public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add support for --insecure-skip-tls-verify flag on helm repo add command (#1990) 

Parses a new field in repositories named `skipTLSVerify` and if set to `true`, it appends `--insecure-skip-tls-verify` in `helm repo add` command.

This should be useful with internal self-signed repos, mitm proxies etc.

Resolves #1871
This commit is contained in:
Babis K 2021-12-21 02:18:57 +02:00 committed by GitHub
parent 1986cb37aa
commit d34dc7bb64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 60 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -68,6 +68,10 @@ repositories:
- name: insecure - name: insecure
url: https://charts.my-insecure-domain.com url: https://charts.my-insecure-domain.com
caFile: optional_ca_crt caFile: optional_ca_crt
# Advanced configuration: You can skip the verification of TLS for an https repo
- name: skipTLS
url: https://ss.my-insecure-domain.com
skipTLSVerify: true
# context: kube-context # this directive is deprecated, please consider using helmDefaults.kubeContext # context: kube-context # this directive is deprecated, please consider using helmDefaults.kubeContext

2
pkg/app/app_test.go
View File

@ -2554,7 +2554,7 @@ func (helm *mockHelmExec) SetExtraArgs(args ...string) {
func (helm *mockHelmExec) SetHelmBinary(bin string) { func (helm *mockHelmExec) SetHelmBinary(bin string) {
return return
} }
func (helm *mockHelmExec) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string) error { func (helm *mockHelmExec) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string, skipTLSVerify string) error {
helm.repos = append(helm.repos, mockRepo{Name: name}) helm.repos = append(helm.repos, mockRepo{Name: name})
return nil return nil
} }

2
pkg/app/mocks_test.go
View File

@ -48,7 +48,7 @@ func (helm *noCallHelmExec) SetHelmBinary(bin string) {
helm.doPanic() helm.doPanic()
return return
} }
func (helm *noCallHelmExec) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string) error { func (helm *noCallHelmExec) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string, skipTLSVerify string) error {
helm.doPanic() helm.doPanic()
return nil return nil
} }

4
pkg/exectest/helm.go
View File

@ -84,8 +84,8 @@ func (helm *Helm) SetExtraArgs(args ...string) {
func (helm *Helm) SetHelmBinary(bin string) { func (helm *Helm) SetHelmBinary(bin string) {
return return
} }
func (helm *Helm) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string) error { func (helm *Helm) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string, skipTLSVerify string) error {
helm.Repo = []string{name, repository, cafile, certfile, keyfile, username, password, managed, passCredentials} helm.Repo = []string{name, repository, cafile, certfile, keyfile, username, password, managed, passCredentials, skipTLSVerify}
return nil return nil
} }
func (helm *Helm) UpdateRepo() error { func (helm *Helm) UpdateRepo() error {

5
pkg/helmexec/exec.go
View File

@ -108,7 +108,7 @@ func (helm *execer) SetHelmBinary(bin string) {
helm.helmBinary = bin helm.helmBinary = bin
} }
func (helm *execer) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string) error { func (helm *execer) AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string, skipTLSVerify string) error {
var args []string var args []string
var out []byte var out []byte
var err error var err error
@ -144,6 +144,9 @@ func (helm *execer) AddRepo(name, repository, cafile, certfile, keyfile, usernam
if passCredentials == "true" { if passCredentials == "true" {
args = append(args, "--pass-credentials") args = append(args, "--pass-credentials")
} }
if skipTLSVerify == "true" {
args = append(args, "--insecure-skip-tls-verify")
}
helm.logger.Infof("Adding repo %v %v", name, repository) helm.logger.Infof("Adding repo %v %v", name, repository)
out, err = helm.exec(args, map[string]string{}) out, err = helm.exec(args, map[string]string{})
default: default:

26
pkg/helmexec/exec_test.go
View File

@ -89,7 +89,7 @@ func Test_AddRepo_Helm_3_3_2(t *testing.T) {
kubeContext: "dev", kubeContext: "dev",
runner: &mockRunner{}, runner: &mockRunner{},
} }
helm.AddRepo("myRepo", "https://repo.example.com/", "", "cert.pem", "key.pem", "", "", "", "") helm.AddRepo("myRepo", "https://repo.example.com/", "", "cert.pem", "key.pem", "", "", "", "", "")
expected := `Adding repo myRepo https://repo.example.com/ expected := `Adding repo myRepo https://repo.example.com/
exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --force-update --cert-file cert.pem --key-file key.pem exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --force-update --cert-file cert.pem --key-file key.pem
` `
@ -102,7 +102,7 @@ func Test_AddRepo(t *testing.T) {
var buffer bytes.Buffer var buffer bytes.Buffer
logger := NewLogger(&buffer, "debug") logger := NewLogger(&buffer, "debug")
helm := MockExecer(logger, "dev") helm := MockExecer(logger, "dev")
helm.AddRepo("myRepo", "https://repo.example.com/", "", "cert.pem", "key.pem", "", "", "", "") helm.AddRepo("myRepo", "https://repo.example.com/", "", "cert.pem", "key.pem", "", "", "", "", "")
expected := `Adding repo myRepo https://repo.example.com/ expected := `Adding repo myRepo https://repo.example.com/
exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --cert-file cert.pem --key-file key.pem exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --cert-file cert.pem --key-file key.pem
` `
@ -111,7 +111,7 @@ exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --cert-f
} }
buffer.Reset() buffer.Reset()
helm.AddRepo("myRepo", "https://repo.example.com/", "ca.crt", "", "", "", "", "", "") helm.AddRepo("myRepo", "https://repo.example.com/", "ca.crt", "", "", "", "", "", "", "")
expected = `Adding repo myRepo https://repo.example.com/ expected = `Adding repo myRepo https://repo.example.com/
exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --ca-file ca.crt exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --ca-file ca.crt
` `
@ -120,7 +120,7 @@ exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --ca-fil
} }
buffer.Reset() buffer.Reset()
helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "", "", "", "") helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "", "", "", "", "")
expected = `Adding repo myRepo https://repo.example.com/ expected = `Adding repo myRepo https://repo.example.com/
exec: helm --kube-context dev repo add myRepo https://repo.example.com/ exec: helm --kube-context dev repo add myRepo https://repo.example.com/
` `
@ -129,7 +129,7 @@ exec: helm --kube-context dev repo add myRepo https://repo.example.com/
} }
buffer.Reset() buffer.Reset()
helm.AddRepo("acrRepo", "", "", "", "", "", "", "acr", "") helm.AddRepo("acrRepo", "", "", "", "", "", "", "acr", "", "")
expected = `Adding repo acrRepo (acr) expected = `Adding repo acrRepo (acr)
exec: az acr helm repo add --name acrRepo exec: az acr helm repo add --name acrRepo
exec: az acr helm repo add --name acrRepo: exec: az acr helm repo add --name acrRepo:
@ -139,7 +139,7 @@ exec: az acr helm repo add --name acrRepo:
} }
buffer.Reset() buffer.Reset()
helm.AddRepo("otherRepo", "", "", "", "", "", "", "unknown", "") helm.AddRepo("otherRepo", "", "", "", "", "", "", "unknown", "", "")
expected = `ERROR: unknown type 'unknown' for repository otherRepo expected = `ERROR: unknown type 'unknown' for repository otherRepo
` `
if buffer.String() != expected { if buffer.String() != expected {
@ -147,7 +147,7 @@ exec: az acr helm repo add --name acrRepo:
} }
buffer.Reset() buffer.Reset()
helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "example_user", "example_password", "", "") helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "example_user", "example_password", "", "", "")
expected = `Adding repo myRepo https://repo.example.com/ expected = `Adding repo myRepo https://repo.example.com/
exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --username example_user --password example_password exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --username example_user --password example_password
` `
@ -156,7 +156,7 @@ exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --userna
} }
buffer.Reset() buffer.Reset()
helm.AddRepo("", "https://repo.example.com/", "", "", "", "", "", "", "") helm.AddRepo("", "https://repo.example.com/", "", "", "", "", "", "", "", "")
expected = `empty field name expected = `empty field name
` `
@ -165,7 +165,7 @@ exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --userna
} }
buffer.Reset() buffer.Reset()
helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "example_user", "example_password", "", "true") helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "example_user", "example_password", "", "true", "")
expected = `Adding repo myRepo https://repo.example.com/ expected = `Adding repo myRepo https://repo.example.com/
exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --username example_user --password example_password --pass-credentials exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --username example_user --password example_password --pass-credentials
` `
@ -173,6 +173,12 @@ exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --userna
t.Errorf("helmexec.AddRepo()\nactual = %v\nexpect = %v", buffer.String(), expected) t.Errorf("helmexec.AddRepo()\nactual = %v\nexpect = %v", buffer.String(), expected)
} }
buffer.Reset()
helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "", "", "", "", "true")
expected = `Adding repo myRepo https://repo.example.com/
exec: helm --kube-context dev repo add myRepo https://repo.example.com/ --insecure-skip-tls-verify
`
} }
func Test_UpdateRepo(t *testing.T) { func Test_UpdateRepo(t *testing.T) {
@ -516,7 +522,7 @@ func Test_LogLevels(t *testing.T) {
buffer.Reset() buffer.Reset()
logger := NewLogger(&buffer, logLevel) logger := NewLogger(&buffer, logLevel)
helm := MockExecer(logger, "") helm := MockExecer(logger, "")
helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "example_user", "example_password", "", "") helm.AddRepo("myRepo", "https://repo.example.com/", "", "", "", "example_user", "example_password", "", "", "")
if buffer.String() != expected { if buffer.String() != expected {
t.Errorf("helmexec.AddRepo()\nactual = %v\nexpect = %v", buffer.String(), expected) t.Errorf("helmexec.AddRepo()\nactual = %v\nexpect = %v", buffer.String(), expected)
} }

2
pkg/helmexec/helmexec.go
View File

@ -12,7 +12,7 @@ type Interface interface {
SetExtraArgs(args ...string) SetExtraArgs(args ...string)
SetHelmBinary(bin string) SetHelmBinary(bin string)
AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string) error AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string, skipTLSVerify string) error
UpdateRepo() error UpdateRepo() error
RegistryLogin(name string, username string, password string) error RegistryLogin(name string, username string, password string) error
BuildDeps(name, chart string) error BuildDeps(name, chart string) error

5
pkg/state/state.go
View File

@ -173,6 +173,7 @@ type RepositorySpec struct {
Managed string `yaml:"managed,omitempty"` Managed string `yaml:"managed,omitempty"`
OCI bool `yaml:"oci,omitempty"` OCI bool `yaml:"oci,omitempty"`
PassCredentials string `yaml:"passCredentials,omitempty"` PassCredentials string `yaml:"passCredentials,omitempty"`
SkipTLSVerify string `yaml:"skipTLSVerify,omitempty"`
} }
// ReleaseSpec defines the structure of a helm release // ReleaseSpec defines the structure of a helm release
@ -393,7 +394,7 @@ func (st *HelmState) ApplyOverrides(spec *ReleaseSpec) {
type RepoUpdater interface { type RepoUpdater interface {
IsHelm3() bool IsHelm3() bool
AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string) error AddRepo(name, repository, cafile, certfile, keyfile, username, password string, managed string, passCredentials string, skipTLSVerify string) error
UpdateRepo() error UpdateRepo() error
RegistryLogin(name string, username string, password string) error RegistryLogin(name string, username string, password string) error
} }
@ -412,7 +413,7 @@ func (st *HelmState) SyncRepos(helm RepoUpdater, shouldSkip map[string]bool) ([]
err = helm.RegistryLogin(repo.URL, username, password) err = helm.RegistryLogin(repo.URL, username, password)
} }
} else { } else {
err = helm.AddRepo(repo.Name, repo.URL, repo.CaFile, repo.CertFile, repo.KeyFile, repo.Username, repo.Password, repo.Managed, repo.PassCredentials) err = helm.AddRepo(repo.Name, repo.URL, repo.CaFile, repo.CertFile, repo.KeyFile, repo.Username, repo.Password, repo.Managed, repo.PassCredentials, repo.SkipTLSVerify)
} }
if err != nil { if err != nil {

34
pkg/state/state_test.go
View File

@ -890,10 +890,11 @@ func TestHelmState_SyncRepos(t *testing.T) {
Username: "", Username: "",
Password: "", Password: "",
PassCredentials: "", PassCredentials: "",
SkipTLSVerify: "",
}, },
}, },
helm: &exectest.Helm{}, helm: &exectest.Helm{},
want: []string{"name", "http://example.com/", "", "", "", "", "", "", ""}, want: []string{"name", "http://example.com/", "", "", "", "", "", "", "", ""},
}, },
{ {
name: "ACR hosted repository", name: "ACR hosted repository",
@ -904,7 +905,7 @@ func TestHelmState_SyncRepos(t *testing.T) {
}, },
}, },
helm: &exectest.Helm{}, helm: &exectest.Helm{},
want: []string{"name", "", "", "", "", "", "", "acr", ""}, want: []string{"name", "", "", "", "", "", "", "acr", "", ""},
}, },
{ {
name: "repository with cert and key", name: "repository with cert and key",
@ -917,10 +918,11 @@ func TestHelmState_SyncRepos(t *testing.T) {
Username: "", Username: "",
Password: "", Password: "",
PassCredentials: "", PassCredentials: "",
SkipTLSVerify: "",
}, },
}, },
helm: &exectest.Helm{}, helm: &exectest.Helm{},
want: []string{"name", "http://example.com/", "", "certfile", "keyfile", "", "", "", ""}, want: []string{"name", "http://example.com/", "", "certfile", "keyfile", "", "", "", "", ""},
}, },
{ {
name: "repository with ca file", name: "repository with ca file",
@ -932,10 +934,11 @@ func TestHelmState_SyncRepos(t *testing.T) {
Username: "", Username: "",
Password: "", Password: "",
PassCredentials: "", PassCredentials: "",
SkipTLSVerify: "",
}, },
}, },
helm: &exectest.Helm{}, helm: &exectest.Helm{},
want: []string{"name", "http://example.com/", "cafile", "", "", "", "", "", ""}, want: []string{"name", "http://example.com/", "cafile", "", "", "", "", "", "", ""},
}, },
{ {
name: "repository with username and password", name: "repository with username and password",
@ -948,10 +951,11 @@ func TestHelmState_SyncRepos(t *testing.T) {
Username: "example_user", Username: "example_user",
Password: "example_password", Password: "example_password",
PassCredentials: "", PassCredentials: "",
SkipTLSVerify: "",
}, },
}, },
helm: &exectest.Helm{}, helm: &exectest.Helm{},
want: []string{"name", "http://example.com/", "", "", "", "example_user", "example_password", "", ""}, want: []string{"name", "http://example.com/", "", "", "", "example_user", "example_password", "", "", ""},
}, },
{ {
name: "repository with username and password and pass-credentials", name: "repository with username and password and pass-credentials",
@ -964,10 +968,28 @@ func TestHelmState_SyncRepos(t *testing.T) {
Username: "example_user", Username: "example_user",
Password: "example_password", Password: "example_password",
PassCredentials: "true", PassCredentials: "true",
SkipTLSVerify: "",
}, },
}, },
helm: &exectest.Helm{}, helm: &exectest.Helm{},
want: []string{"name", "http://example.com/", "", "", "", "example_user", "example_password", "", "true"}, want: []string{"name", "http://example.com/", "", "", "", "example_user", "example_password", "", "true", ""},
},
{
name: "repository with skip-tls-verify",
repos: []RepositorySpec{
{
Name: "name",
URL: "http://example.com/",
CertFile: "",
KeyFile: "",
Username: "",
Password: "",
PassCredentials: "",
SkipTLSVerify: "true",
},
},
helm: &exectest.Helm{},
want: []string{"name", "http://example.com/", "", "", "", "", "", "", "", "true"},
}, },
} }
for i := range tests { for i := range tests {