From 803ff8d0abbeca82ae0d78fdeb51a115773fb153 Mon Sep 17 00:00:00 2001
From: yxxhero <11087727+yxxhero@users.noreply.github.com>
Date: Wed, 23 Aug 2023 10:00:45 +0800
Subject: [PATCH] feat keyring supportting (#984)

* feat keyring supportting

Signed-off-by: yxxhero <aiopsclub@163.com>
---
 pkg/state/state.go     | 26 +++++++++++++++++++++++++-
 pkg/state/temp_test.go | 12 ++++++------
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/pkg/state/state.go b/pkg/state/state.go
index 13344b08..05cbb914 100644
--- a/pkg/state/state.go
+++ b/pkg/state/state.go
@@ -149,6 +149,7 @@ type HelmSpec struct {
 	KubeContext string   `yaml:"kubeContext,omitempty"`
 	Args        []string `yaml:"args,omitempty"`
 	Verify      bool     `yaml:"verify"`
+	Keyring     string   `yaml:"keyring,omitempty"`
 	// EnableDNS, when set to true, enable DNS lookups when rendering templates
 	EnableDNS bool `yaml:"enableDNS"`
 	// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
@@ -199,6 +200,8 @@ type RepositorySpec struct {
 	Password        string `yaml:"password,omitempty"`
 	Managed         string `yaml:"managed,omitempty"`
 	OCI             bool   `yaml:"oci,omitempty"`
+	Verify          bool   `yaml:"verify,omitempty"`
+	Keyring         string `yaml:"keyring,omitempty"`
 	PassCredentials bool   `yaml:"passCredentials,omitempty"`
 	SkipTLSVerify   bool   `yaml:"skipTLSVerify,omitempty"`
 }
@@ -226,7 +229,8 @@ type ReleaseSpec struct {
 	Version string `yaml:"version,omitempty"`
 	// Verify enables signature verification on fetched chart.
 	// Beware some (or many?) chart repositories and charts don't seem to support it.
-	Verify *bool `yaml:"verify,omitempty"`
+	Verify  *bool  `yaml:"verify,omitempty"`
+	Keyring string `yaml:"keyring,omitempty"`
 	// EnableDNS, when set to true, enable DNS lookups when rendering templates
 	EnableDNS *bool `yaml:"enableDNS,omitempty"`
 	// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
@@ -2447,6 +2451,18 @@ func (st *HelmState) appendConnectionFlags(flags []string, release *ReleaseSpec)
 	return flags
 }
 
+// appendKeyringFlags append all the helm command-line flags related to keyring
+func (st *HelmState) appendKeyringFlags(flags []string, release *ReleaseSpec) []string {
+	switch {
+	case release.Keyring != "":
+		flags = append(flags, "--keyring", release.Keyring)
+	case st.HelmDefaults.Keyring != "":
+		flags = append(flags, "--keyring", st.HelmDefaults.Keyring)
+	}
+
+	return flags
+}
+
 func (st *HelmState) kubeConnectionFlags(release *ReleaseSpec) []string {
 	flags := []string{}
 	if release.KubeContext != "" {
@@ -2492,6 +2508,8 @@ func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSp
 		flags = append(flags, "--verify")
 	}
 
+	flags = st.appendKeyringFlags(flags, release)
+
 	if release.EnableDNS != nil && *release.EnableDNS || release.EnableDNS == nil && st.HelmDefaults.EnableDNS {
 		flags = append(flags, "--enable-dns")
 	}
@@ -3483,6 +3501,12 @@ func (st *HelmState) getOCIChart(release *ReleaseSpec, tempDir string, helm helm
 			if repo.SkipTLSVerify {
 				flags = append(flags, "--insecure-skip-tls-verify")
 			}
+			if repo.Verify {
+				flags = append(flags, "--verify")
+			}
+			if repo.Keyring != "" {
+				flags = append(flags, "--keyring", repo.Keyring)
+			}
 		}
 
 		err := helm.ChartPull(qualifiedChartName, chartPath, flags...)
diff --git a/pkg/state/temp_test.go b/pkg/state/temp_test.go
index 283d95e6..654c00bd 100644
--- a/pkg/state/temp_test.go
+++ b/pkg/state/temp_test.go
@@ -38,39 +38,39 @@ func TestGenerateID(t *testing.T) {
 	run(testcase{
 		subject: "baseline",
 		release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
-		want:    "foo-values-7884dc8d7c",
+		want:    "foo-values-6749dfb776",
 	})
 
 	run(testcase{
 		subject: "different bytes content",
 		release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
 		data:    []byte(`{"k":"v"}`),
-		want:    "foo-values-67d6bbf498",
+		want:    "foo-values-84f9645959",
 	})
 
 	run(testcase{
 		subject: "different map content",
 		release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
 		data:    map[string]any{"k": "v"},
-		want:    "foo-values-5d86d867b",
+		want:    "foo-values-7774fccb4f",
 	})
 
 	run(testcase{
 		subject: "different chart",
 		release: ReleaseSpec{Name: "foo", Chart: "stable/envoy"},
-		want:    "foo-values-5c47fc4b6d",
+		want:    "foo-values-5cdf68c495",
 	})
 
 	run(testcase{
 		subject: "different name",
 		release: ReleaseSpec{Name: "bar", Chart: "incubator/raw"},
-		want:    "bar-values-7c87d9b8b",
+		want:    "bar-values-758d78db87",
 	})
 
 	run(testcase{
 		subject: "specific ns",
 		release: ReleaseSpec{Name: "foo", Chart: "incubator/raw", Namespace: "myns"},
-		want:    "myns-foo-values-7fbc456bb4",
+		want:    "myns-foo-values-6888c4f5bf",
 	})
 
 	for id, n := range ids {