From 81bf4f345138970c46d87e35406ab0e7ad4cfc60 Mon Sep 17 00:00:00 2001 From: Daniel Lipovetsky Date: Fri, 8 Nov 2024 11:57:55 -0800 Subject: [PATCH 1/4] test: Use distinct names for "serve bundle" e2e tests --- test/e2e/helmbundle/serve_bundle_test.go | 2 +- test/e2e/imagebundle/serve_bundle_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/e2e/helmbundle/serve_bundle_test.go b/test/e2e/helmbundle/serve_bundle_test.go index 24a324f4..c7a7753b 100644 --- a/test/e2e/helmbundle/serve_bundle_test.go +++ b/test/e2e/helmbundle/serve_bundle_test.go @@ -22,7 +22,7 @@ import ( "github.com/mesosphere/mindthegap/test/e2e/helmbundle/helpers" ) -var _ = Describe("Serve Bundle", func() { +var _ = Describe("Serve Helm Bundle", func() { var ( bundleFile string cmd *cobra.Command diff --git a/test/e2e/imagebundle/serve_bundle_test.go b/test/e2e/imagebundle/serve_bundle_test.go index c288103b..c401fb2c 100644 --- a/test/e2e/imagebundle/serve_bundle_test.go +++ b/test/e2e/imagebundle/serve_bundle_test.go @@ -26,7 +26,7 @@ import ( "github.com/mesosphere/mindthegap/test/e2e/imagebundle/helpers" ) -var _ = Describe("Serve Bundle", func() { +var _ = Describe("Serve Image Bundle", func() { var ( bundleFile string cmd *cobra.Command From 10cf2940c3f43fd7a7a9afc906599f1bcf2522cc Mon Sep 17 00:00:00 2001 From: Daniel Lipovetsky Date: Fri, 8 Nov 2024 08:09:55 -0800 Subject: [PATCH 2/4] test: Verify bundle pull using TLS --- test/e2e/helmbundle/serve_bundle_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/e2e/helmbundle/serve_bundle_test.go b/test/e2e/helmbundle/serve_bundle_test.go index c7a7753b..ed25a827 100644 --- a/test/e2e/helmbundle/serve_bundle_test.go +++ b/test/e2e/helmbundle/serve_bundle_test.go @@ -93,7 +93,7 @@ var _ = Describe("Serve Helm Bundle", func() { ipAddr := helpers.GetFirstNonLoopbackIP(GinkgoT()) tempCertDir := GinkgoT().TempDir() - _, _, certFile, keyFile := helpers.GenerateCertificateAndKeyWithIPSAN( + caCertFile, _, certFile, keyFile := helpers.GenerateCertificateAndKeyWithIPSAN( GinkgoT(), tempCertDir, ipAddr, @@ -126,8 +126,9 @@ var _ = Describe("Serve Helm Bundle", func() { helpers.WaitForTCPPort(GinkgoT(), ipAddr.String(), port) - // TODO Reenable once Helm supports custom CA certs and self-signed certs. - // helpers.ValidateChartIsAvailable(GinkgoT(), "127.0.0.1", port, "podinfo", "6.2.0", helm.CAFileOpt(caCertFile)) + helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "podinfo", "6.2.0", helm.CAFileOpt(caCertFile), helm.CertFileOpt(certFile)) + + helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "node-feature-discovery", "0.15.2", helm.CAFileOpt(caCertFile), helm.CertFileOpt(certFile)) close(stopCh) From 95ab9e3a1ef0640451318d168192be9451b2dbe4 Mon Sep 17 00:00:00 2001 From: Daniel Lipovetsky Date: Fri, 8 Nov 2024 10:51:38 -0800 Subject: [PATCH 3/4] fix: Allow TLS to pull chart from OCI repository Previously, we created our own registryClient. We were responsible for configuring TLS for the client, but did not. We now allow helm to create the client for us. Because we previously did notcustomize the client in any way, we only gain functionality, and lose none. --- cmd/mindthegap/create/bundle/bundle.go | 1 - helm/client.go | 26 +++----------------------- test/e2e/helmbundle/helpers/helpers.go | 1 - 3 files changed, 3 insertions(+), 25 deletions(-) diff --git a/cmd/mindthegap/create/bundle/bundle.go b/cmd/mindthegap/create/bundle/bundle.go index f2d69253..56d54730 100644 --- a/cmd/mindthegap/create/bundle/bundle.go +++ b/cmd/mindthegap/create/bundle/bundle.go @@ -400,7 +400,6 @@ func pullCharts( repoConfig.RepoURL, chartName, chartVersion, - []helm.ConfigOpt{helm.RegistryClientConfigOpt()}, opts..., ) if err != nil { diff --git a/helm/client.go b/helm/client.go index 7b112d24..54638b21 100644 --- a/helm/client.go +++ b/helm/client.go @@ -99,38 +99,18 @@ func CAFileOpt(caFile string) action.PullOpt { } } -type ConfigOpt func(*action.Configuration) error - -func RegistryClientConfigOpt(opts ...registry.ClientOption) ConfigOpt { - return func(cfg *action.Configuration) error { - cl, err := registry.NewClient(opts...) - if err != nil { - return fmt.Errorf("failed to create registry client: %w", err) - } - - cfg.RegistryClient = cl - - return nil +func CertFileOpt(certFile string) action.PullOpt { + return func(p *action.Pull) { + p.CertFile = certFile } } func (c *Client) GetChartFromRepo( outputDir, repoURL, chartName, chartVersion string, - configOpts []ConfigOpt, extraPullOpts ...action.PullOpt, ) (string, error) { cfg := &action.Configuration{Log: c.out.V(4).Infof} - if registry.IsOCI(chartName) { - configOpts = append([]ConfigOpt{RegistryClientConfigOpt()}, configOpts...) - } - - for _, f := range configOpts { - if err := f(cfg); err != nil { - return "", fmt.Errorf("failed to configure helm client: %w", err) - } - } - pull := action.NewPullWithOpts( append( extraPullOpts, diff --git a/test/e2e/helmbundle/helpers/helpers.go b/test/e2e/helmbundle/helpers/helpers.go index 8a03847b..e7f1fc0f 100644 --- a/test/e2e/helmbundle/helpers/helpers.go +++ b/test/e2e/helmbundle/helpers/helpers.go @@ -194,7 +194,6 @@ func ValidateChartIsAvailable( "", fmt.Sprintf("%s://%s:%d/charts/%s", helm.OCIScheme, addr, port, chartName), chartVersion, - []helm.ConfigOpt{helm.RegistryClientConfigOpt()}, pullOpts..., ) gomega.ExpectWithOffset(1, err).NotTo(gomega.HaveOccurred()) From 7d3e7763830a3989023fafde4798413cc1592abb Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Mon, 11 Nov 2024 10:31:05 +0000 Subject: [PATCH 4/4] fixup! refactor: Remove unused client CertFile option --- helm/client.go | 6 ------ test/e2e/helmbundle/serve_bundle_test.go | 4 ++-- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/helm/client.go b/helm/client.go index 54638b21..d377c4b4 100644 --- a/helm/client.go +++ b/helm/client.go @@ -99,12 +99,6 @@ func CAFileOpt(caFile string) action.PullOpt { } } -func CertFileOpt(certFile string) action.PullOpt { - return func(p *action.Pull) { - p.CertFile = certFile - } -} - func (c *Client) GetChartFromRepo( outputDir, repoURL, chartName, chartVersion string, extraPullOpts ...action.PullOpt, diff --git a/test/e2e/helmbundle/serve_bundle_test.go b/test/e2e/helmbundle/serve_bundle_test.go index ed25a827..70e7eb05 100644 --- a/test/e2e/helmbundle/serve_bundle_test.go +++ b/test/e2e/helmbundle/serve_bundle_test.go @@ -126,9 +126,9 @@ var _ = Describe("Serve Helm Bundle", func() { helpers.WaitForTCPPort(GinkgoT(), ipAddr.String(), port) - helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "podinfo", "6.2.0", helm.CAFileOpt(caCertFile), helm.CertFileOpt(certFile)) + helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "podinfo", "6.2.0", helm.CAFileOpt(caCertFile)) - helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "node-feature-discovery", "0.15.2", helm.CAFileOpt(caCertFile), helm.CertFileOpt(certFile)) + helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "node-feature-discovery", "0.15.2", helm.CAFileOpt(caCertFile)) close(stopCh)