From cc414577dc2e39225aa0b942830d6e775ae1bdd5 Mon Sep 17 00:00:00 2001
From: Tom Runyon <tom@defenseunicorns.com>
Date: Tue, 3 Jan 2023 11:39:57 -0500
Subject: [PATCH] Added flags to CLI commands

Signed-off-by: Tom Runyon <tom@defenseunicorns.com>
---
 cmd/helm/install.go   |  1 +
 cmd/helm/pull.go      |  1 +
 cmd/helm/push.go      |  2 ++
 cmd/helm/show.go      |  1 +
 pkg/action/install.go | 11 +++++++++--
 pkg/action/pull.go    | 10 ++++++++--
 pkg/action/push.go    | 12 ++++++++++--
 7 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/cmd/helm/install.go b/cmd/helm/install.go
index ebdc88fdd..280b574a6 100644
--- a/cmd/helm/install.go
+++ b/cmd/helm/install.go
@@ -169,6 +169,7 @@ func addInstallFlags(cmd *cobra.Command, f *pflag.FlagSet, client *action.Instal
 	f.BoolVar(&client.Atomic, "atomic", false, "if set, the installation process deletes the installation on failure. The --wait flag will be set automatically if --atomic is used")
 	f.BoolVar(&client.SkipCRDs, "skip-crds", false, "if set, no CRDs will be installed. By default, CRDs are installed if not already present")
 	f.BoolVar(&client.SubNotes, "render-subchart-notes", false, "if set, render subchart notes along with the parent")
+	f.BoolVar(&client.PlainHTTP, "plain-http", false, "install charts from http registry")
 	addValueOptionsFlags(f, valueOpts)
 	addChartPathOptionsFlags(f, &client.ChartPathOptions)
 
diff --git a/cmd/helm/pull.go b/cmd/helm/pull.go
index 238550250..376825c03 100644
--- a/cmd/helm/pull.go
+++ b/cmd/helm/pull.go
@@ -81,6 +81,7 @@ func newPullCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 	f.BoolVar(&client.VerifyLater, "prov", false, "fetch the provenance file, but don't perform verification")
 	f.StringVar(&client.UntarDir, "untardir", ".", "if untar is specified, this flag specifies the name of the directory into which the chart is expanded")
 	f.StringVarP(&client.DestDir, "destination", "d", ".", "location to write the chart. If this and untardir are specified, untardir is appended to this")
+	f.BoolVar(&client.PlainHTTP, "plain-http", false, "install charts from http registry")
 	addChartPathOptionsFlags(f, &client.ChartPathOptions)
 
 	err := cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
diff --git a/cmd/helm/push.go b/cmd/helm/push.go
index dffe8f4ea..b0700aad3 100644
--- a/cmd/helm/push.go
+++ b/cmd/helm/push.go
@@ -39,6 +39,7 @@ type registryPushOptions struct {
 	keyFile               string
 	caFile                string
 	insecureSkipTLSverify bool
+	plainHTTP             bool
 }
 
 func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
@@ -88,6 +89,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 	f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file")
 	f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle")
 	f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload")
+	f.BoolVar(&o.plainHTTP, "plain-http", false, "push charts to registry over http")
 
 	return cmd
 }
diff --git a/cmd/helm/show.go b/cmd/helm/show.go
index e9b17a8cb..a08c3b014 100644
--- a/cmd/helm/show.go
+++ b/cmd/helm/show.go
@@ -174,6 +174,7 @@ func addShowFlags(subCmd *cobra.Command, client *action.Show) {
 	f := subCmd.Flags()
 
 	f.BoolVar(&client.Devel, "devel", false, "use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored")
+	f.BoolVar(&client.PlainHTTP, "plain-http", false, "use plain http connection instead of https")
 	if subCmd.Name() == "values" {
 		f.StringVar(&client.JSONPathTemplate, "jsonpath", "", "supply a JSONPath expression to filter the output")
 	}
diff --git a/pkg/action/install.go b/pkg/action/install.go
index 47c19d067..7e565c135 100644
--- a/pkg/action/install.go
+++ b/pkg/action/install.go
@@ -118,6 +118,7 @@ type ChartPathOptions struct {
 	Username              string // --username
 	Verify                bool   // --verify
 	Version               string // --version
+	PlainHTTP             bool   // --plain-http
 
 	// registryClient provides a registry client but is not added with
 	// options from a flag
@@ -678,8 +679,14 @@ func (c *ChartPathOptions) LocateChart(name string, out io.Writer, settings *cli
 	// an error and a lookup will not occur.
 	if registry.IsOCI(name) {
 		if (c.CertFile != "" && c.KeyFile != "") || c.CaFile != "" || c.InsecureSkipTLSverify {
-			registryClient, err := registry.NewRegistryClientWithTLS(out, c.CertFile, c.KeyFile, c.CaFile,
-				c.InsecureSkipTLSverify, settings.RegistryConfig, settings.Debug)
+			var registryClient *registry.Client
+			var err error
+			if c.PlainHTTP {
+				registryClient, err = registry.NewRegistryClientHTTP(out, settings.RegistryConfig, settings.Debug)
+			} else {
+				registryClient, err = registry.NewRegistryClientWithTLS(out, c.CertFile, c.KeyFile, c.CaFile,
+					c.InsecureSkipTLSverify, settings.RegistryConfig, settings.Debug)
+			}
 			if err != nil {
 				return "", err
 			}
diff --git a/pkg/action/pull.go b/pkg/action/pull.go
index 102e4a588..cd83d7499 100644
--- a/pkg/action/pull.go
+++ b/pkg/action/pull.go
@@ -105,8 +105,14 @@ func (p *Pull) Run(chartRef string) (string, error) {
 		// Provide a tls enabled client for the pull command if the user has
 		// specified the cert file or key file or ca file.
 		if (p.ChartPathOptions.CertFile != "" && p.ChartPathOptions.KeyFile != "") || p.ChartPathOptions.CaFile != "" || p.ChartPathOptions.InsecureSkipTLSverify {
-			registryClient, err := registry.NewRegistryClientWithTLS(p.out, p.ChartPathOptions.CertFile, p.ChartPathOptions.KeyFile, p.ChartPathOptions.CaFile,
-				p.ChartPathOptions.InsecureSkipTLSverify, p.Settings.RegistryConfig, p.Settings.Debug)
+			var registryClient *registry.Client
+			var err error
+			if p.PlainHTTP {
+				registryClient, err = registry.NewRegistryClientHTTP(p.out, p.Settings.RegistryConfig, p.Settings.Debug)
+			} else {
+				registryClient, err = registry.NewRegistryClientWithTLS(p.out, p.CertFile, p.KeyFile, p.CaFile,
+					p.InsecureSkipTLSverify, p.Settings.RegistryConfig, p.Settings.Debug)
+			}
 			if err != nil {
 				return out.String(), err
 			}
diff --git a/pkg/action/push.go b/pkg/action/push.go
index 21f6fb947..5391e5956 100644
--- a/pkg/action/push.go
+++ b/pkg/action/push.go
@@ -36,6 +36,7 @@ type Push struct {
 	keyFile               string
 	caFile                string
 	insecureSkipTLSverify bool
+	plainHTTP             bool
 	out                   io.Writer
 }
 
@@ -97,8 +98,15 @@ func (p *Push) Run(chartRef string, remote string) (string, error) {
 		// Provide a tls enabled client for the pull command if the user has
 		// specified the cert file or key file or ca file.
 		if (p.certFile != "" && p.keyFile != "") || p.caFile != "" || p.insecureSkipTLSverify {
-			registryClient, err := registry.NewRegistryClientWithTLS(p.out, p.certFile, p.keyFile, p.caFile,
-				p.insecureSkipTLSverify, p.Settings.RegistryConfig, p.Settings.Debug)
+
+			var registryClient *registry.Client
+			var err error
+			if p.plainHTTP {
+				registryClient, err = registry.NewRegistryClientHTTP(p.out, p.Settings.RegistryConfig, p.Settings.Debug)
+			} else {
+				registryClient, err = registry.NewRegistryClientWithTLS(p.out, p.certFile, p.keyFile, p.caFile,
+					p.insecureSkipTLSverify, p.Settings.RegistryConfig, p.Settings.Debug)
+			}
 			if err != nil {
 				return out.String(), err
 			}