In the move to oras v2, an existing but empty registry config file
became an uncaught error. A missing file caused no error. This
change catches the error and works around it so that Helm can
continue to be fault tolerant to this issue.
Signed-off-by: Matt Farina <matt.farina@suse.com>
- The newReference() function transforms version tags by replacing + with _ for OCI compatibility
- But the code was using the original ref (with +) for TagBytes()
- Then it tries to find the tagged reference using parsedRef.String() (with _)
- This mismatch causes the Resolve method to fail with "not found"
- By using parsedRef.String() consistently in both places, the references will match and the lookup will succeed.
I extracted the TagBytes function to improve testability.
Push() includes several external calls that are hard to mock,
so isolating this logic makes testing more manageable.
Close: #30881
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
(cherry picked from commit f552b67230)
Helm 3.18.0 released an upgrade of ORAS from v1 to v2.
ORAS v2 correctly does not accept http/https scheme for registry login, while
ORAS v1 previously did. Even if v1 should not have, we want to preserve
backwards compatibility for Helm 3 users who pass the scheme.
This will be removed in Helm 4, where registry login will not accept http/https
scheme.
Co-authored-by: Andrew Block <andy.block@gmail.com>
Co-authored-by: Terry Howe <terrylhowe@gmail.com>
Signed-off-by: Scott Rigby <scott@r6by.com>
(cherry picked from commit c0f3ace52d)
Fixes: #12584
This change makes the authorizer and registryAuthorizer of the registry client configurable via options. This allows Go SDK users to override the authentication behavior of the client.
This PR makes both the authorizer and registryAuthorizer configurable because depending on the exact scenario that may be needed. The default registryAuthorizer only supports a specific implementation of the authorizer.
Signed-off-by: Ryan Nowak <nowakra@gmail.com>
When username/password parameters are passed in via the CLI
they are not passed down to the client handling requests to
OCI registries. This change ensures this happens
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
This reverts commit 4a27baaffc.
Note, PR #11129 was layered in along with this change so the revert
preserves this API addition.
Signed-off-by: Matt Farina <matt.farina@suse.com>
The assumption that either a username and/or password OR an error is
returned appears to be wrong, and results in an error later on which
looks something like the following:
```
failed to authorize: failed to fetch anonymous token: unexpected status
from GET request to https://auth.docker.io/token?scope=repository%3AXXX%2FYYY%3Apull&service=registry.docker.io:
401 Unauthorized
```
To mitigate this, confirm we actually have one of the values before
setting the `Authorization` header.
Co-authored-by: Joe Julian <me@joejulian.name>
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Add a new flag `--plain-http` to the following commands:
* `helm install`
* `helm pull`
* `helm push`
* `helm template`
* `helm upgrade`
* `helm show`
This flag instructs the registry client to use plain HTTP connections,
thus enabling upload/download of charts from OCI registries served at
an HTTP endpoint.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
At this time both Go 1.19 and 1.20 are supported. The version
specified in the go.mod file is the minimum version we expect Helm
to be compiled against. This is the oldest supported version to
support environments where others compile Helm. The Helm project
is using Go 1.20 to build Helm itself.
Updating to Go 1.19 also includes dealing with io/ioutil
deprecation and some additional linting issues around staticcheck.
All the staticcheck issues were in test files so linting was
skipped for those.
Signed-off-by: Matt Farina <matt.farina@suse.com>
If implemented, users will be able to use custom certificates and CA to
while interacting with OCI registries.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Exporting those fields enable 3rd party users to build their own mocked PullResult responses.
Related #10623
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
golint which is used as one of the sublinters in golangci-lint is deprecated.
It is replaced with revive which is a drop-in replacement.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Co-authored-by: Martin Mulholland <mmulholl@redhat.com>
This adds a new `gates` package used for interacting with feature gates. It also marks the OCI registry work as experimental, signalling to users that it is not a stable feature of Helm.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* set custom manifest config media type
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
* use v1 for manifest schema
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
* remove unneeded debug flag
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
* update to new config media type
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Terry Howe
Matt Farina
Brandt Keller
Brandt Keller
Benoit Tigeot
Scott Rigby
George Jenkins
Ryan Nowak
Evans Mungai
Andrew Block
Robert Sirchia
Matt Farina
Hidde Beydals
Antonio Gamez Diaz
Joe Julian
cuisongliu
Sanskar Jaiswal
Soule BA
Josh Dolitsky
Martin Hickey
Thomas Runyon
Matthew Fisher
Josh Dolitsky