Hardcoded value removed

Signed-off-by: Sunil Kumar <suryakn27@outlook.com>
4 years ago · 163af70dae
parent c0eba04702
commit 163af70dae
6 changed files with 59 additions and 37 deletions
--- a/cmd/helm/root.go
+++ b/cmd/helm/root.go
@ -67,6 +67,7 @@ Environment variables:
 | $HELM_KUBEASUSER                   | set the Username to impersonate for the operation.                                |
 | $HELM_KUBECONTEXT                  | set the name of the kubeconfig context.                                           |
 | $HELM_KUBETOKEN                    | set the Bearer KubeToken used for authentication.                                 |
+| $HELM_SECONDARY_CERT_DIR           | set the secondary certificate directory for 2-way ssl support for oci pull.       |

 Helm stores cache, configuration, and data based on the following configuration order:

--- a/cmd/helm/testdata/output/env-comp.txt
+++ b/cmd/helm/testdata/output/env-comp.txt
@ -15,5 +15,6 @@ HELM_PLUGINS
 HELM_REGISTRY_CONFIG
 HELM_REPOSITORY_CACHE
 HELM_REPOSITORY_CONFIG
+HELM_SECONDARY_CERT_DIR
 :4
 Completion ended with directive: ShellCompDirectiveNoFileComp
--- a/internal/tlsutil/cfg.go
+++ b/internal/tlsutil/cfg.go
@ -22,8 +22,10 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"runtime"
+	"strings"

 	"github.com/pkg/errors"
 )
@ -61,13 +63,27 @@ func ClientConfig(opts Options) (cfg *tls.Config, err error) {
 	return cfg, nil
 }

-func ReadCertFromSecDir(cfgFileBaseName string, host string) (opts Options, err error) {
+func ReadCertFromSecDir(host string) (opts Options, err error) {
 	if runtime.GOOS == "windows" || runtime.GOOS == "unix" {
 		fmt.Printf("%v OS not supported for this oci pull. Contact your administrator for more information !!!", runtime.GOOS)
+		os.Exit(1)
 	} else {
-		var clientCertDir = "/etc/docker/certs.d/"
-		clientCertDir = clientCertDir + host
-
+		cmd, err := exec.Command("helm", "env", "HELM_SECONDARY_CERT_DIR").Output()
+		if err != nil {
+			fmt.Printf("Error : %s", err)
+			os.Exit(1)
+		}
+		clientCertDir := strings.TrimSuffix(string(cmd), "\n")
+		if clientCertDir == "" {
+			fmt.Printf("Please Configure secondary certificate directory for ssl connection set/export HELM_SECONDARY_CERT_DIR='/etc/docker/certs.d/'\n")
+			os.Exit(1)
+		}
+		lastIndex := strings.LastIndexByte(clientCertDir, '/')
+		if lastIndex < 19 {
+			clientCertDir = fmt.Sprintf("%s/%s", clientCertDir, host)
+		} else {
+			clientCertDir = fmt.Sprintf("%s%s", clientCertDir, host)
+		}
 		if _, err := os.Stat(clientCertDir); err != nil {
 			if os.IsNotExist(err) {
 				os.MkdirAll(clientCertDir, os.ModePerm)
@ -78,11 +94,11 @@ func ReadCertFromSecDir(cfgFileBaseName string, host string) (opts Options, err
 			if files, err := ioutil.ReadDir(clientCertDir); err == nil {
 				for _, file := range files {
 					if filepath.Ext(file.Name()) == ".crt" {
-						opts.CaCertFile = clientCertDir + "/" + file.Name()
+						opts.CaCertFile = fmt.Sprintf("%s/%s", clientCertDir, file.Name())
 					} else if filepath.Ext(file.Name()) == ".pem" {
-						opts.CertFile = clientCertDir + "/" + file.Name()
+						opts.CertFile = fmt.Sprintf("%s/%s", clientCertDir, file.Name())
 					} else if filepath.Ext(file.Name()) == ".key" {
-						opts.KeyFile = clientCertDir + "/" + file.Name()
+						opts.KeyFile = fmt.Sprintf("%s/%s", clientCertDir, file.Name())
 					}
 				}
 			} else {
@ -90,22 +106,22 @@ func ReadCertFromSecDir(cfgFileBaseName string, host string) (opts Options, err
 				os.Exit(1)
 			}
 			if opts.CaCertFile == "" && opts.CertFile == "" && opts.KeyFile == "" {
-				fmt.Printf("Error Certificate (cacerts.crt,client.pem,client.key) required : Client authentication failed due to certificate not present in cert directory !! \n")
+				fmt.Printf("Error : Missing certificate (cacerts.crt,client.pem,client.key) required !!\n")
 				os.Exit(1)
 			}

 			if opts.CaCertFile == "" && opts.CertFile == "" {
-				fmt.Printf("Error Certificate Required : Root-CA and client certificate (cacerts.crt,client.pem) not found.\n")
+				fmt.Printf("Error : Missing certificate : Root-CA and client certificate (cacerts.crt,client.pem) required !!\n")
 				os.Exit(1)
 			}

 			if opts.CaCertFile == "" && opts.KeyFile == "" {
-				fmt.Printf("Error Certificate Required :  Root-CA and and client keyfie (cacerts.crt,client.key) not found.\n")
+				fmt.Printf("Error Certificate Required :  Root-CA and and client key (cacerts.crt,client.key) not found.\n")
 				os.Exit(1)
 			}

 			if opts.CertFile == "" && opts.KeyFile == "" {
-				fmt.Printf("Error Certificate Required : Client certificate and client keyfile (client.pem,client.key) not found.\n")
+				fmt.Printf("Error Certificate Required : Client certificate and client key (client.pem,client.key) not found.\n")
 				os.Exit(1)
 			}
 			if opts.CaCertFile == "" {
--- a/pkg/action/pull.go
+++ b/pkg/action/pull.go
@ -125,7 +125,6 @@ func (p *Pull) Run(chartRef string) (string, error) {

 	saved, v, err := c.DownloadTo(chartRef, p.Version, dest)
 	if err != nil {
-		//fmt.Printf("Error : %v\n", err)
 		if strings.Contains(fmt.Sprint(err), "remote error: tls: handshake failure") {
 			registryClient, err := registry.NewCrosClient(chartRef,
 				registry.ClientOptDebug(p.Settings.Debug),
--- a/pkg/cli/environment.go
+++ b/pkg/cli/environment.go
@ -68,22 +68,25 @@ type EnvSettings struct {
 	PluginsDirectory string
 	// MaxHistory is the max release history maintained.
 	MaxHistory int
+	// Secondary Certificate directory for helm oci pull
+	ClientSecCertDirectory string
 }

 func New() *EnvSettings {
 	env := &EnvSettings{
-		namespace:        os.Getenv("HELM_NAMESPACE"),
-		MaxHistory:       envIntOr("HELM_MAX_HISTORY", defaultMaxHistory),
-		KubeContext:      os.Getenv("HELM_KUBECONTEXT"),
-		KubeToken:        os.Getenv("HELM_KUBETOKEN"),
-		KubeAsUser:       os.Getenv("HELM_KUBEASUSER"),
-		KubeAsGroups:     envCSV("HELM_KUBEASGROUPS"),
-		KubeAPIServer:    os.Getenv("HELM_KUBEAPISERVER"),
-		KubeCaFile:       os.Getenv("HELM_KUBECAFILE"),
-		PluginsDirectory: envOr("HELM_PLUGINS", helmpath.DataPath("plugins")),
-		RegistryConfig:   envOr("HELM_REGISTRY_CONFIG", helmpath.ConfigPath("registry/config.json")),
-		RepositoryConfig: envOr("HELM_REPOSITORY_CONFIG", helmpath.ConfigPath("repositories.yaml")),
-		RepositoryCache:  envOr("HELM_REPOSITORY_CACHE", helmpath.CachePath("repository")),
+		namespace:              os.Getenv("HELM_NAMESPACE"),
+		MaxHistory:             envIntOr("HELM_MAX_HISTORY", defaultMaxHistory),
+		KubeContext:            os.Getenv("HELM_KUBECONTEXT"),
+		KubeToken:              os.Getenv("HELM_KUBETOKEN"),
+		KubeAsUser:             os.Getenv("HELM_KUBEASUSER"),
+		KubeAsGroups:           envCSV("HELM_KUBEASGROUPS"),
+		KubeAPIServer:          os.Getenv("HELM_KUBEAPISERVER"),
+		KubeCaFile:             os.Getenv("HELM_KUBECAFILE"),
+		ClientSecCertDirectory: envOr("HELM_SECONDARY_CERT_DIR", ""),
+		PluginsDirectory:       envOr("HELM_PLUGINS", helmpath.DataPath("plugins")),
+		RegistryConfig:         envOr("HELM_REGISTRY_CONFIG", helmpath.ConfigPath("registry/config.json")),
+		RepositoryConfig:       envOr("HELM_REPOSITORY_CONFIG", helmpath.ConfigPath("repositories.yaml")),
+		RepositoryCache:        envOr("HELM_REPOSITORY_CACHE", helmpath.CachePath("repository")),
 	}
 	env.Debug, _ = strconv.ParseBool(os.Getenv("HELM_DEBUG"))

@ -115,6 +118,7 @@ func (s *EnvSettings) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&s.RegistryConfig, "registry-config", s.RegistryConfig, "path to the registry config file")
 	fs.StringVar(&s.RepositoryConfig, "repository-config", s.RepositoryConfig, "path to the file containing repository names and URLs")
 	fs.StringVar(&s.RepositoryCache, "repository-cache", s.RepositoryCache, "path to the file containing cached repository indexes")
+	fs.StringVar(&s.ClientSecCertDirectory, "client-sec-cert-dir", s.ClientSecCertDirectory, "path to the secondary certificate directory used for 2-way ssl support(oci pull for artificat repo)")
 }

 func envOr(name, def string) string {
@ -146,17 +150,18 @@ func envCSV(name string) (ls []string) {

 func (s *EnvSettings) EnvVars() map[string]string {
 	envvars := map[string]string{
-		"HELM_BIN":               os.Args[0],
-		"HELM_CACHE_HOME":        helmpath.CachePath(""),
-		"HELM_CONFIG_HOME":       helmpath.ConfigPath(""),
-		"HELM_DATA_HOME":         helmpath.DataPath(""),
-		"HELM_DEBUG":             fmt.Sprint(s.Debug),
-		"HELM_PLUGINS":           s.PluginsDirectory,
-		"HELM_REGISTRY_CONFIG":   s.RegistryConfig,
-		"HELM_REPOSITORY_CACHE":  s.RepositoryCache,
-		"HELM_REPOSITORY_CONFIG": s.RepositoryConfig,
-		"HELM_NAMESPACE":         s.Namespace(),
-		"HELM_MAX_HISTORY":       strconv.Itoa(s.MaxHistory),
+		"HELM_BIN":                os.Args[0],
+		"HELM_CACHE_HOME":         helmpath.CachePath(""),
+		"HELM_CONFIG_HOME":        helmpath.ConfigPath(""),
+		"HELM_DATA_HOME":          helmpath.DataPath(""),
+		"HELM_DEBUG":              fmt.Sprint(s.Debug),
+		"HELM_PLUGINS":            s.PluginsDirectory,
+		"HELM_REGISTRY_CONFIG":    s.RegistryConfig,
+		"HELM_REPOSITORY_CACHE":   s.RepositoryCache,
+		"HELM_REPOSITORY_CONFIG":  s.RepositoryConfig,
+		"HELM_NAMESPACE":          s.Namespace(),
+		"HELM_MAX_HISTORY":        strconv.Itoa(s.MaxHistory),
+		"HELM_SECONDARY_CERT_DIR": s.ClientSecCertDirectory,

 		// broken, these are populated from helm flags and not kubeconfig.
 		"HELM_KUBECONTEXT":   s.KubeContext,
--- a/pkg/registry/client.go
+++ b/pkg/registry/client.go
@ -155,9 +155,9 @@ func NewCrosClient(chartref string, options ...ClientOption) (*Client, error) {
 	if client.resolver == nil {
 		host, err := urlutil.ExtractHostname(chartref)
 		if err != nil {
-
+			fmt.Printf("error :%v\n", err)
 		}
-		clientOpts, err := tlsutil.ReadCertFromSecDir(CredentialsFileBasename, host)
+		clientOpts, err := tlsutil.ReadCertFromSecDir(host)
 		if err != nil {
 			return client, errors.Wrapf(err, "Client certificate/directory Not Exist !!")
 		}