Support configurable Helm storage driver (Secret / ConfigMap / Memory / SQL)

[funkypenguin]

Overview

Adds a --helm-storage-driver flag and HELM_DRIVER environment-variable fallback that select the Helm release storage backend, mirroring the Helm CLI's HELM_DRIVER. Supported values: secret/secrets, configmap/configmaps, memory, sql — matched case-insensitively. Unset preserves current behaviour (Secret), so the change is fully backwards compatible.

The SQL driver reads its connection string from HELM_DRIVER_SQL_CONNECTION_STRING (matching Helm CLI).

This PR is a fresh take on the long-stalled #760 (open since 2023). I rebased it against current main, ported it to the post-Helm-v4 / ConfigFactory era, and addressed several issues uncovered during a careful review:

• Pool lifecycle: a single helmdriver.NewSQL per reconcile would leak a connection pool indefinitely (Helm v4 has no Close on storage.Driver). The new action.SQLDriverPool caches drivers per storage namespace, bounding live pools to the set of namespaces actually in use rather than once per reconcile.
• Startup probe: when --helm-storage-driver=sql, the controller probes the database with a transient database/sql.Open + PingContext + Close before starting the manager, surfacing invalid DSNs or unreachable backends at boot rather than failing every HelmRelease reconcile. The probe connection is cleanly closed and does not contribute to the long-lived pool.
• DSN sanitisation: helmdriver.NewSQL / sqlx.Connect errors can echo the DSN. They're caught at the WithStorage call site and replaced with a generic message so DSN material cannot leak into HelmRelease status conditions.
• Helm CLI parity: secret/secrets and configmap/configmaps are accepted interchangeably, matching pkg/action.(*Configuration).Init.
• DI pattern: SQL test fakes go through a per-pool SetFactory rather than a package-level mutable global, matching the existing ConfigFactoryOption idiom in this package.

Use cases

• Helm release information size exceeds the 1 MiB Secret limit (large values, large CRD-heavy charts).
• Cluster-wide pressure from cumulative Secret count.
• Compliance requirements to store release data outside the cluster.

Backwards compatibility

• No flag/env changes: continues to use the Secret driver. HELM_DRIVER is now consulted as a fallback (it was previously ignored).
• The --helm-storage-driver flag value is normalised once at startup; an invalid value fails the controller process, not every reconcile.

Tests

Adds coverage for:

• Driver name normalisation (case-insensitive, alias handling).
• SQL driver pool: per-namespace caching, factory error propagation.
• Sanitised SQL connection errors (assertion that the DSN is not surfaced).
• The "no SQL pool configured" error path.
• IsSupportedStorageDriver / NormalizeStorageDriverName.

go test ./internal/action -run 'TestWithStorage|TestSQLDriverPool|TestIsSupportedStorageDriver|TestConfigFactory|TestNewConfigFactory|TestWithDriver|TestWithSQLDriverPool|TestStorageLog' passes (all 30+ subtests, no envtest required).

References

• Closes SQL storage backend support #272 (long-standing request for non-Secret backends).
• Supersedes Support other Helm storage backends besides Secrets #760 (same feature, ported to current code, with the lifecycle/UX/security gaps that came up in that PR's discussion addressed).

CC @fiscafusca (original #760 author) — thank you for the groundwork; the configuration UX in this PR follows yours.

🤖 The implementation was assisted by Claude Code; the resulting code, tests, and design decisions are my own and have been reviewed by an independent Codex pass before submission.

[matheuscscp]

Nice work! But I think we need a bit of discussion for this feature, e.g. here you are supporting it only at the controller level. I can see value in creating spec fields instead. Would you be able to join the open flux dev meetings to discuss this? https://fluxcd.io/community/