From dc158f6208782b888fc5be6d23d8991042cf9f9c Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Mon, 5 Feb 2024 13:54:21 +0000 Subject: [PATCH 01/10] fix(helm): pass down username/password CLI parameters to OCI registry clients When username/password parameters are passed in via the CLI they are not passed down to the client handling requests to OCI registries. This change ensures this happens Signed-off-by: Evans Mungai --- cmd/helm/install.go | 2 +- cmd/helm/pull.go | 2 +- cmd/helm/push.go | 4 +++- cmd/helm/root.go | 37 +++++++++++++++++++++++++++++-------- cmd/helm/show.go | 2 +- cmd/helm/template.go | 2 +- cmd/helm/upgrade.go | 2 +- pkg/action/install.go | 1 + pkg/registry/client.go | 31 +++++++++++++++++++++++++++++++ 9 files changed, 69 insertions(+), 14 deletions(-) diff --git a/cmd/helm/install.go b/cmd/helm/install.go index d987d300f..74573ee81 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -137,7 +137,7 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { }, RunE: func(_ *cobra.Command, args []string) error { registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP) + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/pull.go b/cmd/helm/pull.go index af3092aff..4ca2c47e8 100644 --- a/cmd/helm/pull.go +++ b/cmd/helm/pull.go @@ -65,7 +65,7 @@ func newPullCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP) + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/push.go b/cmd/helm/push.go index 3375155ed..be804661b 100644 --- a/cmd/helm/push.go +++ b/cmd/helm/push.go @@ -68,7 +68,9 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return nil, cobra.ShellCompDirectiveNoFileComp }, RunE: func(cmd *cobra.Command, args []string) error { - registryClient, err := newRegistryClient(o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify, o.plainHTTP) + registryClient, err := newRegistryClient( + o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify, o.plainHTTP, "", "", + ) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/root.go b/cmd/helm/root.go index 55b7e8892..beb62bd39 100644 --- a/cmd/helm/root.go +++ b/cmd/helm/root.go @@ -21,6 +21,7 @@ import ( "fmt" "io" "log" + "net/http" "os" "strings" @@ -29,6 +30,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/clientcmd" + "helm.sh/helm/v3/internal/tlsutil" "helm.sh/helm/v3/pkg/action" "helm.sh/helm/v3/pkg/registry" "helm.sh/helm/v3/pkg/repo" @@ -153,7 +155,7 @@ func newRootCmd(actionConfig *action.Configuration, out io.Writer, args []string flags.ParseErrorsWhitelist.UnknownFlags = true flags.Parse(args) - registryClient, err := newDefaultRegistryClient(false) + registryClient, err := newDefaultRegistryClient(false, "", "") if err != nil { return nil, err } @@ -258,27 +260,30 @@ func checkForExpiredRepos(repofile string) { } -func newRegistryClient(certFile, keyFile, caFile string, insecureSkipTLSverify, plainHTTP bool) (*registry.Client, error) { +func newRegistryClient( + certFile, keyFile, caFile string, insecureSkipTLSverify, plainHTTP bool, username, password string, +) (*registry.Client, error) { if certFile != "" && keyFile != "" || caFile != "" || insecureSkipTLSverify { - registryClient, err := newRegistryClientWithTLS(certFile, keyFile, caFile, insecureSkipTLSverify) + registryClient, err := newRegistryClientWithTLS(certFile, keyFile, caFile, insecureSkipTLSverify, username, password) if err != nil { return nil, err } return registryClient, nil } - registryClient, err := newDefaultRegistryClient(plainHTTP) + registryClient, err := newDefaultRegistryClient(plainHTTP, username, password) if err != nil { return nil, err } return registryClient, nil } -func newDefaultRegistryClient(plainHTTP bool) (*registry.Client, error) { +func newDefaultRegistryClient(plainHTTP bool, username, password string) (*registry.Client, error) { opts := []registry.ClientOption{ registry.ClientOptDebug(settings.Debug), registry.ClientOptEnableCache(true), registry.ClientOptWriter(os.Stderr), registry.ClientOptCredentialsFile(settings.RegistryConfig), + registry.ClientOptBasicAuth(username, password), } if plainHTTP { opts = append(opts, registry.ClientOptPlainHTTP()) @@ -292,10 +297,26 @@ func newDefaultRegistryClient(plainHTTP bool) (*registry.Client, error) { return registryClient, nil } -func newRegistryClientWithTLS(certFile, keyFile, caFile string, insecureSkipTLSverify bool) (*registry.Client, error) { +func newRegistryClientWithTLS( + certFile, keyFile, caFile string, insecureSkipTLSverify bool, username, password string, +) (*registry.Client, error) { + tlsConf, err := tlsutil.NewClientTLS(certFile, keyFile, caFile, insecureSkipTLSverify) + if err != nil { + return nil, fmt.Errorf("can't create TLS config for client: %w", err) + } + // Create a new registry client - registryClient, err := registry.NewRegistryClientWithTLS(os.Stderr, certFile, keyFile, caFile, insecureSkipTLSverify, - settings.RegistryConfig, settings.Debug, + registryClient, err := registry.NewClient( + registry.ClientOptDebug(settings.Debug), + registry.ClientOptEnableCache(true), + registry.ClientOptWriter(os.Stderr), + registry.ClientOptCredentialsFile(settings.RegistryConfig), + registry.ClientOptHTTPClient(&http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsConf, + }, + }), + registry.ClientOptBasicAuth(username, password), ) if err != nil { return nil, err diff --git a/cmd/helm/show.go b/cmd/helm/show.go index 28eb9756d..b615ac97b 100644 --- a/cmd/helm/show.go +++ b/cmd/helm/show.go @@ -227,7 +227,7 @@ func runShow(args []string, client *action.Show) (string, error) { func addRegistryClient(client *action.Show) error { registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP) + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/template.go b/cmd/helm/template.go index a16cbc76e..16895d22d 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -74,7 +74,7 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { } registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP) + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index e7c6dd166..1b640f546 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -98,7 +98,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.Namespace = settings.Namespace() registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, - client.InsecureSkipTLSverify, client.PlainHTTP) + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) } diff --git a/pkg/action/install.go b/pkg/action/install.go index e3538a4f5..2c776f352 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -754,6 +754,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( getter.WithTLSClientConfig(c.CertFile, c.KeyFile, c.CaFile), getter.WithInsecureSkipVerifyTLS(c.InsecureSkipTLSverify), getter.WithPlainHTTP(c.PlainHTTP), + getter.WithBasicAuth(c.Username, c.Password), }, RepositoryConfig: settings.RepositoryConfig, RepositoryCache: settings.RepositoryCache, diff --git a/pkg/registry/client.go b/pkg/registry/client.go index 7538cf69b..0d353e8a2 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -18,6 +18,7 @@ package registry // import "helm.sh/helm/v3/pkg/registry" import ( "context" + "encoding/base64" "encoding/json" "fmt" "io" @@ -56,6 +57,8 @@ type ( enableCache bool // path to repository config file e.g. ~/.docker/config.json credentialsFile string + username string + password string out io.Writer authorizer auth.Client registryAuthorizer *registryauth.Client @@ -105,6 +108,19 @@ func NewClient(options ...ClientOption) (*Client, error) { if client.plainHTTP { opts = append(opts, auth.WithResolverPlainHTTP()) } + + // if username and password are set, use them for authentication + // by adding the basic auth Authorization header to the resolver + if client.username != "" && client.password != "" { + concat := client.username + ":" + client.password + encodedAuth := base64.StdEncoding.EncodeToString([]byte(concat)) + opts = append(opts, auth.WithResolverHeaders( + http.Header{ + "Authorization": []string{"Basic " + encodedAuth}, + }, + )) + } + resolver, err := client.authorizer.ResolverWithOpts(opts...) if err != nil { return nil, err @@ -125,6 +141,13 @@ func NewClient(options ...ClientOption) (*Client, error) { }, Cache: cache, Credential: func(ctx context.Context, reg string) (registryauth.Credential, error) { + if client.username != "" && client.password != "" { + return registryauth.Credential{ + Username: client.username, + Password: client.password, + }, nil + } + dockerClient, ok := client.authorizer.(*dockerauth.Client) if !ok { return registryauth.EmptyCredential, errors.New("unable to obtain docker client") @@ -168,6 +191,14 @@ func ClientOptEnableCache(enableCache bool) ClientOption { } } +// ClientOptBasicAuth returns a function that sets the username and password setting on client options set +func ClientOptBasicAuth(username, password string) ClientOption { + return func(client *Client) { + client.username = username + client.password = password + } +} + // ClientOptWriter returns a function that sets the writer setting on client options set func ClientOptWriter(out io.Writer) ClientOption { return func(client *Client) { From 7672a1700d4dd85ae9885c8e443d673ef1d898ce Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Wed, 19 Jun 2024 13:20:14 +0100 Subject: [PATCH 02/10] Add username/password to push subcommand Signed-off-by: Evans Mungai --- cmd/helm/push.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cmd/helm/push.go b/cmd/helm/push.go index 84b8a823b..b1a835ac1 100644 --- a/cmd/helm/push.go +++ b/cmd/helm/push.go @@ -40,6 +40,8 @@ type registryPushOptions struct { caFile string insecureSkipTLSverify bool plainHTTP bool + password string + username string } func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { @@ -69,7 +71,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { }, RunE: func(_ *cobra.Command, args []string) error { registryClient, err := newRegistryClient( - o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify, o.plainHTTP, "", "", + o.certFile, o.keyFile, o.caFile, o.insecureSkipTLSverify, o.plainHTTP, o.username, o.password, ) if err != nil { @@ -99,6 +101,8 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload") f.BoolVar(&o.plainHTTP, "plain-http", false, "use insecure HTTP connections for the chart upload") + f.StringVar(&o.username, "username", "", "chart repository username where to locate the requested chart") + f.StringVar(&o.password, "password", "", "chart repository password where to locate the requested chart") return cmd } From 837ae4242cb58a96ed0129db3ca7fa1ff7a33ab5 Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Wed, 19 Jun 2024 16:37:44 +0100 Subject: [PATCH 03/10] Add username/password to dependency build/update subcommands Signed-off-by: Evans Mungai --- cmd/helm/dependency.go | 14 ++++++++++++++ cmd/helm/dependency_build.go | 16 ++++++++++------ cmd/helm/dependency_update.go | 15 ++++++++++----- cmd/helm/flags.go | 2 +- cmd/helm/install.go | 2 +- cmd/helm/pull.go | 2 +- cmd/helm/show.go | 2 +- cmd/helm/template.go | 2 +- cmd/helm/upgrade.go | 2 +- pkg/action/dependency.go | 15 +++++++++++---- pkg/action/install.go | 6 +++--- pkg/action/pull.go | 4 ++-- 12 files changed, 56 insertions(+), 26 deletions(-) diff --git a/cmd/helm/dependency.go b/cmd/helm/dependency.go index 228c73c80..0fead7083 100644 --- a/cmd/helm/dependency.go +++ b/cmd/helm/dependency.go @@ -20,6 +20,7 @@ import ( "path/filepath" "github.com/spf13/cobra" + "github.com/spf13/pflag" "helm.sh/helm/v3/cmd/helm/require" "helm.sh/helm/v3/pkg/action" @@ -120,3 +121,16 @@ func newDependencyListCmd(out io.Writer) *cobra.Command { f.UintVar(&client.ColumnWidth, "max-col-width", 80, "maximum column width for output table") return cmd } + +func addDependencySubcommandFlags(f *pflag.FlagSet, client *action.Dependency) { + f.BoolVar(&client.Verify, "verify", false, "verify the packages against signatures") + f.StringVar(&client.Keyring, "keyring", defaultKeyring(), "keyring containing public keys") + f.BoolVar(&client.SkipRefresh, "skip-refresh", false, "do not refresh the local repository cache") + f.StringVar(&client.Username, "username", "", "chart repository username where to locate the requested chart") + f.StringVar(&client.Password, "password", "", "chart repository password where to locate the requested chart") + f.StringVar(&client.CertFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") + f.StringVar(&client.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") + f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") + f.BoolVar(&client.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") + f.StringVar(&client.CAFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") +} \ No newline at end of file diff --git a/cmd/helm/dependency_build.go b/cmd/helm/dependency_build.go index 2cf0c6c81..8ef8fb04b 100644 --- a/cmd/helm/dependency_build.go +++ b/cmd/helm/dependency_build.go @@ -41,7 +41,7 @@ If no lock file is found, 'helm dependency build' will mirror the behavior of 'helm dependency update'. ` -func newDependencyBuildCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { +func newDependencyBuildCmd(_ *action.Configuration, out io.Writer) *cobra.Command { client := action.NewDependency() cmd := &cobra.Command{ @@ -54,13 +54,19 @@ func newDependencyBuildCmd(cfg *action.Configuration, out io.Writer) *cobra.Comm if len(args) > 0 { chartpath = filepath.Clean(args[0]) } + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + if err != nil { + return fmt.Errorf("missing registry client: %w", err) + } + man := &downloader.Manager{ Out: out, ChartPath: chartpath, Keyring: client.Keyring, SkipUpdate: client.SkipRefresh, Getters: getter.All(settings), - RegistryClient: cfg.RegistryClient, + RegistryClient: registryClient, RepositoryConfig: settings.RepositoryConfig, RepositoryCache: settings.RepositoryCache, Debug: settings.Debug, @@ -68,7 +74,7 @@ func newDependencyBuildCmd(cfg *action.Configuration, out io.Writer) *cobra.Comm if client.Verify { man.Verify = downloader.VerifyIfPossible } - err := man.Build() + err = man.Build() if e, ok := err.(downloader.ErrRepoNotFound); ok { return fmt.Errorf("%s. Please add the missing repos via 'helm repo add'", e.Error()) } @@ -77,9 +83,7 @@ func newDependencyBuildCmd(cfg *action.Configuration, out io.Writer) *cobra.Comm } f := cmd.Flags() - f.BoolVar(&client.Verify, "verify", false, "verify the packages against signatures") - f.StringVar(&client.Keyring, "keyring", defaultKeyring(), "keyring containing public keys") - f.BoolVar(&client.SkipRefresh, "skip-refresh", false, "do not refresh the local repository cache") + addDependencySubcommandFlags(f, client) return cmd } diff --git a/cmd/helm/dependency_update.go b/cmd/helm/dependency_update.go index cb6e9c0cc..a5fb5796d 100644 --- a/cmd/helm/dependency_update.go +++ b/cmd/helm/dependency_update.go @@ -16,6 +16,7 @@ limitations under the License. package main import ( + "fmt" "io" "path/filepath" @@ -43,7 +44,7 @@ in the Chart.yaml file, but (b) at the wrong version. ` // newDependencyUpdateCmd creates a new dependency update command. -func newDependencyUpdateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { +func newDependencyUpdateCmd(_ *action.Configuration, out io.Writer) *cobra.Command { client := action.NewDependency() cmd := &cobra.Command{ @@ -57,13 +58,19 @@ func newDependencyUpdateCmd(cfg *action.Configuration, out io.Writer) *cobra.Com if len(args) > 0 { chartpath = filepath.Clean(args[0]) } + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + if err != nil { + return fmt.Errorf("missing registry client: %w", err) + } + man := &downloader.Manager{ Out: out, ChartPath: chartpath, Keyring: client.Keyring, SkipUpdate: client.SkipRefresh, Getters: getter.All(settings), - RegistryClient: cfg.RegistryClient, + RegistryClient: registryClient, RepositoryConfig: settings.RepositoryConfig, RepositoryCache: settings.RepositoryCache, Debug: settings.Debug, @@ -76,9 +83,7 @@ func newDependencyUpdateCmd(cfg *action.Configuration, out io.Writer) *cobra.Com } f := cmd.Flags() - f.BoolVar(&client.Verify, "verify", false, "verify the packages against signatures") - f.StringVar(&client.Keyring, "keyring", defaultKeyring(), "keyring containing public keys") - f.BoolVar(&client.SkipRefresh, "skip-refresh", false, "do not refresh the local repository cache") + addDependencySubcommandFlags(f, client) return cmd } diff --git a/cmd/helm/flags.go b/cmd/helm/flags.go index 62e9f90fa..b3f5ca091 100644 --- a/cmd/helm/flags.go +++ b/cmd/helm/flags.go @@ -62,7 +62,7 @@ func addChartPathOptionsFlags(f *pflag.FlagSet, c *action.ChartPathOptions) { f.StringVar(&c.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") f.BoolVar(&c.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&c.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") - f.StringVar(&c.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") + f.StringVar(&c.CAFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") f.BoolVar(&c.PassCredentialsAll, "pass-credentials", false, "pass credentials to all domains") } diff --git a/cmd/helm/install.go b/cmd/helm/install.go index cc57e2908..df2b8cd52 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -140,7 +140,7 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return compInstall(args, toComplete, client) }, RunE: func(_ *cobra.Command, args []string) error { - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/pull.go b/cmd/helm/pull.go index de4918d72..c12638f3f 100644 --- a/cmd/helm/pull.go +++ b/cmd/helm/pull.go @@ -64,7 +64,7 @@ func newPullCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.Version = ">0.0.0-0" } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/show.go b/cmd/helm/show.go index 1387c8617..153153f4d 100644 --- a/cmd/helm/show.go +++ b/cmd/helm/show.go @@ -226,7 +226,7 @@ func runShow(args []string, client *action.Show) (string, error) { } func addRegistryClient(client *action.Show) error { - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/template.go b/cmd/helm/template.go index ff6621a49..30f6054bc 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -73,7 +73,7 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.KubeVersion = parsedKubeVersion } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index bbb561046..64bb9808c 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -102,7 +102,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { RunE: func(_ *cobra.Command, args []string) error { client.Namespace = settings.Namespace() - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/pkg/action/dependency.go b/pkg/action/dependency.go index 3265f1f17..b5305168e 100644 --- a/pkg/action/dependency.go +++ b/pkg/action/dependency.go @@ -34,10 +34,17 @@ import ( // // It provides the implementation of 'helm dependency' and its respective subcommands. type Dependency struct { - Verify bool - Keyring string - SkipRefresh bool - ColumnWidth uint + Verify bool + Keyring string + SkipRefresh bool + ColumnWidth uint + Username string + Password string + CertFile string + KeyFile string + CAFile string + InsecureSkipTLSverify bool + PlainHTTP bool } // NewDependency creates a new Dependency object with the given configuration. diff --git a/pkg/action/install.go b/pkg/action/install.go index fb64e0678..a65b45a84 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -115,7 +115,7 @@ type Install struct { // ChartPathOptions captures common options used for controlling chart paths type ChartPathOptions struct { - CaFile string // --ca-file + CAFile string // --ca-file CertFile string // --cert-file KeyFile string // --key-file InsecureSkipTLSverify bool // --insecure-skip-verify @@ -759,7 +759,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( Getters: getter.All(settings), Options: []getter.Option{ getter.WithPassCredentialsAll(c.PassCredentialsAll), - getter.WithTLSClientConfig(c.CertFile, c.KeyFile, c.CaFile), + getter.WithTLSClientConfig(c.CertFile, c.KeyFile, c.CAFile), getter.WithInsecureSkipVerifyTLS(c.InsecureSkipTLSverify), getter.WithPlainHTTP(c.PlainHTTP), getter.WithBasicAuth(c.Username, c.Password), @@ -778,7 +778,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( } if c.RepoURL != "" { chartURL, err := repo.FindChartInAuthAndTLSAndPassRepoURL(c.RepoURL, c.Username, c.Password, name, version, - c.CertFile, c.KeyFile, c.CaFile, c.InsecureSkipTLSverify, c.PassCredentialsAll, getter.All(settings)) + c.CertFile, c.KeyFile, c.CAFile, c.InsecureSkipTLSverify, c.PassCredentialsAll, getter.All(settings)) if err != nil { return "", err } diff --git a/pkg/action/pull.go b/pkg/action/pull.go index 787553125..7405bf7c5 100644 --- a/pkg/action/pull.go +++ b/pkg/action/pull.go @@ -88,7 +88,7 @@ func (p *Pull) Run(chartRef string) (string, error) { Options: []getter.Option{ getter.WithBasicAuth(p.Username, p.Password), getter.WithPassCredentialsAll(p.PassCredentialsAll), - getter.WithTLSClientConfig(p.CertFile, p.KeyFile, p.CaFile), + getter.WithTLSClientConfig(p.CertFile, p.KeyFile, p.CAFile), getter.WithInsecureSkipVerifyTLS(p.InsecureSkipTLSverify), getter.WithPlainHTTP(p.PlainHTTP), }, @@ -122,7 +122,7 @@ func (p *Pull) Run(chartRef string) (string, error) { } if p.RepoURL != "" { - chartURL, err := repo.FindChartInAuthAndTLSAndPassRepoURL(p.RepoURL, p.Username, p.Password, chartRef, p.Version, p.CertFile, p.KeyFile, p.CaFile, p.InsecureSkipTLSverify, p.PassCredentialsAll, getter.All(p.Settings)) + chartURL, err := repo.FindChartInAuthAndTLSAndPassRepoURL(p.RepoURL, p.Username, p.Password, chartRef, p.Version, p.CertFile, p.KeyFile, p.CAFile, p.InsecureSkipTLSverify, p.PassCredentialsAll, getter.All(p.Settings)) if err != nil { return out.String(), err } From 0ad80e3b58e7c4be56a0378bbd0b0a4cebd799a0 Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Wed, 19 Jun 2024 17:26:39 +0100 Subject: [PATCH 04/10] Run go fmt Signed-off-by: Evans Mungai --- cmd/helm/dependency.go | 2 +- cmd/helm/install.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/helm/dependency.go b/cmd/helm/dependency.go index 0fead7083..67d1f5441 100644 --- a/cmd/helm/dependency.go +++ b/cmd/helm/dependency.go @@ -133,4 +133,4 @@ func addDependencySubcommandFlags(f *pflag.FlagSet, client *action.Dependency) { f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&client.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") f.StringVar(&client.CAFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") -} \ No newline at end of file +} diff --git a/cmd/helm/install.go b/cmd/helm/install.go index df2b8cd52..435966b36 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -85,7 +85,7 @@ set for a key called 'foo', the 'newbar' value would take precedence: $ helm install --set foo=bar --set foo=newbar myredis ./redis -Similarly, in the following example 'foo' is set to '["four"]': +Similarly, in the following example 'foo' is set to '["four"]': $ helm install --set-json='foo=["one", "two", "three"]' --set-json='foo=["four"]' myredis ./redis From 12d8d28534644f1cad8be2c57c7d52e07f7b27c9 Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Wed, 19 Jun 2024 18:37:31 +0100 Subject: [PATCH 05/10] Add username/password to package subcommand Signed-off-by: Evans Mungai --- cmd/helm/package.go | 17 +++++++++++++++-- pkg/action/package.go | 11 +++++++++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/cmd/helm/package.go b/cmd/helm/package.go index b96110ee8..444f98246 100644 --- a/cmd/helm/package.go +++ b/cmd/helm/package.go @@ -47,7 +47,7 @@ If '--keyring' is not specified, Helm usually defaults to the public keyring unless your environment is otherwise configured. ` -func newPackageCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { +func newPackageCmd(_ *action.Configuration, out io.Writer) *cobra.Command { client := action.NewPackage() valueOpts := &values.Options{} @@ -75,6 +75,12 @@ func newPackageCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return err } + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) + if err != nil { + return fmt.Errorf("missing registry client: %w", err) + } + for i := 0; i < len(args); i++ { path, err := filepath.Abs(args[i]) if err != nil { @@ -91,7 +97,7 @@ func newPackageCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { Keyring: client.Keyring, Getters: p, Debug: settings.Debug, - RegistryClient: cfg.RegistryClient, + RegistryClient: registryClient, RepositoryConfig: settings.RepositoryConfig, RepositoryCache: settings.RepositoryCache, } @@ -119,6 +125,13 @@ func newPackageCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { f.StringVar(&client.AppVersion, "app-version", "", "set the appVersion on the chart to this version") f.StringVarP(&client.Destination, "destination", "d", ".", "location to write the chart.") f.BoolVarP(&client.DependencyUpdate, "dependency-update", "u", false, `update dependencies from "Chart.yaml" to dir "charts/" before packaging`) + f.StringVar(&client.Username, "username", "", "chart repository username where to locate the requested chart") + f.StringVar(&client.Password, "password", "", "chart repository password where to locate the requested chart") + f.StringVar(&client.CertFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") + f.StringVar(&client.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") + f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") + f.BoolVar(&client.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") + f.StringVar(&client.CAFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") return cmd } diff --git a/pkg/action/package.go b/pkg/action/package.go index 013b32f55..a425dc433 100644 --- a/pkg/action/package.go +++ b/pkg/action/package.go @@ -44,8 +44,15 @@ type Package struct { Destination string DependencyUpdate bool - RepositoryConfig string - RepositoryCache string + RepositoryConfig string + RepositoryCache string + PlainHTTP bool + Username string + Password string + CertFile string + KeyFile string + CAFile string + InsecureSkipTLSverify bool } // NewPackage creates a new Package object with the given configuration. From 0687961da4f708cd69c5cbde0f446b989671f0a5 Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Fri, 2 Aug 2024 16:57:09 +0100 Subject: [PATCH 06/10] Revert CAFile rename breaking change Signed-off-by: Evans Mungai --- cmd/helm/flags.go | 2 +- cmd/helm/install.go | 2 +- cmd/helm/pull.go | 2 +- cmd/helm/show.go | 2 +- cmd/helm/template.go | 2 +- cmd/helm/upgrade.go | 2 +- pkg/action/install.go | 6 +++--- pkg/action/pull.go | 4 ++-- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cmd/helm/flags.go b/cmd/helm/flags.go index b3f5ca091..62e9f90fa 100644 --- a/cmd/helm/flags.go +++ b/cmd/helm/flags.go @@ -62,7 +62,7 @@ func addChartPathOptionsFlags(f *pflag.FlagSet, c *action.ChartPathOptions) { f.StringVar(&c.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") f.BoolVar(&c.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&c.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") - f.StringVar(&c.CAFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") + f.StringVar(&c.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") f.BoolVar(&c.PassCredentialsAll, "pass-credentials", false, "pass credentials to all domains") } diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 435966b36..d056bac8c 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -140,7 +140,7 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return compInstall(args, toComplete, client) }, RunE: func(_ *cobra.Command, args []string) error { - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/pull.go b/cmd/helm/pull.go index c12638f3f..de4918d72 100644 --- a/cmd/helm/pull.go +++ b/cmd/helm/pull.go @@ -64,7 +64,7 @@ func newPullCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.Version = ">0.0.0-0" } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/show.go b/cmd/helm/show.go index 153153f4d..1387c8617 100644 --- a/cmd/helm/show.go +++ b/cmd/helm/show.go @@ -226,7 +226,7 @@ func runShow(args []string, client *action.Show) (string, error) { } func addRegistryClient(client *action.Show) error { - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/template.go b/cmd/helm/template.go index 30f6054bc..ff6621a49 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -73,7 +73,7 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { client.KubeVersion = parsedKubeVersion } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 64bb9808c..bbb561046 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -102,7 +102,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { RunE: func(_ *cobra.Command, args []string) error { client.Namespace = settings.Namespace() - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/pkg/action/install.go b/pkg/action/install.go index a65b45a84..fb64e0678 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -115,7 +115,7 @@ type Install struct { // ChartPathOptions captures common options used for controlling chart paths type ChartPathOptions struct { - CAFile string // --ca-file + CaFile string // --ca-file CertFile string // --cert-file KeyFile string // --key-file InsecureSkipTLSverify bool // --insecure-skip-verify @@ -759,7 +759,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( Getters: getter.All(settings), Options: []getter.Option{ getter.WithPassCredentialsAll(c.PassCredentialsAll), - getter.WithTLSClientConfig(c.CertFile, c.KeyFile, c.CAFile), + getter.WithTLSClientConfig(c.CertFile, c.KeyFile, c.CaFile), getter.WithInsecureSkipVerifyTLS(c.InsecureSkipTLSverify), getter.WithPlainHTTP(c.PlainHTTP), getter.WithBasicAuth(c.Username, c.Password), @@ -778,7 +778,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( } if c.RepoURL != "" { chartURL, err := repo.FindChartInAuthAndTLSAndPassRepoURL(c.RepoURL, c.Username, c.Password, name, version, - c.CertFile, c.KeyFile, c.CAFile, c.InsecureSkipTLSverify, c.PassCredentialsAll, getter.All(settings)) + c.CertFile, c.KeyFile, c.CaFile, c.InsecureSkipTLSverify, c.PassCredentialsAll, getter.All(settings)) if err != nil { return "", err } diff --git a/pkg/action/pull.go b/pkg/action/pull.go index 7405bf7c5..787553125 100644 --- a/pkg/action/pull.go +++ b/pkg/action/pull.go @@ -88,7 +88,7 @@ func (p *Pull) Run(chartRef string) (string, error) { Options: []getter.Option{ getter.WithBasicAuth(p.Username, p.Password), getter.WithPassCredentialsAll(p.PassCredentialsAll), - getter.WithTLSClientConfig(p.CertFile, p.KeyFile, p.CAFile), + getter.WithTLSClientConfig(p.CertFile, p.KeyFile, p.CaFile), getter.WithInsecureSkipVerifyTLS(p.InsecureSkipTLSverify), getter.WithPlainHTTP(p.PlainHTTP), }, @@ -122,7 +122,7 @@ func (p *Pull) Run(chartRef string) (string, error) { } if p.RepoURL != "" { - chartURL, err := repo.FindChartInAuthAndTLSAndPassRepoURL(p.RepoURL, p.Username, p.Password, chartRef, p.Version, p.CertFile, p.KeyFile, p.CAFile, p.InsecureSkipTLSverify, p.PassCredentialsAll, getter.All(p.Settings)) + chartURL, err := repo.FindChartInAuthAndTLSAndPassRepoURL(p.RepoURL, p.Username, p.Password, chartRef, p.Version, p.CertFile, p.KeyFile, p.CaFile, p.InsecureSkipTLSverify, p.PassCredentialsAll, getter.All(p.Settings)) if err != nil { return out.String(), err } From d25b0d9056fe1d7ff60280aa1c19f1771d687b9d Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Tue, 22 Oct 2024 17:56:58 +0100 Subject: [PATCH 07/10] Remove unnecessary function arguments Signed-off-by: Evans Mungai --- cmd/helm/dependency.go | 2 +- cmd/helm/dependency_build.go | 2 +- cmd/helm/package.go | 2 +- cmd/helm/root.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/helm/dependency.go b/cmd/helm/dependency.go index 67d1f5441..d3bb094e2 100644 --- a/cmd/helm/dependency.go +++ b/cmd/helm/dependency.go @@ -94,7 +94,7 @@ func newDependencyCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { cmd.AddCommand(newDependencyListCmd(out)) cmd.AddCommand(newDependencyUpdateCmd(cfg, out)) - cmd.AddCommand(newDependencyBuildCmd(cfg, out)) + cmd.AddCommand(newDependencyBuildCmd(out)) return cmd } diff --git a/cmd/helm/dependency_build.go b/cmd/helm/dependency_build.go index 8ef8fb04b..8998711ad 100644 --- a/cmd/helm/dependency_build.go +++ b/cmd/helm/dependency_build.go @@ -41,7 +41,7 @@ If no lock file is found, 'helm dependency build' will mirror the behavior of 'helm dependency update'. ` -func newDependencyBuildCmd(_ *action.Configuration, out io.Writer) *cobra.Command { +func newDependencyBuildCmd(out io.Writer) *cobra.Command { client := action.NewDependency() cmd := &cobra.Command{ diff --git a/cmd/helm/package.go b/cmd/helm/package.go index 444f98246..f601ce3b9 100644 --- a/cmd/helm/package.go +++ b/cmd/helm/package.go @@ -47,7 +47,7 @@ If '--keyring' is not specified, Helm usually defaults to the public keyring unless your environment is otherwise configured. ` -func newPackageCmd(_ *action.Configuration, out io.Writer) *cobra.Command { +func newPackageCmd(out io.Writer) *cobra.Command { client := action.NewPackage() valueOpts := &values.Options{} diff --git a/cmd/helm/root.go b/cmd/helm/root.go index 3095448bc..2ba8a882e 100644 --- a/cmd/helm/root.go +++ b/cmd/helm/root.go @@ -169,7 +169,7 @@ func newRootCmd(actionConfig *action.Configuration, out io.Writer, args []string newPullCmd(actionConfig, out), newShowCmd(actionConfig, out), newLintCmd(out), - newPackageCmd(actionConfig, out), + newPackageCmd(out), newRepoCmd(out), newSearchCmd(out), newVerifyCmd(out), From 3c4d0bb06138713bd009b3daf34f34a18a0850d7 Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Tue, 22 Oct 2024 18:38:58 +0100 Subject: [PATCH 08/10] Fix failing tests Signed-off-by: Evans Mungai --- pkg/registry/utils_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/registry/utils_test.go b/pkg/registry/utils_test.go index d7aba2bb7..12640418e 100644 --- a/pkg/registry/utils_test.go +++ b/pkg/registry/utils_test.go @@ -89,6 +89,7 @@ func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry { ClientOptWriter(suite.Out), ClientOptCredentialsFile(credentialsFile), ClientOptResolver(nil), + ClientOptBasicAuth(testUsername, testPassword), } if tlsEnabled { @@ -128,11 +129,12 @@ func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry { // This is required because Docker enforces HTTP if the registry // host is localhost/127.0.0.1. suite.DockerRegistryHost = fmt.Sprintf("helm-test-registry:%d", port) - suite.srv, _ = mockdns.NewServer(map[string]mockdns.Zone{ + suite.srv, err = mockdns.NewServer(map[string]mockdns.Zone{ "helm-test-registry.": { A: []string{"127.0.0.1"}, }, }, false) + suite.Nil(err, "no error creating mock DNS server") suite.srv.PatchNet(net.DefaultResolver) config.HTTP.Addr = fmt.Sprintf(":%d", port) From bdaa93b969f246119c4fd14267d286b041fb8f7f Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Tue, 22 Oct 2024 18:50:23 +0100 Subject: [PATCH 09/10] Ensure test fails without causing panic Signed-off-by: Evans Mungai --- pkg/registry/utils_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/registry/utils_test.go b/pkg/registry/utils_test.go index 12640418e..ee78ea76f 100644 --- a/pkg/registry/utils_test.go +++ b/pkg/registry/utils_test.go @@ -351,7 +351,7 @@ func testPull(suite *TestSuite) { // full pull with chart and prov result, err := suite.RegistryClient.Pull(ref, PullOptWithProv(true)) - suite.Nil(err, "no error pulling a chart with prov") + suite.Require().Nil(err, "no error pulling a chart with prov") // Validate the output // Note: these digests/sizes etc may change if the test chart/prov files are modified, From 7a22dd28d13b02c6cd15bea19c35825f4f420caf Mon Sep 17 00:00:00 2001 From: Evans Mungai Date: Tue, 19 Nov 2024 21:18:27 +0000 Subject: [PATCH 10/10] Rename CAFile to CaFile for consistency Signed-off-by: Evans Mungai --- cmd/helm/dependency.go | 2 +- cmd/helm/dependency_build.go | 2 +- cmd/helm/dependency_update.go | 2 +- cmd/helm/package.go | 4 ++-- pkg/action/dependency.go | 2 +- pkg/action/package.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/helm/dependency.go b/cmd/helm/dependency.go index d3bb094e2..19b648604 100644 --- a/cmd/helm/dependency.go +++ b/cmd/helm/dependency.go @@ -132,5 +132,5 @@ func addDependencySubcommandFlags(f *pflag.FlagSet, client *action.Dependency) { f.StringVar(&client.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&client.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") - f.StringVar(&client.CAFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") + f.StringVar(&client.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") } diff --git a/cmd/helm/dependency_build.go b/cmd/helm/dependency_build.go index 8998711ad..5b5598498 100644 --- a/cmd/helm/dependency_build.go +++ b/cmd/helm/dependency_build.go @@ -54,7 +54,7 @@ func newDependencyBuildCmd(out io.Writer) *cobra.Command { if len(args) > 0 { chartpath = filepath.Clean(args[0]) } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/dependency_update.go b/cmd/helm/dependency_update.go index a5fb5796d..3ac39adff 100644 --- a/cmd/helm/dependency_update.go +++ b/cmd/helm/dependency_update.go @@ -58,7 +58,7 @@ func newDependencyUpdateCmd(_ *action.Configuration, out io.Writer) *cobra.Comma if len(args) > 0 { chartpath = filepath.Clean(args[0]) } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) diff --git a/cmd/helm/package.go b/cmd/helm/package.go index f601ce3b9..19ab3dc7f 100644 --- a/cmd/helm/package.go +++ b/cmd/helm/package.go @@ -75,7 +75,7 @@ func newPackageCmd(out io.Writer) *cobra.Command { return err } - registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CAFile, + registryClient, err := newRegistryClient(client.CertFile, client.KeyFile, client.CaFile, client.InsecureSkipTLSverify, client.PlainHTTP, client.Username, client.Password) if err != nil { return fmt.Errorf("missing registry client: %w", err) @@ -131,7 +131,7 @@ func newPackageCmd(out io.Writer) *cobra.Command { f.StringVar(&client.KeyFile, "key-file", "", "identify HTTPS client using this SSL key file") f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") f.BoolVar(&client.PlainHTTP, "plain-http", false, "use insecure HTTP connections for the chart download") - f.StringVar(&client.CAFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") + f.StringVar(&client.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") return cmd } diff --git a/pkg/action/dependency.go b/pkg/action/dependency.go index b5305168e..19305fee8 100644 --- a/pkg/action/dependency.go +++ b/pkg/action/dependency.go @@ -42,7 +42,7 @@ type Dependency struct { Password string CertFile string KeyFile string - CAFile string + CaFile string InsecureSkipTLSverify bool PlainHTTP bool } diff --git a/pkg/action/package.go b/pkg/action/package.go index a425dc433..2357e3882 100644 --- a/pkg/action/package.go +++ b/pkg/action/package.go @@ -51,7 +51,7 @@ type Package struct { Password string CertFile string KeyFile string - CAFile string + CaFile string InsecureSkipTLSverify bool }