feat keyring supportting (#984)
* feat keyring supportting Signed-off-by: yxxhero <aiopsclub@163.com>
This commit is contained in:
yxxhero
GitHub
parent
c3292f141c
commit
803ff8d0ab
|
|
@ -149,6 +149,7 @@ type HelmSpec struct {
|
|||
KubeContext string `yaml:"kubeContext,omitempty"`
|
||||
Args []string `yaml:"args,omitempty"`
|
||||
Verify bool `yaml:"verify"`
|
||||
Keyring string `yaml:"keyring,omitempty"`
|
||||
// EnableDNS, when set to true, enable DNS lookups when rendering templates
|
||||
EnableDNS bool `yaml:"enableDNS"`
|
||||
// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
|
||||
|
|
@ -199,6 +200,8 @@ type RepositorySpec struct {
|
|||
Password string `yaml:"password,omitempty"`
|
||||
Managed string `yaml:"managed,omitempty"`
|
||||
OCI bool `yaml:"oci,omitempty"`
|
||||
Verify bool `yaml:"verify,omitempty"`
|
||||
Keyring string `yaml:"keyring,omitempty"`
|
||||
PassCredentials bool `yaml:"passCredentials,omitempty"`
|
||||
SkipTLSVerify bool `yaml:"skipTLSVerify,omitempty"`
|
||||
}
|
||||
|
|
@ -227,6 +230,7 @@ type ReleaseSpec struct {
|
|||
// Verify enables signature verification on fetched chart.
|
||||
// Beware some (or many?) chart repositories and charts don't seem to support it.
|
||||
Verify *bool `yaml:"verify,omitempty"`
|
||||
Keyring string `yaml:"keyring,omitempty"`
|
||||
// EnableDNS, when set to true, enable DNS lookups when rendering templates
|
||||
EnableDNS *bool `yaml:"enableDNS,omitempty"`
|
||||
// Devel, when set to true, use development versions, too. Equivalent to version '>0.0.0-0'
|
||||
|
|
@ -2447,6 +2451,18 @@ func (st *HelmState) appendConnectionFlags(flags []string, release *ReleaseSpec)
|
|||
return flags
|
||||
}
|
||||
|
||||
// appendKeyringFlags append all the helm command-line flags related to keyring
|
||||
func (st *HelmState) appendKeyringFlags(flags []string, release *ReleaseSpec) []string {
|
||||
switch {
|
||||
case release.Keyring != "":
|
||||
flags = append(flags, "--keyring", release.Keyring)
|
||||
case st.HelmDefaults.Keyring != "":
|
||||
flags = append(flags, "--keyring", st.HelmDefaults.Keyring)
|
||||
}
|
||||
|
||||
return flags
|
||||
}
|
||||
|
||||
func (st *HelmState) kubeConnectionFlags(release *ReleaseSpec) []string {
|
||||
flags := []string{}
|
||||
if release.KubeContext != "" {
|
||||
|
|
@ -2492,6 +2508,8 @@ func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSp
|
|||
flags = append(flags, "--verify")
|
||||
}
|
||||
|
||||
flags = st.appendKeyringFlags(flags, release)
|
||||
|
||||
if release.EnableDNS != nil && *release.EnableDNS || release.EnableDNS == nil && st.HelmDefaults.EnableDNS {
|
||||
flags = append(flags, "--enable-dns")
|
||||
}
|
||||
|
|
@ -3483,6 +3501,12 @@ func (st *HelmState) getOCIChart(release *ReleaseSpec, tempDir string, helm helm
|
|||
if repo.SkipTLSVerify {
|
||||
flags = append(flags, "--insecure-skip-tls-verify")
|
||||
}
|
||||
if repo.Verify {
|
||||
flags = append(flags, "--verify")
|
||||
}
|
||||
if repo.Keyring != "" {
|
||||
flags = append(flags, "--keyring", repo.Keyring)
|
||||
}
|
||||
}
|
||||
|
||||
err := helm.ChartPull(qualifiedChartName, chartPath, flags...)
|
||||
|
|
|
|||
|
|
@ -38,39 +38,39 @@ func TestGenerateID(t *testing.T) {
|
|||
run(testcase{
|
||||
subject: "baseline",
|
||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
||||
want: "foo-values-7884dc8d7c",
|
||||
want: "foo-values-6749dfb776",
|
||||
})
|
||||
|
||||
run(testcase{
|
||||
subject: "different bytes content",
|
||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
||||
data: []byte(`{"k":"v"}`),
|
||||
want: "foo-values-67d6bbf498",
|
||||
want: "foo-values-84f9645959",
|
||||
})
|
||||
|
||||
run(testcase{
|
||||
subject: "different map content",
|
||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw"},
|
||||
data: map[string]any{"k": "v"},
|
||||
want: "foo-values-5d86d867b",
|
||||
want: "foo-values-7774fccb4f",
|
||||
})
|
||||
|
||||
run(testcase{
|
||||
subject: "different chart",
|
||||
release: ReleaseSpec{Name: "foo", Chart: "stable/envoy"},
|
||||
want: "foo-values-5c47fc4b6d",
|
||||
want: "foo-values-5cdf68c495",
|
||||
})
|
||||
|
||||
run(testcase{
|
||||
subject: "different name",
|
||||
release: ReleaseSpec{Name: "bar", Chart: "incubator/raw"},
|
||||
want: "bar-values-7c87d9b8b",
|
||||
want: "bar-values-758d78db87",
|
||||
})
|
||||
|
||||
run(testcase{
|
||||
subject: "specific ns",
|
||||
release: ReleaseSpec{Name: "foo", Chart: "incubator/raw", Namespace: "myns"},
|
||||
want: "myns-foo-values-7fbc456bb4",
|
||||
want: "myns-foo-values-6888c4f5bf",
|
||||
})
|
||||
|
||||
for id, n := range ids {
|
||||
|
|
|
|||
Loading…
Reference in New Issue