From 25de1d0eb9c7064980d4c9663c0516cbbc960cb4 Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Tue, 18 Sep 2018 12:48:13 -0700 Subject: [PATCH] fix bug where os.ExpandEnv() on the default value causes differing behaviour Signed-off-by: Matthew Fisher --- cmd/helm/helm.go | 35 ++++++++++++----------- cmd/helm/helm_test.go | 66 +++++++++++++++++++++---------------------- cmd/helm/init.go | 8 ++++++ 3 files changed, 60 insertions(+), 49 deletions(-) diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go index 5af7f57cc..7f2bf369a 100644 --- a/cmd/helm/helm.go +++ b/cmd/helm/helm.go @@ -80,9 +80,21 @@ func newRootCmd(args []string) *cobra.Command { Long: globalUsage, SilenceUsage: true, PersistentPreRun: func(*cobra.Command, []string) { - tlsCaCertFile = os.ExpandEnv(tlsCaCertFile) - tlsCertFile = os.ExpandEnv(tlsCertFile) - tlsKeyFile = os.ExpandEnv(tlsKeyFile) + if settings.TLSCaCertFile == helm_env.DefaultTLSCaCert || settings.TLSCaCertFile == "" { + settings.TLSCaCertFile = settings.Home.TLSCaCert() + } else { + settings.TLSCaCertFile = os.ExpandEnv(settings.TLSCaCertFile) + } + if settings.TLSCertFile == helm_env.DefaultTLSCert || settings.TLSCertFile == "" { + settings.TLSCertFile = settings.Home.TLSCert() + } else { + settings.TLSCertFile = os.ExpandEnv(settings.TLSCertFile) + } + if settings.TLSKeyFile == helm_env.DefaultTLSKeyFile || settings.TLSKeyFile == "" { + settings.TLSKeyFile = settings.Home.TLSKey() + } else { + settings.TLSKeyFile = os.ExpandEnv(settings.TLSKeyFile) + } }, PersistentPostRun: func(*cobra.Command, []string) { teardown() @@ -271,24 +283,15 @@ func newClient() helm.Interface { options := []helm.Option{helm.Host(settings.TillerHost), helm.ConnectTimeout(settings.TillerConnectionTimeout)} if settings.TLSVerify || settings.TLSEnable { - if tlsCaCertFile == "" { - tlsCaCertFile = settings.Home.TLSCaCert() - } - if tlsCertFile == "" { - tlsCertFile = settings.Home.TLSCert() - } - if tlsKeyFile == "" { - tlsKeyFile = settings.Home.TLSKey() - } - debug("Host=%q, Key=%q, Cert=%q, CA=%q\n", settings.TLSServerName, tlsKeyFile, tlsCertFile, tlsCaCertFile) + debug("Host=%q, Key=%q, Cert=%q, CA=%q\n", settings.TLSServerName, settings.TLSKeyFile, settings.TLSCertFile, settings.TLSCaCertFile) tlsopts := tlsutil.Options{ ServerName: settings.TLSServerName, - KeyFile: tlsKeyFile, - CertFile: tlsCertFile, + KeyFile: settings.TLSKeyFile, + CertFile: settings.TLSCertFile, InsecureSkipVerify: true, } if settings.TLSVerify { - tlsopts.CaCertFile = tlsCaCertFile + tlsopts.CaCertFile = settings.TLSCaCertFile tlsopts.InsecureSkipVerify = false } tlscfg, err := tlsutil.ClientConfig(tlsopts) diff --git a/cmd/helm/helm_test.go b/cmd/helm/helm_test.go index ce0206b93..3551eb534 100644 --- a/cmd/helm/helm_test.go +++ b/cmd/helm/helm_test.go @@ -261,9 +261,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: false, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -280,9 +280,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: true, TLSVerify: false, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -299,9 +299,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: true, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -318,9 +318,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: false, TLSServerName: "foo", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -338,8 +338,8 @@ func TestTLSFlags(t *testing.T) { TLSVerify: false, TLSServerName: "", TLSCaCertFile: "/foo", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -356,9 +356,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: false, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", + TLSCaCertFile: home.TLSCaCert(), TLSCertFile: "/foo", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSKeyFile: home.TLSKey(), }, }, { @@ -375,8 +375,8 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: false, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), TLSKeyFile: "/foo", }, }, @@ -395,9 +395,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: true, TLSVerify: false, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -415,9 +415,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: true, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -435,9 +435,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: false, TLSServerName: "foo", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -456,8 +456,8 @@ func TestTLSFlags(t *testing.T) { TLSVerify: false, TLSServerName: "", TLSCaCertFile: "/foo", - TLSCertFile: "$HELM_HOME/cert.pem", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSCertFile: home.TLSCert(), + TLSKeyFile: home.TLSKey(), }, }, { @@ -475,9 +475,9 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: false, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", + TLSCaCertFile: home.TLSCaCert(), TLSCertFile: "/foo", - TLSKeyFile: "$HELM_HOME/key.pem", + TLSKeyFile: home.TLSKey(), }, }, { @@ -495,8 +495,8 @@ func TestTLSFlags(t *testing.T) { TLSEnable: false, TLSVerify: false, TLSServerName: "", - TLSCaCertFile: "$HELM_HOME/ca.pem", - TLSCertFile: "$HELM_HOME/cert.pem", + TLSCaCertFile: home.TLSCaCert(), + TLSCertFile: home.TLSCert(), TLSKeyFile: "/foo", }, }, diff --git a/cmd/helm/init.go b/cmd/helm/init.go index b65354ac8..03d2c155c 100644 --- a/cmd/helm/init.go +++ b/cmd/helm/init.go @@ -173,6 +173,14 @@ func (i *initCmd) tlsOptions() error { return errors.New("missing required TLS CA file") } } + + // FIXME: refactor this all to pkg/helm/environment + settings.TLSEnable = tlsEnable + settings.TLSVerify = tlsVerify + settings.TLSServerName = tlsServerName + settings.TLSCaCertFile = tlsCaCertFile + settings.TLSCertFile = tlsCertFile + settings.TLSKeyFile = tlsKeyFile } return nil }