Skip to content

Commit

Permalink
Merge pull request #89 from juan131/bugfix/insecure-oci-registry
Browse files Browse the repository at this point in the history
  • Loading branch information
juan131 authored Sep 12, 2024
2 parents d6e9992 + 4b40514 commit e4b48c1
Showing 1 changed file with 31 additions and 25 deletions.
56 changes: 31 additions & 25 deletions pkg/artifacts/helm.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,38 +80,44 @@ func NewRegistryClientConfig(opts ...RegistryClientOption) *RegistryClientConfig
}

func getRegistryClientWrap(cfg *RegistryClientConfig) (*registryClientWrap, error) {
wrap := &registryClientWrap{}
var credentialsFile string
opts := []registry.ClientOption{}

httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: cfg.UseInsecureHTTPS, // #nosec G402
},
},
}

if cfg.UsePlainHTTP {
opts = append(opts, registry.ClientOptPlainHTTP())
} else {
if cfg.UseInsecureHTTPS { // #nosec G402
httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
opts = append(opts, registry.ClientOptHTTPClient(httpClient))
}
opts = append(opts, registry.ClientOptHTTPClient(httpClient))
}
if cfg.Auth.Username != "" && cfg.Auth.Password != "" {
f, err := os.CreateTemp(cfg.TempDir, "dt-config-*.json")
if err != nil {
return nil, fmt.Errorf("error creating credentials file: %w", err)
}
wrap.credentialsFile = f.Name()

err = f.Close()
if err != nil {
return nil, fmt.Errorf("error closing credentials file: %w", err)
}
opts = append(opts, registry.ClientOptCredentialsFile(f.Name()))

credentialsFile = f.Name()
opts = append(opts, registry.ClientOptCredentialsFile(credentialsFile))
revOpts := docker.ResolverOptions{}
authz := docker.NewDockerAuthorizer(docker.WithAuthCreds(func(_ string) (string, string, error) {
return cfg.Auth.Username, cfg.Auth.Password, nil
}))
authz := docker.NewDockerAuthorizer(
docker.WithAuthClient(httpClient),
docker.WithAuthCreds(func(_ string) (string, string, error) {
return cfg.Auth.Username, cfg.Auth.Password, nil
}),
)
revOpts.Hosts = docker.ConfigureDefaultRegistries(
docker.WithClient(httpClient),
docker.WithAuthorizer(authz),
docker.WithPlainHTTP(func(_ string) (bool, error) { return cfg.UsePlainHTTP, nil }),
)
Expand All @@ -123,9 +129,11 @@ func getRegistryClientWrap(cfg *RegistryClientConfig) (*registryClientWrap, erro
if err != nil {
return nil, err
}
wrap.client = r

return wrap, nil
return &registryClientWrap{
client: r,
credentialsFile: credentialsFile,
}, nil

}

Expand Down Expand Up @@ -181,21 +189,19 @@ func PullChart(chartURL, version string, destDir string, opts ...RegistryClientO

// PushChart pushes the local chart tarFile to the remote URL provided
func PushChart(tarFile string, pushChartURL string, opts ...RegistryClientOption) error {
cfg := &action.Configuration{}
reg, err := getRegistryClientWrap(NewRegistryClientConfig(opts...))
if err != nil {
return fmt.Errorf("missing registry client: %w", err)
}
cfg.RegistryClient = reg.client
client := action.NewPushWithOpts(action.WithPushConfig(cfg))

client := action.NewPushWithOpts(
action.WithPushConfig(&action.Configuration{RegistryClient: reg.client}),
)
client.Settings = cli.New()

if _, err := client.Run(tarFile, pushChartURL); err != nil {
return fmt.Errorf("failed to push Helm chart: %w", err)
}
_, err = client.Run(tarFile, pushChartURL)

return nil
return err
}

func showRemoteHelmChart(chartURL string, version string, cfg *RegistryClientConfig) (string, error) {
Expand Down

0 comments on commit e4b48c1

Please sign in to comment.