From c0b7270a5683846f39441c26a2c610bc54cfcd0a Mon Sep 17 00:00:00 2001
From: closetool <c299999999@qq.com>
Date: Thu, 20 Oct 2022 12:05:50 +0800
Subject: [PATCH] feat: add skip tls verify to helm build dependency

Signed-off-by: closetool <c299999999@qq.com>
---
 cmd/helm/dependency_build.go       |  7 +++++++
 pkg/action/dependency.go           | 10 ++++++----
 pkg/downloader/chart_downloader.go | 10 +++++-----
 pkg/downloader/manager.go          |  5 ++---
 pkg/getter/getter.go               |  1 +
 5 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/cmd/helm/dependency_build.go b/cmd/helm/dependency_build.go
index 1ee46d3d2..2abe540d4 100644
--- a/cmd/helm/dependency_build.go
+++ b/cmd/helm/dependency_build.go
@@ -68,6 +68,11 @@ func newDependencyBuildCmd(cfg *action.Configuration, out io.Writer) *cobra.Comm
 			if client.Verify {
 				man.Verify = downloader.VerifyIfPossible
 			}
+			if client.InsecureSkipTLSverify || client.PlainHTTP {
+				if err := man.RegistryClient.WithResolver(client.InsecureSkipTLSverify, client.PlainHTTP); err != nil {
+					return err
+				}
+			}
 			err := man.Build()
 			if e, ok := err.(downloader.ErrRepoNotFound); ok {
 				return fmt.Errorf("%s. Please add the missing repos via 'helm repo add'", e.Error())
@@ -80,6 +85,8 @@ func newDependencyBuildCmd(cfg *action.Configuration, out io.Writer) *cobra.Comm
 	f.BoolVar(&client.Verify, "verify", false, "verify the packages against signatures")
 	f.StringVar(&client.Keyring, "keyring", defaultKeyring(), "keyring containing public keys")
 	f.BoolVar(&client.SkipRefresh, "skip-refresh", false, "do not refresh the local repository cache")
+	f.BoolVar(&client.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download")
+	f.BoolVar(&client.PlainHTTP, "plain-http", false, "use plain http to connect oci registry")
 
 	return cmd
 }
diff --git a/pkg/action/dependency.go b/pkg/action/dependency.go
index 3265f1f17..028bbcf81 100644
--- a/pkg/action/dependency.go
+++ b/pkg/action/dependency.go
@@ -34,10 +34,12 @@ import (
 //
 // It provides the implementation of 'helm dependency' and its respective subcommands.
 type Dependency struct {
-	Verify      bool
-	Keyring     string
-	SkipRefresh bool
-	ColumnWidth uint
+	Verify                bool
+	Keyring               string
+	SkipRefresh           bool
+	ColumnWidth           uint
+	InsecureSkipTLSverify bool
+	PlainHTTP             bool
 }
 
 // NewDependency creates a new Dependency object with the given configuration.
diff --git a/pkg/downloader/chart_downloader.go b/pkg/downloader/chart_downloader.go
index c532759b5..aadc2d76c 100644
--- a/pkg/downloader/chart_downloader.go
+++ b/pkg/downloader/chart_downloader.go
@@ -184,11 +184,11 @@ func (c *ChartDownloader) getOciURI(ref, version string, u *url.URL) (*url.URL,
 //
 // A version is a SemVer string (1.2.3-beta.1+f334a6789).
 //
-//	- For fully qualified URLs, the version will be ignored (since URLs aren't versioned)
-//	- For a chart reference
-//		* If version is non-empty, this will return the URL for that version
-//		* If version is empty, this will return the URL for the latest version
-//		* If no version can be found, an error is returned
+//   - For fully qualified URLs, the version will be ignored (since URLs aren't versioned)
+//   - For a chart reference
+//   - If version is non-empty, this will return the URL for that version
+//   - If version is empty, this will return the URL for the latest version
+//   - If no version can be found, an error is returned
 func (c *ChartDownloader) ResolveChartVersion(ref, version string) (*url.URL, error) {
 	u, err := url.Parse(ref)
 	if err != nil {
diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go
index 18b28dde1..fd2d777c5 100644
--- a/pkg/downloader/manager.go
+++ b/pkg/downloader/manager.go
@@ -313,7 +313,7 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error {
 
 		// Any failure to resolve/download a chart should fail:
 		// https://github.com/helm/helm/issues/1439
-		churl, username, password, insecureskiptlsverify, passcredentialsall, caFile, certFile, keyFile, err := m.findChartURL(dep.Name, dep.Version, dep.Repository, repos)
+		churl, username, password, _, passcredentialsall, caFile, certFile, keyFile, err := m.findChartURL(dep.Name, dep.Version, dep.Repository, repos)
 		if err != nil {
 			saveError = errors.Wrapf(err, "could not find %s", churl)
 			break
@@ -337,8 +337,8 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error {
 			Options: []getter.Option{
 				getter.WithBasicAuth(username, password),
 				getter.WithPassCredentialsAll(passcredentialsall),
-				getter.WithInsecureSkipVerifyTLS(insecureskiptlsverify),
 				getter.WithTLSClientConfig(certFile, keyFile, caFile),
+				getter.WithRegistryClient(m.RegistryClient),
 			},
 		}
 
@@ -349,7 +349,6 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error {
 				return errors.Wrapf(err, "could not parse OCI reference")
 			}
 			dl.Options = append(dl.Options,
-				getter.WithRegistryClient(m.RegistryClient),
 				getter.WithTagName(version))
 		}
 
diff --git a/pkg/getter/getter.go b/pkg/getter/getter.go
index 653b032fe..20b4c8650 100644
--- a/pkg/getter/getter.go
+++ b/pkg/getter/getter.go
@@ -37,6 +37,7 @@ type options struct {
 	caFile                string
 	unTar                 bool
 	insecureSkipVerifyTLS bool
+	plainHTTP             bool
 	username              string
 	password              string
 	passCredentialsAll    bool