mirror of https://github.com/helm/helm
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
192 lines
5.3 KiB
192 lines
5.3 KiB
/*
|
|
Copyright The Helm Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package action
|
|
|
|
import (
|
|
"fmt"
|
|
"log/slog"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
chartutil "helm.sh/helm/v4/pkg/chart/v2/util"
|
|
"helm.sh/helm/v4/pkg/cli"
|
|
"helm.sh/helm/v4/pkg/downloader"
|
|
"helm.sh/helm/v4/pkg/getter"
|
|
"helm.sh/helm/v4/pkg/registry"
|
|
"helm.sh/helm/v4/pkg/repo/v1"
|
|
)
|
|
|
|
// Pull is the action for checking a given release's information.
|
|
//
|
|
// It provides the implementation of 'helm pull'.
|
|
type Pull struct {
|
|
ChartPathOptions
|
|
|
|
Settings *cli.EnvSettings // TODO: refactor this out of pkg/action
|
|
|
|
Devel bool
|
|
Untar bool
|
|
VerifyLater bool
|
|
UntarDir string
|
|
DestDir string
|
|
cfg *Configuration
|
|
}
|
|
|
|
type PullOpt func(*Pull)
|
|
|
|
func WithConfig(cfg *Configuration) PullOpt {
|
|
return func(p *Pull) {
|
|
p.cfg = cfg
|
|
}
|
|
}
|
|
|
|
// NewPull creates a new Pull with configuration options.
|
|
func NewPull(opts ...PullOpt) *Pull {
|
|
p := &Pull{}
|
|
for _, fn := range opts {
|
|
fn(p)
|
|
}
|
|
|
|
return p
|
|
}
|
|
|
|
// SetRegistryClient sets the registry client on the pull configuration object.
|
|
func (p *Pull) SetRegistryClient(client *registry.Client) {
|
|
p.cfg.RegistryClient = client
|
|
}
|
|
|
|
// Run executes 'helm pull' against the given release.
|
|
func (p *Pull) Run(chartRef string) (string, error) {
|
|
var out strings.Builder
|
|
|
|
// If the repository URL is set via CLI (--repo), but neither a username nor
|
|
// password are set for a pull request, check if the repository credentials
|
|
// are already stored in helm's repository config.
|
|
if p.RepoURL != "" && p.Username == "" && p.Password == "" {
|
|
f, err := repo.LoadFile(p.Settings.RepositoryConfig)
|
|
if err != nil {
|
|
return out.String(), fmt.Errorf("failed to load repository config %q: %w", p.Settings.RepositoryConfig, err)
|
|
}
|
|
if repoEntry := f.GetByURL(p.RepoURL); repoEntry != nil {
|
|
slog.Debug("Using credentials from repository config")
|
|
p.Username = repoEntry.Username
|
|
p.Password = repoEntry.Password
|
|
}
|
|
}
|
|
|
|
c := downloader.ChartDownloader{
|
|
Out: &out,
|
|
Keyring: p.Keyring,
|
|
Verify: downloader.VerifyNever,
|
|
Getters: getter.All(p.Settings),
|
|
Options: []getter.Option{
|
|
getter.WithBasicAuth(p.Username, p.Password),
|
|
getter.WithPassCredentialsAll(p.PassCredentialsAll),
|
|
getter.WithTLSClientConfig(p.CertFile, p.KeyFile, p.CaFile),
|
|
getter.WithInsecureSkipVerifyTLS(p.InsecureSkipTLSVerify),
|
|
getter.WithPlainHTTP(p.PlainHTTP),
|
|
},
|
|
RegistryClient: p.cfg.RegistryClient,
|
|
RepositoryConfig: p.Settings.RepositoryConfig,
|
|
RepositoryCache: p.Settings.RepositoryCache,
|
|
ContentCache: p.Settings.ContentCache,
|
|
}
|
|
|
|
if registry.IsOCI(chartRef) {
|
|
c.Options = append(c.Options,
|
|
getter.WithRegistryClient(p.cfg.RegistryClient))
|
|
c.RegistryClient = p.cfg.RegistryClient
|
|
}
|
|
|
|
if p.Verify {
|
|
c.Verify = downloader.VerifyAlways
|
|
} else if p.VerifyLater {
|
|
c.Verify = downloader.VerifyLater
|
|
}
|
|
|
|
// If untar is set, we fetch to a tempdir, then untar and copy after
|
|
// verification.
|
|
dest := p.DestDir
|
|
if p.Untar {
|
|
var err error
|
|
dest, err = os.MkdirTemp("", "helm-")
|
|
if err != nil {
|
|
return out.String(), fmt.Errorf("failed to untar: %w", err)
|
|
}
|
|
defer os.RemoveAll(dest)
|
|
}
|
|
|
|
downloadSourceRef := chartRef
|
|
if p.RepoURL != "" {
|
|
chartURL, err := repo.FindChartInRepoURL(
|
|
p.RepoURL,
|
|
chartRef,
|
|
getter.All(p.Settings),
|
|
repo.WithChartVersion(p.Version),
|
|
repo.WithClientTLS(p.CertFile, p.KeyFile, p.CaFile),
|
|
repo.WithUsernamePassword(p.Username, p.Password),
|
|
repo.WithInsecureSkipTLSVerify(p.InsecureSkipTLSVerify),
|
|
repo.WithPassCredentialsAll(p.PassCredentialsAll),
|
|
)
|
|
if err != nil {
|
|
return out.String(), err
|
|
}
|
|
downloadSourceRef = chartURL
|
|
}
|
|
|
|
saved, v, err := c.DownloadTo(downloadSourceRef, p.Version, dest)
|
|
if err != nil {
|
|
return out.String(), err
|
|
}
|
|
|
|
if p.Verify {
|
|
for name := range v.SignedBy.Identities {
|
|
fmt.Fprintf(&out, "Signed by: %v\n", name)
|
|
}
|
|
fmt.Fprintf(&out, "Using Key With Fingerprint: %X\n", v.SignedBy.PrimaryKey.Fingerprint)
|
|
fmt.Fprintf(&out, "Chart Hash Verified: %s\n", v.FileHash)
|
|
}
|
|
|
|
// After verification, untar the chart into the requested directory.
|
|
if p.Untar {
|
|
ud := p.UntarDir
|
|
if !filepath.IsAbs(ud) {
|
|
ud = filepath.Join(p.DestDir, ud)
|
|
}
|
|
// Let udCheck to check conflict file/dir without replacing ud when untarDir is the current directory(.).
|
|
udCheck := ud
|
|
if udCheck == "." {
|
|
_, udCheck = filepath.Split(chartRef)
|
|
} else {
|
|
_, chartName := filepath.Split(chartRef)
|
|
udCheck = filepath.Join(udCheck, chartName)
|
|
}
|
|
|
|
if _, err := os.Stat(udCheck); err != nil {
|
|
if err := os.MkdirAll(udCheck, 0755); err != nil {
|
|
return out.String(), fmt.Errorf("failed to untar (mkdir): %w", err)
|
|
}
|
|
} else {
|
|
return out.String(), fmt.Errorf("failed to untar: a file or directory with the name %s already exists", udCheck)
|
|
}
|
|
|
|
return out.String(), chartutil.ExpandFile(ud, saved)
|
|
}
|
|
return out.String(), nil
|
|
}
|