Sanitize jdbc url for Confluence and Synchrony (#866)

* Sanitize jdbc url confluence

* Check if jdbc url container excaped ampersand before replacing

---------

Co-authored-by: Yevhen Ivantsov <[email protected]>

docs/docs/containers/CONFLUENCE.md

@@ -233,7 +233,7 @@ The following variables are all must all be supplied if using this feature:
 
 * `ATL_JDBC_URL`
 
-   The database URL; this is database-specific.
+   The database URL; this is database-specific. It is allowed to use `&` in the URL which will be automatically converted to `&`.
 
 * `ATL_JDBC_USER`
 

src/main/charts/confluence/templates/_helpers.tpl

@@ -619,7 +619,7 @@ volumeClaimTemplates:
 {{ end }}
 {{ with .Values.database.url }}
 - name: ATL_JDBC_URL
-  value: {{ . | quote }}
+  value: {{ if contains "&" . }}{{ . | quote }}{{ else }}{{ . | replace "&" "&" | quote }}{{ end }}
 {{ end }}
 {{ with .Values.database.credentials.secretName }}
 - name: ATL_JDBC_USER
@@ -638,7 +638,7 @@ volumeClaimTemplates:
 {{- define "synchrony.databaseEnvVars" -}}
 {{ with .Values.database.url }}
 - name: SYNCHRONY_DATABASE_URL
-  value: {{ . | quote }}
+  value: {{ . | replace "&" "&" | quote }}
 {{ end }}
 {{ with .Values.database.credentials.secretName }}
 - name: SYNCHRONY_DATABASE_USERNAME

src/test/java/test/DatabaseTest.java

@@ -99,4 +99,38 @@ void bamboo_database(Product product) throws Exception {
                 .assertHasSecretRef("ATL_JDBC_USER", "mysecret", "myusername")
                 .assertHasSecretRef("ATL_JDBC_PASSWORD", "mysecret", "mypassword");
     }
+
+    @ParameterizedTest
+    @EnumSource(value = Product.class, names = "confluence")
+    void confluence_database_ampersand(Product product) throws Exception {
+        final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of(
+                "database.url", "jdbc://mydatabase?ssl=true&param1=1"));
+        resources.getStatefulSet(product.getHelmReleaseName())
+                .getContainer()
+                .getEnv()
+                .assertHasValue("ATL_JDBC_URL", "jdbc://mydatabase?ssl=true&param1=1");
+    }
+
+    @ParameterizedTest
+    @EnumSource(value = Product.class, names = "confluence")
+    void confluence_database_ampersand_escaped(Product product) throws Exception {
+        final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of(
+                "database.url", "jdbc://mydatabase?ssl=true&param1=1"));
+        resources.getStatefulSet(product.getHelmReleaseName())
+                .getContainer()
+                .getEnv()
+                .assertHasValue("ATL_JDBC_URL", "jdbc://mydatabase?ssl=true&param1=1");
+    }
+
+    @ParameterizedTest
+    @EnumSource(value = Product.class, names = "confluence")
+    void synchrony_database_ampersand(Product product) throws Exception {
+        final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of(
+                "database.url", "jdbc://mydatabase?ssl=true&param1=1",
+                "synchrony.enabled", "true"));
+        resources.getStatefulSet(product.getHelmReleaseName() + "-synchrony")
+                .getContainer()
+                .getEnv()
+                .assertHasValue("SYNCHRONY_DATABASE_URL", "jdbc://mydatabase?ssl=true&param1=1");
+    }
 }