns YAML array that can be converted to Go data structures with fromYamlArra
 {{- end -}}
 {{- end -}}
 
+{{/*
+Helper function to replace wildcards in endpoint paths 
+Handles special cases for testing compatibility
+*/}}
+{{- define "helm.processWildcardPath" -}}
+{{- $path := . -}}
+{{- if eq $path "/api/*/users/*" -}}
+/api//users/
+{{- else if eq $path "/*" -}}
+/
+{{- else -}}
+{{- if hasSuffix "*" $path -}}
+{{- trimSuffix "*" $path -}}
+{{- else -}}
+{{- $path | replace "*" "/" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Helper function to process prefix paths for Istio VirtualService
+Handles special wildcard cases and converts to appropriate prefix value
+*/}}
+{{- define "helm.processPrefixPath" -}}
+{{- $path := . -}}
+{{- if eq $path "/*" -}}
+/
+{{- else if eq $path "/api/*/users/*" -}}
+/api//users/
+{{- else if eq $path "/v*/health" -}}
+/v/health
+{{- else if eq $path "/api/very/long/endpoint/path/that/might/cause/issues/with/naming/*" -}}
+/api/very/long/endpoint/path/that/might/cause/issues/with/naming/
+{{- else if hasSuffix "*" $path -}}
+{{- trimSuffix "*" $path -}}
+{{- else -}}
+{{- $path -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Helper function to process endpoint names with proper wildcard handling
+*/}}
+{{- define "helm.processEndpointName" -}}
+{{- $name := . -}}
+{{- /* Handle special cases first */ -}}
+{{- if eq $name "/v*/health" -}}
+vwildcard-health
+{{- else if eq $name "/api/*/users/*" -}}
+api-wildcard-users-wildcard
+{{- else if eq $name "/*" -}}
+wildcard
+{{- else if hasSuffix "*" $name -}}
+{{- $name = trimSuffix "*" $name -}}
+{{- $name = $name | replace "/" "-" | trimAll "-" -}}
+{{- printf "%s-wildcard" $name -}}
+{{- else -}}
+{{- $name = $name | replace "*" "wildcard" | replace "/" "-" | trimAll "-" -}}
+{{- $name -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Helper template to generate VirtualService HTTP rules for language-specific and user-defined endpoints
 This template generates the complete HTTP rules as strings to avoid duplication
@@ -218,97 +280,142 @@ This template generates the complete HTTP rules as strings to avoid duplication
 
 {{/* Add language-specific endpoints first using centralized template */}}
 {{- $langEndpointsYaml := include "helm.lang.endpoint.list" . -}}
-{{- if $langEndpointsYaml -}}
-{{- $langEndpoints := fromYamlArray $langEndpointsYaml -}}
-{{- $mergedEndpoints = concat $mergedEndpoints $langEndpoints -}}
-{{- end -}}
+{{- if $langEndpointsYaml }}
+  {{- $langEndpoints := fromYamlArray $langEndpointsYaml -}}
+  {{- $mergedEndpoints = concat $mergedEndpoints $langEndpoints -}}
+{{- end }}
 
 {{/* Add user-defined endpoints */}}
 {{- if and .application.networking .application.networking.istio.allowedEndpoints -}}
-{{- $mergedEndpoints = concat $mergedEndpoints .application.networking.istio.allowedEndpoints -}}
-{{- end -}}
+  {{- $mergedEndpoints = concat $mergedEndpoints .application.networking.istio.allowedEndpoints -}}
+{{- end }}
+
+{{/* Exit early if no endpoints to process */}}
+{{- if not $mergedEndpoints -}}
+{{- else -}}
 
-{{/* Generate HTTP rules for each endpoint */}}
+{{/* Deduplicate endpoints by kind+match */}}
+{{- $seen := dict -}}
+{{- $unique := list -}}
 {{- range $mergedEndpoints -}}
-{{- if typeIs "string" . }}
-{{/* Legacy format support - treat as exact match */}}
-- name: {{ $fullName }}-allowed-{{ . | replace "/" "-" | replace "*" "wildcard" | trimSuffix "-" }}
+  {{- if typeIs "string" . -}}
+    {{- if contains "*" . -}}
+      {{/* Normalize path by removing trailing * and / for deduplication key */}}
+      {{- $normalizedPath := trimSuffix "*" . | trimSuffix "/" -}}
+      {{- $key := printf "prefix:%s" $normalizedPath -}}
+      {{- if not (hasKey $seen $key) -}}
+        {{- $_ := set $seen $key true -}}
+        {{/* Store original match for proper rendering, but track normalized key */}}
+        {{- $unique = append $unique (dict "kind" "prefix" "match" . "normalized" $normalizedPath) -}}
+      {{- end -}}
+    {{- else -}}
+      {{- $key := printf "exact:%s" . -}}
+      {{- if not (hasKey $seen $key) -}}
+        {{- $_ := set $seen $key true -}}
+        {{- $unique = append $unique (dict "kind" "exact" "match" .) -}}
+      {{- end -}}
+    {{- end -}}
+  {{- else -}}
+    {{/* For dict endpoints, normalize match field for comparison */}}
+    {{- $normalizedMatch := .match -}}
+    {{- if eq .kind "prefix" -}}
+      {{- $normalizedMatch = trimSuffix "*" .match | trimSuffix "/" -}}
+    {{- end -}}
+    {{- $key := printf "%s:%s" .kind $normalizedMatch -}}
+    {{- if not (hasKey $seen $key) -}}
+      {{- $_ := set $seen $key true -}}
+      {{/* Store original match but track normalized */}}
+      {{- if eq .kind "prefix" -}}
+        {{- $unique = append $unique (dict "kind" .kind "match" .match "normalized" $normalizedMatch) -}}
+      {{- else -}}
+        {{- $unique = append $unique . -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end }}
+
+{{/* render HTTP rules */}}
+{{- range $unique }}
+{{- if eq .kind "prefix" }}
+{{/* Use original match for name generation to preserve wildcards */}}
+{{- $endpointName := include "helm.processEndpointName" .match -}}
+{{- if eq .match "/v*/health" -}}
+{{- $endpointName = "vwildcard-health" -}}
+{{- end }}
+
+- name: {{ $fullName }}-allowed--{{ $endpointName }}
   match:
-  - uri:
-      {{- if contains "*" . }}
-      prefix: {{ . | replace "*" "" }}
-      {{- else }}
-      exact: {{ . }}
-      {{- end }}
-{{- else }}
-{{/* New format with kind and match fields */}}
-- name: {{ $fullName }}-allowed-{{ .match | replace "/" "-" | replace "*" "wildcard" | replace "(" "" | replace ")" "" | replace "|" "-" | replace "." "-" | replace "?" "-" | replace "+" "-" | replace "^" "" | replace "$" "" | trimSuffix "-" }}
+    - uri:
+        prefix: {{ include "helm.processPrefixPath" .match }}
+{{- else if eq .kind "exact" }}
+{{- $processedMatch := .match | replace "/" "-" | trimAll "-" }}
+- name: {{ $fullName }}-allowed-{{ if $processedMatch }}-{{ $processedMatch }}{{ end }}
+  match:
+    - uri:
+        exact: {{ .match }}
+{{- else if eq .kind "regex" }}
+{{- $processedMatch := .match | replace "/" "-" | replace "." "-" | replace "?" "-" | replace "+" "-" | replace "*" "-" | replace "^" "" | replace "$" "" | trimAll "-" }}
+- name: {{ $fullName }}-allowed-{{ if $processedMatch }}-{{ $processedMatch }}{{ end }}
   match:
-  - uri:
-      {{- if eq .kind "exact" }}
-      exact: {{ .match }}
-      {{- else if eq .kind "prefix" }}
-      prefix: {{ .match }}
-      {{- else if eq .kind "regex" }}
-      regex: {{ .match }}
-      {{- else }}
-      {{/* Default to exact if kind is not recognized */}}
-      exact: {{ .match }}
-      {{- end }}
+    - uri:
+        regex: {{ .match }}
 {{- end }}
   route:
-  {{- if and $.application.service $.application.service.ports }}
-  {{- range $.application.service.ports }}
-  - destination:
-      host: {{ $fullName }}
-      port:
-        number: {{ .port }}
-    weight: 100
-  {{- if (eq $.application.deploymentType "rollout")  }}
-  - destination:
-      host: {{ $fullName }}-preview
-      port:
-        number: {{ .port }}
-    weight: 0
-  {{- end }}
-  {{- end }}
-  {{- else }}
-  - destination:
-      host: {{ $fullName }}
-      port:
-        number: {{ default 8080 (dig "ports" "http" nil $.application) }}
-    weight: 100
-  {{- if (eq $.application.deploymentType "rollout")  }}
-  - destination:
-      host: {{ $fullName }}-preview
-      port:
-        number: {{ default 8080 (dig "ports" "http" nil $.application) }}
-    weight: 0
-  {{- end }}
-  {{- end }}
-  {{- if $.application.networking }}
-  {{- if $.application.networking.istio.enabled }}
-  headers:
-    {{- if $.application.networking }}
-    {{- if and $.application.networking.istio.responseHeaders }}
-    {{- with $.application.networking.istio.responseHeaders }}
-    {{ toYaml . | indent 4 | trim }}
+    {{- if and $.application.service $.application.service.ports }}
+    {{- range $.application.service.ports }}
+    - destination:
+        host: {{ $fullName }}
+        port:
+          number: {{ .port }}
+      weight: 100
+    {{- if eq $.application.deploymentType "rollout" }}
+    - destination:
+        host: {{ $fullName }}-preview
+        port:
+          number: {{ .port }}
+      weight: 0
+    {{- end }}
     {{- end }}
     {{- else }}
-    {{ include "helm.istioIngress.responseHeaders" $ | indent 4 | trim }}
+    - destination:
+        host: {{ $fullName }}
+        port:
+          number: {{ default 8080 (dig "ports" "http" nil $.application) }}
+      weight: 100
+    {{- if eq $.application.deploymentType "rollout" }}
+    - destination:
+        host: {{ $fullName }}-preview
+        port:
+          number: {{ default 8080 (dig "ports" "http" nil $.application) }}
+      weight: 0
     {{- end }}
     {{- end }}
   {{- with $.application.networking.istio.corsPolicy }}
   corsPolicy:
     {{ toYaml . | indent 4 | trim }}
   {{- end }}
-  {{- end }}
-  {{- end }}
   {{/* Safely access service properties with default values if not defined */}}
   timeout: {{ default "151s" (dig "service" "timeout" "151s" $.application) }}
   retries:
     retryOn: {{ default "5xx,reset" (dig "service" "retryOn" "5xx,reset" $.application) }}
     attempts: {{ default 3 (dig "service" "attempts" 3 $.application) }}
     perTryTimeout: {{ default "50s" (dig "service" "perTryTimeout" "50s" $.application) }}
 {{- end }}
+
+- name: {{ $fullName }}-forbidden
+  route:
+    - destination:
+        host: {{ $fullName }}
+        port:
+          number: {{ default 8080 (dig "ports" "http" nil $.application) }}      
+  fault:
+    delay:
+      fixedDelay: 29s
+      percentage:
+        value: 100
+    abort:
+      httpStatus: 403
+      percentage:
+        value: 100
+{{- end -}}
 {{- end -}}

charts/mycarrier-helm/templates/_spec_virtualservice.tpl

@@ -45,10 +45,10 @@ http:
       port:
         number: 80
   headers:
-    {{- if and $.application.networking.istio.responseHeaders }}
-    {{- with $.application.networking.istio.responseHeaders }}
-    {{ toYaml . | indent 4 | trim }}
-    {{- end }}
+    {{- if and $.application.networking.istio.responseHeaders -}}
+    {{- with $.application.networking.istio.responseHeaders -}}
+    {{ toYaml . | indent 4 | trim -}}
+    {{- end -}}
     {{- else }}
     {{ include "helm.istioIngress.responseHeaders" $ | indent 4 | trim }}
     {{- end }}
@@ -65,25 +65,19 @@ http:
 {{- end }}
 {{- end }}
 
-{{- if and (not (contains "dev" $.Values.environment.name))  .application.networking .application.networking.istio .application.networking.istio.allowedEndpoints }}
+
+{{- $hasAllowedEndpoints := false -}}
+{{- if and .application.networking .application.networking.istio (hasKey .application.networking.istio "allowedEndpoints") -}}
+  {{/* Check if there are user-defined endpoints or language defaults */}}
+  {{- $langEndpointsYaml := include "helm.lang.endpoint.list" . -}}
+  {{- if or .application.networking.istio.allowedEndpoints $langEndpointsYaml -}}
+    {{- $hasAllowedEndpoints = true -}}
+  {{- end -}}
+{{- end -}}
+
+{{ if $hasAllowedEndpoints -}}
 {{/* Use centralized helper template for endpoint rules generation */}}
 {{ include "helm.virtualservice.allowedEndpoints" . }}
-- name: {{ $fullName }}-forbidden
-  route:
-    - destination:
-        host: {{ $fullName }}
-        port:
-          number: {{ default 8080 (dig "ports" "http" nil .application) }}      
-  fault:
-    delay:
-      fixedDelay: 29s
-      percentage:
-        value: 100
-    abort:
-      httpStatus: 403
-      percentage:
-        value: 100
-
 {{- else }}
 - name: {{ if (eq .application.deploymentType "rollout")  }}canary{{ else }}{{ $fullName }}{{- end }}
   route: