In the move to oras v2, an existing but empty registry config file
became an uncaught error. A missing file caused no error. This
change catches the error and works around it so that Helm can
continue to be fault tolerant to this issue.
Signed-off-by: Matt Farina <matt.farina@suse.com>
- The newReference() function transforms version tags by replacing + with _ for OCI compatibility
- But the code was using the original ref (with +) for TagBytes()
- Then it tries to find the tagged reference using parsedRef.String() (with _)
- This mismatch causes the Resolve method to fail with "not found"
- By using parsedRef.String() consistently in both places, the references will match and the lookup will succeed.
I extracted the TagBytes function to improve testability.
Push() includes several external calls that are hard to mock,
so isolating this logic makes testing more manageable.
Close: #30881
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
(cherry picked from commit f552b67230)
Helm 3.18.0 released an upgrade of ORAS from v1 to v2.
ORAS v2 correctly does not accept http/https scheme for registry login, while
ORAS v1 previously did. Even if v1 should not have, we want to preserve
backwards compatibility for Helm 3 users who pass the scheme.
This will be removed in Helm 4, where registry login will not accept http/https
scheme.
Co-authored-by: Andrew Block <andy.block@gmail.com>
Co-authored-by: Terry Howe <terrylhowe@gmail.com>
Signed-off-by: Scott Rigby <scott@r6by.com>
(cherry picked from commit c0f3ace52d)
Multiple changes were made to pass linting. Some Go built-in names
are being used for variables (e.g., min). This happens in the Go
source itself including the Go standard library and is not always
a bad practice.
To handle allowing some built-in names to be used the linter config
is updated to allow (via opt-in) some names to pass. This allows us
to still check for re-use of Go built-in names and opt-in to any
new uses.
There were also several cases where a value was checked for nil
before checking its length when this is already handled by len()
or the types default value. These were cleaned up.
The license validation was updated because it was checking everything
in the .git directory including all remote content that was local.
The previous vendor directory was from a time prior to Go modules
when Helm handled dependencies differently. It was no longer needed.
Signed-off-by: Matt Farina <matt.farina@suse.com>
(cherry picked from commit 5727f56a96)
Fixes: #12584
This change makes the authorizer and registryAuthorizer of the registry client configurable via options. This allows Go SDK users to override the authentication behavior of the client.
This PR makes both the authorizer and registryAuthorizer configurable because depending on the exact scenario that may be needed. The default registryAuthorizer only supports a specific implementation of the authorizer.
Signed-off-by: Ryan Nowak <nowakra@gmail.com>
The ca.crt had to be regenerated because there was no ca.key. Added
new ca.key so that going forward only the certs need to be updated.
Signed-off-by: Dirk Müller <dirk@dmllr.de>
When username/password parameters are passed in via the CLI
they are not passed down to the client handling requests to
OCI registries. This change ensures this happens
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
This reverts commit 4a27baaffc.
Note, PR #11129 was layered in along with this change so the revert
preserves this API addition.
Signed-off-by: Matt Farina <matt.farina@suse.com>
The assumption that either a username and/or password OR an error is
returned appears to be wrong, and results in an error later on which
looks something like the following:
```
failed to authorize: failed to fetch anonymous token: unexpected status
from GET request to https://auth.docker.io/token?scope=repository%3AXXX%2FYYY%3Apull&service=registry.docker.io:
401 Unauthorized
```
To mitigate this, confirm we actually have one of the values before
setting the `Authorization` header.
Co-authored-by: Joe Julian <me@joejulian.name>
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Add a new flag `--plain-http` to the following commands:
* `helm install`
* `helm pull`
* `helm push`
* `helm template`
* `helm upgrade`
* `helm show`
This flag instructs the registry client to use plain HTTP connections,
thus enabling upload/download of charts from OCI registries served at
an HTTP endpoint.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Terry Howe
Matt Farina
Brandt Keller
Brandt Keller
Benoit Tigeot
Scott Rigby
George Jenkins
Ryan Nowak
Evans Mungai
Nathan Baulch
Sidharth Menon
Dirk Müller
Andrew Block
Robert Sirchia
Matt Farina
Hidde Beydals
Antonio Gamez Diaz
Joe Julian
cuisongliu
Sanskar Jaiswal