From 154f37efec5b66cf26b88e018805deb7df2f2029 Mon Sep 17 00:00:00 2001
From: Andrew Block <andy.block@gmail.com>
Date: Fri, 9 Dec 2022 08:28:52 -0600
Subject: [PATCH] Added insecure option to login subcommand

Signed-off-by: Andrew Block <andy.block@gmail.com>
---
 cmd/helm/registry_login.go   |  5 ++++-
 pkg/action/registry_login.go | 10 ++++++++++
 pkg/getter/ocigetter_test.go |  2 ++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/cmd/helm/registry_login.go b/cmd/helm/registry_login.go
index 98d31bddc..0a268c4bf 100644
--- a/cmd/helm/registry_login.go
+++ b/cmd/helm/registry_login.go
@@ -43,6 +43,7 @@ type registryLoginOptions struct {
 	certFile             string
 	keyFile              string
 	caFile               string
+	insecure             bool
 }
 
 func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
@@ -65,7 +66,8 @@ func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Comman
 			return action.NewRegistryLogin(cfg).Run(out, hostname, username, password,
 				action.WithCertFile(o.certFile),
 				action.WithKeyFile(o.keyFile),
-				action.WithCAFile(o.caFile))
+				action.WithCAFile(o.caFile),
+				action.WithInsecure(o.insecure))
 		},
 	}
 
@@ -73,6 +75,7 @@ func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Comman
 	f.StringVarP(&o.username, "username", "u", "", "registry username")
 	f.StringVarP(&o.password, "password", "p", "", "registry password or identity token")
 	f.BoolVarP(&o.passwordFromStdinOpt, "password-stdin", "", false, "read password or identity token from stdin")
+	f.BoolVarP(&o.insecure, "insecure", "", false, "allow connections to TLS registry without certs")
 	f.StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file")
 	f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file")
 	f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle")
diff --git a/pkg/action/registry_login.go b/pkg/action/registry_login.go
index 3c9bd0bc5..a55f2de58 100644
--- a/pkg/action/registry_login.go
+++ b/pkg/action/registry_login.go
@@ -28,6 +28,7 @@ type RegistryLogin struct {
 	certFile string
 	keyFile  string
 	caFile   string
+	insecure bool
 }
 
 type RegistryLoginOpt func(*RegistryLogin) error
@@ -40,6 +41,14 @@ func WithCertFile(certFile string) RegistryLoginOpt {
 	}
 }
 
+// WithKeyFile specifies whether to very certificates when communicating.
+func WithInsecure(insecure bool) RegistryLoginOpt {
+	return func(r *RegistryLogin) error {
+		r.insecure = insecure
+		return nil
+	}
+}
+
 // WithKeyFile specifies the path to the key file to use for TLS.
 func WithKeyFile(keyFile string) RegistryLoginOpt {
 	return func(r *RegistryLogin) error {
@@ -74,5 +83,6 @@ func (a *RegistryLogin) Run(out io.Writer, hostname string, username string, pas
 	return a.cfg.RegistryClient.Login(
 		hostname,
 		registry.LoginOptBasicAuth(username, password),
+		registry.LoginOptInsecure(a.insecure),
 		registry.LoginOptTLSClientConfig(a.certFile, a.keyFile, a.caFile))
 }
diff --git a/pkg/getter/ocigetter_test.go b/pkg/getter/ocigetter_test.go
index 86f54b153..fa2fa67a5 100644
--- a/pkg/getter/ocigetter_test.go
+++ b/pkg/getter/ocigetter_test.go
@@ -39,6 +39,7 @@ func TestOCIGetter(t *testing.T) {
 	ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem")
 	timeout := time.Second * 5
 	transport := &http.Transport{}
+	insecureSkipTLSverify := false
 
 	// Test with options
 	g, err = NewOCIGetter(
@@ -46,6 +47,7 @@ func TestOCIGetter(t *testing.T) {
 		WithTLSClientConfig(pub, priv, ca),
 		WithTimeout(timeout),
 		WithTransport(transport),
+		WithInsecureSkipVerifyTLS(insecureSkipTLSverify),
 	)
 	if err != nil {
 		t.Fatal(err)