Fixes: #12584
This change makes the authorizer and registryAuthorizer of the registry client configurable via options. This allows Go SDK users to override the authentication behavior of the client.
This PR makes both the authorizer and registryAuthorizer configurable because depending on the exact scenario that may be needed. The default registryAuthorizer only supports a specific implementation of the authorizer.
Signed-off-by: Ryan Nowak <nowakra@gmail.com>
The ca.crt had to be regenerated because there was no ca.key. Added
new ca.key so that going forward only the certs need to be updated.
Signed-off-by: Dirk Müller <dirk@dmllr.de>
When username/password parameters are passed in via the CLI
they are not passed down to the client handling requests to
OCI registries. This change ensures this happens
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
This reverts commit 4a27baaffc.
Note, PR #11129 was layered in along with this change so the revert
preserves this API addition.
Signed-off-by: Matt Farina <matt.farina@suse.com>
The assumption that either a username and/or password OR an error is
returned appears to be wrong, and results in an error later on which
looks something like the following:
```
failed to authorize: failed to fetch anonymous token: unexpected status
from GET request to https://auth.docker.io/token?scope=repository%3AXXX%2FYYY%3Apull&service=registry.docker.io:
401 Unauthorized
```
To mitigate this, confirm we actually have one of the values before
setting the `Authorization` header.
Co-authored-by: Joe Julian <me@joejulian.name>
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Add a new flag `--plain-http` to the following commands:
* `helm install`
* `helm pull`
* `helm push`
* `helm template`
* `helm upgrade`
* `helm show`
This flag instructs the registry client to use plain HTTP connections,
thus enabling upload/download of charts from OCI registries served at
an HTTP endpoint.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Go 1.20 introduced DNS/CNAME handling changes. This can cause an
IP address represented in hex, oct, etc to be looked up as DNS and
fail. This change introduces a mock DNS resolver.
Note, with the mock resolver, we don't need to use 0x7f000001 any
longer. Keeping because it was already there.
Signed-off-by: Matt Farina <matt.farina@suse.com>
At this time both Go 1.19 and 1.20 are supported. The version
specified in the go.mod file is the minimum version we expect Helm
to be compiled against. This is the oldest supported version to
support environments where others compile Helm. The Helm project
is using Go 1.20 to build Helm itself.
Updating to Go 1.19 also includes dealing with io/ioutil
deprecation and some additional linting issues around staticcheck.
All the staticcheck issues were in test files so linting was
skipped for those.
Signed-off-by: Matt Farina <matt.farina@suse.com>
If implemented, users will be able to use custom certificates and CA to
while interacting with OCI registries.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Exporting those fields enable 3rd party users to build their own mocked PullResult responses.
Related #10623
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
golint which is used as one of the sublinters in golangci-lint is deprecated.
It is replaced with revive which is a drop-in replacement.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Co-authored-by: Martin Mulholland <mmulholl@redhat.com>
This adds a new `gates` package used for interacting with feature gates. It also marks the OCI registry work as experimental, signalling to users that it is not a stable feature of Helm.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
George Jenkins
Scott Rigby
Ryan Nowak
Evans Mungai
Nathan Baulch
Sidharth Menon
Dirk Müller
Matt Farina
Andrew Block
Robert Sirchia
Matt Farina
Hidde Beydals
Antonio Gamez Diaz
Joe Julian
cuisongliu
Sanskar Jaiswal
Soule BA
Josh Dolitsky
Martin Hickey
David Peraza
Thomas Runyon
Matthew Fisher
Josh Dolitsky
Marc Khouzam