msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

What this PR does / why we need it:

Browse Source 
Fix for (#10597)

Added 2-way TLS Support for oci pull for artifact repository which causes TLS handshake failure error.
Special notes for your reviewer:

Added flag for two-way authentication (--tls-enabled) .
 example:- helm pull oci://nginx.testharbor.com/testrepo/sslcharttest --version 0.1.0  --ca-file /etc/docker/certs.d/nginx.testharbor.com/ca.crt --cert-file /etc/docker/certs.d/nginx.testharbor.com/root_client.crt --key-file /etc/docker/certs.d/nginx.testharbor.com/root_client.key --mtls-enabled

Signed-off-by: Subin Thomas <subinthomas1234@gmail.com>
pull/11175/head
subinthomas1234 3 years ago
parent 04e772d801
commit 01824d01ee
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

6
cmd/helm/pull_mtls_test.go
Unescape View File

@ -62,18 +62,18 @@ func TestMutualtlsPull(t *testing.T) {
}{
{
name: "Fetch OCI Chart",
args: fmt.Sprintf("oci://%s/u/ocitestuser/oci-dependent-chart --version 0.1.0 --ca-file ../../testdata/rootca.crt --cert-file ../../testdata/rootca.crt --key-file ../../testdata/rootca.key --tls-enabled", ociSrv.RegistryURL),
args: fmt.Sprintf("oci://%s/u/ocitestuser/oci-dependent-chart --version 0.1.0 --ca-file ../../testdata/rootca.crt --cert-file ../../testdata/rootca.crt --key-file ../../testdata/rootca.key --mtls-enabled", ociSrv.RegistryURL),
expectFile: "./oci-dependent-chart-0.1.0.tgz",
},
{
name: "Fail fetching non-existent OCI chart with mutual tls enabled",
args: fmt.Sprintf("oci://%s/u/ocitestuser/nosuchthing --version 0.1.0 --tls-enabled", ociSrv.RegistryURL),
args: fmt.Sprintf("oci://%s/u/ocitestuser/nosuchthing --version 0.1.0 --mtls-enabled", ociSrv.RegistryURL),
failExpect: "Failed to fetch",
wantError: true,
},
{
name: "Fail fetching OCI chart without version specified with mutual tls enabled",
args: fmt.Sprintf("oci://%s/u/ocitestuser/nosuchthing --tls-enabled", ociSrv.RegistryURL),
args: fmt.Sprintf("oci://%s/u/ocitestuser/nosuchthing --mtls-enabled", ociSrv.RegistryURL),
wantErrorMsg: "Error: --version flag is explicitly required for OCI registries",
wantError: true,
},

Write Preview
Loading…
Cancel
Save