Merge pull request #75 from pelotech/repo-ca-file

Add a setting for chart repository CA certificates

docs/parameter_reference.md

@@ -6,6 +6,7 @@
 | mode                | string          | helm_command | Indicates the operation to perform. Recommended, but not required. Valid options are `upgrade`, `uninstall`, `lint`, and `help`. |
 | update_dependencies | boolean         |              | Calls `helm dependency update` before running the main command.|
 | add_repos           | list\<string\>  | helm_repos   | Calls `helm repo add $repo` before running the main command. Each string should be formatted as `repo_name=https://repo.url/`. |
+| repo_ca_file        | string          |              | TLS certificate for a chart repository certificate authority. |
 | namespace           | string          |              | Kubernetes namespace to use for this operation. |
 | debug               | boolean         |              | Generate debug output within drone-helm3 and pass `--debug` to all helm commands. Use with care, since the debug output may include secrets. |
 

internal/helm/config.go

@@ -21,16 +21,17 @@ var (
 type Config struct {
 	// Configuration for drone-helm itself
 	Command            string   `envconfig:"mode"`                   // Helm command to run
-	DroneEvent         string   `envconfig:"DRONE_BUILD_EVENT"`      // Drone event that invoked this plugin.
+	DroneEvent         string   `envconfig:"drone_build_event"`      // Drone event that invoked this plugin.
 	UpdateDependencies bool     `split_words:"true"`                 // Call `helm dependency update` before the main command
 	AddRepos           []string `split_words:"true"`                 // Call `helm repo add` before the main command
+	RepoCAFile         string   `envconfig:"repo_ca_file"`           // CA certificate for `helm repo add`
 	Debug              bool     ``                                   // Generate debug output and pass --debug to all helm commands
 	Values             string   ``                                   // Argument to pass to --set in applicable helm commands
 	StringValues       string   `split_words:"true"`                 // Argument to pass to --set-string in applicable helm commands
 	ValuesFiles        []string `split_words:"true"`                 // Arguments to pass to --values in applicable helm commands
 	Namespace          string   ``                                   // Kubernetes namespace for all helm commands
 	KubeToken          string   `split_words:"true"`                 // Kubernetes authentication token to put in .kube/config
-	SkipTLSVerify      bool     `envconfig:"SKIP_TLS_VERIFY"`        // Put insecure-skip-tls-verify in .kube/config
+	SkipTLSVerify      bool     `envconfig:"skip_tls_verify"`        // Put insecure-skip-tls-verify in .kube/config
 	Certificate        string   `envconfig:"kube_certificate"`       // The Kubernetes cluster CA's self-signed certificate (must be base64-encoded)
 	APIServer          string   `envconfig:"kube_api_server"`        // The Kubernetes cluster's API endpoint
 	ServiceAccount     string   `envconfig:"kube_service_account"`   // Account to use for connecting to the Kubernetes cluster
@@ -44,7 +45,7 @@ type Config struct {
 	Release            string   ``                                   // Release argument to use in applicable helm commands
 	Force              bool     `envconfig:"force_upgrade"`          // Pass --force to applicable helm commands
 	AtomicUpgrade      bool     `split_words:"true"`                 // Pass --atomic to `helm upgrade`
-	CleanupOnFail      bool     `envconfig:"CLEANUP_FAILED_UPGRADE"` // Pass --cleanup-on-fail to `helm upgrade`
+	CleanupOnFail      bool     `envconfig:"cleanup_failed_upgrade"` // Pass --cleanup-on-fail to `helm upgrade`
 	LintStrictly       bool     `split_words:"true"`                 // Pass --strict to `helm lint`
 
 	Stdout io.Writer `ignored:"true"`

internal/helm/plan.go

@@ -111,6 +111,7 @@ var upgrade = func(cfg Config) []Step {
 		Force:         cfg.Force,
 		Atomic:        cfg.AtomicUpgrade,
 		CleanupOnFail: cfg.CleanupOnFail,
+		CAFile:        cfg.RepoCAFile,
 	})
 
 	return steps
@@ -171,7 +172,8 @@ func addRepos(cfg Config) []Step {
 	steps := make([]Step, 0)
 	for _, repo := range cfg.AddRepos {
 		steps = append(steps, &run.AddRepo{
-			Repo: repo,
+			Repo:   repo,
+			CAFile: cfg.RepoCAFile,
 		})
 	}
 

internal/helm/plan_test.go

@@ -143,6 +143,7 @@ func (suite *PlanTestSuite) TestUpgrade() {
 		Force:         true,
 		AtomicUpgrade: true,
 		CleanupOnFail: true,
+		RepoCAFile:    "state_licensure.repo.cert",
 	}
 
 	steps := upgrade(cfg)
@@ -166,6 +167,7 @@ func (suite *PlanTestSuite) TestUpgrade() {
 		Force:         cfg.Force,
 		Atomic:        true,
 		CleanupOnFail: true,
+		CAFile:        "state_licensure.repo.cert",
 	}
 
 	suite.Equal(expected, upgrade)
@@ -291,6 +293,7 @@ func (suite *PlanTestSuite) TestAddRepos() {
 			"first=https://add.repos/one",
 			"second=https://add.repos/two",
 		},
+		RepoCAFile: "state_licensure.repo.cert",
 	}
 	steps := addRepos(cfg)
 	suite.Require().Equal(2, len(steps), "addRepos should add one step per repo")
@@ -301,6 +304,8 @@ func (suite *PlanTestSuite) TestAddRepos() {
 
 	suite.Equal(first.Repo, "first=https://add.repos/one")
 	suite.Equal(second.Repo, "second=https://add.repos/two")
+	suite.Equal(first.CAFile, "state_licensure.repo.cert")
+	suite.Equal(second.CAFile, "state_licensure.repo.cert")
 }
 
 func (suite *PlanTestSuite) TestLint() {

internal/run/addrepo.go

@@ -7,8 +7,9 @@ import (
 
 // AddRepo is an execution step that calls `helm repo add` when executed.
 type AddRepo struct {
-	Repo string
+	Repo   string
-	cmd  cmd
+	CAFile string
+	cmd    cmd
 }
 
 // Execute executes the `helm repo add` command.
@@ -38,7 +39,11 @@ func (a *AddRepo) Prepare(cfg Config) error {
 		args = append(args, "--debug")
 	}
 
-	args = append(args, "repo", "add", name, url)
+	args = append(args, "repo", "add")
+	if a.CAFile != "" {
+		args = append(args, "--ca-file", a.CAFile)
+	}
+	args = append(args, name, url)
 
 	a.cmd = command(helmBin, args...)
 	a.cmd.Stdout(cfg.Stdout)

internal/run/addrepo_test.go

@@ -97,6 +97,19 @@ func (suite *AddRepoTestSuite) TestPrepareWithEqualSignInURL() {
 	suite.Contains(suite.commandArgs, "https://github.com/arthur_claypool/samaritan?version=2.1")
 }
 
+func (suite *AddRepoTestSuite) TestRepoAddFlags() {
+	suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
+	suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
+	cfg := Config{}
+	a := AddRepo{
+		Repo:   "machine=https://github.com/harold_finch/themachine",
+		CAFile: "./helm/reporepo.cert",
+	}
+	suite.NoError(a.Prepare(cfg))
+	suite.Equal([]string{"repo", "add", "--ca-file", "./helm/reporepo.cert",
+		"machine", "https://github.com/harold_finch/themachine"}, suite.commandArgs)
+}
+
 func (suite *AddRepoTestSuite) TestNamespaceFlag() {
 	suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
 	suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()

internal/run/upgrade.go

@@ -20,6 +20,7 @@ type Upgrade struct {
 	Force         bool
 	Atomic        bool
 	CleanupOnFail bool
+	CAFile        string
 
 	cmd cmd
 }
@@ -82,6 +83,9 @@ func (u *Upgrade) Prepare(cfg Config) error {
 	for _, vFile := range u.ValuesFiles {
 		args = append(args, "--values", vFile)
 	}
+	if u.CAFile != "" {
+		args = append(args, "--ca-file", u.CAFile)
+	}
 
 	args = append(args, u.Release, u.Chart)
 	u.cmd = command(helmBin, args...)

internal/run/upgrade_test.go

@@ -102,6 +102,7 @@ func (suite *UpgradeTestSuite) TestPrepareWithUpgradeFlags() {
 		Force:         true,
 		Atomic:        true,
 		CleanupOnFail: true,
+		CAFile:        "local_ca.cert",
 	}
 
 	cfg := Config{}
@@ -121,6 +122,7 @@ func (suite *UpgradeTestSuite) TestPrepareWithUpgradeFlags() {
 			"--set-string", "height=5ft10in",
 			"--values", "/usr/local/stats",
 			"--values", "/usr/local/grades",
+			"--ca-file", "local_ca.cert",
 			"maroon_5_memories", "hot_ac"}, args)
 
 		return suite.mockCmd