Merge pull request #214 from Praqma/feature/basic-auth-repos

support basic auth for helm repos. fixes #211
Praqma · Mar 12, 2019 · 42c3c5d · 42c3c5d
2 parents 0f9c5cd + 4198c7d
commit 42c3c5d
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 11 deletions.
diff --git a/example.toml b/example.toml
@@ -63,6 +63,7 @@
   incubator = "http://storage.googleapis.com/kubernetes-charts-incubator"
 #  myS3repo = "s3://my-S3-private-repo/charts"
 #  myGCSrepo = "gs://my-GCS-private-repo/charts"
+#  custom = "https://user:[email protected]"
 
 
 # define the desired state of your applications helm charts

diff --git a/example.yaml b/example.yaml
@@ -57,6 +57,7 @@ helmRepos:
   incubator: "http://storage.googleapis.com/kubernetes-charts-incubator"
   #myS3repo: "s3://my-S3-private-repo/charts"
   #myGCSrepo: "gs://my-GCS-private-repo/charts"
+  #custom:  "https://user:[email protected]"
 
 # define the desired state of your applications helm charts
 # each contains the following:

diff --git a/helm_helpers.go b/helm_helpers.go
@@ -3,6 +3,7 @@ package main
 import (
 	"encoding/json"
 	"log"
+	"net/url"
 	"path/filepath"
 	"regexp"
 	"strconv"
@@ -291,16 +292,30 @@ func waitForTiller(namespace string) {
 // Helm does not mind if a repo with the same name exists. It treats it as an update.
 func addHelmRepos(repos map[string]string) (bool, string) {
 
-	for repoName, url := range repos {
+	for repoName, repoLink := range repos {
+		basicAuth := ""
 		// check if repo is in GCS, then perform GCS auth -- needed for private GCS helm repos
 		// failed auth would not throw an error here, as it is possible that the repo is public and does not need authentication
-		if strings.HasPrefix(url, "gs://") {
+		if strings.HasPrefix(repoLink, "gs://") {
 			gcs.Auth()
 		}
 
+		u, err := url.Parse(repoLink)
+		if err != nil {
+			logError("ERROR: failed to add helm repo:  " + err.Error())
+		}
+		if u.User != nil {
+			p, ok := u.User.Password()
+			if !ok {
+				logError("ERROR: helm repo " + repoName + " has incomplete basic auth info. Missing the password!")
+			}
+			basicAuth = " --username " + u.User.Username() + " --password " + p
+
+		}
+
 		cmd := command{
 			Cmd:         "bash",
-			Args:        []string{"-c", "helm repo add " + repoName + " " + strconv.Quote(url)},
+			Args:        []string{"-c", "helm repo add " + basicAuth + " " + repoName + " " + strconv.Quote(repoLink)},
 			Description: "adding repo " + repoName,
 		}
 

diff --git a/main.go b/main.go
@@ -42,6 +42,9 @@ var destroy bool
 var showDiff bool
 var suppressDiffSecrets bool
 
+const stableHelmRepo = "https://kubernetes-charts.storage.googleapis.com"
+const incubatorHelmRepo = "http://storage.googleapis.com/kubernetes-charts-incubator"
+
 func main() {
 	// set the kubecontext to be used Or create it if it does not exist
 	if !setKubeContext(s.Settings.KubeContext) {

diff --git a/state.go b/state.go
@@ -151,10 +151,6 @@ func (s state) validate() (bool, string) {
 	}
 
 	// repos
-	if s.HelmRepos == nil || len(s.HelmRepos) == 0 {
-		return false, "ERROR: repos validation failed -- I need at least one helm repo " +
-			"to work with!"
-	}
 	for k, v := range s.HelmRepos {
 		_, err := url.ParseRequestURI(v)
 		if err != nil {

diff --git a/state_test.go b/state_test.go
@@ -364,7 +364,7 @@ func Test_state_validate(t *testing.T) {
 				HelmRepos: nil,
 				Apps:      make(map[string]*release),
 			},
-			want: false,
+			want: true,
 		}, {
 			name: "test case 18 -- helmRepos/empty",
 			fields: fields{
@@ -379,7 +379,7 @@ func Test_state_validate(t *testing.T) {
 				HelmRepos: map[string]string{},
 				Apps:      make(map[string]*release),
 			},
-			want: false,
+			want: true,
 		}, {
 			name: "test case 19 -- helmRepos/empty_repo_value",
 			fields: fields{

diff --git a/utils.go b/utils.go
@@ -47,7 +47,7 @@ func fromTOML(file string, s *state) (bool, string) {
 	if _, err := toml.Decode(tomlFile, s); err != nil {
 		return false, err.Error()
 	}
-
+	addDefaultHelmRepos(s)
 	resolvePaths(file, s)
 
 	return true, "INFO: Parsed TOML [[ " + file + " ]] successfully and found [ " + strconv.Itoa(len(s.Apps)) + " ] apps."
@@ -90,7 +90,7 @@ func fromYAML(file string, s *state) (bool, string) {
 	if err = yaml.UnmarshalStrict(yamlFile, s); err != nil {
 		return false, err.Error()
 	}
-
+	addDefaultHelmRepos(s)
 	resolvePaths(file, s)
 
 	return true, "INFO: Parsed YAML [[ " + file + " ]] successfully and found [ " + strconv.Itoa(len(s.Apps)) + " ] apps."
@@ -151,6 +151,24 @@ func stringInSlice(a string, list []string) bool {
 	return false
 }
 
+// addDefaultHelmRepos adds stable and incubator helm repos to the state if they are not already defined
+func addDefaultHelmRepos(s *state) {
+	if s.HelmRepos == nil || len(s.HelmRepos) == 0 {
+		s.HelmRepos = map[string]string{
+			"stable":    stableHelmRepo,
+			"incubator": incubatorHelmRepo,
+		}
+		log.Println("INFO: no helm repos provided, using the default 'stable' and 'incubator' repos.")
+	}
+	if _, ok := s.HelmRepos["stable"]; !ok {
+		s.HelmRepos["stable"] = stableHelmRepo
+	}
+	if _, ok := s.HelmRepos["incubator"]; !ok {
+		s.HelmRepos["incubator"] = incubatorHelmRepo
+	}
+}
+
+// resolvePaths resolves relative paths of certs/keys/chart and replace them with a absolute paths
 func resolvePaths(relativeToFile string, s *state) {
 	dir := filepath.Dir(relativeToFile)