Now checks if entries array has items (#74)

* Now checks if entries array has items

* Fix helm lint

* Upgrade CI Helm version and revert unnecessary template changes

The helm lint failures in CI were caused by using outdated Helm 3.3.4 (from 2020).
The template syntax `ne .Values.server.enabled false` works correctly with modern Helm versions.

Changes:
- Upgraded CI Helm version from 3.3.4 to 3.19.0 (latest stable)
- Reverted commit b82a8f2 template changes (not needed with modern Helm)

Testing confirmed:
- All helm lint tests pass with Helm 3.14+ and 3.19.0
- Customer issue (empty dataConfigSources entries) remains fixed
- Original template syntax is compatible with modern Helm

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Upgrade k3d-action and k3s version to fix CI cluster startup

The k3d cluster startup was failing due to using outdated versions:
- k3d-action v1.4.0 (from 2021) → v2.4.0 (latest, Jan 2024)
- k3s v1.18.18 (from 2021) → v1.28.8 (modern, stable)
- k3d config API v1alpha2 → v1alpha4 (current)

Changes:
- Upgraded k3d-action from v1.4.0 to v2.4.0
- Updated k3d config API version from v1alpha2 to v1alpha4
- Upgraded k3s image from v1.18.18-k3s1 to v1.28.8-k3s1

This should resolve the "server is currently unable to handle the request"
errors seen during cluster startup in CI.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Fix k3d config schema for v1alpha4 compatibility

The k3d v1alpha4 schema requires different structure:
- name field must be under metadata
- extraServerArgs changed to extraArgs with arg/nodeFilters structure
- Each disable flag must be a separate arg entry

Changes:
- Moved name under metadata wrapper
- Changed extraServerArgs to extraArgs
- Split --disable flags into separate arg entries with nodeFilters
- Each arg targets server:* nodes

This fixes the schema validation errors:
- "Additional property name is not allowed"
- "Additional property extraServerArgs is not allowed"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Fix e2e test service names to match Helm naming convention

The e2e tests were using incorrect service names that didn't match
the actual services created by Helm.

Issue: When release name != chart name, Helm generates service names as:
  {release-name}-{chart-name}-{component}

In this case:
- Release: myopal
- Chart: opal
- Generated names: myopal-opal-server, myopal-opal-client

But tests were looking for: myopal-server, myopal-client

Changes:
- deploy.sh: myopal-server → myopal-opal-server
- test.sh: myopal-client → myopal-opal-client
- test.sh: myopal-server → myopal-opal-server

This fixes the "service not found" error in CI e2e tests.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Fix e2e test to use external curl pod instead of exec into client

The OPAL client container doesn't have curl installed, causing the test
to fail when trying to exec curl commands inside the container.

Error: exec: "curl": executable file not found in $PATH

Solution:
- Use kubectl run with curlimages/curl image to query OPA from outside
- Changed DATA_URL from localhost:8181 to service name myopal-opal-client:8181
- This matches the pattern used in templates/tests/e2e.yaml

Changes:
- Replaced kubectl exec with kubectl run --rm for curl commands
- Updated URL to use service name instead of localhost

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Fix bash test syntax by quoting command substitutions

* Improve e2e test debugging with echo statements

* Fix e2e test to match actual OPA response format

* Fix e2e test empty data check to match OPA behavior

* Filter out kubectl pod deletion messages from curl output

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: EliMoshkovich

.github/workflows/master.yaml

@@ -16,13 +16,13 @@ jobs:
       - uses: actions/checkout@v2
       - uses: azure/setup-helm@v1
         with:
-          version: "3.3.4"
+          version: "3.19.0"
       - name: helm lint
         run: |
           jq --version
           ./test/linter/test.sh
       - name: start k8s with k3d
-        uses: AbsaOSS/k3d-action@v1.4.0
+        uses: AbsaOSS/k3d-action@v2.4.0
         with:
           cluster-name: "opal"
           use-default-registry: false

templates/deployment-client.yaml

@@ -66,7 +66,7 @@ spec:
             - name: OPAL_SERVER_URL
               value: {{ printf "http://%s:%v" (include "opal.serverName" .) .Values.server.port | quote }}
             {{- end}}
-            {{- if not (or (.Values.server.dataConfigSources.external_source_url) (.Values.server.dataConfigSources.config) (hasKey .Values.client.extraEnv "OPAL_DATA_UPDATER_ENABLED") ) }}
+            {{- if not (or (.Values.server.dataConfigSources.external_source_url) (and .Values.server.dataConfigSources.config .Values.server.dataConfigSources.config.entries) (hasKey .Values.client.extraEnv "OPAL_DATA_UPDATER_ENABLED") ) }}
             - name: OPAL_DATA_UPDATER_ENABLED
               value: "False"
             {{- end }}

templates/deployment-server.yaml

@@ -124,7 +124,7 @@ spec:
             {{- end }}
             - name: UVICORN_NUM_WORKERS
               value: {{ .Values.server.uvicornWorkers | quote }}
-            {{- if or .Values.server.dataConfigSources.config .Values.server.dataConfigSources.external_source_url }}
+            {{- if or .Values.server.dataConfigSources.external_source_url (and .Values.server.dataConfigSources.config .Values.server.dataConfigSources.config.entries) }}
             - name: OPAL_DATA_CONFIG_SOURCES
               value: {{ .Values.server.dataConfigSources | toRawJson | squote }}
             {{- end}}

test/e2e/deploy.sh

@@ -13,4 +13,4 @@ else
     --set server.policyRepoUrl='//opt/e2e/policy-repo.git'
 fi
 
-kubectl logs -n opal service/myopal-server git-init
+kubectl logs -n opal service/myopal-opal-server git-init

test/e2e/k3d.yaml

@@ -1,11 +1,20 @@
-apiVersion: k3d.io/v1alpha2
+apiVersion: k3d.io/v1alpha4
 kind: Simple
-name: k3d
-image: rancher/k3s:v1.18.18-k3s1
+metadata:
+  name: k3d
+image: rancher/k3s:v1.28.8-k3s1
 options:
   k3d:
     wait: true
     disableLoadbalancer: true
   k3s:
-    extraServerArgs:
-    - "--disable=metrics-server,servicelb,traefik"
+    extraArgs:
+      - arg: --disable=metrics-server
+        nodeFilters:
+          - server:*
+      - arg: --disable=servicelb
+        nodeFilters:
+          - server:*
+      - arg: --disable=traefik
+        nodeFilters:
+          - server:*

test/e2e/test.sh

@@ -5,15 +5,28 @@ set -e
 
 helm test -n opal --logs myopal
 
-DATA_URL='http://localhost:8181/v1/data'
+DATA_URL="http://myopal-opal-client:8181/v1/data"
 
-[ $(kubectl exec -n opal service/myopal-client -- curl -s ${DATA_URL}/users) != "{}" ]
+# Check that users data is present initially
+RESULT=$(kubectl run -n opal curl-test --image=curlimages/curl:latest --rm -i --restart=Never -- curl -s ${DATA_URL}/users 2>&1 | grep -v "pod.*deleted")
+echo "Initial users: $RESULT"
+echo "$RESULT" | grep -q '"result"'
+
+# Run the update script
 if [ -z $MSYSTEM ]; then
-  kubectl exec -n opal service/myopal-server -- /opt/e2e/policy-repo-data/upd.sh
+  kubectl exec -n opal service/myopal-opal-server -- /opt/e2e/policy-repo-data/upd.sh
 else
-  kubectl exec -n opal service/myopal-server -- //opt/e2e/policy-repo-data/upd.sh
+  kubectl exec -n opal service/myopal-opal-server -- //opt/e2e/policy-repo-data/upd.sh
 fi
 
 sleep 7
-[ $(kubectl exec -n opal service/myopal-client -- curl -s ${DATA_URL}/users) == "{}" ]
-[ $(kubectl exec -n opal service/myopal-client -- curl -s ${DATA_URL}/losers) != "{}" ]
+
+# Check that users data is empty after update (OPA returns {} when data is empty)
+RESULT=$(kubectl run -n opal curl-test --image=curlimages/curl:latest --rm -i --restart=Never -- curl -s ${DATA_URL}/users 2>&1 | grep -v "pod.*deleted")
+echo "After update users: $RESULT"
+[ "$RESULT" == '{}' ]
+
+# Check that losers data is present
+RESULT=$(kubectl run -n opal curl-test --image=curlimages/curl:latest --rm -i --restart=Never -- curl -s ${DATA_URL}/losers 2>&1 | grep -v "pod.*deleted")
+echo "Losers data: $RESULT"
+echo "$RESULT" | grep -q '"result"'