msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

Merge pull request #1602 from technosophos/feat/fetch-prov

Browse Source 
feat(helm): add 'helm fetch --prov' to fetch prov info
reviewable/pr1640/r1
Matt Butcher 8 years ago committed by GitHub
parent 329665882e 18248e5530
commit f90d08969e
3 changed files with 62 additions and 7 deletions
Show Stats Download Patch File Download Diff File

17
cmd/helm/downloader/chart_downloader.go
Unescape View File

@ -44,6 +44,10 @@ const (
// VerifyAlways will always attempt a verification, and will fail if the // VerifyAlways will always attempt a verification, and will fail if the
// verification fails. // verification fails.
VerifyAlways VerifyAlways
// VerifyLater will fetch verification data, but not do any verification.
// This is to accommodate the case where another step of the process will
// perform verification.
VerifyLater
) )
// ChartDownloader handles downloading a chart. // ChartDownloader handles downloading a chart.
@ -65,6 +69,7 @@ type ChartDownloader struct {
// If Verify is set to VerifyNever, the verification will be nil. // If Verify is set to VerifyNever, the verification will be nil.
// If Verify is set to VerifyIfPossible, this will return a verification (or nil on failure), and print a warning on failure. // If Verify is set to VerifyIfPossible, this will return a verification (or nil on failure), and print a warning on failure.
// If Verify is set to VerifyAlways, this will return a verification or an error if the verification fails. // If Verify is set to VerifyAlways, this will return a verification or an error if the verification fails.
// If Verify is set to VerifyLater, this will download the prov file (if it exists), but not verify it.
// //
// For VerifyNever and VerifyIfPossible, the Verification may be empty. // For VerifyNever and VerifyIfPossible, the Verification may be empty.
// //
@ -104,11 +109,13 @@ func (c *ChartDownloader) DownloadTo(ref, version, dest string) (string, *proven
return destfile, nil, err return destfile, nil, err
} }
ver, err = VerifyChart(destfile, c.Keyring) if c.Verify != VerifyLater {
if err != nil { ver, err = VerifyChart(destfile, c.Keyring)
// Fail always in this case, since it means the verification step if err != nil {
// failed. // Fail always in this case, since it means the verification step
return destfile, ver, err // failed.
return destfile, ver, err
}
} }
} }
return destfile, ver, nil return destfile, ver, nil

44
cmd/helm/downloader/chart_downloader_test.go
Unescape View File

@ -153,3 +153,47 @@ func TestDownloadTo(t *testing.T) {
return return
} }
} }
func TestDownloadTo_VerifyLater(t *testing.T) {
hh, err := ioutil.TempDir("", "helm-downloadto-")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(hh)
dest := filepath.Join(hh, "dest")
os.MkdirAll(dest, 0755)
// Set up a fake repo
srv := repotest.NewServer(hh)
defer srv.Stop()
if _, err := srv.CopyCharts("testdata/*.tgz*"); err != nil {
t.Error(err)
return
}
c := ChartDownloader{
HelmHome: helmpath.Home("testdata/helmhome"),
Out: os.Stderr,
Verify: VerifyLater,
}
cname := "/signtest-0.1.0.tgz"
where, _, err := c.DownloadTo(srv.URL()+cname, "", dest)
if err != nil {
t.Error(err)
return
}
if expect := filepath.Join(dest, cname); where != expect {
t.Errorf("Expected download to %s, got %s", expect, where)
}
if _, err := os.Stat(filepath.Join(dest, cname)); err != nil {
t.Error(err)
return
}
if _, err := os.Stat(filepath.Join(dest, cname+".prov")); err != nil {
t.Error(err)
return
}
}

8
cmd/helm/fetch.go
Unescape View File

@ -51,8 +51,9 @@ type fetchCmd struct {
destdir string destdir string
version string version string
verify bool verify bool
keyring string verifyLater bool
keyring string
out io.Writer out io.Writer
} }
@ -82,6 +83,7 @@ func newFetchCmd(out io.Writer) *cobra.Command {
f.BoolVar(&fch.untar, "untar", false, "if set to true, will untar the chart after downloading it") f.BoolVar(&fch.untar, "untar", false, "if set to true, will untar the chart after downloading it")
f.StringVar(&fch.untardir, "untardir", ".", "if untar is specified, this flag specifies the name of the directory into which the chart is expanded") f.StringVar(&fch.untardir, "untardir", ".", "if untar is specified, this flag specifies the name of the directory into which the chart is expanded")
f.BoolVar(&fch.verify, "verify", false, "verify the package against its signature") f.BoolVar(&fch.verify, "verify", false, "verify the package against its signature")
f.BoolVar(&fch.verifyLater, "prov", false, "fetch the provenance file, but don't perform verification")
f.StringVar(&fch.version, "version", "", "specific version of a chart. Without this, the latest version is fetched") f.StringVar(&fch.version, "version", "", "specific version of a chart. Without this, the latest version is fetched")
f.StringVar(&fch.keyring, "keyring", defaultKeyring(), "keyring containing public keys") f.StringVar(&fch.keyring, "keyring", defaultKeyring(), "keyring containing public keys")
f.StringVarP(&fch.destdir, "destination", "d", ".", "location to write the chart. If this and tardir are specified, tardir is appended to this") f.StringVarP(&fch.destdir, "destination", "d", ".", "location to write the chart. If this and tardir are specified, tardir is appended to this")
@ -100,6 +102,8 @@ func (f *fetchCmd) run() error {
if f.verify { if f.verify {
c.Verify = downloader.VerifyAlways c.Verify = downloader.VerifyAlways
} else if f.verifyLater {
c.Verify = downloader.VerifyLater
} }
// If untar is set, we fetch to a tempdir, then untar and copy after // If untar is set, we fetch to a tempdir, then untar and copy after

Write Preview
Loading…
Cancel
Save