From 1f7b6bb389811318db68f2b3c1243388ac29b704 Mon Sep 17 00:00:00 2001 From: Erin Call Date: Mon, 20 Jan 2020 09:15:35 -0800 Subject: [PATCH 1/3] Add a setting for chart repository CA certificates [#74] --- docs/parameter_reference.md | 1 + internal/helm/config.go | 1 + internal/helm/plan.go | 3 ++- internal/helm/plan_test.go | 3 +++ internal/run/addrepo.go | 11 ++++++++--- internal/run/addrepo_test.go | 13 +++++++++++++ 6 files changed, 28 insertions(+), 4 deletions(-) diff --git a/docs/parameter_reference.md b/docs/parameter_reference.md index 1379ba5..129586b 100644 --- a/docs/parameter_reference.md +++ b/docs/parameter_reference.md @@ -6,6 +6,7 @@ | mode | string | helm_command | Indicates the operation to perform. Recommended, but not required. Valid options are `upgrade`, `uninstall`, `lint`, and `help`. | | update_dependencies | boolean | | Calls `helm dependency update` before running the main command.| | add_repos | list\ | helm_repos | Calls `helm repo add $repo` before running the main command. Each string should be formatted as `repo_name=https://repo.url/`. | +| repo_ca_file | string | | TLS certificate for a chart repository certificate authority. Only applicable when using `add_repos`. | | namespace | string | | Kubernetes namespace to use for this operation. | | debug | boolean | | Generate debug output within drone-helm3 and pass `--debug` to all helm commands. Use with care, since the debug output may include secrets. | diff --git a/internal/helm/config.go b/internal/helm/config.go index b633439..5d3d75f 100644 --- a/internal/helm/config.go +++ b/internal/helm/config.go @@ -24,6 +24,7 @@ type Config struct { DroneEvent string `envconfig:"DRONE_BUILD_EVENT"` // Drone event that invoked this plugin. UpdateDependencies bool `split_words:"true"` // Call `helm dependency update` before the main command AddRepos []string `split_words:"true"` // Call `helm repo add` before the main command + RepoCAFile string `envconfig:"repo_ca_file"` // CA certificate for `helm repo add` Debug bool `` // Generate debug output and pass --debug to all helm commands Values string `` // Argument to pass to --set in applicable helm commands StringValues string `split_words:"true"` // Argument to pass to --set-string in applicable helm commands diff --git a/internal/helm/plan.go b/internal/helm/plan.go index 48f3f5f..6023c1e 100644 --- a/internal/helm/plan.go +++ b/internal/helm/plan.go @@ -171,7 +171,8 @@ func addRepos(cfg Config) []Step { steps := make([]Step, 0) for _, repo := range cfg.AddRepos { steps = append(steps, &run.AddRepo{ - Repo: repo, + Repo: repo, + CAFile: cfg.RepoCAFile, }) } diff --git a/internal/helm/plan_test.go b/internal/helm/plan_test.go index 1bc3e11..1a6b4f3 100644 --- a/internal/helm/plan_test.go +++ b/internal/helm/plan_test.go @@ -291,6 +291,7 @@ func (suite *PlanTestSuite) TestAddRepos() { "first=https://add.repos/one", "second=https://add.repos/two", }, + RepoCAFile: "state_licensure.repo.cert", } steps := addRepos(cfg) suite.Require().Equal(2, len(steps), "addRepos should add one step per repo") @@ -301,6 +302,8 @@ func (suite *PlanTestSuite) TestAddRepos() { suite.Equal(first.Repo, "first=https://add.repos/one") suite.Equal(second.Repo, "second=https://add.repos/two") + suite.Equal(first.CAFile, "state_licensure.repo.cert") + suite.Equal(second.CAFile, "state_licensure.repo.cert") } func (suite *PlanTestSuite) TestLint() { diff --git a/internal/run/addrepo.go b/internal/run/addrepo.go index 3382957..40f8740 100644 --- a/internal/run/addrepo.go +++ b/internal/run/addrepo.go @@ -7,8 +7,9 @@ import ( // AddRepo is an execution step that calls `helm repo add` when executed. type AddRepo struct { - Repo string - cmd cmd + Repo string + CAFile string + cmd cmd } // Execute executes the `helm repo add` command. @@ -38,7 +39,11 @@ func (a *AddRepo) Prepare(cfg Config) error { args = append(args, "--debug") } - args = append(args, "repo", "add", name, url) + args = append(args, "repo", "add") + if a.CAFile != "" { + args = append(args, "--ca-file", a.CAFile) + } + args = append(args, name, url) a.cmd = command(helmBin, args...) a.cmd.Stdout(cfg.Stdout) diff --git a/internal/run/addrepo_test.go b/internal/run/addrepo_test.go index ad42d06..4a8445c 100644 --- a/internal/run/addrepo_test.go +++ b/internal/run/addrepo_test.go @@ -97,6 +97,19 @@ func (suite *AddRepoTestSuite) TestPrepareWithEqualSignInURL() { suite.Contains(suite.commandArgs, "https://github.com/arthur_claypool/samaritan?version=2.1") } +func (suite *AddRepoTestSuite) TestRepoAddFlags() { + suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes() + suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes() + cfg := Config{} + a := AddRepo{ + Repo: "machine=https://github.com/harold_finch/themachine", + CAFile: "./helm/reporepo.cert", + } + suite.NoError(a.Prepare(cfg)) + suite.Equal([]string{"repo", "add", "--ca-file", "./helm/reporepo.cert", + "machine", "https://github.com/harold_finch/themachine"}, suite.commandArgs) +} + func (suite *AddRepoTestSuite) TestNamespaceFlag() { suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes() suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes() From c38537ac3210e5d52f4867c79938668d70fb9e26 Mon Sep 17 00:00:00 2001 From: Erin Call Date: Mon, 20 Jan 2020 10:47:49 -0800 Subject: [PATCH 2/3] Pass --ca-file to `helm upgrade` when applicable [#74] --- docs/parameter_reference.md | 2 +- internal/helm/plan.go | 1 + internal/helm/plan_test.go | 2 ++ internal/run/upgrade.go | 4 ++++ internal/run/upgrade_test.go | 2 ++ 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/parameter_reference.md b/docs/parameter_reference.md index 129586b..773ca9f 100644 --- a/docs/parameter_reference.md +++ b/docs/parameter_reference.md @@ -6,7 +6,7 @@ | mode | string | helm_command | Indicates the operation to perform. Recommended, but not required. Valid options are `upgrade`, `uninstall`, `lint`, and `help`. | | update_dependencies | boolean | | Calls `helm dependency update` before running the main command.| | add_repos | list\ | helm_repos | Calls `helm repo add $repo` before running the main command. Each string should be formatted as `repo_name=https://repo.url/`. | -| repo_ca_file | string | | TLS certificate for a chart repository certificate authority. Only applicable when using `add_repos`. | +| repo_ca_file | string | | TLS certificate for a chart repository certificate authority. | | namespace | string | | Kubernetes namespace to use for this operation. | | debug | boolean | | Generate debug output within drone-helm3 and pass `--debug` to all helm commands. Use with care, since the debug output may include secrets. | diff --git a/internal/helm/plan.go b/internal/helm/plan.go index 6023c1e..2475734 100644 --- a/internal/helm/plan.go +++ b/internal/helm/plan.go @@ -111,6 +111,7 @@ var upgrade = func(cfg Config) []Step { Force: cfg.Force, Atomic: cfg.AtomicUpgrade, CleanupOnFail: cfg.CleanupOnFail, + CAFile: cfg.RepoCAFile, }) return steps diff --git a/internal/helm/plan_test.go b/internal/helm/plan_test.go index 1a6b4f3..f59fa01 100644 --- a/internal/helm/plan_test.go +++ b/internal/helm/plan_test.go @@ -143,6 +143,7 @@ func (suite *PlanTestSuite) TestUpgrade() { Force: true, AtomicUpgrade: true, CleanupOnFail: true, + RepoCAFile: "state_licensure.repo.cert", } steps := upgrade(cfg) @@ -166,6 +167,7 @@ func (suite *PlanTestSuite) TestUpgrade() { Force: cfg.Force, Atomic: true, CleanupOnFail: true, + CAFile: "state_licensure.repo.cert", } suite.Equal(expected, upgrade) diff --git a/internal/run/upgrade.go b/internal/run/upgrade.go index c239807..41c8ab0 100644 --- a/internal/run/upgrade.go +++ b/internal/run/upgrade.go @@ -20,6 +20,7 @@ type Upgrade struct { Force bool Atomic bool CleanupOnFail bool + CAFile string cmd cmd } @@ -82,6 +83,9 @@ func (u *Upgrade) Prepare(cfg Config) error { for _, vFile := range u.ValuesFiles { args = append(args, "--values", vFile) } + if u.CAFile != "" { + args = append(args, "--ca-file", u.CAFile) + } args = append(args, u.Release, u.Chart) u.cmd = command(helmBin, args...) diff --git a/internal/run/upgrade_test.go b/internal/run/upgrade_test.go index 886fb3b..bcc950c 100644 --- a/internal/run/upgrade_test.go +++ b/internal/run/upgrade_test.go @@ -102,6 +102,7 @@ func (suite *UpgradeTestSuite) TestPrepareWithUpgradeFlags() { Force: true, Atomic: true, CleanupOnFail: true, + CAFile: "local_ca.cert", } cfg := Config{} @@ -121,6 +122,7 @@ func (suite *UpgradeTestSuite) TestPrepareWithUpgradeFlags() { "--set-string", "height=5ft10in", "--values", "/usr/local/stats", "--values", "/usr/local/grades", + "--ca-file", "local_ca.cert", "maroon_5_memories", "hot_ac"}, args) return suite.mockCmd From ffa636ce47b57ba5108f76bbf4e94b214a9b0e27 Mon Sep 17 00:00:00 2001 From: Erin Call Date: Mon, 20 Jan 2020 10:54:52 -0800 Subject: [PATCH 3/3] Use lowercase envconfig tags throughout Config Followup to discussion on #75. The important part is to have them consistent, and I like the lowercase a little better since it matches the casing in parameter_reference.md (and the code doesn't yell at me :)) --- internal/helm/config.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/helm/config.go b/internal/helm/config.go index 5d3d75f..b8ce354 100644 --- a/internal/helm/config.go +++ b/internal/helm/config.go @@ -21,7 +21,7 @@ var ( type Config struct { // Configuration for drone-helm itself Command string `envconfig:"mode"` // Helm command to run - DroneEvent string `envconfig:"DRONE_BUILD_EVENT"` // Drone event that invoked this plugin. + DroneEvent string `envconfig:"drone_build_event"` // Drone event that invoked this plugin. UpdateDependencies bool `split_words:"true"` // Call `helm dependency update` before the main command AddRepos []string `split_words:"true"` // Call `helm repo add` before the main command RepoCAFile string `envconfig:"repo_ca_file"` // CA certificate for `helm repo add` @@ -31,7 +31,7 @@ type Config struct { ValuesFiles []string `split_words:"true"` // Arguments to pass to --values in applicable helm commands Namespace string `` // Kubernetes namespace for all helm commands KubeToken string `split_words:"true"` // Kubernetes authentication token to put in .kube/config - SkipTLSVerify bool `envconfig:"SKIP_TLS_VERIFY"` // Put insecure-skip-tls-verify in .kube/config + SkipTLSVerify bool `envconfig:"skip_tls_verify"` // Put insecure-skip-tls-verify in .kube/config Certificate string `envconfig:"kube_certificate"` // The Kubernetes cluster CA's self-signed certificate (must be base64-encoded) APIServer string `envconfig:"kube_api_server"` // The Kubernetes cluster's API endpoint ServiceAccount string `envconfig:"kube_service_account"` // Account to use for connecting to the Kubernetes cluster @@ -45,7 +45,7 @@ type Config struct { Release string `` // Release argument to use in applicable helm commands Force bool `envconfig:"force_upgrade"` // Pass --force to applicable helm commands AtomicUpgrade bool `split_words:"true"` // Pass --atomic to `helm upgrade` - CleanupOnFail bool `envconfig:"CLEANUP_FAILED_UPGRADE"` // Pass --cleanup-on-fail to `helm upgrade` + CleanupOnFail bool `envconfig:"cleanup_failed_upgrade"` // Pass --cleanup-on-fail to `helm upgrade` LintStrictly bool `split_words:"true"` // Pass --strict to `helm lint` Stdout io.Writer `ignored:"true"`