Added insecure option to login subcommand

Signed-off-by: Andrew Block <andy.block@gmail.com>
helm · Mar 3, 2023 · 154f37e · 154f37e
1 parent 08593c8
commit 154f37e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/cmd/helm/registry_login.go b/cmd/helm/registry_login.go
@@ -43,6 +43,7 @@ type registryLoginOptions struct {
 	certFile             string
 	keyFile              string
 	caFile               string
+	insecure             bool
 }
 
 func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
@@ -65,14 +66,16 @@ func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Comman
 			return action.NewRegistryLogin(cfg).Run(out, hostname, username, password,
 				action.WithCertFile(o.certFile),
 				action.WithKeyFile(o.keyFile),
-				action.WithCAFile(o.caFile))
+				action.WithCAFile(o.caFile),
+				action.WithInsecure(o.insecure))
 		},
 	}
 
 	f := cmd.Flags()
 	f.StringVarP(&o.username, "username", "u", "", "registry username")
 	f.StringVarP(&o.password, "password", "p", "", "registry password or identity token")
 	f.BoolVarP(&o.passwordFromStdinOpt, "password-stdin", "", false, "read password or identity token from stdin")
+	f.BoolVarP(&o.insecure, "insecure", "", false, "allow connections to TLS registry without certs")
 	f.StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file")
 	f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file")
 	f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle")

diff --git a/pkg/action/registry_login.go b/pkg/action/registry_login.go
@@ -28,6 +28,7 @@ type RegistryLogin struct {
 	certFile string
 	keyFile  string
 	caFile   string
+	insecure bool
 }
 
 type RegistryLoginOpt func(*RegistryLogin) error
@@ -40,6 +41,14 @@ func WithCertFile(certFile string) RegistryLoginOpt {
 	}
 }
 
+// WithKeyFile specifies whether to very certificates when communicating.
+func WithInsecure(insecure bool) RegistryLoginOpt {
+	return func(r *RegistryLogin) error {
+		r.insecure = insecure
+		return nil
+	}
+}
+
 // WithKeyFile specifies the path to the key file to use for TLS.
 func WithKeyFile(keyFile string) RegistryLoginOpt {
 	return func(r *RegistryLogin) error {
@@ -74,5 +83,6 @@ func (a *RegistryLogin) Run(out io.Writer, hostname string, username string, pas
 	return a.cfg.RegistryClient.Login(
 		hostname,
 		registry.LoginOptBasicAuth(username, password),
+		registry.LoginOptInsecure(a.insecure),
 		registry.LoginOptTLSClientConfig(a.certFile, a.keyFile, a.caFile))
 }
diff --git a/pkg/getter/ocigetter_test.go b/pkg/getter/ocigetter_test.go
@@ -39,13 +39,15 @@ func TestOCIGetter(t *testing.T) {
 	ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem")
 	timeout := time.Second * 5
 	transport := &http.Transport{}
+	insecureSkipTLSverify := false
 
 	// Test with options
 	g, err = NewOCIGetter(
 		WithBasicAuth("I", "Am"),
 		WithTLSClientConfig(pub, priv, ca),
 		WithTimeout(timeout),
 		WithTransport(transport),
+		WithInsecureSkipVerifyTLS(insecureSkipTLSverify),
 	)
 	if err != nil {
 		t.Fatal(err)