eks-blueprint: Support for using digest in Helm provider

[antmakedev]

Describe the bug

We are wanting to use helm digest's instead of just using a tag when using helm charts along with the EKS blueprints to raise the security bar. The CDK docs don't seem to mention using the digest at all and in the blueprints we seem to have limited the version (along with the name that has to be limited) to only 63 characters which doesn't support the length of the sha256 hash. The helm issue mentioned only seems to reference the name value being 63 characters due to DNS reasons not the version.

Expected Behavior

Expect to be able to reference the helm chart by its sha256 digest

image:
  registry: quay.io
  repository: myco/foo
  version: sha256:d478cd82cb6a604e3a27383daf93637326d402570b2f3bec835d1f84c9ed0acc

Current Behavior

Currently you are only able to specify it by value:

image:
  registry: quay.io
  repository: myco/foo
  version: 1.0.0

Reproduction Steps

https://github.com/shapirov103/eks-blueprints-extension/blob/main/lib/index.ts

Possible Solution

Increase the limit of the constraints on the value within HelmAddonPropsConstraints

cdk-eks-blueprints/lib/addons/helm-addon/index.ts

Line 46 in be9ec2d

version = new utils.StringConstraint(1, 63);

Additional Information/Context

No response

CDK CLI Version

NA

EKS Blueprints Version

No response

Node.js Version

NA

Environment details (OS name and version, etc.)

NA

Other information

No response

[shapirov103]

Can you confirm that deployment of this helm chart without CDK EKS Blueprints succeeds?
Also from the example it looks that that sha digest is the version, which seems to indicate that 256 chars is enough.
Since I was not able to find a constraint on the version I am planning to make it 1024, which seems to be reasonable to accommodate known use cases. I will also look into an approach to turn the validation off as the constraints while handy, may not be up to date with changes across various APIs.