[release-4.1] fix: add tls when get repository index. (#6198)

* fix: add tls when get repository index. Signed-off-by: joyceliu <joyceliu@yunify.com> * Update staging/src/kubesphere.io/utils/helm/repo_index.go Signed-off-by: hongming <coder.scala@gmail.com> * fix: add tls when get repository index. Signed-off-by: joyceliu <joyceliu@yunify.com> --------- Signed-off-by: joyceliu <joyceliu@yunify.com> Signed-off-by: hongming <coder.scala@gmail.com> Co-authored-by: joyceliu <joyceliu@yunify.com> Co-authored-by: hongming <coder.scala@gmail.com>
2024-09-23 15:28:14 +08:00
parent 0a06cd8a1b
commit f290167267
11 changed files with 216 additions and 76 deletions
--- a/pkg/controller/core/installplan_controller.go
+++ b/pkg/controller/core/installplan_controller.go
@@ -456,26 +456,40 @@ func (r *InstallPlanReconciler) loadChartData(ctx context.Context) ([]byte, stri
 	switch chartURL.Scheme {
 	case registry.OCIScheme:
 		opts := make([]getter.Option, 0)
-		opts = append(opts, getter.WithInsecureSkipVerifyTLS(true))
+		if extensionVersion.Spec.Repository != "" {
+			opts = append(opts, getter.WithInsecureSkipVerifyTLS(repo.Spec.Insecure))
+		}
 		if repo.Spec.BasicAuth != nil {
 			opts = append(opts, getter.WithBasicAuth(repo.Spec.BasicAuth.Username, repo.Spec.BasicAuth.Password))
 		}
 		chartGetter, err = getter.NewOCIGetter(opts...)
+		if err != nil {
+			return nil, "", fmt.Errorf("failed to create chart getter: %v", err)
+		}
 	case "http", "https":
 		opts := make([]getter.Option, 0)
+		if chartURL.Scheme == "https" && extensionVersion.Spec.Repository != "" {
+			opts = append(opts, getter.WithInsecureSkipVerifyTLS(repo.Spec.Insecure))
+		}
+		if repo.Spec.CABundle != "" {
+			caFile, err := storeCAFile(repo.Spec.CABundle, repo.Name)
+			if err != nil {
+				return nil, "", fmt.Errorf("failed to store CABundle to local file: %s", err)
+			}
+			opts = append(opts, getter.WithTLSClientConfig("", "", caFile))
+		}
 		if chartURL.Scheme == "https" {
-			opts = append(opts, getter.WithInsecureSkipVerifyTLS(true))
+			opts = append(opts, getter.WithInsecureSkipVerifyTLS(repo.Spec.Insecure))
 		}
 		if repo.Spec.BasicAuth != nil {
 			opts = append(opts, getter.WithBasicAuth(repo.Spec.BasicAuth.Username, repo.Spec.BasicAuth.Password))
 		}
 		chartGetter, err = getter.NewHTTPGetter(opts...)
+		if err != nil {
+			return nil, "", fmt.Errorf("failed to create chart getter: %v", err)
+		}
 	default:
-		err = fmt.Errorf("unsupported scheme: %s", chartURL.Scheme)
-	}
-
-	if err != nil {
-		return nil, "", fmt.Errorf("failed to create chart getter: %v", err)
+		return nil, "", fmt.Errorf("unsupported scheme: %s", chartURL.Scheme)
 	}

 	buffer, err := chartGetter.Get(chartURL.String())