From 80402dc078908408fb724395177093f358ee7dae Mon Sep 17 00:00:00 2001
From: yxxhero <aiopsclub@163.com>
Date: Sun, 14 Mar 2021 23:23:25 +0800
Subject: [PATCH] fix helm dep build/update doesn't inherit
 --insecure-skip-tls-verify from helm repo add

Signed-off-by: yxxhero <aiopsclub@163.com>
(cherry picked from commit f735a240b6fc483b74e324202dad414ee419225e)
---
 pkg/downloader/manager.go                     | 12 ++++----
 pkg/downloader/manager_test.go                | 28 ++++++++++++++++++-
 pkg/downloader/testdata/repositories.yaml     |  3 ++
 ...g-https-insecureskip-tls-verify-index.yaml | 14 ++++++++++
 4 files changed, 51 insertions(+), 6 deletions(-)
 create mode 100644 pkg/downloader/testdata/repository/testing-https-insecureskip-tls-verify-index.yaml

diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go
index e89ac7c02..49b3d317c 100644
--- a/pkg/downloader/manager.go
+++ b/pkg/downloader/manager.go
@@ -310,7 +310,7 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error {
 
 		// Any failure to resolve/download a chart should fail:
 		// https://github.com/helm/helm/issues/1439
-		churl, username, password, err := m.findChartURL(dep.Name, dep.Version, dep.Repository, repos)
+		churl, username, password, insecureskiptlsverify, err := m.findChartURL(dep.Name, dep.Version, dep.Repository, repos)
 		if err != nil {
 			saveError = errors.Wrapf(err, "could not find %s", churl)
 			break
@@ -332,6 +332,7 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error {
 			Getters:          m.Getters,
 			Options: []getter.Option{
 				getter.WithBasicAuth(username, password),
+				getter.WithInsecureSkipVerifyTLS(insecureskiptlsverify),
 			},
 		}
 
@@ -685,9 +686,9 @@ func (m *Manager) parallelRepoUpdate(repos []*repo.Entry) error {
 // repoURL is the repository to search
 //
 // If it finds a URL that is "relative", it will prepend the repoURL.
-func (m *Manager) findChartURL(name, version, repoURL string, repos map[string]*repo.ChartRepository) (url, username, password string, err error) {
+func (m *Manager) findChartURL(name, version, repoURL string, repos map[string]*repo.ChartRepository) (url, username, password string, insecureskiptlsverify bool, err error) {
 	if strings.HasPrefix(repoURL, "oci://") {
-		return fmt.Sprintf("%s/%s:%s", repoURL, name, version), "", "", nil
+		return fmt.Sprintf("%s/%s:%s", repoURL, name, version), "", "", false, nil
 	}
 
 	for _, cr := range repos {
@@ -709,15 +710,16 @@ func (m *Manager) findChartURL(name, version, repoURL string, repos map[string]*
 			}
 			username = cr.Config.Username
 			password = cr.Config.Password
+			insecureskiptlsverify = cr.Config.InsecureSkipTLSverify
 			return
 		}
 	}
 	url, err = repo.FindChartInRepoURL(repoURL, name, version, "", "", "", m.Getters)
 	if err == nil {
-		return url, username, password, err
+		return url, username, password, false, err
 	}
 	err = errors.Errorf("chart %s not found in %s: %s", name, repoURL, err)
-	return url, username, password, err
+	return url, username, password, false, err
 }
 
 // findEntryByName finds an entry in the chart repository whose name matches the given name.
diff --git a/pkg/downloader/manager_test.go b/pkg/downloader/manager_test.go
index fc8d9abb2..ba6ecedf5 100644
--- a/pkg/downloader/manager_test.go
+++ b/pkg/downloader/manager_test.go
@@ -81,10 +81,11 @@ func TestFindChartURL(t *testing.T) {
 	version := "0.1.0"
 	repoURL := "http://example.com/charts"
 
-	churl, username, password, err := m.findChartURL(name, version, repoURL, repos)
+	churl, username, password, insecureSkipTLSVerify, err := m.findChartURL(name, version, repoURL, repos)
 	if err != nil {
 		t.Fatal(err)
 	}
+
 	if churl != "https://charts.helm.sh/stable/alpine-0.1.0.tgz" {
 		t.Errorf("Unexpected URL %q", churl)
 	}
@@ -94,6 +95,31 @@ func TestFindChartURL(t *testing.T) {
 	if password != "" {
 		t.Errorf("Unexpected password %q", password)
 	}
+	if insecureSkipTLSVerify {
+		t.Errorf("Unexpected insecureSkipTLSVerify %t", insecureSkipTLSVerify)
+	}
+
+	name = "tlsfoo"
+	version = "1.2.3"
+	repoURL = "https://example-https-insecureskiptlsverify.com"
+
+	churl, username, password, insecureSkipTLSVerify, err = m.findChartURL(name, version, repoURL, repos)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !insecureSkipTLSVerify {
+		t.Errorf("Unexpected insecureSkipTLSVerify %t", insecureSkipTLSVerify)
+	}
+	if churl != "https://example.com/tlsfoo-1.2.3.tgz" {
+		t.Errorf("Unexpected URL %q", churl)
+	}
+	if username != "" {
+		t.Errorf("Unexpected username %q", username)
+	}
+	if password != "" {
+		t.Errorf("Unexpected password %q", password)
+	}
 }
 
 func TestGetRepoNames(t *testing.T) {
diff --git a/pkg/downloader/testdata/repositories.yaml b/pkg/downloader/testdata/repositories.yaml
index 430865269..32bc395a0 100644
--- a/pkg/downloader/testdata/repositories.yaml
+++ b/pkg/downloader/testdata/repositories.yaml
@@ -21,3 +21,6 @@ repositories:
     certFile: "cert"
     keyFile: "key"
     caFile: "ca"
+  - name: testing-https-insecureskip-tls-verify
+    url: "https://example-https-insecureskiptlsverify.com"
+    insecure_skip_tls_verify: true 
diff --git a/pkg/downloader/testdata/repository/testing-https-insecureskip-tls-verify-index.yaml b/pkg/downloader/testdata/repository/testing-https-insecureskip-tls-verify-index.yaml
new file mode 100644
index 000000000..11cfa629c
--- /dev/null
+++ b/pkg/downloader/testdata/repository/testing-https-insecureskip-tls-verify-index.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+entries:
+  tlsfoo:
+    - name: tlsfoo 
+      description: TLS FOO Chart
+      home: https://helm.sh/helm
+      keywords: []
+      maintainers: []
+      sources:
+        - https://github.com/helm/charts
+      urls:
+        - https://example.com/tlsfoo-1.2.3.tgz
+      version: 1.2.3
+      checksum: 0e6661f193211d7a5206918d42f5c2a9470b7373