feat keyring supportting (#984)
* feat keyring supportting Signed-off-by: yxxhero <aiopsclub@163.com>
This commit is contained in:
yxxhero
GitHub
parent
c3292f141c
commit
803ff8d0ab
|
|
@ -149,6 +149,7 @@ type HelmSpec struct {
|
||||||
KubeContext string `yaml:"kubeContext,omitempty"`
|
KubeContext string `yaml:"kubeContext,omitempty"`
|
||||||
Args []string `yaml:"args,omitempty"`
|
Args []string `yaml:"args,omitempty"`
|
||||||
Verify bool `yaml:"verify"`
|
Verify bool `yaml:"verify"`
|
||||||
|
Keyring string `yaml:"keyring,omitempty"`
|
||||||
// EnableDNS, when set to true, enable DNS lookups when rendering templates
|
// EnableDNS, when set to true, enable DNS lookups when rendering templates
|
||||||
EnableDNS bool `yaml:"enableDNS"`
|
EnableDNS bool `yaml:"enableDNS"`
|
||||||
// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
|
// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
|
||||||
|
|
@ -199,6 +200,8 @@ type RepositorySpec struct {
|
||||||
Password string `yaml:"password,omitempty"`
|
Password string `yaml:"password,omitempty"`
|
||||||
Managed string `yaml:"managed,omitempty"`
|
Managed string `yaml:"managed,omitempty"`
|
||||||
OCI bool `yaml:"oci,omitempty"`
|
OCI bool `yaml:"oci,omitempty"`
|
||||||
|
Verify bool `yaml:"verify,omitempty"`
|
||||||
|
Keyring string `yaml:"keyring,omitempty"`
|
||||||
PassCredentials bool `yaml:"passCredentials,omitempty"`
|
PassCredentials bool `yaml:"passCredentials,omitempty"`
|
||||||
SkipTLSVerify bool `yaml:"skipTLSVerify,omitempty"`
|
SkipTLSVerify bool `yaml:"skipTLSVerify,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
@ -226,7 +229,8 @@ type ReleaseSpec struct {
|
||||||
Version string `yaml:"version,omitempty"`
|
Version string `yaml:"version,omitempty"`
|
||||||
// Verify enables signature verification on fetched chart.
|
// Verify enables signature verification on fetched chart.
|
||||||
// Beware some (or many?) chart repositories and charts don't seem to support it.
|
// Beware some (or many?) chart repositories and charts don't seem to support it.
|
||||||
Verify *bool `yaml:"verify,omitempty"`
|
Verify *bool `yaml:"verify,omitempty"`
|
||||||
|
Keyring string `yaml:"keyring,omitempty"`
|
||||||
// EnableDNS, when set to true, enable DNS lookups when rendering templates
|
// EnableDNS, when set to true, enable DNS lookups when rendering templates
|
||||||
EnableDNS *bool `yaml:"enableDNS,omitempty"`
|
EnableDNS *bool `yaml:"enableDNS,omitempty"`
|
||||||
// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
|
// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
|
||||||
|
|
@ -2447,6 +2451,18 @@ func (st *HelmState) appendConnectionFlags(flags []string, release *ReleaseSpec)
|
||||||
return flags
|
return flags
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// appendKeyringFlags append all the helm command-line flags related to keyring
|
||||||
|
func (st *HelmState) appendKeyringFlags(flags []string, release *ReleaseSpec) []string {
|
||||||
|
switch {
|
||||||
|
case release.Keyring != "":
|
||||||
|
flags = append(flags, "--keyring", release.Keyring)
|
||||||
|
case st.HelmDefaults.Keyring != "":
|
||||||
|
flags = append(flags, "--keyring", st.HelmDefaults.Keyring)
|
||||||
|
}
|
||||||
|
|
||||||
|
return flags
|
||||||
|
}
|
||||||
|
|
||||||
func (st *HelmState) kubeConnectionFlags(release *ReleaseSpec) []string {
|
func (st *HelmState) kubeConnectionFlags(release *ReleaseSpec) []string {
|
||||||
flags := []string{}
|
flags := []string{}
|
||||||
if release.KubeContext != "" {
|
if release.KubeContext != "" {
|
||||||
|
|
@ -2492,6 +2508,8 @@ func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSp
|
||||||
flags = append(flags, "--verify")
|
flags = append(flags, "--verify")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
flags = st.appendKeyringFlags(flags, release)
|
||||||
|
|
||||||
if release.EnableDNS != nil && *release.EnableDNS || release.EnableDNS == nil && st.HelmDefaults.EnableDNS {
|
if release.EnableDNS != nil && *release.EnableDNS || release.EnableDNS == nil && st.HelmDefaults.EnableDNS {
|
||||||
flags = append(flags, "--enable-dns")
|
flags = append(flags, "--enable-dns")
|
||||||
}
|
}
|
||||||
|
|
@ -3483,6 +3501,12 @@ func (st *HelmState) getOCIChart(release *ReleaseSpec, tempDir string, helm helm
|
||||||
if repo.SkipTLSVerify {
|
if repo.SkipTLSVerify {
|
||||||
flags = append(flags, "--insecure-skip-tls-verify")
|
flags = append(flags, "--insecure-skip-tls-verify")
|
||||||
}
|
}
|
||||||
|
if repo.Verify {
|
||||||
|
flags = append(flags, "--verify")
|
||||||
|
}
|
||||||
|
if repo.Keyring != "" {
|
||||||
|
flags = append(flags, "--keyring", repo.Keyring)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
err := helm.ChartPull(qualifiedChartName, chartPath, flags...)
|
err := helm.ChartPull(qualifiedChartName, chartPath, flags...)
|
||||||
|
|
|
||||||
|
|
@ -38,39 +38,39 @@ func TestGenerateID(t *testing.T) {
|
||||||
run(testcase{
|
run(testcase{
|
||||||
subject: "baseline",
|
subject: "baseline",
|
||||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
||||||
want: "foo-values-7884dc8d7c",
|
want: "foo-values-6749dfb776",
|
||||||
})
|
})
|
||||||
|
|
||||||
run(testcase{
|
run(testcase{
|
||||||
subject: "different bytes content",
|
subject: "different bytes content",
|
||||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
||||||
data: []byte(`{"k":"v"}`),
|
data: []byte(`{"k":"v"}`),
|
||||||
want: "foo-values-67d6bbf498",
|
want: "foo-values-84f9645959",
|
||||||
})
|
})
|
||||||
|
|
||||||
run(testcase{
|
run(testcase{
|
||||||
subject: "different map content",
|
subject: "different map content",
|
||||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
||||||
data: map[string]any{"k": "v"},
|
data: map[string]any{"k": "v"},
|
||||||
want: "foo-values-5d86d867b",
|
want: "foo-values-7774fccb4f",
|
||||||
})
|
})
|
||||||
|
|
||||||
run(testcase{
|
run(testcase{
|
||||||
subject: "different chart",
|
subject: "different chart",
|
||||||
release: ReleaseSpec{Name: "foo", Chart: "stable/envoy"},
|
release: ReleaseSpec{Name: "foo", Chart: "stable/envoy"},
|
||||||
want: "foo-values-5c47fc4b6d",
|
want: "foo-values-5cdf68c495",
|
||||||
})
|
})
|
||||||
|
|
||||||
run(testcase{
|
run(testcase{
|
||||||
subject: "different name",
|
subject: "different name",
|
||||||
release: ReleaseSpec{Name: "bar", Chart: "incubator/raw"},
|
release: ReleaseSpec{Name: "bar", Chart: "incubator/raw"},
|
||||||
want: "bar-values-7c87d9b8b",
|
want: "bar-values-758d78db87",
|
||||||
})
|
})
|
||||||
|
|
||||||
run(testcase{
|
run(testcase{
|
||||||
subject: "specific ns",
|
subject: "specific ns",
|
||||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw", Namespace: "myns"},
|
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw", Namespace: "myns"},
|
||||||
want: "myns-foo-values-7fbc456bb4",
|
want: "myns-foo-values-6888c4f5bf",
|
||||||
})
|
})
|
||||||
|
|
||||||
for id, n := range ids {
|
for id, n := range ids {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue