Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --insecure-skip-tls-verify for repositories #7254

Merged
merged 9 commits into from
Mar 3, 2020

Conversation

xvzf
Copy link
Contributor

@xvzf xvzf commented Dec 17, 2019

Fixes #5434

@helm-bot helm-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Dec 17, 2019
@xvzf xvzf force-pushed the add_insecure_skip_tls_verify branch from a7a4f59 to 393fd5f Compare December 17, 2019 22:35
Copy link
Member

@bacongobbler bacongobbler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution. Would you mind writing some tests and documentation to cover this new feature? Thanks.

pkg/repo/chartrepo.go Show resolved Hide resolved
@helm-bot helm-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 18, 2019
Signed-off-by: Matthias Riegler <[email protected]>
xvzf added a commit to xvzf/helm-www that referenced this pull request Dec 18, 2019
Signed-off-by: Matthias Riegler <[email protected]>
@xvzf
Copy link
Contributor Author

xvzf commented Dec 18, 2019

@bacongobbler Test cases are added and I dropped a line to the docs here: helm/helm-www#440

@xvzf xvzf requested a review from bacongobbler December 18, 2019 11:03
@xvzf
Copy link
Contributor Author

xvzf commented Jan 3, 2020

@bacongobbler Can you have a look? I think the docs for this were already merged (maybe on accident?)

@bacongobbler bacongobbler added the v3.x Issues and Pull Requests related to the major version v3 label Jan 8, 2020
@xvzf
Copy link
Contributor Author

xvzf commented Feb 18, 2020

Is there a timeline for this PR? Requested changes are implemented.

@hmisbah
Copy link

hmisbah commented Feb 26, 2020

any update on this ?

@xvzf
Copy link
Contributor Author

xvzf commented Feb 26, 2020

@hmisbah this is done, awaiting merging.

@bacongobbler bacongobbler added this to the 3.2.0 milestone Feb 26, 2020
@bacongobbler
Copy link
Member

bacongobbler commented Feb 26, 2020

I’ve added this to 3.2 so it’s not lost in the noise. Hard to keep track of the PR queue sometimes given its current size :)

I’m currently away for a few days for an internal meeting so I won’t be able to review for a little while. If you can get another maintainer to review that’d be great. Thanks for your patience!

Copy link
Member

@bacongobbler bacongobbler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! One more change then should be good to merge.

pkg/repo/chartrepo.go Outdated Show resolved Hide resolved
@xvzf xvzf requested a review from bacongobbler March 3, 2020 12:58
Copy link
Member

@bacongobbler bacongobbler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Will need a second maintainer’s review before merging due to the size of this PR.

@xvzf
Copy link
Contributor Author

xvzf commented Mar 3, 2020

👍 Great. I can't add anotherone so let's just wait!

@jdolitsky jdolitsky merged commit dc26128 into helm:master Mar 3, 2020
@ghost
Copy link

ghost commented Apr 4, 2020

Nice work! I'm testing this actual solution and the adding to repository seems to work fine but the helm pull still seems to ignore this.

Current configuration:

bamboo@app-bamboo-agent-5:~$ helm repo list
NAME    URL
fluxcd  https://<helm-repository>/repository/helm-fluxcd/

'repositories.yaml' configuration:

apiVersion: ""
generated: "0001-01-01T00:00:00Z"
repositories:
- caFile: ""
  certFile: ""
  insecure_skip_tls_verify: true
  keyFile: ""
  name: fluxcd
  password: ""
  url: https://<helm-repository>/repository/helm-fluxcd/
  username: ""

When pulling the chart we get following error:

bamboo@app-bamboo-agent-5:~$ helm pull fluxcd/flux
Error: Get https://<helm-repository>/repository/helm-fluxcd/flux-1.3.0.tgz: x509: certificate signed by unknown authority

Just making sure by specyfing the repo directly:

bamboo@app-bamboo-agent-5:~$ helm pull fluxcd/flux --repo https://repo.crelan-int.be/repository/helm-fluxcd/
Error: looks like "https://<helm-repository>/repository/helm-fluxcd/" is not a valid chart repository or cannot be reached: Get https://<helm-repository>/repository/helm-fluxcd/index.yaml: x509: certificate signed by unknown authority

Was this insecure feature only meant for adding a repo to helm?

@xvzf
Copy link
Contributor Author

xvzf commented Apr 4, 2020

Thanks for the feedback @Tpx01
I'll have a look at it.

Which helm version are you using?

@xvzf
Copy link
Contributor Author

xvzf commented Apr 4, 2020

I was able to reproduce it; can you open an issue?

I'll address it asap!

@ghost
Copy link

ghost commented Apr 4, 2020

I was able to reproduce it; can you open an issue?

I'll address it asap!

Thanks alot @xvzf ! I've created the ticket: #7875

Le me know if that is enough information to get this going. I'm rather new to the actual code but it looks like the downloader is always using TLS veritification.

@xvzf
Copy link
Contributor Author

xvzf commented Apr 4, 2020

Should be sufficient, I’ll have to figure out where it fails since the getters are configured to respect the option..

kruglovmax added a commit to kruglovmax/helm that referenced this pull request May 8, 2020
* fix(install): use ca file for install (helm#7140)

Fixes a few bugs related to tls config when installing charts:

1. When installing via relative path, tls config for the selected
repository was not being set.

2. The `--ca-file` flag was not being passed when constructing the
downloader.

3. Setting tls config was not checking for zero value in repo
config, causing flag to get overwritten with empty string.

There's still a few oddities here. I would expect that the flag
passed in on the command line would override the repo config, but
that's not currently the case. Also, we always set the cert, key
and ca files as a trio, when they should be set individually
depending on combination of flags / repo config.

Signed-off-by: James McElwain <[email protected]>

* Repair failing unit tests - failure caused by os.Stat return values for directory size on Linux.

Signed-off-by: Pavel Macík <[email protected]>

* Add corresponding unit test to the function in parser.go

Signed-off-by: Guangwen Feng <[email protected]>

* Add hpa boilerplate

Signed-off-by: Naseem <[email protected]>

* Add unit test for Reverse() in pkg/releaseutil.go

Signed-off-by: Dao Cong Tien <[email protected]>

* Use /usr/bin/env for bash

After this change, make works on nixos.

Signed-off-by: Daniel Poelzleithner <[email protected]>

* fix(helm): sort hooks by kind for equal weight

Use the same install order for hooks as for normal resources (non-hooks) for hooks with equal weight.
This makes resource handling more consistent and helps, when there are hook consisting of several resources like e.g. a service account and a job using this service account.

The sort functions are changed from an in place search to an out of place sort to avoid inout parameters.

Closes helm#7416.

Signed-off-by: Daniel Strobusch <[email protected]>

* fixed dependencies processing in case of helm install or upgrade for disabled/enabled sub charts

Signed-off-by: Florian Hopfensperger <[email protected]>

* fix(helm): Don't wait for service to be ready when external IP are set

Resolves helm#7513
As the externalIPs are not managed by k8s (according to the doc: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#servicespec-v1-core) helm should not wait for services  which set al least one externalIPs.

Signed-off-by: Federico Bevione <[email protected]>

* ref(kind_sorter): use an in-place sort for sortManifestsByKind, reduce code duplication

Signed-off-by: Matthew Fisher <[email protected]>

* fix(helm): Reworded logs for clarity

Signed-off-by: Federico Bevione <[email protected]>

* fixed missing bullet

Signed-off-by: Matt Butcher <[email protected]>

* Fix 'helm template' to also print invalid yaml

Signed-off-by: Reinhard Naegele <[email protected]>

* fix(helm): improved logs

Signed-off-by: Federico Bevione <[email protected]>

* fix(kube): use non global Scheme to convert

But instead use a newly initialized Scheme with only Kubernetes native
resources added. This ensures the 3-way-merge patch strategy is not
accidentally chosen for custom resources due to them being added
to the global Scheme by e.g. versioned clients while using Helm as a
package, and not a self-contained binary.

Signed-off-by: Hidde Beydals <[email protected]>

* fix(kube): generate k8s native scheme only once

Signed-off-by: Hidde Beydals <[email protected]>

* Place rendering invalid YAML under --debug flag

Signed-off-by: Reinhard Naegele <[email protected]>

* Pass kube user token via cli, introduce HELM_KUBETOKEN envvar

Signed-off-by: Vibhav Bobade <[email protected]>

* Making fetch-dist get the sha256sum files

Fetching these files is part of the release process. When the new
file type was added this step was missed. It will cause the sign
make target to fail.

Signed-off-by: Matt Farina <[email protected]>

* ref(go.mod): k8s api 0.17.3

Signed-off-by: Rui Chen <[email protected]>

* IsReachable() needs to give detailed error message.

Signed-off-by: ylvmw <[email protected]>

* pkg/gates: add unit test for String

Signed-off-by: Zhou Hao <[email protected]>

* cmd/helm/search_repo: print info to stderr

Signed-off-by: Zhou Hao <[email protected]>

* fix golint failure in pkg/action

Signed-off-by: Song Shukun <[email protected]>

* pkg/helmpath: fix unit test for Windows

Signed-off-by: Song Shukun <[email protected]>

* Adds script to help craft release notes

Signed-off-by: Paul Czarkowski <[email protected]>

* add license headers to release-notes.sh script

Signed-off-by: Paul Czarkowski <[email protected]>

* Pass the apiserver address/port via cli, introduce HELM_KUBEAPISERVER envvar

Signed-off-by: Vibhav Bobade <[email protected]>

* Fix output of list action when it is failed

Signed-off-by: Song Shukun <[email protected]>

* feat(install): introduce --create-namespace

Signed-off-by: Matthew Fisher <[email protected]>

* feat(comp): Move kube-context completion to Go

Signed-off-by: Marc Khouzam <[email protected]>

* Adopt resources into release with correct instance and managed-by labels

Signed-off-by: Jacob LeGrone <[email protected]>

* Alternative: annotation-only solution

Signed-off-by: Jacob LeGrone <[email protected]>

* feat(comp): Static completion for plugins

Allow plugins to optionally specify their sub-cmds and flags through a
simple yaml file.

When generating the completion script with the command
'helm completion <bash|zsh>' (and only then), helm will look for that
yaml file in the plugin's directory.  If the file exists, helm will
create cobra commands and flags so that the completion script will
handle them.

Signed-off-by: Marc Khouzam <[email protected]>

* feat(comp): Dynamic completion for plugins

For each plugin, helm registers a ValidArgsFunction which the completion
script will call when it needs dynamic completion.  This
ValidArgsFunction will setup the plugin environment and then call the
executable `plugin.complete`, if it is provided by the plugin.

The output of the call to `plugin.complete` will be used as completion
choices.  The last line of the output can optionally be used by the
plugin to specify a completion directive.

Signed-off-by: Marc Khouzam <[email protected]>

* feat(tests): Allow to provision memory driver

The memory driver is used for go tests. It can also be used from the
command-line by setting the environment variable HELM_DRIVER=memory.
In the latter case however, there was no way to pre-provision some
releases.

This commit introduces the HELM_MEMORY_DRIVER_DATA variable which
can be used to provide a colon-separated list of yaml files specifying
releases to provision automatically.

For example:
   HELM_DRIVER=memory \
   HELM_MEMORY_DRIVER_DATA=./testdata/releases.yaml \
   helm list --all-namespaces

Signed-off-by: Marc Khouzam <[email protected]>

* fix(helm): add --skipCRDs flag to 'helm upgrade'
When 'helm upgrade --install' is run, this will allow to skip installing CRDs
Closes helm#7452

Signed-off-by: akash-gautam <[email protected]>

* pkg/storage/records: add unit test for Get

Signed-off-by: Zhou Hao <[email protected]>

* pkg/storage/records: add unit test for Index

Signed-off-by: Zhou Hao <[email protected]>

* pkg/storage/records: add unit test for Exists

Signed-off-by: Zhou Hao <[email protected]>

* Printing name of chart that do not have requested import value.

Signed-off-by: Tomas Kohout <[email protected]>

* fix(cmd/helm): upgrade go-shellwords

Removes workaround introduced in helm#7323

Signed-off-by: Adam Reese <[email protected]>

* Fix dep build to be compatiable with Helm 2 when requirements use repo alias

Signed-off-by: Song Shukun <[email protected]>

* Fix golangci-lint errors.

Signed-off-by: Pavel Macík <[email protected]>

* Return "unknown command" error for unknown subcommands

Signed-off-by: Xiangxuan Liu <[email protected]>

* Add test for unknown subcommand

Signed-off-by: Xiangxuan Liu <[email protected]>

* Update README.md

Typo fix: Space missed in Markdown header.

Signed-off-by: Evgeniy Yablokov <[email protected]>

* fix(helm): stdin values for helm upgrade --install

Signed-off-by: Matt Morrissette <[email protected]>

* Fixes verification output on pull command

When using the --verify flag on the pull command the output was
an internal Go object rather than useful detail. This is a bug.
The output new displays who signed the chart along with the
hash.

Fixes helm#7624

Signed-off-by: Matt Farina <[email protected]>

* Add verification output to the verify command

This complements the verification output fixed in helm#7706. On verify
there should be some detail about the verification rather than
no information.

Signed-off-by: Matt Farina <[email protected]>

* fix(ADOPTERS): alphabetize org list (helm#7645)

Signed-off-by: Matthew Fisher <[email protected]>

* add unit test for SecretDelete

Signed-off-by: Zhou Hao <[email protected]>

* add unit test for ConfigMapDelete

Signed-off-by: Zhou Hao <[email protected]>

* fix(helm): respect resource policy on ungrade
Don't delete a resource on upgrade if it is annotated with
helm.io/resource-policy=keep. This can cause data loss for users
if the annotation is ignored(e.g. for a PVC)

Close helm#7677

Signed-off-by: Dong Gang <[email protected]>

* add unit test for RecordsReplace

Signed-off-by: Zhou Hao <[email protected]>

* fix(helm): polish goimport

Signed-off-by: Dong Gang <[email protected]>

* test(helm): fix client update error

Signed-off-by: Dong Gang <[email protected]>

* Save Chart.lock to helm package tar

Signed-off-by: Song Shukun <[email protected]>

* ref(environment): use string checking instead

It is more idiomatic to compare the string against the empty string than to check the string's length.

Signed-off-by: Matthew Fisher <[email protected]>

* Add --insecure-skip-tls-verify for repositories (helm#7254)

* added --insecure-skip-tls-verify for chart repos

Signed-off-by: Matthias Riegler <[email protected]>

* fixed not passing the insecureSkipTLSverify option

Signed-off-by: Matthias Riegler <[email protected]>

* fixed testcase

Signed-off-by: Matthias Riegler <[email protected]>

* pass proxy when using insecureSkipVerify

Signed-off-by: Matthias Riegler <[email protected]>

* Add testcases for insecureSkipVerifyTLS

Signed-off-by: Matthias Riegler <[email protected]>

* added missing err check

Signed-off-by: Matthias Riegler <[email protected]>

* panic after json marshal fails

Signed-off-by: Matthias Riegler <[email protected]>

* fix: add new static linter and fix issues it found (helm#7655)

* fix: add new static linter and fix issues it found

Signed-off-by: Matt Butcher <[email protected]>

* fixed two additional linter errors.

Signed-off-by: Matt Butcher <[email protected]>

* Make the charts cache safe in presence of several Helm instances

If several instances of Helm are run at the same moment and try to download the
same chart, some of them might see an empty or incomplete file in cache. Prevent
that by saving the dowloaded file atomically.

Closes helm#7600

Signed-off-by: Mikhail Gusarov <[email protected]>

* chore(go.mod): run `go mod tidy`

Signed-off-by: Matthew Fisher <[email protected]>

* Use Create method if no resources need to be adopted

Signed-off-by: Jacob LeGrone <[email protected]>

* Port --devel flag from v2 to v3

Helm v2 PR helm#5141

Signed-off-by: Martin Hickey <[email protected]>

* Fix stray modules

Signed-off-by: Martin Hickey <[email protected]>

* Add unit test

Signed-off-by: Martin Hickey <[email protected]>

* Solve the issue helm#7749 where proper formating was not being done if --short(-q) option was used with other formating options like json, yaml

Signed-off-by: Anshul Verma <[email protected]>

* Solve the issue helm#7749 where proper formating was not being done if --short(-q) option was used with other formating options like json, yaml

Signed-off-by: Anshul Verma <[email protected]>

* Solve the issue helm#7749 where proper formating was not being done if --short(-q) option was used with other formating options like json, yaml

Signed-off-by: Anshul Verma <[email protected]>

* fix(install): correct append tls config.

Signed-off-by: James McElwain <[email protected]>

* Fixing issue where archives created on windows have broken paths

When archives are created on windows the path spearator in the
archive file is \\. This causes issues when the file is unpacked.
For example, on Linux the files are unpacked in a flat structure
and \ is part of the file name. This causes comp issues. In Helm
v2 the path was set as / when the archive was written. This works
on both Windows and POSIX systems.

The fix being implemented is to use the ToSlash function to ensure
/ is used as the separator.

Fixes helm#7748

Signed-off-by: Matt Farina <[email protected]>

* Solve the issue helm#7749 where proper formating was not being done if --short(-q) option was used with other formating options like json, yaml

Signed-off-by: Anshul Verma <[email protected]>

* Add more detail to error messages and support a non-force mode in metadata visitor

Signed-off-by: Jacob LeGrone <[email protected]>

* Add tests

Signed-off-by: Jacob LeGrone <[email protected]>

* Correcting links for release notes

Signed-off-by: Bridget Kromhout <[email protected]>

* fix(cli): Make upgrade check if cluster reachable

The 'helm upgrade' command was not checking if the cluster was reachable.
Also, 'helm upgrade --install' first checks if the release exists
already.  If that check fails there is no point in continuing the
upgrade.  This optimization avoids a second timeout of 30 seconds when
trying to do the upgrade.

Signed-off-by: Marc Khouzam <[email protected]>

* Fix a bug in storage/driver/secrets.go Delete() (helm#7348)

* Fix a bug in storage/driver/secrets.go

* Fix a bug in Delete() in storage/driver/cfgmaps.go (helm#7367)

* Add unit test for lint/values.go

Signed-off-by: Kim Bao Long <[email protected]>

* Improve error message to check in unit test

Signed-off-by: Martin Hickey <[email protected]>

* helm create command's templates more consistent

- Removed most right whitespace chomps except those directly following a
  template definition where it make sense to not lead with a blank line.
  The system applied is now to almost always left whitespace chomp but
  also whitespace chomp right if its the first thing in a file or
  template definition.
- Updated indentation to be systematic throughout all the boilerplace
  files.

Signed-off-by: Erik Sundell <[email protected]>

* Snapcraft installation instructions added

Helm is available as a snap - https://snapcraft.io/helm; added this to
the installation options

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* pass subchart notes option to install client

Signed-off-by: Jon Leonard <[email protected]>

* add testing for upgrade --install with subchart notes

Signed-off-by: Jon Leonard <[email protected]>

* Delete unneeded chart output

Signed-off-by: Jon Leonard <[email protected]>

* Add fromYamlArray and fromJsonArray template helpers (helm#7712)

Signed-off-by: Tuan Nguyen <[email protected]>

* fix: update unit test for go 1.14 error string change (helm#7835)

* fix: update unit test for go 1.14 error string change

Signed-off-by: Matt Butcher <[email protected]>

* changed strategy based on conversation with Adam

Signed-off-by: Matt Butcher <[email protected]>

* update test chart to helm3 format

Signed-off-by: Jon Leonard <[email protected]>

* remove unneeded values files from testchart

Signed-off-by: Jon Leonard <[email protected]>

* Add unit test for pkg/chart/chart.go

Signed-off-by: Hu Shuai <[email protected]>

* Improve --show-only flag (helm#7816)

* Improve --show-only flag
* Ensure consistent manifest ordering

* fix(helm): Data race in kube/client Delete func. (helm#7820)

helm uninstall has a data race in its Delete function.
This resolves it using a mutex.

Signed-off-by: Liam Nattrass <[email protected]>

* Avoid downloading same chart multiple times

Signed-off-by: Andrey Voronkov <[email protected]>

* feat: add pod annotations

With the rise of sidecar injectors, pod annotations configuration is becoming more and more important.

Signed-off-by: Naseem <[email protected]>

* feat: allow image tag override

While using the chart version as image tag is the sanest default, it is not uncommon to want to override this if using a custom image, or using helm to manage  an in-house app running different tags across different environments.

Signed-off-by: Naseem <[email protected]>

* Adding notes on semver to create Chart.yaml

The version field in the Chart.yaml has a comment describing it
but it did not note the version needs to follow SemVer. There
have been numerous questions, over time, about this format. Add
note here so it's exposed in more places.

Signed-off-by: Matt Farina <[email protected]>

* fix: fixed bug in Dependency.List() (helm#7852)

* fix: fixed bug in Dependency.List()

A bug in Dependency.List() caused all compressed charts to flag their dependencies as "missing".

Closes helm#4431

Signed-off-by: Matt Butcher <[email protected]>

* removed some files from test fixtures

Signed-off-by: Matt Butcher <[email protected]>

* Implement support for multiple args for repo remove (helm#7791)

* Implement support for multiple args for repo remove

Signed-off-by: Andreas Lindhé <[email protected]>

* Adding template docs to the version command

Signed-off-by: Matt Farina <[email protected]>

* ref(*): kubernetes v1.18 (helm#7831)

Upgrade Kubernetes libraries to v0.18.0

Add new lazy load KubernetesClientSet to avoid missing kubeconfig error

In kubernetes v1.18 kubeconfig validation was added.  Minikube and Kind
both remove kubeconfig when stopping clusters.  This causes and error
when running any helm commands because we initialize the client before
executing the command.

Signed-off-by: Adam Reese <[email protected]>

* chore(comp): Remove unnecessary code

After the introduction of lazy loading of the Kubernetes client as part
of PR helm#7831, there is no longer a need to protect against an incomplete
--kube-context value when doing completion.

Signed-off-by: Marc Khouzam <[email protected]>

* fixed capitalization in a few help messages. (helm#7898)

Signed-off-by: Matt Butcher <[email protected]>

* fix(storage): preserve last deployed revision (helm#7806)

Signed-off-by: Eric Bailey <[email protected]>

* feat(cmd/helm): Update Cobra to 1.0.0 release

Signed-off-by: Marc Khouzam <[email protected]>

* updated help text for install --atomic, which was completely inaccurate (helm#7912)

Signed-off-by: Matt Butcher <[email protected]>

* add unit test for IsRoot

Signed-off-by: Zhou Hao <[email protected]>

* add unit test for ChartPath

Signed-off-by: Zhou Hao <[email protected]>

* add unit test for ChartFullPath

Signed-off-by: Zhou Hao <[email protected]>

* add unit test for metadata Validate

Signed-off-by: Zhou Hao <[email protected]>

* docs: Update inline docs on action/upgrade.go (helm#7834)

* docs: Update inline docs on action/upgrade.go

Signed-off-by: Matt Butcher <[email protected]>

* clarify atomic and cleanup-on-fail

Signed-off-by: Matt Butcher <[email protected]>

* updated the post-render documentation on action.Upgrade

Signed-off-by: Matt Butcher <[email protected]>

* Add unit test for Secrets/ConfigMaps (helm#7765)

* test(pkg/storage/secrets): make MockSecretsInterface.List follow ListOptions

Signed-off-by: Lu Fengqi <[email protected]>

* test(pkg/storage/secrets): add unit test for Secrets.Query

Signed-off-by: Lu Fengqi <[email protected]>

* test(pkg/storage/cfgmaps): make MockConfigMapsInterface.List follow ListOptions

Signed-off-by: Lu Fengqi <[email protected]>

* test(pkg/storage/cfgmaps): add unit test for ConfigMaps.Query

Signed-off-by: Lu Fengqi <[email protected]>

* fix(tests): fix broken unit tests in storage (helm#7928)

* fix(pkg/kube): continue deleting objects when one fails

* Continue deleting objects when one fails to minimize the risk of an
  upgrade ending in an unrecoverable state
* Exclude failed deleted object from the returned result set

Signed-off-by: Adam Reese <[email protected]>

* Add an improved user error message for removed k8s apis

The error message returned from Kubernetes when APIs are
removed is not very informative. This PR adds additional
information to the user. It covers the current release manifest
APIs.

Partial helm#7219

Signed-off-by: Martin Hickey <[email protected]>

* test: forward-port regression test from Helm 2 (helm#7927)

Signed-off-by: Matt Butcher <[email protected]>

* add softonic to adopters (helm#7918)

Signed-off-by: Riccardo Piccoli <[email protected]>

Co-authored-by: Riccardo Piccoli <[email protected]>

* Make get script eaiser for helm versions to live side by side (helm3 etc) (helm#7752)

* Make get script eaiser for helm versions to live side by side (helm3 etc)

Signed-off-by: Scott Rigby <[email protected]>

* Change PROJECT_NAME to BINARY_NAME for purpose clarity

Signed-off-by: Scott Rigby <[email protected]>

* fix: rebuild chart after dependency update on install (helm#7897)

* fix: rebuild chart after dependency update on install

Signed-off-by: Matt Butcher <[email protected]>

* add correct debug settings

Signed-off-by: Matt Butcher <[email protected]>

* add unit test for function FindPlugins

Signed-off-by: ZouYu <[email protected]>

* Updating sprig and semver to newer versions

Note, there is an issue with a dependency of sprig changing
behavior. A test has been added with a description to catch if a
behavior breaking change of mergo is used.

See darccio/mergo#139 for the mergo
issue and sprig for further details on handling this in the
future.

Closes  helm#7533

Signed-off-by: Matt Farina <[email protected]>

* Fix nested null value overrides (helm#7743)

* Fix nested null value overrides

Signed-off-by: Mingxiang Xue <[email protected]>

* Fix subchart value deletion

Signed-off-by: Mingxiang Xue <[email protected]>

* fix: Fixed a regression that was introduced with changed nil handling (helm#7938)

Signed-off-by: Matt Butcher <[email protected]>

* Migrate SQL storage driver to Helm 3 (helm#7635)

* Migrate SQL storage driver to Helm 3

Signed-off-by: Elliot Maincourt <[email protected]>

* Update pkg/storage/driver/sql.go

Co-Authored-By: Sebastian Pöhn <[email protected]>
Signed-off-by: Elliot Maincourt <[email protected]>

* Add authentication to releases_v3

Signed-off-by: Elliot Maincourt <[email protected]>

* Fix migration

Signed-off-by: Elliot Maincourt <[email protected]>

* Template the init migration

Signed-off-by: Elliot Maincourt <[email protected]>

* Prevent potential SQL injection

Signed-off-by: Elliot Maincourt <[email protected]>

* Use an SQL querybuilder

Signed-off-by: Elliot Maincourt <[email protected]>

* Remove references to HELM_DRIVER_SQL_DIALECT

Signed-off-by: Elliot Maincourt <[email protected]>

Co-authored-by: Sebastian Pöhn <[email protected]>
Co-authored-by: Matt Butcher <[email protected]>

* fix: removed inaccurate comment (helm#7937)

Signed-off-by: Matt Butcher <[email protected]>

* Updating get stripts to skip pre-releases

A recent change to the get scripts causes them to pickup
pre-releases in addition to stable releases. This update causes
only stable releases to be fetched by the get scripts.

Fixed helm#7941

Signed-off-by: Matt Farina <[email protected]>

* fix(helm): allow a previously failed release to be upgraded (helm#7653)

Signed-off-by: Matt Morrissette <[email protected]>

* fs_test: use os.Getuid() instead user.Current() to determine if a test is executed with root privileges.

This change lower the expectations on test env setup, i.e. tests could be executed in a container under a random UID,
without require an user in /etc/passwd

Signed-off-by: Predrag Knezevic <[email protected]>

* Parse reference templates in predictable order (helm#7702)

* Parse reference templates in predictable order

Fix issue helm#7701

Signed-off-by: Andre Sencioles <[email protected]>

* Add test case for issue helm#7701 regression

Signed-off-by: Andre Sencioles <[email protected]>

* gofmt

Signed-off-by: Andre Sencioles <[email protected]>

* fix linting error with lookup function (helm#7969)

Signed-off-by: Matt Butcher <[email protected]>

* fix(pkg/plugin): copy plugins directly to the data directory (helm#7962)

Copy plugins from the cache rather than create a symlink.

fixes: helm#7206

Signed-off-by: Adam Reese <[email protected]>

* Helm upgrades with --reuse-values and nil user values -- with tests (helm#7959)

* return the new values if modifications dont yet exist

Signed-off-by: David Pait <[email protected]>

* fix tests

Signed-off-by: David Pait <[email protected]>

* removed outter if statement as its not needed now

Signed-off-by: David Pait <[email protected]>

* fix(*): remove bom in utf files when loading chart files (helm#6081)

Removes the BOM prefix if present, in read files before
processing the data.
Affects the following pkg:
- pkg/chart/loader: directory and archive loader
- internal/ignore: when loading .helmignore file

Signed-off-by: Thomas FREYSS <[email protected]>

* fix(cmd/env): make helm env command respect cli flags (helm#7978)

Running `helm env` should respect cli flag overrides.

Signed-off-by: Adam Reese <[email protected]>

* fix(pkg/cli): ensure correct configuration from kubeconfig file

Bind Helm flags to Kubernetes configuration loader to get a merged
config with kubeconfig.

Fixes: helm#7539

Signed-off-by: Adam Reese <[email protected]>

* Modify Circle config to use Go 1.14 (helm#7980)

Signed-off-by: Josh Dolitsky <[email protected]>

* Fixing docs from version to appVersion (helm#7975)

In the created chart from `helm create` is notes a tag overrides
version. It actually overrides appVersion. Updating the docs
to reflect reality.

Signed-off-by: Matt Farina <[email protected]>

* test: add test for bom test data integrity

Signed-off-by: Thomas FREYSS <[email protected]>

* fix: write index.yaml file atomically (helm#7954)

* fix: write index.yaml file atomically

This refactors the already-existing `AtomicWriteFile` utility
to a central location and uses it to write index files
atomically.
This is done to avoid having half-written index files break
client requests.

Drive-bys:
  - Add test for AtomicWriteFile.
  - Add test IndexFile.WriteFile.
Signed-off-by: rabadin <[email protected]>

* Review fix: use RenameWithFallback instead of os.Rename

Signed-off-by: rabadin <[email protected]>

Co-authored-by: rabadin <[email protected]>

* Add unit test for pkg/chart/chart.go

Signed-off-by: Hu Shuai <[email protected]>

* Adding PR template from dev-v2 branch

Signed-off-by: Bridget Kromhout <[email protected]>

* Updating CONTRIBUTING to match current practice

Signed-off-by: Bridget Kromhout <[email protected]>

* Fix : Prints empty list in json/yaml is no repositories are present (helm#7949)

* Prints empty repolist in json/yaml if there are no repos and output format is given as json/yaml rather that printing the error msg "no repositories to show"

Signed-off-by: Anshul Verma <[email protected]>

* Prints empty repolist in json/yaml if there are no repos and output format is given as json/yaml rather that printing the error msg "no repositories to show"

Signed-off-by: Anshul Verma <[email protected]>

* feat: lint the names of templated resources (helm#8011)

Signed-off-by: Matt Butcher <[email protected]>

* Add support for using OCI references as the dependency repository

Signed-off-by: Leo Sjöberg <[email protected]>

* fix accidental bug in chart saving and fix linting

Signed-off-by: Leo Sjöberg <[email protected]>

* add tests and URL fallback handling

Signed-off-by: Leo Sjöberg <[email protected]>

* extract oci to its own constant

Signed-off-by: Leo Sjöberg <[email protected]>

* refactor to a GetWithDetails method

Signed-off-by: Leo Sjöberg <[email protected]>

* fix GetWithDetails tests

Signed-off-by: Leo Sjöberg <[email protected]>

* fix tests

Signed-off-by: Leo Sjöberg <[email protected]>

* rename ChartContent to Content and use naked return

Signed-off-by: Leo Sjöberg <[email protected]>

* move URL and filename handling into the downloader

Signed-off-by: Leo Sjöberg <[email protected]>

* fix imports

Signed-off-by: Leo Sjöberg <[email protected]>

* use old filepath.join behavior to avoid calling it twice

Signed-off-by: Leo Sjöberg <[email protected]>

Co-authored-by: James McElwain <[email protected]>
Co-authored-by: Pavel Macík <[email protected]>
Co-authored-by: Guangwen Feng <[email protected]>
Co-authored-by: Naseem <[email protected]>
Co-authored-by: Dao Cong Tien <[email protected]>
Co-authored-by: Daniel Poelzleithner <[email protected]>
Co-authored-by: Daniel Strobusch <[email protected]>
Co-authored-by: Florian Hopfensperger <[email protected]>
Co-authored-by: Federico Bevione <[email protected]>
Co-authored-by: Matthew Fisher <[email protected]>
Co-authored-by: Matt Butcher <[email protected]>
Co-authored-by: Reinhard Naegele <[email protected]>
Co-authored-by: Hidde Beydals <[email protected]>
Co-authored-by: Vibhav Bobade <[email protected]>
Co-authored-by: Matt Farina <[email protected]>
Co-authored-by: Rui Chen <[email protected]>
Co-authored-by: ylvmw <[email protected]>
Co-authored-by: Zhou Hao <[email protected]>
Co-authored-by: Martin Hickey <[email protected]>
Co-authored-by: Song Shukun <[email protected]>
Co-authored-by: Taylor Thomas <[email protected]>
Co-authored-by: Adam Reese <[email protected]>
Co-authored-by: Paul Czarkowski <[email protected]>
Co-authored-by: Marc Khouzam <[email protected]>
Co-authored-by: Jacob LeGrone <[email protected]>
Co-authored-by: akash-gautam <[email protected]>
Co-authored-by: Tomáš Kohout <[email protected]>
Co-authored-by: Adam Reese <[email protected]>
Co-authored-by: Xiangxuan Liu <[email protected]>
Co-authored-by: Evgenii Iablokov <[email protected]>
Co-authored-by: Matt Morrissette <[email protected]>
Co-authored-by: Dong Gang <[email protected]>
Co-authored-by: Matthias Riegler <[email protected]>
Co-authored-by: Mikhail Gusarov <[email protected]>
Co-authored-by: Anshul Verma <[email protected]>
Co-authored-by: Bridget Kromhout <[email protected]>
Co-authored-by: tiendc <[email protected]>
Co-authored-by: Kim Bao Long <[email protected]>
Co-authored-by: Erik Sundell <[email protected]>
Co-authored-by: Ihor Dvoretskyi <[email protected]>
Co-authored-by: Jon Leonard <[email protected]>
Co-authored-by: Tuan <[email protected]>
Co-authored-by: Hu Shuai <[email protected]>
Co-authored-by: Mario Valderrama <[email protected]>
Co-authored-by: lnattrass <[email protected]>
Co-authored-by: Andrey Voronkov <[email protected]>
Co-authored-by: Naseem <[email protected]>
Co-authored-by: Andreas Lindhé <[email protected]>
Co-authored-by: Eric Bailey <[email protected]>
Co-authored-by: Lu Fengqi <[email protected]>
Co-authored-by: Riccardo Piccoli <[email protected]>
Co-authored-by: Riccardo Piccoli <[email protected]>
Co-authored-by: Scott Rigby <[email protected]>
Co-authored-by: ZouYu <[email protected]>
Co-authored-by: uzxmx <[email protected]>
Co-authored-by: Elliot Maincourt <[email protected]>
Co-authored-by: Sebastian Pöhn <[email protected]>
Co-authored-by: Predrag Knezevic <[email protected]>
Co-authored-by: Andre Sencioles <[email protected]>
Co-authored-by: David Pait <[email protected]>
Co-authored-by: Thomas FREYSS <[email protected]>
Co-authored-by: Josh Dolitsky <[email protected]>
Co-authored-by: Raphaël <[email protected]>
Co-authored-by: rabadin <[email protected]>
Co-authored-by: Anshul Verma <[email protected]>
Co-authored-by: Leo Sjöberg <[email protected]>
hunsche pushed a commit to hunsche/helm that referenced this pull request Oct 2, 2020
* added --insecure-skip-tls-verify for chart repos

Signed-off-by: Matthias Riegler <[email protected]>

* fixed not passing the insecureSkipTLSverify option

Signed-off-by: Matthias Riegler <[email protected]>

* fixed testcase

Signed-off-by: Matthias Riegler <[email protected]>

* pass proxy when using insecureSkipVerify

Signed-off-by: Matthias Riegler <[email protected]>

* Add testcases for insecureSkipVerifyTLS

Signed-off-by: Matthias Riegler <[email protected]>

* added missing err check

Signed-off-by: Matthias Riegler <[email protected]>

* panic after json marshal fails

Signed-off-by: Matthias Riegler <[email protected]>
Signed-off-by: Matheus Hunsche <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature size/L Denotes a PR that changes 100-499 lines, ignoring generated files. v3.x Issues and Pull Requests related to the major version v3
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Need support for --insecure-skip-tls-verify
6 participants