From 1ad426b338cf0c1c9a67bae0e5b4c54901c9d5ff Mon Sep 17 00:00:00 2001
From: Greg Burton <gburton@gmail.com>
Date: Sat, 10 Mar 2018 05:16:31 -0800
Subject: [PATCH] Support client certs when accessing remote repos (#47)

This is important for deployments where the chart repo is protected by client cert validation.

helmfile.yaml is extended to support `certFile` and `keyFile`:

```
 repositories:
   - name: roboll
     url: http://roboll.io/charts
    certFile: optional_client_cert
    keyFile: optional_client_key
```

Everything works the same if you don't provide values for them.

Regarding the implementation, the "helm repo add" command already supports the cert-file and key-file values, so we just have to pass them through.
---
 README.md            | 2 ++
 helmexec/exec.go     | 9 +++++++--
 helmexec/helmexec.go | 2 +-
 state/state.go       | 8 +++++---
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 516a6c4c..1bff311a 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,8 @@ The default helmfile is `helmfile.yaml`:
 repositories:
   - name: roboll
     url: http://roboll.io/charts
+    certFile: optional_client_cert
+    keyFile: optional_client_key
 
 context: kube-context					 # kube-context (--kube-context)
 
diff --git a/helmexec/exec.go b/helmexec/exec.go
index c92bab1c..a0d09a52 100644
--- a/helmexec/exec.go
+++ b/helmexec/exec.go
@@ -30,8 +30,13 @@ func (helm *execer) SetExtraArgs(args ...string) {
 	helm.extra = args
 }
 
-func (helm *execer) AddRepo(name, repository string) error {
-	out, err := helm.exec("repo", "add", name, repository)
+func (helm *execer) AddRepo(name, repository, certfile, keyfile string) error {
+	var args []string
+	args = append(args, "repo", "add", name, repository)
+	if certfile != "" && keyfile != "" {
+		args = append(args, "--cert-file", certfile, "--key-file", keyfile)
+	}
+	out, err := helm.exec(args...)
 	if helm.writer != nil {
 		helm.writer.Write(out)
 	}
diff --git a/helmexec/helmexec.go b/helmexec/helmexec.go
index 60b39796..0b370a90 100644
--- a/helmexec/helmexec.go
+++ b/helmexec/helmexec.go
@@ -3,7 +3,7 @@ package helmexec
 type Interface interface {
 	SetExtraArgs(args ...string)
 
-	AddRepo(name, repository string) error
+	AddRepo(name, repository, certfile, keyfile string) error
 	UpdateRepo() error
 
 	SyncRelease(name, chart string, flags ...string) error
diff --git a/state/state.go b/state/state.go
index 88fea926..1f570146 100644
--- a/state/state.go
+++ b/state/state.go
@@ -29,8 +29,10 @@ type HelmState struct {
 }
 
 type RepositorySpec struct {
-	Name string `yaml:"name"`
-	URL  string `yaml:"url"`
+	Name     string `yaml:"name"`
+	URL      string `yaml:"url"`
+	CertFile string `yaml:"certFile"`
+	KeyFile  string `yaml:"keyFile"`
 }
 
 type ReleaseSpec struct {
@@ -127,7 +129,7 @@ func (state *HelmState) SyncRepos(helm helmexec.Interface) []error {
 	errs := []error{}
 
 	for _, repo := range state.Repositories {
-		if err := helm.AddRepo(repo.Name, repo.URL); err != nil {
+		if err := helm.AddRepo(repo.Name, repo.URL, repo.CertFile, repo.KeyFile); err != nil {
 			errs = append(errs, err)
 		}
 	}