From bef59e40dc75874edcaef683da644ac162820fb3 Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Fri, 7 Sep 2018 13:23:40 -0700 Subject: [PATCH] allow settings TLS flags from environment variables (#4590) Signed-off-by: Matthew Fisher --- cmd/helm/delete.go | 1 + cmd/helm/get.go | 14 +-- cmd/helm/get_hooks.go | 4 +- cmd/helm/get_manifest.go | 4 +- cmd/helm/get_notes.go | 4 +- cmd/helm/get_values.go | 6 +- cmd/helm/helm.go | 52 ++++-------- cmd/helm/history.go | 1 + cmd/helm/install.go | 1 + cmd/helm/list.go | 1 + cmd/helm/release_testing.go | 1 + cmd/helm/reset.go | 1 + cmd/helm/rollback.go | 1 + cmd/helm/status.go | 6 +- cmd/helm/upgrade.go | 1 + cmd/helm/version.go | 1 + docs/helm/helm.md | 7 +- pkg/helm/environment/environment.go | 69 ++++++++++++--- pkg/helm/environment/environment_test.go | 103 +++++++++++++++-------- 19 files changed, 184 insertions(+), 94 deletions(-) diff --git a/cmd/helm/delete.go b/cmd/helm/delete.go index ad7c6049a..b78956ab6 100755 --- a/cmd/helm/delete.go +++ b/cmd/helm/delete.go @@ -78,6 +78,7 @@ func newDeleteCmd(c helm.Interface, out io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.BoolVar(&del.dryRun, "dry-run", false, "simulate a delete") f.BoolVar(&del.disableHooks, "no-hooks", false, "prevent hooks from running during deletion") f.BoolVar(&del.purge, "purge", false, "remove the release from the store and make its name free for later use") diff --git a/cmd/helm/get.go b/cmd/helm/get.go index 4170a7cef..719e0779d 100644 --- a/cmd/helm/get.go +++ b/cmd/helm/get.go @@ -70,12 +70,14 @@ func newGetCmd(client helm.Interface, out io.Writer) *cobra.Command { }, } - cmd.Flags().Int32Var(&get.version, "revision", 0, "get the named release with revision") - - cmd.AddCommand(addFlagsTLS(newGetValuesCmd(nil, out))) - cmd.AddCommand(addFlagsTLS(newGetManifestCmd(nil, out))) - cmd.AddCommand(addFlagsTLS(newGetHooksCmd(nil, out))) - cmd.AddCommand(addFlagsTLS(newGetNotesCmd(nil, out))) + f := cmd.Flags() + settings.AddFlagsTLS(f) + f.Int32Var(&get.version, "revision", 0, "get the named release with revision") + + cmd.AddCommand(newGetValuesCmd(nil, out)) + cmd.AddCommand(newGetManifestCmd(nil, out)) + cmd.AddCommand(newGetHooksCmd(nil, out)) + cmd.AddCommand(newGetNotesCmd(nil, out)) return cmd } diff --git a/cmd/helm/get_hooks.go b/cmd/helm/get_hooks.go index 9192db998..1f288245d 100644 --- a/cmd/helm/get_hooks.go +++ b/cmd/helm/get_hooks.go @@ -57,7 +57,9 @@ func newGetHooksCmd(client helm.Interface, out io.Writer) *cobra.Command { return ghc.run() }, } - cmd.Flags().Int32Var(&ghc.version, "revision", 0, "get the named release with revision") + f := cmd.Flags() + settings.AddFlagsTLS(f) + f.Int32Var(&ghc.version, "revision", 0, "get the named release with revision") return cmd } diff --git a/cmd/helm/get_manifest.go b/cmd/helm/get_manifest.go index f4ae11e58..206c9d295 100644 --- a/cmd/helm/get_manifest.go +++ b/cmd/helm/get_manifest.go @@ -60,7 +60,9 @@ func newGetManifestCmd(client helm.Interface, out io.Writer) *cobra.Command { }, } - cmd.Flags().Int32Var(&get.version, "revision", 0, "get the named release with revision") + f := cmd.Flags() + settings.AddFlagsTLS(f) + f.Int32Var(&get.version, "revision", 0, "get the named release with revision") return cmd } diff --git a/cmd/helm/get_notes.go b/cmd/helm/get_notes.go index 5b1135ba5..eaa3bc815 100644 --- a/cmd/helm/get_notes.go +++ b/cmd/helm/get_notes.go @@ -59,7 +59,9 @@ func newGetNotesCmd(client helm.Interface, out io.Writer) *cobra.Command { }, } - cmd.PersistentFlags().Int32Var(&get.version, "revision", 0, "get the notes of the named release with revision") + f := cmd.Flags() + settings.AddFlagsTLS(f) + f.Int32Var(&get.version, "revision", 0, "get the notes of the named release with revision") return cmd } diff --git a/cmd/helm/get_values.go b/cmd/helm/get_values.go index 12a48f1da..a4f4fc283 100644 --- a/cmd/helm/get_values.go +++ b/cmd/helm/get_values.go @@ -58,8 +58,10 @@ func newGetValuesCmd(client helm.Interface, out io.Writer) *cobra.Command { }, } - cmd.Flags().Int32Var(&get.version, "revision", 0, "get the named release with revision") - cmd.Flags().BoolVarP(&get.allValues, "all", "a", false, "dump all (computed) values") + f := cmd.Flags() + settings.AddFlagsTLS(f) + f.Int32Var(&get.version, "revision", 0, "get the named release with revision") + f.BoolVarP(&get.allValues, "all", "a", false, "dump all (computed) values") return cmd } diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go index 6cb1c78ea..75fa2dc38 100644 --- a/cmd/helm/helm.go +++ b/cmd/helm/helm.go @@ -47,10 +47,6 @@ var ( tlsVerify bool // enable TLS and verify remote certificates tlsEnable bool // enable TLS - tlsCaCertDefault = "$HELM_HOME/ca.pem" - tlsCertDefault = "$HELM_HOME/cert.pem" - tlsKeyDefault = "$HELM_HOME/key.pem" - tillerTunnel *kube.Tunnel settings helm_env.EnvSettings ) @@ -77,6 +73,11 @@ Environment: $HELM_NO_PLUGINS disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. $TILLER_NAMESPACE set an alternative Tiller namespace (default "kube-system") $KUBECONFIG set an alternative Kubernetes configuration file (default "~/.kube/config") + $HELM_TLS_CA_CERT path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem") + $HELM_TLS_CERT path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem") + $HELM_TLS_KEY path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem") + $HELM_TLS_VERIFY enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false") + $HELM_TLS_ENABLE enable TLS connection between Helm and Tiller (default "false") ` func newRootCmd(args []string) *cobra.Command { @@ -114,18 +115,18 @@ func newRootCmd(args []string) *cobra.Command { newVerifyCmd(out), // release commands - addFlagsTLS(newDeleteCmd(nil, out)), - addFlagsTLS(newGetCmd(nil, out)), - addFlagsTLS(newHistoryCmd(nil, out)), - addFlagsTLS(newInstallCmd(nil, out)), - addFlagsTLS(newListCmd(nil, out)), - addFlagsTLS(newRollbackCmd(nil, out)), - addFlagsTLS(newStatusCmd(nil, out)), - addFlagsTLS(newUpgradeCmd(nil, out)), - - addFlagsTLS(newReleaseTestCmd(nil, out)), - addFlagsTLS(newResetCmd(nil, out)), - addFlagsTLS(newVersionCmd(nil, out)), + newDeleteCmd(nil, out), + newGetCmd(nil, out), + newHistoryCmd(nil, out), + newInstallCmd(nil, out), + newListCmd(nil, out), + newRollbackCmd(nil, out), + newStatusCmd(nil, out), + newUpgradeCmd(nil, out), + + newReleaseTestCmd(nil, out), + newResetCmd(nil, out), + newVersionCmd(nil, out), newCompletionCmd(out), newHomeCmd(out), @@ -142,9 +143,6 @@ func newRootCmd(args []string) *cobra.Command { flags.Parse(args) - // set defaults from environment - settings.Init(flags) - // Find and add plugins loadPlugins(cmd, out) @@ -276,7 +274,7 @@ func ensureHelmClient(h helm.Interface) helm.Interface { func newClient() helm.Interface { options := []helm.Option{helm.Host(settings.TillerHost), helm.ConnectTimeout(settings.TillerConnectionTimeout)} - if tlsVerify || tlsEnable { + if settings.TLSVerify || settings.TLSEnable { if tlsCaCertFile == "" { tlsCaCertFile = settings.Home.TLSCaCert() } @@ -306,17 +304,3 @@ func newClient() helm.Interface { } return helm.NewClient(options...) } - -// addFlagsTLS adds the flags for supporting client side TLS to the -// helm command (only those that invoke communicate to Tiller.) -func addFlagsTLS(cmd *cobra.Command) *cobra.Command { - - // add flags - cmd.Flags().StringVar(&tlsServerName, "tls-hostname", settings.TillerHost, "the server name used to verify the hostname on the returned certificates from the server") - cmd.Flags().StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file") - cmd.Flags().StringVar(&tlsCertFile, "tls-cert", tlsCertDefault, "path to TLS certificate file") - cmd.Flags().StringVar(&tlsKeyFile, "tls-key", tlsKeyDefault, "path to TLS key file") - cmd.Flags().BoolVar(&tlsVerify, "tls-verify", false, "enable TLS for request and verify remote") - cmd.Flags().BoolVar(&tlsEnable, "tls", false, "enable TLS for request") - return cmd -} diff --git a/cmd/helm/history.go b/cmd/helm/history.go index 6e0b48d33..51bc34e75 100644 --- a/cmd/helm/history.go +++ b/cmd/helm/history.go @@ -88,6 +88,7 @@ func newHistoryCmd(c helm.Interface, w io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.Int32Var(&his.max, "max", 256, "maximum number of revision to include in history") f.UintVar(&his.colWidth, "col-width", 60, "specifies the max column width of output") f.StringVarP(&his.outputFormat, "output", "o", "table", "prints the output in the specified format (json|table|yaml)") diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 1c2dca7ef..7f84f3355 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -193,6 +193,7 @@ func newInstallCmd(c helm.Interface, out io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.VarP(&inst.valueFiles, "values", "f", "specify values in a YAML file or a URL(can specify multiple)") f.StringVarP(&inst.name, "name", "n", "", "release name. If unspecified, it will autogenerate one for you") f.StringVar(&inst.namespace, "namespace", "", "namespace to install the release into. Defaults to the current kube config namespace.") diff --git a/cmd/helm/list.go b/cmd/helm/list.go index 4467b6ec7..384fca619 100644 --- a/cmd/helm/list.go +++ b/cmd/helm/list.go @@ -120,6 +120,7 @@ func newListCmd(client helm.Interface, out io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.BoolVarP(&list.short, "short", "q", false, "output short (quiet) listing format") f.BoolVarP(&list.byDate, "date", "d", false, "sort by release date") f.BoolVarP(&list.sortDesc, "reverse", "r", false, "reverse the sort order") diff --git a/cmd/helm/release_testing.go b/cmd/helm/release_testing.go index 0c9debb3f..c7231cf04 100644 --- a/cmd/helm/release_testing.go +++ b/cmd/helm/release_testing.go @@ -64,6 +64,7 @@ func newReleaseTestCmd(c helm.Interface, out io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.Int64Var(&rlsTest.timeout, "timeout", 300, "time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks)") f.BoolVar(&rlsTest.cleanup, "cleanup", false, "delete test pods upon completion") diff --git a/cmd/helm/reset.go b/cmd/helm/reset.go index 5b0914e82..ffae0a613 100644 --- a/cmd/helm/reset.go +++ b/cmd/helm/reset.go @@ -77,6 +77,7 @@ func newResetCmd(client helm.Interface, out io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.BoolVarP(&d.force, "force", "f", false, "forces Tiller uninstall even if there are releases installed, or if Tiller is not in ready state. Releases are not deleted.)") f.BoolVar(&d.removeHelmHome, "remove-helm-home", false, "if set deletes $HELM_HOME") diff --git a/cmd/helm/rollback.go b/cmd/helm/rollback.go index 5c85afc3b..a06b205c8 100644 --- a/cmd/helm/rollback.go +++ b/cmd/helm/rollback.go @@ -78,6 +78,7 @@ func newRollbackCmd(c helm.Interface, out io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.BoolVar(&rollback.dryRun, "dry-run", false, "simulate a rollback") f.BoolVar(&rollback.recreate, "recreate-pods", false, "performs pods restart for the resource if applicable") f.BoolVar(&rollback.force, "force", false, "force resource update through delete/recreate if needed") diff --git a/cmd/helm/status.go b/cmd/helm/status.go index be057a28e..fe53081a4 100644 --- a/cmd/helm/status.go +++ b/cmd/helm/status.go @@ -76,8 +76,10 @@ func newStatusCmd(client helm.Interface, out io.Writer) *cobra.Command { }, } - cmd.PersistentFlags().Int32Var(&status.version, "revision", 0, "if set, display the status of the named release with revision") - cmd.PersistentFlags().StringVarP(&status.outfmt, "output", "o", "", "output the status in the specified format (json or yaml)") + f := cmd.Flags() + settings.AddFlagsTLS(f) + f.Int32Var(&status.version, "revision", 0, "if set, display the status of the named release with revision") + f.StringVarP(&status.outfmt, "output", "o", "", "output the status in the specified format (json or yaml)") return cmd } diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 8647a2737..905a2c175 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -147,6 +147,7 @@ func newUpgradeCmd(client helm.Interface, out io.Writer) *cobra.Command { } f := cmd.Flags() + settings.AddFlagsTLS(f) f.VarP(&upgrade.valueFiles, "values", "f", "specify values in a YAML file or a URL(can specify multiple)") f.BoolVar(&upgrade.dryRun, "dry-run", false, "simulate an upgrade") f.BoolVar(&upgrade.recreate, "recreate-pods", false, "performs pods restart for the resource if applicable") diff --git a/cmd/helm/version.go b/cmd/helm/version.go index 922e744b2..e0d9e5e73 100644 --- a/cmd/helm/version.go +++ b/cmd/helm/version.go @@ -77,6 +77,7 @@ func newVersionCmd(c helm.Interface, out io.Writer) *cobra.Command { }, } f := cmd.Flags() + settings.AddFlagsTLS(f) f.BoolVarP(&version.showClient, "client", "c", false, "client version only") f.BoolVarP(&version.showServer, "server", "s", false, "server version only") f.BoolVar(&version.short, "short", false, "print the version number") diff --git a/docs/helm/helm.md b/docs/helm/helm.md index c1a11c4a3..136721c36 100644 --- a/docs/helm/helm.md +++ b/docs/helm/helm.md @@ -26,6 +26,11 @@ Environment: $HELM_NO_PLUGINS disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. $TILLER_NAMESPACE set an alternative Tiller namespace (default "kube-system") $KUBECONFIG set an alternative Kubernetes configuration file (default "~/.kube/config") + $HELM_TLS_CA_CERT path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem") + $HELM_TLS_CERT path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem") + $HELM_TLS_KEY path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem") + $HELM_TLS_VERIFY enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false") + $HELM_TLS_ENABLE enable TLS connection between Helm and Tiller (default "false") ### Options @@ -70,4 +75,4 @@ Environment: * [helm verify](helm_verify.md) - verify that a chart at the given path has been signed and is valid * [helm version](helm_version.md) - print the client/server version information -###### Auto generated by spf13/cobra on 1-Sep-2018 +###### Auto generated by spf13/cobra on 4-Sep-2018 diff --git a/pkg/helm/environment/environment.go b/pkg/helm/environment/environment.go index 4241bbb8a..05d955d69 100644 --- a/pkg/helm/environment/environment.go +++ b/pkg/helm/environment/environment.go @@ -32,6 +32,19 @@ import ( "k8s.io/helm/pkg/helm/helmpath" ) +const ( + // DefaultTLSCaCert is the default value for HELM_TLS_CA_CERT + DefaultTLSCaCert = "$HELM_HOME/ca.pem" + // DefaultTLSCert is the default value for HELM_TLS_CERT + DefaultTLSCert = "$HELM_HOME/cert.pem" + // DefaultTLSKeyFile is the default value for HELM_TLS_KEY_FILE + DefaultTLSKeyFile = "$HELM_HOME/key.pem" + // DefaultTLSEnable is the default value for HELM_TLS_ENABLE + DefaultTLSEnable = false + // DefaultTLSVerify is the default value for HELM_TLS_VERIFY + DefaultTLSVerify = false +) + // DefaultHelmHome is the default HELM_HOME. var DefaultHelmHome = filepath.Join(homedir.HomeDir(), ".helm") @@ -39,7 +52,7 @@ var DefaultHelmHome = filepath.Join(homedir.HomeDir(), ".helm") type EnvSettings struct { // TillerHost is the host and port of Tiller. TillerHost string - // TillerConnectionTimeout is the duration (in seconds) helm will wait to establish a connection to tiller. + // TillerConnectionTimeout is the duration (in seconds) helm will wait to establish a connection to Tiller. TillerConnectionTimeout int64 // TillerNamespace is the namespace in which Tiller runs. TillerNamespace string @@ -51,6 +64,18 @@ type EnvSettings struct { KubeContext string // KubeConfig is the path to an explicit kubeconfig file. This overwrites the value in $KUBECONFIG KubeConfig string + // TLSEnable tells helm to communicate with Tiller via TLS + TLSEnable bool + // TLSVerify tells helm to communicate with Tiller via TLS and to verify remote certificates served by Tiller + TLSVerify bool + // TLSServerName tells helm to verify the hostname on the returned certificates from Tiller + TLSServerName string + // TLSCaCertFile is the path to a TLS CA certificate file + TLSCaCertFile string + // TLSCertFile is the path to a TLS certificate file + TLSCertFile string + // TLSKeyFile is the path to a TLS key file + TLSKeyFile string } // AddFlags binds flags to the given flagset. @@ -62,15 +87,45 @@ func (s *EnvSettings) AddFlags(fs *pflag.FlagSet) { fs.BoolVar(&s.Debug, "debug", false, "enable verbose output") fs.StringVar(&s.TillerNamespace, "tiller-namespace", "kube-system", "namespace of Tiller") fs.Int64Var(&s.TillerConnectionTimeout, "tiller-connection-timeout", int64(300), "the duration (in seconds) Helm will wait to establish a connection to tiller") + + envMap := map[string]string{ + "debug": "HELM_DEBUG", + "home": "HELM_HOME", + "host": "HELM_HOST", + "tiller-namespace": "TILLER_NAMESPACE", + } + + for name, envar := range envMap { + setFlagFromEnv(name, envar, fs) + } } -// Init sets values from the environment. -func (s *EnvSettings) Init(fs *pflag.FlagSet) { +// AddFlagsTLS adds the flags for supporting client side TLS to the given flagset. +func (s *EnvSettings) AddFlagsTLS(fs *pflag.FlagSet) { + fs.StringVar(&s.TLSServerName, "tls-hostname", s.TillerHost, "the server name used to verify the hostname on the returned certificates from the server") + fs.StringVar(&s.TLSCaCertFile, "tls-ca-cert", DefaultTLSCaCert, "path to TLS CA certificate file") + fs.StringVar(&s.TLSCertFile, "tls-cert", DefaultTLSCert, "path to TLS certificate file") + fs.StringVar(&s.TLSKeyFile, "tls-key", DefaultTLSKeyFile, "path to TLS key file") + fs.BoolVar(&s.TLSVerify, "tls-verify", DefaultTLSVerify, "enable TLS for request and verify remote") + fs.BoolVar(&s.TLSEnable, "tls", DefaultTLSEnable, "enable TLS for request") + + envMap := map[string]string{ + "tls-hostname": "HELM_TLS_HOSTNAME", + "tls-ca-cert": "HELM_TLS_CA_CERT", + "tls-cert": "HELM_TLS_CERT", + "tls-key": "HELM_TLS_KEY", + "tls-verify": "HELM_TLS_VERIFY", + "tls": "HELM_TLS_ENABLE", + } + for name, envar := range envMap { setFlagFromEnv(name, envar, fs) } } +// Init is deprecated; calling `.AddFlags` or `.AddFlagsTLS` directly will set the flags to their default values from the environment, so this is a no-op. +func (s *EnvSettings) Init(fs *pflag.FlagSet) {} + // PluginDirs is the path to the plugin directories. func (s EnvSettings) PluginDirs() string { if d, ok := os.LookupEnv("HELM_PLUGIN"); ok { @@ -79,14 +134,6 @@ func (s EnvSettings) PluginDirs() string { return s.Home.Plugins() } -// envMap maps flag names to envvars -var envMap = map[string]string{ - "debug": "HELM_DEBUG", - "home": "HELM_HOME", - "host": "HELM_HOST", - "tiller-namespace": "TILLER_NAMESPACE", -} - func setFlagFromEnv(name, envar string, fs *pflag.FlagSet) { if fs.Changed(name) { return diff --git a/pkg/helm/environment/environment_test.go b/pkg/helm/environment/environment_test.go index 35958e791..fb05254ed 100644 --- a/pkg/helm/environment/environment_test.go +++ b/pkg/helm/environment/environment_test.go @@ -36,49 +36,78 @@ func TestEnvSettings(t *testing.T) { // expected values home, host, ns, kcontext, kconfig, plugins string - debug bool + debug, tlsverify bool }{ { - name: "defaults", - args: []string{}, - home: DefaultHelmHome, - plugins: helmpath.Home(DefaultHelmHome).Plugins(), - ns: "kube-system", + name: "defaults", + args: []string{}, + home: DefaultHelmHome, + plugins: helmpath.Home(DefaultHelmHome).Plugins(), + ns: "kube-system", + tlsverify: false, }, { - name: "with flags set", - args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns", "--kubeconfig", "/bar"}, - home: "/foo", - plugins: helmpath.Home("/foo").Plugins(), - host: "here", - ns: "myns", - kconfig: "/bar", - debug: true, + name: "with flags set", + args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns", "--kubeconfig", "/bar"}, + home: "/foo", + plugins: helmpath.Home("/foo").Plugins(), + host: "here", + ns: "myns", + kconfig: "/bar", + debug: true, + tlsverify: false, }, { - name: "with envvars set", - args: []string{}, - envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns"}, - home: "/bar", - plugins: helmpath.Home("/bar").Plugins(), - host: "there", - ns: "yourns", - debug: true, + name: "with envvars set", + args: []string{}, + envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns"}, + home: "/bar", + plugins: helmpath.Home("/bar").Plugins(), + host: "there", + ns: "yourns", + debug: true, + tlsverify: false, }, { - name: "with flags and envvars set", - args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns"}, - envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns", "HELM_PLUGIN": "glade"}, - home: "/foo", - plugins: "glade", - host: "here", - ns: "myns", - debug: true, + name: "with TLS envvars set", + args: []string{}, + envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns", "HELM_TLS_VERIFY": "1"}, + home: "/bar", + plugins: helmpath.Home("/bar").Plugins(), + host: "there", + ns: "yourns", + debug: true, + tlsverify: true, + }, + { + name: "with flags and envvars set", + args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns"}, + envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns", "HELM_PLUGIN": "glade"}, + home: "/foo", + plugins: "glade", + host: "here", + ns: "myns", + debug: true, + tlsverify: false, }, } - cleanup := resetEnv() - defer cleanup() + allEnvvars := map[string]string{ + "HELM_DEBUG": "", + "HELM_HOME": "", + "HELM_HOST": "", + "TILLER_NAMESPACE": "", + "HELM_PLUGIN": "", + "HELM_TLS_HOSTNAME": "", + "HELM_TLS_CA_CERT": "", + "HELM_TLS_CERT": "", + "HELM_TLS_KEY": "", + "HELM_TLS_VERIFY": "", + "HELM_TLS_ENABLE": "", + } + + resetEnv(allEnvvars) + defer resetEnv(allEnvvars) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -90,6 +119,7 @@ func TestEnvSettings(t *testing.T) { settings := &EnvSettings{} settings.AddFlags(flags) + settings.AddFlagsTLS(flags) flags.Parse(tt.args) settings.Init(flags) @@ -115,17 +145,20 @@ func TestEnvSettings(t *testing.T) { if settings.KubeConfig != tt.kconfig { t.Errorf("expected kubeconfig %q, got %q", tt.kconfig, settings.KubeConfig) } + if settings.TLSVerify != tt.tlsverify { + t.Errorf("expected tls-verify %t, got %t", tt.tlsverify, settings.TLSVerify) + } - cleanup() + resetEnv(tt.envars) }) } } -func resetEnv() func() { +func resetEnv(envars map[string]string) func() { origEnv := os.Environ() // ensure any local envvars do not hose us - for _, e := range envMap { + for e := range envars { os.Unsetenv(e) }