helmrepo: only configure tls login option when required
Modify `GetHelmClientOpts()` to only configure the TLS login option when an authentication login option is configured. This prevents the reconciler from trying to authenticate against public registries. Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This commit is contained in:
Sanskar Jaiswal
parent
9ae35e98e5
commit
dfcede03f2
|
|
@ -2376,23 +2376,32 @@ func TestHelmChartReconciler_reconcileSourceFromOCI_authStrategy(t *testing.T) {
|
|||
},
|
||||
},
|
||||
{
|
||||
name: "HTTPS With CA cert",
|
||||
name: "HTTPS With CA cert only",
|
||||
want: sreconcile.ResultSuccess,
|
||||
registryOpts: registryOptions{
|
||||
withTLS: true,
|
||||
},
|
||||
certSecret: &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "certs-secretref",
|
||||
},
|
||||
Type: corev1.SecretTypeOpaque,
|
||||
Data: map[string][]byte{
|
||||
"ca.crt": tlsCA,
|
||||
},
|
||||
},
|
||||
assertConditions: []metav1.Condition{
|
||||
*conditions.TrueCondition(meta.ReconcilingCondition, meta.ProgressingReason, "building artifact: pulled 'helmchart' chart with version '0.1.0'"),
|
||||
*conditions.UnknownCondition(meta.ReadyCondition, meta.ProgressingReason, "building artifact: pulled 'helmchart' chart with version '0.1.0'"),
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "HTTPS With CA cert and client cert auth",
|
||||
want: sreconcile.ResultSuccess,
|
||||
registryOpts: registryOptions{
|
||||
withTLS: true,
|
||||
withClientCertAuth: true,
|
||||
},
|
||||
secretOpts: secretOptions{
|
||||
username: testRegistryUsername,
|
||||
password: testRegistryPassword,
|
||||
},
|
||||
secret: &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "auth-secretref",
|
||||
},
|
||||
Type: corev1.SecretTypeDockerConfigJson,
|
||||
Data: map[string][]byte{},
|
||||
},
|
||||
certSecret: &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "certs-secretref",
|
||||
|
|
@ -2526,8 +2535,12 @@ func TestHelmChartReconciler_reconcileSourceFromOCI_authStrategy(t *testing.T) {
|
|||
sp := patch.NewSerialPatcher(obj, r.Client)
|
||||
|
||||
got, err := r.reconcileSource(ctx, sp, obj, &b)
|
||||
g.Expect(err != nil).To(Equal(tt.wantErr))
|
||||
if tt.wantErr {
|
||||
g.Expect(err).To(HaveOccurred())
|
||||
} else {
|
||||
g.Expect(err).ToNot(HaveOccurred())
|
||||
g.Expect(got).To(Equal(tt.want))
|
||||
}
|
||||
g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.assertConditions))
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -162,12 +162,12 @@ func GetClientOpts(ctx context.Context, c client.Client, obj *helmv1.HelmReposit
|
|||
}
|
||||
if loginOpt != nil {
|
||||
hrOpts.RegLoginOpts = []helmreg.LoginOption{loginOpt}
|
||||
}
|
||||
tlsLoginOpt := registry.TLSLoginOption(certFile, keyFile, caFile)
|
||||
if tlsLoginOpt != nil {
|
||||
hrOpts.RegLoginOpts = append(hrOpts.RegLoginOpts, tlsLoginOpt)
|
||||
}
|
||||
}
|
||||
}
|
||||
if deprecatedTLSConfig {
|
||||
err = ErrDeprecatedTLSConfig
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue