The previous cache was based on chart name and version. If 2 charts
with different content had the same name and version they would collide.
Helm did not trust the cache because of this and always downloaded
content. It was a short lived cache.
This commit introduces a content based cache which is based on the
content rather than file name. Charts with the same name but different
content are no longer an issue.
While the system assumes a file based interface, the cache system
is pluggable. In the future, it should return bytes for the content
instead of paths to it. That would requie a larger change for Helm 5
or later.
Signed-off-by: Matt Farina <matt.farina@suse.com>
- The newReference() function transforms version tags by replacing + with _ for OCI compatibility
- But the code was using the original ref (with +) for TagBytes()
- Then it tries to find the tagged reference using parsedRef.String() (with _)
- This mismatch causes the Resolve method to fail with "not found"
- By using parsedRef.String() consistently in both places, the references will match and the lookup will succeed.
I extracted the TagBytes function to improve testability.
Push() includes several external calls that are hard to mock,
so isolating this logic makes testing more manageable.
Close: #30881
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
This option was kept to avoid compile-time incompatibilities in Helm v3
when upgrading to ORAS v2. Let's remove it for Helm v4.
This allows Helm to drop the containerd dependency entirely.
Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
This change moves the code, updates the import locations, and
adds a doc.go file to document what the v2 package is for.
This is part of HIP 20 for v3 charts
Signed-off-by: Matt Farina <matt.farina@suse.com>
Since Helm is going through breaking changes with Helm v4, the version path to
Helm needs to be updated.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Fixes: #12584
This change makes the authorizer and registryAuthorizer of the registry client configurable via options. This allows Go SDK users to override the authentication behavior of the client.
This PR makes both the authorizer and registryAuthorizer configurable because depending on the exact scenario that may be needed. The default registryAuthorizer only supports a specific implementation of the authorizer.
Signed-off-by: Ryan Nowak <nowakra@gmail.com>
When username/password parameters are passed in via the CLI
they are not passed down to the client handling requests to
OCI registries. This change ensures this happens
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
This reverts commit 4a27baaffc.
Note, PR #11129 was layered in along with this change so the revert
preserves this API addition.
Signed-off-by: Matt Farina <matt.farina@suse.com>
The assumption that either a username and/or password OR an error is
returned appears to be wrong, and results in an error later on which
looks something like the following:
```
failed to authorize: failed to fetch anonymous token: unexpected status
from GET request to https://auth.docker.io/token?scope=repository%3AXXX%2FYYY%3Apull&service=registry.docker.io:
401 Unauthorized
```
To mitigate this, confirm we actually have one of the values before
setting the `Authorization` header.
Co-authored-by: Joe Julian <me@joejulian.name>
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Benoit Tigeot
Scott Rigby
Matt Farina
Eric Stroczynski
Evans Mungai
Matheus Pimenta
Terry Howe
Robert Sirchia
Justen Stall
linghuying
Tom Wieczorek
George Jenkins
Ryan Nowak
Andrew Block
Matt Farina
Hidde Beydals
Antonio Gamez Diaz