fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

helmrepo: only configure tls login option when required 

Modify `GetHelmClientOpts()` to only configure the TLS login option when
an authentication login option is configured. This prevents the
reconciler from trying to authenticate against public registries.

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This commit is contained in:
Sanskar Jaiswal 2023-11-22 10:03:07 +05:30
parent 9ae35e98e5
commit dfcede03f2
No known key found for this signature in database
GPG Key ID: 5982D0279C227FFD
2 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
internal/controller/helmchart_controller_test.go
View File

@ -2376,23 +2376,32 @@ func TestHelmChartReconciler_reconcileSourceFromOCI_authStrategy(t *testing.T) {
}, },
}, },
{ {
name: "HTTPS With CA cert", name: "HTTPS With CA cert only",
want: sreconcile.ResultSuccess,
registryOpts: registryOptions{
withTLS: true,
},
certSecret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "certs-secretref",
},
Type: corev1.SecretTypeOpaque,
Data: map[string][]byte{
"ca.crt": tlsCA,
},
},
assertConditions: []metav1.Condition{
*conditions.TrueCondition(meta.ReconcilingCondition, meta.ProgressingReason, "building artifact: pulled 'helmchart' chart with version '0.1.0'"),
*conditions.UnknownCondition(meta.ReadyCondition, meta.ProgressingReason, "building artifact: pulled 'helmchart' chart with version '0.1.0'"),
},
},
{
name: "HTTPS With CA cert and client cert auth",
want: sreconcile.ResultSuccess, want: sreconcile.ResultSuccess,
registryOpts: registryOptions{ registryOpts: registryOptions{
withTLS: true, withTLS: true,
withClientCertAuth: true, withClientCertAuth: true,
}, },
secretOpts: secretOptions{
username: testRegistryUsername,
password: testRegistryPassword,
},
secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "auth-secretref",
},
Type: corev1.SecretTypeDockerConfigJson,
Data: map[string][]byte{},
},
certSecret: &corev1.Secret{ certSecret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "certs-secretref", Name: "certs-secretref",
@ -2526,8 +2535,12 @@ func TestHelmChartReconciler_reconcileSourceFromOCI_authStrategy(t *testing.T) {
sp := patch.NewSerialPatcher(obj, r.Client) sp := patch.NewSerialPatcher(obj, r.Client)
got, err := r.reconcileSource(ctx, sp, obj, &b) got, err := r.reconcileSource(ctx, sp, obj, &b)
g.Expect(err != nil).To(Equal(tt.wantErr)) if tt.wantErr {
g.Expect(err).To(HaveOccurred())
} else {
g.Expect(err).ToNot(HaveOccurred())
g.Expect(got).To(Equal(tt.want)) g.Expect(got).To(Equal(tt.want))
}
g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.assertConditions)) g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.assertConditions))
}) })
} }

2
internal/helm/getter/client_opts.go
View File

@ -162,12 +162,12 @@ func GetClientOpts(ctx context.Context, c client.Client, obj *helmv1.HelmReposit
} }
if loginOpt != nil { if loginOpt != nil {
hrOpts.RegLoginOpts = []helmreg.LoginOption{loginOpt} hrOpts.RegLoginOpts = []helmreg.LoginOption{loginOpt}
}
tlsLoginOpt := registry.TLSLoginOption(certFile, keyFile, caFile) tlsLoginOpt := registry.TLSLoginOption(certFile, keyFile, caFile)
if tlsLoginOpt != nil { if tlsLoginOpt != nil {
hrOpts.RegLoginOpts = append(hrOpts.RegLoginOpts, tlsLoginOpt) hrOpts.RegLoginOpts = append(hrOpts.RegLoginOpts, tlsLoginOpt)
} }
} }
}
if deprecatedTLSConfig { if deprecatedTLSConfig {
err = ErrDeprecatedTLSConfig err = ErrDeprecatedTLSConfig
} }