/ *
Copyright The Helm Authors .
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
package resolver
import (
"bytes"
"encoding/json"
"fmt"
"os"
"path/filepath"
"strings"
"time"
"github.com/Masterminds/semver/v3"
"github.com/pkg/errors"
"helm.sh/helm/v3/pkg/chart"
"helm.sh/helm/v3/pkg/chart/loader"
"helm.sh/helm/v3/pkg/helmpath"
"helm.sh/helm/v3/pkg/provenance"
"helm.sh/helm/v3/pkg/registry"
"helm.sh/helm/v3/pkg/repo"
)
// Resolver resolves dependencies from semantic version ranges to a particular version.
type Resolver struct {
chartpath string
cachepath string
registryClient * registry . Client
}
// New creates a new resolver for a given chart, helm home and registry client.
func New ( chartpath , cachepath string , registryClient * registry . Client ) * Resolver {
return & Resolver {
chartpath : chartpath ,
cachepath : cachepath ,
registryClient : registryClient ,
}
}
// Resolve resolves dependencies and returns a lock file with the resolution.
func ( r * Resolver ) Resolve ( reqs [ ] * chart . Dependency , repoNames map [ string ] string ) ( * chart . Lock , map [ string ] string , error ) {
// Now we clone the dependencies, locking as we go.
locked := make ( [ ] * chart . Dependency , len ( reqs ) )
missing := [ ] string { }
loadedIndexFiles := make ( map [ string ] * repo . IndexFile )
urls := make ( map [ string ] string )
for i , d := range reqs {
constraint , err := semver . NewConstraint ( d . Version )
if err != nil {
return nil , nil , errors . Wrapf ( err , "dependency %q has an invalid version/constraint format" , d . Name )
}
if d . Repository == "" {
// Local chart subfolder
if _ , err := GetLocalPath ( filepath . Join ( "charts" , d . Name ) , r . chartpath ) ; err != nil {
return nil , nil , err
}
locked [ i ] = & chart . Dependency {
Name : d . Name ,
Repository : "" ,
Version : d . Version ,
}
continue
}
if strings . HasPrefix ( d . Repository , "file://" ) {
chartpath , err := GetLocalPath ( d . Repository , r . chartpath )
if err != nil {
return nil , nil , err
}
ch , err := loader . LoadDir ( chartpath )
if err != nil {
return nil , nil , err
}
v , err := semver . NewVersion ( ch . Metadata . Version )
if err != nil {
// Not a legit entry.
continue
}
if ! constraint . Check ( v ) {
missing = append ( missing , d . Name )
continue
}
locked [ i ] = & chart . Dependency {
Name : d . Name ,
Repository : d . Repository ,
Version : ch . Metadata . Version ,
}
continue
}
repoName := repoNames [ d . Name ]
// if the repository was not defined, but the dependency defines a repository url, bypass the cache
if repoName == "" && d . Repository != "" {
locked [ i ] = & chart . Dependency {
Name : d . Name ,
Repository : d . Repository ,
Version : d . Version ,
}
continue
}
var vs repo . ChartVersions
var version string
var ok bool
found := true
if ! registry . IsOCI ( d . Repository ) {
filepath := filepath . Join ( r . cachepath , helmpath . CacheIndexFile ( repoName ) )
var repoIndex * repo . IndexFile
// Store previously loaded index files in a map. If repositories share the
// same index file there is no need to reload the same file again. This
// improves performance.
if indexFile , loaded := loadedIndexFiles [ filepath ] ; ! loaded {
var err error
repoIndex , err = repo . LoadIndexFile ( filepath )
loadedIndexFiles [ filepath ] = repoIndex
if err != nil {
return nil , nil , errors . Wrapf ( err , "no cached repository for %s found. (try 'helm repo update')" , repoName )
}
} else {
repoIndex = indexFile
}
vs , ok = repoIndex . Entries [ d . Name ]
if ! ok {
return nil , nil , errors . Errorf ( "%s chart not found in repo %s" , d . Name , d . Repository )
}
found = false
} else {
version = d . Version
// Check to see if an explicit version has been provided
_ , err := semver . NewVersion ( version )
// Use an explicit version, otherwise search for tags
if err == nil {
vs = [ ] * repo . ChartVersion { {
Metadata : & chart . Metadata {
Version : version ,
} ,
} }
} else {
// Retrieve list of tags for repository
ref := fmt . Sprintf ( "%s/%s" , strings . TrimPrefix ( d . Repository , fmt . Sprintf ( "%s://" , registry . OCIScheme ) ) , d . Name )
tags , err := r . registryClient . Tags ( ref )
if err != nil {
return nil , nil , errors . Wrapf ( err , "could not retrieve list of tags for repository %s" , d . Repository )
}
vs = make ( repo . ChartVersions , len ( tags ) )
for ti , t := range tags {
// Mock chart version objects
version := & repo . ChartVersion {
Metadata : & chart . Metadata {
Version : t ,
} ,
}
vs [ ti ] = version
}
}
}
locked [ i ] = & chart . Dependency {
Name : d . Name ,
Repository : d . Repository ,
Version : version ,
}
// The version are already sorted and hence the first one to satisfy the constraint is used
for _ , ver := range vs {
v , err := semver . NewVersion ( ver . Version )
// OCI does not need URLs
if err != nil || ( ! registry . IsOCI ( d . Repository ) && len ( ver . URLs ) == 0 ) {
// Not a legit entry.
continue
}
if constraint . Check ( v ) {
found = true
if len ( ver . URLs ) > 0 {
urls [ d . Repository + ver . Name + ver . Version ] = ver . URLs [ 0 ]
}
locked [ i ] . Version = v . Original ( )
break
}
}
if ! found {
missing = append ( missing , d . Name )
}
}
if len ( missing ) > 0 {
return nil , nil , errors . Errorf ( "can't get a valid version for repositories %s. Try changing the version constraint in Chart.yaml" , strings . Join ( missing , ", " ) )
}
digest , err := HashReq ( reqs , locked )
if err != nil {
return nil , nil , err
}
return & chart . Lock {
Generated : time . Now ( ) ,
Digest : digest ,
Dependencies : locked ,
} , urls , nil
}
// HashReq generates a hash of the dependencies.
//
// This should be used only to compare against another hash generated by this
// function.
func HashReq ( req , lock [ ] * chart . Dependency ) ( string , error ) {
data , err := json . Marshal ( [ 2 ] [ ] * chart . Dependency { req , lock } )
if err != nil {
return "" , err
}
s , err := provenance . Digest ( bytes . NewBuffer ( data ) )
return "sha256:" + s , err
}
// HashV2Req generates a hash of requirements generated in Helm v2.
//
// This should be used only to compare against another hash generated by the
// Helm v2 hash function. It is to handle issue:
// https://github.com/helm/helm/issues/7233
func HashV2Req ( req [ ] * chart . Dependency ) ( string , error ) {
dep := make ( map [ string ] [ ] * chart . Dependency )
dep [ "dependencies" ] = req
data , err := json . Marshal ( dep )
if err != nil {
return "" , err
}
s , err := provenance . Digest ( bytes . NewBuffer ( data ) )
return "sha256:" + s , err
}
// GetLocalPath generates absolute local path when use
// "file://" in repository of dependencies
func GetLocalPath ( repo , chartpath string ) ( string , error ) {
var depPath string
var err error
p := strings . TrimPrefix ( repo , "file://" )
// root path is absolute
if strings . HasPrefix ( p , "/" ) {
if depPath , err = filepath . Abs ( p ) ; err != nil {
return "" , err
}
} else {
depPath = filepath . Join ( chartpath , p )
}
if _ , err = os . Stat ( depPath ) ; os . IsNotExist ( err ) {
return "" , errors . Errorf ( "directory %s not found" , depPath )
} else if err != nil {
return "" , err
}
return depPath , nil
}