diff --git a/cmd/helm/repo_add.go b/cmd/helm/repo_add.go index e6afce3d5..bbc519885 100644 --- a/cmd/helm/repo_add.go +++ b/cmd/helm/repo_add.go @@ -43,9 +43,10 @@ type repoAddOptions struct { password string noUpdate bool - certFile string - keyFile string - caFile string + certFile string + keyFile string + caFile string + insecureSkipTLSverify bool repoFile string repoCache string @@ -75,6 +76,7 @@ func newRepoAddCmd(out io.Writer) *cobra.Command { f.StringVar(&o.certFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") f.StringVar(&o.keyFile, "key-file", "", "identify HTTPS client using this SSL key file") f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") + f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the repository") return cmd } diff --git a/pkg/getter/getter.go b/pkg/getter/getter.go index e11dbfcae..3f2a7464c 100644 --- a/pkg/getter/getter.go +++ b/pkg/getter/getter.go @@ -28,13 +28,14 @@ import ( // // Getters may or may not ignore these parameters as they are passed in. type options struct { - url string - certFile string - keyFile string - caFile string - username string - password string - userAgent string + url string + certFile string + keyFile string + caFile string + insecureSkipVerifyTLS bool + username string + password string + userAgent string } // Option allows specifying various settings configurable by the user for overriding the defaults @@ -64,6 +65,13 @@ func WithUserAgent(userAgent string) Option { } } +// WithInsecureSkipVerifyTLS determines if a TLS Certificate will be checked +func WithInsecureSkipVerifyTLS(insecureSkipVerifyTLS bool) Option { + return func(opts *options) { + opts.insecureSkipVerifyTLS = insecureSkipVerifyTLS + } +} + // WithTLSClientConfig sets the client client auth with the provided credentials. func WithTLSClientConfig(certFile, keyFile, caFile string) Option { return func(opts *options) { diff --git a/pkg/getter/httpgetter.go b/pkg/getter/httpgetter.go index 89abfb1cf..2c020342f 100644 --- a/pkg/getter/httpgetter.go +++ b/pkg/getter/httpgetter.go @@ -17,6 +17,7 @@ package getter import ( "bytes" + "crypto/tls" "io" "net/http" @@ -111,5 +112,18 @@ func (g *HTTPGetter) httpClient() (*http.Client, error) { return client, nil } + + if g.opts.insecureSkipVerifyTLS { + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + + return client, nil + } + return http.DefaultClient, nil } diff --git a/pkg/repo/chartrepo.go b/pkg/repo/chartrepo.go index c8d0d6a3d..2c4ead7e8 100644 --- a/pkg/repo/chartrepo.go +++ b/pkg/repo/chartrepo.go @@ -38,13 +38,14 @@ import ( // Entry represents a collection of parameters for chart repository type Entry struct { - Name string `json:"name"` - URL string `json:"url"` - Username string `json:"username"` - Password string `json:"password"` - CertFile string `json:"certFile"` - KeyFile string `json:"keyFile"` - CAFile string `json:"caFile"` + Name string `json:"name"` + URL string `json:"url"` + Username string `json:"username"` + Password string `json:"password"` + CertFile string `json:"certFile"` + KeyFile string `json:"keyFile"` + CAFile string `json:"caFile"` + InsecureSkipTLSverify bool `json:"insecure_skip_tls_verify"` } // ChartRepository represents a chart repository @@ -121,6 +122,7 @@ func (r *ChartRepository) DownloadIndexFile() (string, error) { // TODO add user-agent resp, err := r.Client.Get(indexURL, getter.WithURL(r.Config.URL), + getter.WithInsecureSkipVerifyTLS(r.Config.InsecureSkipTLSverify), getter.WithTLSClientConfig(r.Config.CertFile, r.Config.KeyFile, r.Config.CAFile), getter.WithBasicAuth(r.Config.Username, r.Config.Password), )