diff --git a/cmd/helm/push.go b/cmd/helm/push.go index dffe8f4ea..4b25b3c1a 100644 --- a/cmd/helm/push.go +++ b/cmd/helm/push.go @@ -35,10 +35,16 @@ it will also be uploaded. ` type registryPushOptions struct { +<<<<<<< HEAD certFile string keyFile string caFile string insecureSkipTLSverify bool +======= + certFile string + keyFile string + caFile string +>>>>>>> e676fd1c (Enable custom certificates option for OCI) } func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { @@ -71,7 +77,10 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { remote := args[1] client := action.NewPushWithOpts(action.WithPushConfig(cfg), action.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile), +<<<<<<< HEAD action.WithInsecureSkipTLSVerify(o.insecureSkipTLSverify), +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) action.WithPushOptWriter(out)) client.Settings = settings output, err := client.Run(chartRef, remote) @@ -87,7 +96,10 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file") f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") +<<<<<<< HEAD f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload") +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) return cmd } diff --git a/cmd/helm/registry_login.go b/cmd/helm/registry_login.go index 0a268c4bf..0d03318c5 100644 --- a/cmd/helm/registry_login.go +++ b/cmd/helm/registry_login.go @@ -43,7 +43,10 @@ type registryLoginOptions struct { certFile string keyFile string caFile string +<<<<<<< HEAD insecure bool +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) } func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { @@ -66,8 +69,12 @@ func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Comman return action.NewRegistryLogin(cfg).Run(out, hostname, username, password, action.WithCertFile(o.certFile), action.WithKeyFile(o.keyFile), +<<<<<<< HEAD action.WithCAFile(o.caFile), action.WithInsecure(o.insecure)) +======= + action.WithCAFile(o.caFile)) +>>>>>>> e676fd1c (Enable custom certificates option for OCI) }, } @@ -75,7 +82,10 @@ func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Comman f.StringVarP(&o.username, "username", "u", "", "registry username") f.StringVarP(&o.password, "password", "p", "", "registry password or identity token") f.BoolVarP(&o.passwordFromStdinOpt, "password-stdin", "", false, "read password or identity token from stdin") +<<<<<<< HEAD f.BoolVarP(&o.insecure, "insecure", "", false, "allow connections to TLS registry without certs") +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) f.StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file") f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") diff --git a/pkg/action/registry_login.go b/pkg/action/registry_login.go index a55f2de58..b39a95a23 100644 --- a/pkg/action/registry_login.go +++ b/pkg/action/registry_login.go @@ -28,7 +28,10 @@ type RegistryLogin struct { certFile string keyFile string caFile string +<<<<<<< HEAD insecure bool +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) } type RegistryLoginOpt func(*RegistryLogin) error @@ -83,6 +86,9 @@ func (a *RegistryLogin) Run(out io.Writer, hostname string, username string, pas return a.cfg.RegistryClient.Login( hostname, registry.LoginOptBasicAuth(username, password), +<<<<<<< HEAD registry.LoginOptInsecure(a.insecure), +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) registry.LoginOptTLSClientConfig(a.certFile, a.keyFile, a.caFile)) } diff --git a/pkg/getter/ocigetter.go b/pkg/getter/ocigetter.go index 1705fca91..169e90395 100644 --- a/pkg/getter/ocigetter.go +++ b/pkg/getter/ocigetter.go @@ -122,8 +122,13 @@ func (g *OCIGetter) newRegistryClient() (*registry.Client, error) { } }) +<<<<<<< HEAD if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" || g.opts.insecureSkipVerifyTLS { tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile, g.opts.insecureSkipVerifyTLS) +======= + if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" { + tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile) +>>>>>>> e676fd1c (Enable custom certificates option for OCI) if err != nil { return nil, fmt.Errorf("can't create TLS config for client: %w", err) } diff --git a/pkg/getter/ocigetter_test.go b/pkg/getter/ocigetter_test.go index fa2fa67a5..3bfac3c4a 100644 --- a/pkg/getter/ocigetter_test.go +++ b/pkg/getter/ocigetter_test.go @@ -39,7 +39,10 @@ func TestOCIGetter(t *testing.T) { ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem") timeout := time.Second * 5 transport := &http.Transport{} +<<<<<<< HEAD insecureSkipTLSverify := false +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) // Test with options g, err = NewOCIGetter( @@ -47,7 +50,10 @@ func TestOCIGetter(t *testing.T) { WithTLSClientConfig(pub, priv, ca), WithTimeout(timeout), WithTransport(transport), +<<<<<<< HEAD WithInsecureSkipVerifyTLS(insecureSkipTLSverify), +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) ) if err != nil { t.Fatal(err) diff --git a/pkg/pusher/ocipusher.go b/pkg/pusher/ocipusher.go index 614141698..55b153d55 100644 --- a/pkg/pusher/ocipusher.go +++ b/pkg/pusher/ocipusher.go @@ -106,8 +106,13 @@ func NewOCIPusher(ops ...Option) (Pusher, error) { } func (pusher *OCIPusher) newRegistryClient() (*registry.Client, error) { +<<<<<<< HEAD if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" || pusher.opts.insecureSkipTLSverify { tlsConf, err := tlsutil.NewClientTLS(pusher.opts.certFile, pusher.opts.keyFile, pusher.opts.caFile, pusher.opts.insecureSkipTLSverify) +======= + if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" { + tlsConf, err := tlsutil.NewClientTLS(pusher.opts.certFile, pusher.opts.keyFile, pusher.opts.caFile) +>>>>>>> e676fd1c (Enable custom certificates option for OCI) if err != nil { return nil, errors.Wrap(err, "can't create TLS config for client") } diff --git a/pkg/pusher/ocipusher_test.go b/pkg/pusher/ocipusher_test.go index 9390710a0..efdae90c6 100644 --- a/pkg/pusher/ocipusher_test.go +++ b/pkg/pusher/ocipusher_test.go @@ -35,12 +35,18 @@ func TestNewOCIPusher(t *testing.T) { cd := "../../testdata" join := filepath.Join ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem") +<<<<<<< HEAD insecureSkipTLSverify := false +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) // Test with options p, err = NewOCIPusher( WithTLSClientConfig(pub, priv, ca), +<<<<<<< HEAD WithInsecureSkipTLSVerify(insecureSkipTLSverify), +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) ) if err != nil { t.Fatal(err) diff --git a/pkg/pusher/pusher.go b/pkg/pusher/pusher.go index e325ce498..f6dc73ce6 100644 --- a/pkg/pusher/pusher.go +++ b/pkg/pusher/pusher.go @@ -27,11 +27,18 @@ import ( // // Pushers may or may not ignore these parameters as they are passed in. type options struct { +<<<<<<< HEAD registryClient *registry.Client certFile string keyFile string caFile string insecureSkipTLSverify bool +======= + registryClient *registry.Client + certFile string + keyFile string + caFile string +>>>>>>> e676fd1c (Enable custom certificates option for OCI) } // Option allows specifying various settings configurable by the user for overriding the defaults @@ -54,6 +61,7 @@ func WithTLSClientConfig(certFile, keyFile, caFile string) Option { } } +<<<<<<< HEAD // WithInsecureSkipTLSVerify determines if a TLS Certificate will be checked func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option { return func(opts *options) { @@ -61,6 +69,8 @@ func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option { } } +======= +>>>>>>> e676fd1c (Enable custom certificates option for OCI) // Pusher is an interface to support upload to the specified URL. type Pusher interface { // Push file content by url string diff --git a/pkg/registry/client_test.go b/pkg/registry/client_test.go index f10152f94..13d1648be 100644 --- a/pkg/registry/client_test.go +++ b/pkg/registry/client_test.go @@ -17,6 +17,7 @@ limitations under the License. package registry import ( +<<<<<<< HEAD <<<<<<< HEAD "bytes" "context" @@ -29,10 +30,14 @@ import ( >>>>>>> dd5e82b5 (refactor to new test suite) "os" "path/filepath" +======= + "fmt" + "os" +>>>>>>> e676fd1c (Enable custom certificates option for OCI) "testing" - "time" "github.com/containerd/containerd/errdefs" +<<<<<<< HEAD "github.com/distribution/distribution/v3/configuration" "github.com/distribution/distribution/v3/registry" "github.com/phayes/freeport" @@ -182,6 +187,18 @@ func (suite *RegistryClientTestSuite) SetupSuite() { suite.Nil(err, "no error creating test registry") suite.CompromisedRegistryHost = initCompromisedRegistryTestServer() +======= + "github.com/stretchr/testify/suite" +) + +type RegistryClientTestSuite struct { + TestSuite +} + +func (suite *RegistryClientTestSuite) SetupSuite() { + // init test client + dockerRegistry := setup(&suite.TestSuite, false) +>>>>>>> e676fd1c (Enable custom certificates option for OCI) // plain http registry plainHTTPConfig := &configuration.Configuration{} diff --git a/pkg/registry/client_tls_test.go b/pkg/registry/client_tls_test.go index c4bb31c25..9bf2a5775 100644 --- a/pkg/registry/client_tls_test.go +++ b/pkg/registry/client_tls_test.go @@ -29,7 +29,11 @@ type TLSRegistryClientTestSuite struct { func (suite *TLSRegistryClientTestSuite) SetupSuite() { // init test client +<<<<<<< HEAD dockerRegistry := setup(&suite.TestSuite, true, false) +======= + dockerRegistry := setup(&suite.TestSuite, true) +>>>>>>> e676fd1c (Enable custom certificates option for OCI) // Start Docker registry go dockerRegistry.ListenAndServe() diff --git a/pkg/registry/utils_test.go b/pkg/registry/utils_test.go index bf45a5b4a..1ed077721 100644 --- a/pkg/registry/utils_test.go +++ b/pkg/registry/utils_test.go @@ -59,25 +59,14 @@ var ( type TestSuite struct { suite.Suite - Out io.Writer - DockerRegistryHost string - + Out io.Writer + DockerRegistryHost string CompromisedRegistryHost string WorkspaceDir string RegistryClient *Client - - Context context.Context - Cancel func() } -// setup creates a oci registry for use in testing and sets the internal -// RegistryClient in the provided *TestSutie object with a client for communicating -// to the registry for testing: -// -// tlsEnabled - true for an https registry, false for http -// insecure - true for forcing the client to trust the certs when communicating to the registry -// false otherwise -func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry { +func setup(suite *TestSuite, tlsEnabled bool) *registry.Registry { suite.WorkspaceDir = testWorkspaceDir os.RemoveAll(suite.WorkspaceDir) os.Mkdir(suite.WorkspaceDir, 0700) @@ -135,7 +124,6 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry // That function does not handle matching of ip addresses in octal, // decimal or hex form. suite.DockerRegistryHost = fmt.Sprintf("0x7f000001:%d", port) - } else { suite.DockerRegistryHost = fmt.Sprintf("localhost:%d", port) } @@ -159,8 +147,7 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry config.HTTP.TLS.Key = tlsServerKey config.HTTP.TLS.ClientCAs = []string{tlsCA} } - suite.Context, suite.Cancel = context.WithCancel(context.Background()) - dockerRegistry, err := registry.NewRegistry(suite.Context, config) + dockerRegistry, err := registry.NewRegistry(context.Background(), config) suite.Nil(err, "no error creating test registry") suite.CompromisedRegistryHost = initCompromisedRegistryTestServer()