Merge remote-tracking branch 'helm/oci-transport-refinement' into oci-insecure

Signed-off-by: Tom Runyon <runyontr@gmail.com>
3 years ago · 1acb7731dc
parent cc414577dc 5c40996dad
commit 1acb7731dc
12 changed files with 130 additions and 51 deletions
--- a/cmd/helm/install.go
+++ b/cmd/helm/install.go
@ -136,6 +136,12 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 			return compInstall(args, toComplete, client)
 		},
 		RunE: func(_ *cobra.Command, args []string) error {
+			registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP)
+			if err != nil {
+				return fmt.Errorf("missing registry client: %w", err)
+			}
+			client.SetRegistryClient(registryClient)
+
 			rel, err := runInstall(args, client, valueOpts, out)
 			if err != nil {
 				return errors.Wrap(err, "INSTALLATION FAILED")
@ -202,7 +208,7 @@ func runInstall(args []string, client *action.Install, valueOpts *values.Options
 	}
 	client.ReleaseName = name

-	cp, err := client.ChartPathOptions.LocateChart(chart, out, settings)
+	cp, err := client.ChartPathOptions.LocateChart(chart, settings)
 	if err != nil {
 		return nil, err
 	}
--- a/cmd/helm/pull.go
+++ b/cmd/helm/pull.go
@ -64,6 +64,12 @@ func newPullCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 				client.Version = ">0.0.0-0"
 			}

+			registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP)
+			if err != nil {
+				return fmt.Errorf("missing registry client: %w", err)
+			}
+			client.SetRegistryClient(registryClient)
+
 			for i := 0; i < len(args); i++ {
 				output, err := client.Run(args[i])
 				if err != nil {
--- a/cmd/helm/push.go
+++ b/cmd/helm/push.go
@ -68,6 +68,11 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 			return nil, cobra.ShellCompDirectiveNoFileComp
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
+			registryClient, err := newRegistryClient(o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify, o.plainHTTP)
+			if err != nil {
+				return fmt.Errorf("missing registry client: %w", err)
+			}
+			cfg.RegistryClient = registryClient
 			chartRef := args[0]
 			remote := args[1]
 			client := action.NewPushWithOpts(action.WithPushConfig(cfg),
--- a/cmd/helm/root.go
+++ b/cmd/helm/root.go
@ -152,7 +152,7 @@ func newRootCmd(actionConfig *action.Configuration, out io.Writer, args []string
 	flags.ParseErrorsWhitelist.UnknownFlags = true
 	flags.Parse(args)

-	registryClient, err := newRegistryClient(out)
+	registryClient, err := newDefaultRegistryClient()
 	if err != nil {
 		return nil, err
 	}
@ -257,7 +257,31 @@ func checkForExpiredRepos(repofile string) {

 }

-func newRegistryClient(out io.Writer) (*registry.Client, error) {
+func newRegistryClient(certFile, keyFile, caFile string, insecureSkipTLSverify bool, plainHTTP bool) (*registry.Client, error) {
+
+	if plainHTTP {
+		registryClient, err := registry.NewRegistryClientHTTP(os.Stderr, settings.RegistryConfig, settings.Debug)
+		if err != nil {
+			return nil, err
+		}
+		return registryClient, nil
+	}
+
+	if certFile != "" && keyFile != "" || caFile != "" || insecureSkipTLSverify {
+		registryClient, err := newRegistryClientWithTLS(certFile, keyFile, caFile, insecureSkipTLSverify)
+		if err != nil {
+			return nil, err
+		}
+		return registryClient, nil
+	}
+	registryClient, err := newDefaultRegistryClient()
+	if err != nil {
+		return nil, err
+	}
+	return registryClient, nil
+}
+
+func newDefaultRegistryClient() (*registry.Client, error) {
 	// Create a new registry client
 	registryClient, err := registry.NewClient(
 		registry.ClientOptDebug(settings.Debug),
@ -270,3 +294,14 @@ func newRegistryClient(out io.Writer) (*registry.Client, error) {
 	}
 	return registryClient, nil
 }
+
+func newRegistryClientWithTLS(certFile, keyFile, caFile string, insecureSkipTLSverify bool) (*registry.Client, error) {
+	// Create a new registry client
+	registryClient, err := registry.NewRegistryClientWithTLS(os.Stderr, certFile, keyFile, caFile, insecureSkipTLSverify,
+		settings.RegistryConfig, settings.Debug,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return registryClient, nil
+}
--- a/cmd/helm/show.go
+++ b/cmd/helm/show.go
@ -84,7 +84,11 @@ func newShowCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 		ValidArgsFunction: validArgsFunc,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client.OutputFormat = action.ShowAll
-			output, err := runShow(args, client, out)
+			err := addRegistryClient(client)
+			if err != nil {
+				return err
+			}
+			output, err := runShow(args, client)
 			if err != nil {
 				return err
 			}
@ -101,7 +105,11 @@ func newShowCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 		ValidArgsFunction: validArgsFunc,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client.OutputFormat = action.ShowValues
-			output, err := runShow(args, client, out)
+			err := addRegistryClient(client)
+			if err != nil {
+				return err
+			}
+			output, err := runShow(args, client)
 			if err != nil {
 				return err
 			}
@ -118,7 +126,11 @@ func newShowCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 		ValidArgsFunction: validArgsFunc,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client.OutputFormat = action.ShowChart
-			output, err := runShow(args, client, out)
+			err := addRegistryClient(client)
+			if err != nil {
+				return err
+			}
+			output, err := runShow(args, client)
 			if err != nil {
 				return err
 			}
@ -135,7 +147,11 @@ func newShowCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 		ValidArgsFunction: validArgsFunc,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client.OutputFormat = action.ShowReadme
-			output, err := runShow(args, client, out)
+			err := addRegistryClient(client)
+			if err != nil {
+				return err
+			}
+			output, err := runShow(args, client)
 			if err != nil {
 				return err
 			}
@ -152,7 +168,11 @@ func newShowCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 		ValidArgsFunction: validArgsFunc,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client.OutputFormat = action.ShowCRDs
-			output, err := runShow(args, client, out)
+			err := addRegistryClient(client)
+			if err != nil {
+				return err
+			}
+			output, err := runShow(args, client)
 			if err != nil {
 				return err
 			}
@ -192,16 +212,25 @@ func addShowFlags(subCmd *cobra.Command, client *action.Show) {
 	}
 }

-func runShow(args []string, client *action.Show, out io.Writer) (string, error) {
+func runShow(args []string, client *action.Show) (string, error) {
 	debug("Original chart version: %q", client.Version)
 	if client.Version == "" && client.Devel {
 		debug("setting version to >0.0.0-0")
 		client.Version = ">0.0.0-0"
 	}

-	cp, err := client.ChartPathOptions.LocateChart(args[0], out, settings)
+	cp, err := client.ChartPathOptions.LocateChart(args[0], settings)
 	if err != nil {
 		return "", err
 	}
 	return client.Run(cp)
 }
+
+func addRegistryClient(client *action.Show) error {
+	registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP)
+	if err != nil {
+		return fmt.Errorf("missing registry client: %w", err)
+	}
+	client.SetRegistryClient(registryClient)
+	return nil
+}
--- a/cmd/helm/template.go
+++ b/cmd/helm/template.go
@ -73,6 +73,12 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 				client.KubeVersion = parsedKubeVersion
 			}

+			registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP)
+			if err != nil {
+				return fmt.Errorf("missing registry client: %w", err)
+			}
+			client.SetRegistryClient(registryClient)
+
 			client.DryRun = true
 			client.ReleaseName = "release-name"
 			client.Replace = true // Skip the name check
--- a/cmd/helm/upgrade.go
+++ b/cmd/helm/upgrade.go
@ -90,6 +90,12 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client.Namespace = settings.Namespace()

+			registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP)
+			if err != nil {
+				return fmt.Errorf("missing registry client: %w", err)
+			}
+			client.SetRegistryClient(registryClient)
+
 			// Fixes #7002 - Support reading values from STDIN for `upgrade` command
 			// Must load values AFTER determining if we have to call install so that values loaded from stdin are are not read twice
 			if client.Install {
@ -134,7 +140,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 				client.Version = ">0.0.0-0"
 			}

-			chartPath, err := client.ChartPathOptions.LocateChart(args[1], out, settings)
+			chartPath, err := client.ChartPathOptions.LocateChart(args[1], settings)
 			if err != nil {
 				return err
 			}
--- a/pkg/action/install.go
+++ b/pkg/action/install.go
@ -20,7 +20,6 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"net/url"
 	"os"
@ -135,6 +134,11 @@ func NewInstall(cfg *Configuration) *Install {
 	return in
 }

+// SetRegistryClient sets the registry client for the install action
+func (i *Install) SetRegistryClient(registryClient *registry.Client) {
+	i.ChartPathOptions.registryClient = registryClient
+}
+
 func (i *Install) installCRDs(crds []chart.CRD) error {
 	// We do these one file at a time in the order they were read.
 	totalItems := []*resource.Info{}
@ -674,27 +678,9 @@ OUTER:
 // - URL
 //
 // If 'verify' was set on ChartPathOptions, this will attempt to also verify the chart.
-func (c *ChartPathOptions) LocateChart(name string, out io.Writer, settings *cli.EnvSettings) (string, error) {
-	// If there is no registry client and the name is in an OCI registry return
-	// an error and a lookup will not occur.
-	if registry.IsOCI(name) {
-		if (c.CertFile != "" && c.KeyFile != "") || c.CaFile != "" || c.InsecureSkipTLSverify {
-			var registryClient *registry.Client
-			var err error
-			if c.PlainHTTP {
-				registryClient, err = registry.NewRegistryClientHTTP(out, settings.RegistryConfig, settings.Debug)
-			} else {
-				registryClient, err = registry.NewRegistryClientWithTLS(out, c.CertFile, c.KeyFile, c.CaFile,
-					c.InsecureSkipTLSverify, settings.RegistryConfig, settings.Debug)
-			}
-			if err != nil {
-				return "", err
-			}
-			c.registryClient = registryClient
-		}
-		if c.registryClient == nil {
-			return "", fmt.Errorf("unable to lookup chart %q, missing registry client", name)
-		}
+func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) (string, error) {
+	if registry.IsOCI(name) && c.registryClient == nil {
+		return "", fmt.Errorf("unable to lookup chart %q, missing registry client", name)
 	}
 	name = strings.TrimSpace(name)
 	version := strings.TrimSpace(c.Version)
--- a/pkg/action/pull.go
+++ b/pkg/action/pull.go
@ -81,6 +81,11 @@ func NewPullWithOpts(opts ...PullOpt) *Pull {
 	return p
 }

+// SetRegistryClient sets the registry client on the pull configuration object.
+func (p *Pull) SetRegistryClient(client *registry.Client) {
+	p.cfg.RegistryClient = client
+}
+
 // Run executes 'helm pull' against the given release.
 func (p *Pull) Run(chartRef string) (string, error) {
 	var out strings.Builder
--- a/pkg/action/push.go
+++ b/pkg/action/push.go
@ -91,28 +91,11 @@ func (p *Push) Run(chartRef string, remote string) (string, error) {
 		Pushers: pusher.All(p.Settings),
 		Options: []pusher.Option{
 			pusher.WithTLSClientConfig(p.certFile, p.keyFile, p.caFile),
+			pusher.WithInsecureSkipTLSVerify(p.insecureSkipTLSverify),
 		},
 	}

 	if registry.IsOCI(remote) {
-		// Provide a tls enabled client for the pull command if the user has
-		// specified the cert file or key file or ca file.
-		if (p.certFile != "" && p.keyFile != "") || p.caFile != "" || p.insecureSkipTLSverify {
-
-			var registryClient *registry.Client
-			var err error
-			if p.plainHTTP {
-				registryClient, err = registry.NewRegistryClientHTTP(p.out, p.Settings.RegistryConfig, p.Settings.Debug)
-			} else {
-				registryClient, err = registry.NewRegistryClientWithTLS(p.out, p.certFile, p.keyFile, p.caFile,
-					p.insecureSkipTLSverify, p.Settings.RegistryConfig, p.Settings.Debug)
-			}
-			if err != nil {
-				return out.String(), err
-			}
-			p.cfg.RegistryClient = registryClient
-		}
-
 		// Don't use the default registry client if tls options are set.
 		c.Options = append(c.Options, pusher.WithRegistryClient(p.cfg.RegistryClient))
 	}
--- a/pkg/action/show.go
+++ b/pkg/action/show.go
@ -28,6 +28,7 @@ import (
 	"helm.sh/helm/v3/pkg/chart"
 	"helm.sh/helm/v3/pkg/chart/loader"
 	"helm.sh/helm/v3/pkg/chartutil"
+	"helm.sh/helm/v3/pkg/registry"
 )

 // ShowOutputFormat is the format of the output of `helm show`
@ -82,6 +83,11 @@ func NewShowWithConfig(output ShowOutputFormat, cfg *Configuration) *Show {
 	return sh
 }

+// SetRegistryClient sets the registry client to use when pulling a chart from a registry.
+func (s *Show) SetRegistryClient(client *registry.Client) {
+	s.ChartPathOptions.registryClient = client
+}
+
 // Run executes 'helm show' against the given release.
 func (s *Show) Run(chartpath string) (string, error) {
 	if s.chart == nil {
--- a/pkg/action/upgrade.go
+++ b/pkg/action/upgrade.go
@ -32,6 +32,7 @@ import (
 	"helm.sh/helm/v3/pkg/chartutil"
 	"helm.sh/helm/v3/pkg/kube"
 	"helm.sh/helm/v3/pkg/postrender"
+	"helm.sh/helm/v3/pkg/registry"
 	"helm.sh/helm/v3/pkg/release"
 	"helm.sh/helm/v3/pkg/releaseutil"
 	"helm.sh/helm/v3/pkg/storage/driver"
@ -120,6 +121,11 @@ func NewUpgrade(cfg *Configuration) *Upgrade {
 	return up
 }

+// SetRegistryClient sets the registry client to use when fetching charts.
+func (u *Upgrade) SetRegistryClient(client *registry.Client) {
+	u.ChartPathOptions.registryClient = client
+}
+
 // Run executes the upgrade on the given release.
 func (u *Upgrade) Run(name string, chart *chart.Chart, vals map[string]interface{}) (*release.Release, error) {
 	ctx := context.Background()