msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

fix(helm): add --tls-hostname flag to tls-flags

Browse Source
pull/4341/head
fibonacci1729 6 years ago
parent aaf1c6a352
commit 7faf62a209
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File

11
cmd/helm/helm.go
Unescape View File

@ -40,6 +40,7 @@ import (
) )
var ( var (
tlsServerName string // overrides the server name used to verify the hostname on the returned certificates from the server.
tlsCaCertFile string // path to TLS CA certificate file tlsCaCertFile string // path to TLS CA certificate file
tlsCertFile string // path to TLS certificate file tlsCertFile string // path to TLS certificate file
tlsKeyFile string // path to TLS key file tlsKeyFile string // path to TLS key file
@ -280,8 +281,13 @@ func newClient() helm.Interface {
if tlsKeyFile == "" { if tlsKeyFile == "" {
tlsKeyFile = settings.Home.TLSKey() tlsKeyFile = settings.Home.TLSKey()
} }
debug("Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile) debug("Host=%q, Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile)
tlsopts := tlsutil.Options{KeyFile: tlsKeyFile, CertFile: tlsCertFile, InsecureSkipVerify: true} tlsopts := tlsutil.Options{
ServerName: tlsServerName,
KeyFile: tlsKeyFile,
CertFile: tlsCertFile,
InsecureSkipVerify: true,
}
if tlsVerify { if tlsVerify {
tlsopts.CaCertFile = tlsCaCertFile tlsopts.CaCertFile = tlsCaCertFile
tlsopts.InsecureSkipVerify = false tlsopts.InsecureSkipVerify = false
@ -301,6 +307,7 @@ func newClient() helm.Interface {
func addFlagsTLS(cmd *cobra.Command) *cobra.Command { func addFlagsTLS(cmd *cobra.Command) *cobra.Command {
// add flags // add flags
cmd.Flags().StringVar(&tlsServerName, "tls-hostname", settings.TillerHost, "the server name used to verify the hostname on the returned certificates from the server")
cmd.Flags().StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file") cmd.Flags().StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file")
cmd.Flags().StringVar(&tlsCertFile, "tls-cert", tlsCertDefault, "path to TLS certificate file") cmd.Flags().StringVar(&tlsCertFile, "tls-cert", tlsCertDefault, "path to TLS certificate file")
cmd.Flags().StringVar(&tlsKeyFile, "tls-key", tlsKeyDefault, "path to TLS key file") cmd.Flags().StringVar(&tlsKeyFile, "tls-key", tlsKeyDefault, "path to TLS key file")

11
pkg/tlsutil/cfg.go
Unescape View File

@ -33,6 +33,9 @@ type Options struct {
CertFile string CertFile string
// Client-only options // Client-only options
InsecureSkipVerify bool InsecureSkipVerify bool
// Overrides the server name used to verify the hostname on the returned
// certificates from the server.
ServerName string
// Server-only options // Server-only options
ClientAuth tls.ClientAuthType ClientAuth tls.ClientAuthType
} }
@ -55,8 +58,12 @@ func ClientConfig(opts Options) (cfg *tls.Config, err error) {
return nil, err return nil, err
} }
} }
cfg = &tls.Config{
cfg = &tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify, Certificates: []tls.Certificate{*cert}, RootCAs: pool} InsecureSkipVerify: opts.InsecureSkipVerify,
Certificates: []tls.Certificate{*cert},
ServerName: opts.ServerName,
RootCAs: pool,
}
return cfg, nil return cfg, nil
} }

Write Preview
Loading…
Cancel
Save