Add support for repo auth and additional CA files

Signed-off-by: Brad Davidson <[email protected]>
k3s-io · May 10, 2023 · 964381e · 964381e
1 parent 6ec0a89
commit 964381e
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 8 deletions.
diff --git a/Dockerfile.dapper b/Dockerfile.dapper
@@ -1,11 +1,11 @@
-FROM golang:1.19-alpine3.17
+FROM golang:1.20-alpine3.17
 
 ARG DAPPER_HOST_ARCH
 ENV ARCH $DAPPER_HOST_ARCH
 
 RUN apk -U add bash git gcc musl-dev docker vim less file curl wget ca-certificates
 RUN if [ "$(go env GOARCH)" = "amd64" ]; then \
-    curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/v1.45.2/install.sh | sh -s; \
+    curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.52.2; \
     fi
 
 ENV DAPPER_ENV REPO TAG DRONE_TAG

diff --git a/entry b/entry
@@ -117,7 +117,19 @@ helm_repo_init() {
 	fi
 
 	if [[ -n "${REPO}" ]]; then
-		${HELM} repo add ${CA_FILE_ARG} ${NAME%%/*} ${REPO}
+		if [[ -f "${AUTH_DIR}/username" ]] && [[ -f "${AUTH_DIR}/password" ]]; then
+			if [[ "${HELM}" == "helm_v2" ]]; then
+				echo "Repo authentication is not supported with v2 charts" >> ${TERM_LOG}
+				echo "Repo authentication is not supported with v2 charts"
+				exit 1
+			fi
+			if [[ "${AUTH_PASS_CREDENTIALS}" == "true" ]]; then
+				PASS_CREDENTIALS_ARG="--pass-credentials"
+			fi
+			cat ${AUTH_DIR}/password | ${HELM} repo add ${CA_FILE_ARG} ${PASS_CREDENTIALS_ARG} --username "$(cat ${AUTH_DIR}/username)" --password-stdin ${NAME%%/*} ${REPO}
+		else
+			${HELM} repo add ${CA_FILE_ARG} ${NAME%%/*} ${REPO}
+		fi
 		${HELM} repo update
 	fi
 }
@@ -135,6 +147,8 @@ helm_content_decode() {
 }
 
 export CA_FILE=/config/ca-file.pem
+export CA_DIR=/ca-files
+export AUTH_DIR=/auth
 export TERM_LOG=/dev/termination-log
 export SSL_CERT_FILE=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
 export SSL_CERT_DIR=/etc/ssl/certs
@@ -143,6 +157,7 @@ HELM="helm_v3"
 NAME_ARG=""
 CA_FILE_ARG=""
 TIMEOUT_ARG=""
+PASS_CREDENTIALS_ARG=""
 JQ_CMD='"\(.[0].app_version),\(.[0].status)"'
 
 set -e -v
@@ -174,8 +189,20 @@ if [[ "${V2_CHART_EXISTS}" == "1" ]] || [[ "${HELM_VERSION}" == "v2" ]]; then
 	JQ_CMD='"\(.Releases[0].AppVersion),\(.Releases[0].Status)"'
 fi
 
+shopt -s nullglob
+
 if [[ -f "${CA_FILE}" ]]; then
-	CA_FILE_ARG="--ca-file ${CA_FILE}"
+	echo >> /tmp/ca-file.pem
+	cat "${CA_FILE}" >> /tmp/ca-file.pem
+fi
+
+for CA_FILE in ${CA_DIR}/*; do
+	echo >> /tmp/ca-file.pem
+	cat "${CA_FILE}" >> /tmp/ca-file.pem
+done
+
+if [[ -f "/tmp/ca-file.pem" ]]; then
+	CA_FILE_ARG="--ca-file /tmp/ca-file.pem"
 fi
 
 if [[ -n "${TIMEOUT}" ]]; then
@@ -186,8 +213,6 @@ if [[ -n "${TIMEOUT}" ]]; then
 	fi
 fi
 
-shopt -s nullglob
-
 helm_content_decode
 if [[ "$1" != "delete" ]]; then
 	helm_repo_init

diff --git a/package/Dockerfile b/package/Dockerfile
@@ -3,11 +3,11 @@ RUN apk add -U curl ca-certificates
 ARG ARCH
 RUN curl https://get.helm.sh/helm-v2.17.0-linux-${ARCH}.tar.gz | tar xvzf - --strip-components=1 -C /usr/bin
 RUN mv /usr/bin/helm /usr/bin/helm_v2
-RUN curl https://get.helm.sh/helm-v3.10.3-linux-${ARCH}.tar.gz | tar xvzf - --strip-components=1 -C /usr/bin
+RUN curl https://get.helm.sh/helm-v3.11.3-linux-${ARCH}.tar.gz | tar xvzf - --strip-components=1 -C /usr/bin
 RUN mv /usr/bin/helm /usr/bin/helm_v3
 COPY entry /usr/bin/
 
-FROM golang:1.19-alpine3.17 as plugins
+FROM golang:1.20-alpine3.17 as plugins
 RUN apk add -U curl ca-certificates build-base binutils-gold
 ARG ARCH
 COPY --from=extract /usr/bin/helm_v3 /usr/bin/helm