fix: add tls when get repository index. (#6195)
* fix: add tls when get repository index. Signed-off-by: joyceliu <joyceliu@yunify.com> * Update staging/src/kubesphere.io/utils/helm/repo_index.go Signed-off-by: hongming <coder.scala@gmail.com> * fix: add tls when get repository index. Signed-off-by: joyceliu <joyceliu@yunify.com> --------- Signed-off-by: joyceliu <joyceliu@yunify.com> Signed-off-by: hongming <coder.scala@gmail.com> Co-authored-by: joyceliu <joyceliu@yunify.com> Co-authored-by: hongming <coder.scala@gmail.com>
This commit is contained in:
liujian
@@ -7,8 +7,12 @@ package v1alpha1
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"text/template"
|
||||
|
||||
"github.com/emicklei/go-restful/v3"
|
||||
"helm.sh/helm/v3/pkg/chart/loader"
|
||||
@@ -22,6 +26,8 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
)
|
||||
|
||||
var caTemplate = "{{ .TempDIR }}/repository/{{ .RepositoryName }}/ssl/ca.crt"
|
||||
|
||||
type handler struct {
|
||||
cache runtimeclient.Reader
|
||||
}
|
||||
@@ -71,23 +77,40 @@ func (h *handler) ListFiles(request *restful.Request, response *restful.Response
|
||||
switch chartURL.Scheme {
|
||||
case registry.OCIScheme:
|
||||
opts := make([]getter.Option, 0)
|
||||
opts = append(opts, getter.WithInsecureSkipVerifyTLS(true))
|
||||
if extensionVersion.Spec.Repository != "" {
|
||||
opts = append(opts, getter.WithInsecureSkipVerifyTLS(repo.Spec.Insecure))
|
||||
}
|
||||
if repo.Spec.BasicAuth != nil {
|
||||
opts = append(opts, getter.WithBasicAuth(repo.Spec.BasicAuth.Username, repo.Spec.BasicAuth.Password))
|
||||
}
|
||||
chartGetter, err = getter.NewOCIGetter(opts...)
|
||||
if err != nil {
|
||||
api.HandleInternalError(response, request, fmt.Errorf("failed to create chart getter: %v", err))
|
||||
return
|
||||
}
|
||||
case "http", "https":
|
||||
options := make([]getter.Option, 0)
|
||||
if chartURL.Scheme == "https" {
|
||||
options = append(options, getter.WithInsecureSkipVerifyTLS(true))
|
||||
opts := make([]getter.Option, 0)
|
||||
if chartURL.Scheme == "https" && extensionVersion.Spec.Repository != "" {
|
||||
opts = append(opts, getter.WithInsecureSkipVerifyTLS(repo.Spec.Insecure))
|
||||
}
|
||||
if repo.Spec.CABundle != "" {
|
||||
caFile, err := storeCAFile(repo.Spec.CABundle, repo.Name)
|
||||
if err != nil {
|
||||
api.HandleInternalError(response, request, fmt.Errorf("failed to store CABundle to local file: %s", err))
|
||||
return
|
||||
}
|
||||
opts = append(opts, getter.WithTLSClientConfig("", "", caFile))
|
||||
}
|
||||
if repo.Spec.BasicAuth != nil {
|
||||
options = append(options, getter.WithBasicAuth(repo.Spec.BasicAuth.Username, repo.Spec.BasicAuth.Password))
|
||||
opts = append(opts, getter.WithBasicAuth(repo.Spec.BasicAuth.Username, repo.Spec.BasicAuth.Password))
|
||||
}
|
||||
chartGetter, err = getter.NewHTTPGetter(options...)
|
||||
}
|
||||
if err != nil {
|
||||
api.HandleInternalError(response, request, fmt.Errorf("failed to create chart getter: %v", err))
|
||||
chartGetter, err = getter.NewHTTPGetter(opts...)
|
||||
if err != nil {
|
||||
api.HandleInternalError(response, request, fmt.Errorf("failed to create chart getter: %v", err))
|
||||
return
|
||||
}
|
||||
default:
|
||||
api.HandleInternalError(response, request, fmt.Errorf("cannot support chartURL %s, it's schame should be: oci,http,https", extensionVersion.Spec.ChartURL))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -105,3 +128,39 @@ func (h *handler) ListFiles(request *restful.Request, response *restful.Response
|
||||
|
||||
_ = response.WriteEntity(files)
|
||||
}
|
||||
|
||||
// storeCAFile in local file from caTemplate.
|
||||
func storeCAFile(caBundle string, repoName string) (string, error) {
|
||||
var buff = &bytes.Buffer{}
|
||||
tmpl, err := template.New("repositoryCABundle").Parse(caTemplate)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if err := tmpl.Execute(buff, map[string]string{
|
||||
"TempDIR": os.TempDir(),
|
||||
"RepositoryName": repoName,
|
||||
}); err != nil {
|
||||
return "", err
|
||||
}
|
||||
caFile := buff.String()
|
||||
if _, err := os.Stat(filepath.Dir(caFile)); err != nil {
|
||||
if !os.IsNotExist(err) {
|
||||
return "", err
|
||||
}
|
||||
|
||||
if err := os.MkdirAll(filepath.Dir(caFile), os.ModePerm); err != nil {
|
||||
return "", err
|
||||
}
|
||||
}
|
||||
|
||||
data, err := base64.StdEncoding.DecodeString(caBundle)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
if err := os.WriteFile(caFile, data, os.ModePerm); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return caFile, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user