fix: Allow TLS to pull chart from OCI repository (#804)

This fix allows us to test the `serve bundle` command using a TLS client. Previously, we created our own registryClient. We were responsible for configuring TLS for the client, but did not. We now allow helm to create the client for us. Because we previously did not customize the client in any way, we only gain functionality, and lose none. --------- Co-authored-by: Jimmi Dyson <[email protected]>
mesosphere · Nov 11, 2024 · 8687f4e · 8687f4e
1 parent 2f2e324
commit 8687f4e
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 33 deletions.
diff --git a/cmd/mindthegap/create/bundle/bundle.go b/cmd/mindthegap/create/bundle/bundle.go
@@ -400,7 +400,6 @@ func pullCharts(
 					repoConfig.RepoURL,
 					chartName,
 					chartVersion,
-					[]helm.ConfigOpt{helm.RegistryClientConfigOpt()},
 					opts...,
 				)
 				if err != nil {

diff --git a/helm/client.go b/helm/client.go
@@ -99,38 +99,12 @@ func CAFileOpt(caFile string) action.PullOpt {
 	}
 }
 
-type ConfigOpt func(*action.Configuration) error
-
-func RegistryClientConfigOpt(opts ...registry.ClientOption) ConfigOpt {
-	return func(cfg *action.Configuration) error {
-		cl, err := registry.NewClient(opts...)
-		if err != nil {
-			return fmt.Errorf("failed to create registry client: %w", err)
-		}
-
-		cfg.RegistryClient = cl
-
-		return nil
-	}
-}
-
 func (c *Client) GetChartFromRepo(
 	outputDir, repoURL, chartName, chartVersion string,
-	configOpts []ConfigOpt,
 	extraPullOpts ...action.PullOpt,
 ) (string, error) {
 	cfg := &action.Configuration{Log: c.out.V(4).Infof}
 
-	if registry.IsOCI(chartName) {
-		configOpts = append([]ConfigOpt{RegistryClientConfigOpt()}, configOpts...)
-	}
-
-	for _, f := range configOpts {
-		if err := f(cfg); err != nil {
-			return "", fmt.Errorf("failed to configure helm client: %w", err)
-		}
-	}
-
 	pull := action.NewPullWithOpts(
 		append(
 			extraPullOpts,

diff --git a/test/e2e/helmbundle/helpers/helpers.go b/test/e2e/helmbundle/helpers/helpers.go
@@ -194,7 +194,6 @@ func ValidateChartIsAvailable(
 		"",
 		fmt.Sprintf("%s://%s:%d/charts/%s", helm.OCIScheme, addr, port, chartName),
 		chartVersion,
-		[]helm.ConfigOpt{helm.RegistryClientConfigOpt()},
 		pullOpts...,
 	)
 	gomega.ExpectWithOffset(1, err).NotTo(gomega.HaveOccurred())

diff --git a/test/e2e/helmbundle/serve_bundle_test.go b/test/e2e/helmbundle/serve_bundle_test.go
@@ -22,7 +22,7 @@ import (
 	"github.com/mesosphere/mindthegap/test/e2e/helmbundle/helpers"
 )
 
-var _ = Describe("Serve Bundle", func() {
+var _ = Describe("Serve Helm Bundle", func() {
 	var (
 		bundleFile string
 		cmd        *cobra.Command
@@ -93,7 +93,7 @@ var _ = Describe("Serve Bundle", func() {
 		ipAddr := helpers.GetFirstNonLoopbackIP(GinkgoT())
 
 		tempCertDir := GinkgoT().TempDir()
-		_, _, certFile, keyFile := helpers.GenerateCertificateAndKeyWithIPSAN(
+		caCertFile, _, certFile, keyFile := helpers.GenerateCertificateAndKeyWithIPSAN(
 			GinkgoT(),
 			tempCertDir,
 			ipAddr,
@@ -126,8 +126,9 @@ var _ = Describe("Serve Bundle", func() {
 
 		helpers.WaitForTCPPort(GinkgoT(), ipAddr.String(), port)
 
-		// TODO Reenable once Helm supports custom CA certs and self-signed certs.
-		// helpers.ValidateChartIsAvailable(GinkgoT(), "127.0.0.1", port, "podinfo", "6.2.0", helm.CAFileOpt(caCertFile))
+		helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "podinfo", "6.2.0", helm.CAFileOpt(caCertFile))
+
+		helpers.ValidateChartIsAvailable(GinkgoT(), ipAddr.String(), port, "node-feature-discovery", "0.15.2", helm.CAFileOpt(caCertFile))
 
 		close(stopCh)
 

diff --git a/test/e2e/imagebundle/serve_bundle_test.go b/test/e2e/imagebundle/serve_bundle_test.go
@@ -26,7 +26,7 @@ import (
 	"github.com/mesosphere/mindthegap/test/e2e/imagebundle/helpers"
 )
 
-var _ = Describe("Serve Bundle", func() {
+var _ = Describe("Serve Image Bundle", func() {
 	var (
 		bundleFile string
 		cmd        *cobra.Command