[bitnami/common] feat: adapt common.errors.insecureImages for BSI (#35751)

bitnami/common/CHANGELOG.md

@@ -1,8 +1,12 @@
 # Changelog
 
-## 2.31.3 (2025-06-12)
+## 2.31.4 (2025-08-12)
 
-* [bitnami/common] bugfix: common.capabilities.vpa.apiVersion context ([#34372](https://github.com/bitnami/charts/pull/34372))
+* [bitnami/common] feat: adapt common.errors.insecureImages for BSI ([#35751](https://github.com/bitnami/charts/pull/35751))
+
+## <small>2.31.3 (2025-06-12)</small>
+
+* [bitnami/common] bugfix: common.capabilities.vpa.apiVersion context (#34372) ([440d610](https://github.com/bitnami/charts/commit/440d6101d0be6e4a37b5f04c6c1ced414d632bfb)), closes [#34372](https://github.com/bitnami/charts/issues/34372)
 
 ## <small>2.31.2 (2025-05-20)</small>
 

bitnami/common/Chart.yaml

@@ -6,7 +6,7 @@ annotations:
   licenses: Apache-2.0
 apiVersion: v2
 # Please make sure that version and appVersion are always the same.
-appVersion: 2.31.3
+appVersion: 2.31.4
 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself.
 home: https://bitnami.com
 icon: https://dyltqmyl993wv.cloudfront.net/downloads/logos/bitnami-mark.png
@@ -23,4 +23,4 @@ name: common
 sources:
   - https://github.com/bitnami/charts/tree/main/bitnami/common
 type: library
-version: 2.31.3
+version: 2.31.4

bitnami/common/templates/_errors.tpl

@@ -38,6 +38,7 @@ Usage:
 {{- define "common.errors.insecureImages" -}}
 {{- $relocatedImages := list -}}
 {{- $replacedImages := list -}}
+{{- $bitnamiLegacyImages := list -}}
 {{- $retaggedImages := list -}}
 {{- $globalRegistry := ((.context.Values.global).imageRegistry) -}}
 {{- $originalImages := .context.Chart.Annotations.images -}}
@@ -49,7 +50,10 @@ Usage:
     {{- if not (contains $registryName $originalImages) -}}
       {{- $relocatedImages = append $relocatedImages $fullImageName  -}}
     {{- else if not (contains .repository $originalImages) -}}
-      {{- $replacedImages = append $replacedImages $fullImageName  -}}
+      {{- $replacedImages = append $replacedImages $fullImageName -}}
+      {{- if contains "docker.io/bitnamilegacy/" $fullImageNameNoTag -}}
+        {{- $bitnamiLegacyImages = append $bitnamiLegacyImages $fullImageName -}}
+      {{- end -}}
     {{- end -}}
   {{- end -}}
   {{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}}
@@ -58,14 +62,17 @@ Usage:
 {{- end -}}
 
 {{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}}
-  {{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}}
+  {{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Bitnami Secure Images containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}}
 {{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}}
   {{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}}
   {{- $errorString = print $errorString "\n\nUnrecognized images:" -}}
   {{- range (concat $relocatedImages $replacedImages) -}}
     {{- $errorString = print $errorString "\n  - " . -}}
   {{- end -}}
-  {{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}}
+  {{- if and (eq (len $relocatedImages) 0) (eq (len $replacedImages) (len $bitnamiLegacyImages)) -}}
+    {{- $errorString = print "\n\n⚠ WARNING: " $errorString -}}
+    {{- print $errorString -}}
+  {{- else if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) (contains "docker.io/bitnamisecure/" $originalImages) -}}
     {{- $errorString = print "\n\n⚠ ERROR: " $errorString -}}
     {{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}}
     {{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}}
@@ -75,7 +82,7 @@ Usage:
     {{- print $errorString -}}
   {{- end -}}
 {{- else if gt (len $retaggedImages) 0 -}}
-  {{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}}
+  {{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Bitnami and Bitnami Secure Images containers. Substituting original image tags could cause unexpected behavior." -}}
   {{- $warnString = print $warnString "\n\nRetagged images:" -}}
   {{- range $retaggedImages -}}
     {{- $warnString = print $warnString "\n  - " . -}}