From 62da88cf273d7269c6b73e564159c9d89ad19ff5 Mon Sep 17 00:00:00 2001 From: suryatech27-cloud Date: Thu, 24 Mar 2022 18:19:00 +0530 Subject: [PATCH] Hardcoded value removed Signed-off-by: Sunil Kumar Signed-off-by: suryatech27-cloud --- cmd/helm/root.go | 1 + cmd/helm/testdata/output/env-comp.txt | 1 + internal/tlsutil/cfg.go | 38 ++++++++++++++------ pkg/action/pull.go | 1 - pkg/cli/environment.go | 51 +++++++++++++++------------ pkg/registry/client.go | 4 +-- 6 files changed, 59 insertions(+), 37 deletions(-) diff --git a/cmd/helm/root.go b/cmd/helm/root.go index 394f241d5..1bd1d956a 100644 --- a/cmd/helm/root.go +++ b/cmd/helm/root.go @@ -67,6 +67,7 @@ Environment variables: | $HELM_KUBEASUSER | set the Username to impersonate for the operation. | | $HELM_KUBECONTEXT | set the name of the kubeconfig context. | | $HELM_KUBETOKEN | set the Bearer KubeToken used for authentication. | +| $HELM_SECONDARY_CERT_DIR | set the secondary certificate directory for 2-way ssl support for oci pull. | Helm stores cache, configuration, and data based on the following configuration order: diff --git a/cmd/helm/testdata/output/env-comp.txt b/cmd/helm/testdata/output/env-comp.txt index b7befd69e..7a1412b86 100644 --- a/cmd/helm/testdata/output/env-comp.txt +++ b/cmd/helm/testdata/output/env-comp.txt @@ -15,5 +15,6 @@ HELM_PLUGINS HELM_REGISTRY_CONFIG HELM_REPOSITORY_CACHE HELM_REPOSITORY_CONFIG +HELM_SECONDARY_CERT_DIR :4 Completion ended with directive: ShellCompDirectiveNoFileComp diff --git a/internal/tlsutil/cfg.go b/internal/tlsutil/cfg.go index a53e18031..a64fc29d3 100644 --- a/internal/tlsutil/cfg.go +++ b/internal/tlsutil/cfg.go @@ -22,8 +22,10 @@ import ( "fmt" "io/ioutil" "os" + "os/exec" "path/filepath" "runtime" + "strings" "github.com/pkg/errors" ) @@ -61,13 +63,27 @@ func ClientConfig(opts Options) (cfg *tls.Config, err error) { return cfg, nil } -func ReadCertFromSecDir(cfgFileBaseName string, host string) (opts Options, err error) { +func ReadCertFromSecDir(host string) (opts Options, err error) { if runtime.GOOS == "windows" || runtime.GOOS == "unix" { fmt.Printf("%v OS not supported for this oci pull. Contact your administrator for more information !!!", runtime.GOOS) + os.Exit(1) } else { - var clientCertDir = "/etc/docker/certs.d/" - clientCertDir = clientCertDir + host - + cmd, err := exec.Command("helm", "env", "HELM_SECONDARY_CERT_DIR").Output() + if err != nil { + fmt.Printf("Error : %s", err) + os.Exit(1) + } + clientCertDir := strings.TrimSuffix(string(cmd), "\n") + if clientCertDir == "" { + fmt.Printf("Please Configure secondary certificate directory for ssl connection set/export HELM_SECONDARY_CERT_DIR='/etc/docker/certs.d/'\n") + os.Exit(1) + } + lastIndex := strings.LastIndexByte(clientCertDir, '/') + if lastIndex < 19 { + clientCertDir = fmt.Sprintf("%s/%s", clientCertDir, host) + } else { + clientCertDir = fmt.Sprintf("%s%s", clientCertDir, host) + } if _, err := os.Stat(clientCertDir); err != nil { if os.IsNotExist(err) { os.MkdirAll(clientCertDir, os.ModePerm) @@ -78,11 +94,11 @@ func ReadCertFromSecDir(cfgFileBaseName string, host string) (opts Options, err if files, err := ioutil.ReadDir(clientCertDir); err == nil { for _, file := range files { if filepath.Ext(file.Name()) == ".crt" { - opts.CaCertFile = clientCertDir + "/" + file.Name() + opts.CaCertFile = fmt.Sprintf("%s/%s", clientCertDir, file.Name()) } else if filepath.Ext(file.Name()) == ".pem" { - opts.CertFile = clientCertDir + "/" + file.Name() + opts.CertFile = fmt.Sprintf("%s/%s", clientCertDir, file.Name()) } else if filepath.Ext(file.Name()) == ".key" { - opts.KeyFile = clientCertDir + "/" + file.Name() + opts.KeyFile = fmt.Sprintf("%s/%s", clientCertDir, file.Name()) } } } else { @@ -90,22 +106,22 @@ func ReadCertFromSecDir(cfgFileBaseName string, host string) (opts Options, err os.Exit(1) } if opts.CaCertFile == "" && opts.CertFile == "" && opts.KeyFile == "" { - fmt.Printf("Error Certificate (cacerts.crt,client.pem,client.key) required : Client authentication failed due to certificate not present in cert directory !! \n") + fmt.Printf("Error : Missing certificate (cacerts.crt,client.pem,client.key) required !!\n") os.Exit(1) } if opts.CaCertFile == "" && opts.CertFile == "" { - fmt.Printf("Error Certificate Required : Root-CA and client certificate (cacerts.crt,client.pem) not found.\n") + fmt.Printf("Error : Missing certificate : Root-CA and client certificate (cacerts.crt,client.pem) required !!\n") os.Exit(1) } if opts.CaCertFile == "" && opts.KeyFile == "" { - fmt.Printf("Error Certificate Required : Root-CA and and client keyfie (cacerts.crt,client.key) not found.\n") + fmt.Printf("Error Certificate Required : Root-CA and and client key (cacerts.crt,client.key) not found.\n") os.Exit(1) } if opts.CertFile == "" && opts.KeyFile == "" { - fmt.Printf("Error Certificate Required : Client certificate and client keyfile (client.pem,client.key) not found.\n") + fmt.Printf("Error Certificate Required : Client certificate and client key (client.pem,client.key) not found.\n") os.Exit(1) } if opts.CaCertFile == "" { diff --git a/pkg/action/pull.go b/pkg/action/pull.go index 9c91061ab..6f728ea9f 100644 --- a/pkg/action/pull.go +++ b/pkg/action/pull.go @@ -125,7 +125,6 @@ func (p *Pull) Run(chartRef string) (string, error) { saved, v, err := c.DownloadTo(chartRef, p.Version, dest) if err != nil { - //fmt.Printf("Error : %v\n", err) if strings.Contains(fmt.Sprint(err), "remote error: tls: handshake failure") { registryClient, err := registry.NewCrosClient(chartRef, registry.ClientOptDebug(p.Settings.Debug), diff --git a/pkg/cli/environment.go b/pkg/cli/environment.go index d5b208015..bf4bb6761 100644 --- a/pkg/cli/environment.go +++ b/pkg/cli/environment.go @@ -68,22 +68,25 @@ type EnvSettings struct { PluginsDirectory string // MaxHistory is the max release history maintained. MaxHistory int + // Secondary Certificate directory for helm oci pull + ClientSecCertDirectory string } func New() *EnvSettings { env := &EnvSettings{ - namespace: os.Getenv("HELM_NAMESPACE"), - MaxHistory: envIntOr("HELM_MAX_HISTORY", defaultMaxHistory), - KubeContext: os.Getenv("HELM_KUBECONTEXT"), - KubeToken: os.Getenv("HELM_KUBETOKEN"), - KubeAsUser: os.Getenv("HELM_KUBEASUSER"), - KubeAsGroups: envCSV("HELM_KUBEASGROUPS"), - KubeAPIServer: os.Getenv("HELM_KUBEAPISERVER"), - KubeCaFile: os.Getenv("HELM_KUBECAFILE"), - PluginsDirectory: envOr("HELM_PLUGINS", helmpath.DataPath("plugins")), - RegistryConfig: envOr("HELM_REGISTRY_CONFIG", helmpath.ConfigPath("registry/config.json")), - RepositoryConfig: envOr("HELM_REPOSITORY_CONFIG", helmpath.ConfigPath("repositories.yaml")), - RepositoryCache: envOr("HELM_REPOSITORY_CACHE", helmpath.CachePath("repository")), + namespace: os.Getenv("HELM_NAMESPACE"), + MaxHistory: envIntOr("HELM_MAX_HISTORY", defaultMaxHistory), + KubeContext: os.Getenv("HELM_KUBECONTEXT"), + KubeToken: os.Getenv("HELM_KUBETOKEN"), + KubeAsUser: os.Getenv("HELM_KUBEASUSER"), + KubeAsGroups: envCSV("HELM_KUBEASGROUPS"), + KubeAPIServer: os.Getenv("HELM_KUBEAPISERVER"), + KubeCaFile: os.Getenv("HELM_KUBECAFILE"), + ClientSecCertDirectory: envOr("HELM_SECONDARY_CERT_DIR", ""), + PluginsDirectory: envOr("HELM_PLUGINS", helmpath.DataPath("plugins")), + RegistryConfig: envOr("HELM_REGISTRY_CONFIG", helmpath.ConfigPath("registry/config.json")), + RepositoryConfig: envOr("HELM_REPOSITORY_CONFIG", helmpath.ConfigPath("repositories.yaml")), + RepositoryCache: envOr("HELM_REPOSITORY_CACHE", helmpath.CachePath("repository")), } env.Debug, _ = strconv.ParseBool(os.Getenv("HELM_DEBUG")) @@ -115,6 +118,7 @@ func (s *EnvSettings) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.RegistryConfig, "registry-config", s.RegistryConfig, "path to the registry config file") fs.StringVar(&s.RepositoryConfig, "repository-config", s.RepositoryConfig, "path to the file containing repository names and URLs") fs.StringVar(&s.RepositoryCache, "repository-cache", s.RepositoryCache, "path to the file containing cached repository indexes") + fs.StringVar(&s.ClientSecCertDirectory, "client-sec-cert-dir", s.ClientSecCertDirectory, "path to the secondary certificate directory used for 2-way ssl support(oci pull for artificat repo)") } func envOr(name, def string) string { @@ -146,17 +150,18 @@ func envCSV(name string) (ls []string) { func (s *EnvSettings) EnvVars() map[string]string { envvars := map[string]string{ - "HELM_BIN": os.Args[0], - "HELM_CACHE_HOME": helmpath.CachePath(""), - "HELM_CONFIG_HOME": helmpath.ConfigPath(""), - "HELM_DATA_HOME": helmpath.DataPath(""), - "HELM_DEBUG": fmt.Sprint(s.Debug), - "HELM_PLUGINS": s.PluginsDirectory, - "HELM_REGISTRY_CONFIG": s.RegistryConfig, - "HELM_REPOSITORY_CACHE": s.RepositoryCache, - "HELM_REPOSITORY_CONFIG": s.RepositoryConfig, - "HELM_NAMESPACE": s.Namespace(), - "HELM_MAX_HISTORY": strconv.Itoa(s.MaxHistory), + "HELM_BIN": os.Args[0], + "HELM_CACHE_HOME": helmpath.CachePath(""), + "HELM_CONFIG_HOME": helmpath.ConfigPath(""), + "HELM_DATA_HOME": helmpath.DataPath(""), + "HELM_DEBUG": fmt.Sprint(s.Debug), + "HELM_PLUGINS": s.PluginsDirectory, + "HELM_REGISTRY_CONFIG": s.RegistryConfig, + "HELM_REPOSITORY_CACHE": s.RepositoryCache, + "HELM_REPOSITORY_CONFIG": s.RepositoryConfig, + "HELM_NAMESPACE": s.Namespace(), + "HELM_MAX_HISTORY": strconv.Itoa(s.MaxHistory), + "HELM_SECONDARY_CERT_DIR": s.ClientSecCertDirectory, // broken, these are populated from helm flags and not kubeconfig. "HELM_KUBECONTEXT": s.KubeContext, diff --git a/pkg/registry/client.go b/pkg/registry/client.go index 89401a978..8be7b4c71 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -155,9 +155,9 @@ func NewCrosClient(chartref string, options ...ClientOption) (*Client, error) { if client.resolver == nil { host, err := urlutil.ExtractHostname(chartref) if err != nil { - + fmt.Printf("error :%v\n", err) } - clientOpts, err := tlsutil.ReadCertFromSecDir(CredentialsFileBasename, host) + clientOpts, err := tlsutil.ReadCertFromSecDir(host) if err != nil { return client, errors.Wrapf(err, "Client certificate/directory Not Exist !!") }