From 7b14d9309ec95de789448b1f70e922fb0df6b528 Mon Sep 17 00:00:00 2001 From: Vincent Desjardins Date: Wed, 11 Jul 2018 13:31:30 +0000 Subject: [PATCH] add TLS certificate support --- cmd/helpers.go | 79 +++++++++++++++++++++++++++++++++++++++++++++++++ cmd/revision.go | 16 ++++++---- cmd/rollback.go | 10 +++++-- cmd/upgrade.go | 7 ++++- 4 files changed, 104 insertions(+), 8 deletions(-) create mode 100644 cmd/helpers.go diff --git a/cmd/helpers.go b/cmd/helpers.go new file mode 100644 index 00000000..ddc88eb8 --- /dev/null +++ b/cmd/helpers.go @@ -0,0 +1,79 @@ +package cmd + +import ( + "fmt" + "os" + "path/filepath" + + "k8s.io/client-go/util/homedir" + + flag "github.com/spf13/pflag" + "k8s.io/helm/pkg/helm" + helm_env "k8s.io/helm/pkg/helm/environment" + "k8s.io/helm/pkg/tlsutil" +) + +const ( + tlsCaCertDefault = "$HELM_HOME/ca.pem" + tlsCertDefault = "$HELM_HOME/cert.pem" + tlsKeyDefault = "$HELM_HOME/key.pem" +) + +var ( + settings helm_env.EnvSettings + DefaultHelmHome = filepath.Join(homedir.HomeDir(), ".helm") + + tlsCaCertFile string // path to TLS CA certificate file + tlsCertFile string // path to TLS certificate file + tlsKeyFile string // path to TLS key file + tlsVerify bool // enable TLS and verify remote certificates + tlsEnable bool // enable TLS +) + +func addCommonCmdOptions(f *flag.FlagSet) { + f.StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file") + f.StringVar(&tlsCertFile, "tls-cert", tlsCertDefault, "path to TLS certificate file") + f.StringVar(&tlsKeyFile, "tls-key", tlsKeyDefault, "path to TLS key file") + f.BoolVar(&tlsVerify, "tls-verify", false, "enable TLS for request and verify remote") + f.BoolVar(&tlsEnable, "tls", false, "enable TLS for request") + + f.StringVar((*string)(&settings.Home), "home", DefaultHelmHome, "location of your Helm config. Overrides $HELM_HOME") +} + +func createHelmClient() helm.Interface { + options := []helm.Option{helm.Host(os.Getenv("TILLER_HOST")), helm.ConnectTimeout(int64(30))} + + if tlsVerify || tlsEnable { + if tlsCaCertFile == "" { + tlsCaCertFile = settings.Home.TLSCaCert() + } + if tlsCertFile == "" { + tlsCertFile = settings.Home.TLSCert() + } + if tlsKeyFile == "" { + tlsKeyFile = settings.Home.TLSKey() + } + + tlsopts := tlsutil.Options{KeyFile: tlsKeyFile, CertFile: tlsCertFile, InsecureSkipVerify: true} + if tlsVerify { + tlsopts.CaCertFile = tlsCaCertFile + tlsopts.InsecureSkipVerify = false + } + + tlscfg, err := tlsutil.ClientConfig(tlsopts) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(2) + } + + options = append(options, helm.WithTLS(tlscfg)) + } + + return helm.NewClient(options...) +} + +func expandTLSPaths() { + tlsCaCertFile = os.ExpandEnv(tlsCaCertFile) + tlsCertFile = os.ExpandEnv(tlsCertFile) + tlsKeyFile = os.ExpandEnv(tlsKeyFile) +} diff --git a/cmd/revision.go b/cmd/revision.go index b0e35d7d..2e4d7379 100644 --- a/cmd/revision.go +++ b/cmd/revision.go @@ -23,16 +23,16 @@ type revision struct { const revisionCmdLongUsage = ` This command compares the manifests details of a named release. -It can be used to compare the manifests of - +It can be used to compare the manifests of + - lastest REVISION with specified REVISION $ helm diff revision [flags] RELEASE REVISION1 - Example: + Example: $ helm diff revision my-release 2 - REVISION1 with REVISION2 $ helm diff revision [flags] RELEASE REVISION1 REVISION2 - Example: + Example: $ helm diff revision my-release 2 3 ` @@ -42,6 +42,9 @@ func revisionCmd() *cobra.Command { Use: "revision [flags] RELEASE REVISION1 [REVISION2]", Short: "Shows diff between revision's manifests", Long: revisionCmdLongUsage, + PersistentPreRun: func(*cobra.Command, []string) { + expandTLSPaths() + }, RunE: func(cmd *cobra.Command, args []string) error { if v, _ := cmd.Flags().GetBool("version"); v { fmt.Println(Version) @@ -62,7 +65,7 @@ func revisionCmd() *cobra.Command { diff.release = args[0] diff.revisions = args[1:] if diff.client == nil { - diff.client = helm.NewClient(helm.Host(os.Getenv("TILLER_HOST")), helm.ConnectTimeout(int64(30))) + diff.client = createHelmClient() } return diff.differentiate() }, @@ -72,6 +75,9 @@ func revisionCmd() *cobra.Command { revisionCmd.Flags().StringArrayVar(&diff.suppressedKinds, "suppress", []string{}, "allows suppression of the values listed in the diff output") revisionCmd.Flags().IntVarP(&diff.outputContext, "context", "C", -1, "output NUM lines of context around changes") revisionCmd.SuggestionsMinimumDistance = 1 + + addCommonCmdOptions(revisionCmd.Flags()) + return revisionCmd } diff --git a/cmd/rollback.go b/cmd/rollback.go index 0eeb2cc3..a9b03bcc 100644 --- a/cmd/rollback.go +++ b/cmd/rollback.go @@ -20,7 +20,7 @@ type rollback struct { } const rollbackCmdLongUsage = ` -This command compares the laset manifests details of a named release +This command compares the laset manifests details of a named release with specific revision values to rollback. It forecasts/visualizes changes, that a helm rollback could perform. @@ -33,6 +33,9 @@ func rollbackCmd() *cobra.Command { Short: "Show a diff explaining what a helm rollback could perform", Long: rollbackCmdLongUsage, Example: " helm diff rollback my-release 2", + PersistentPreRun: func(*cobra.Command, []string) { + expandTLSPaths() + }, RunE: func(cmd *cobra.Command, args []string) error { if v, _ := cmd.Flags().GetBool("version"); v { fmt.Println(Version) @@ -51,7 +54,7 @@ func rollbackCmd() *cobra.Command { diff.revisions = args[1:] if diff.client == nil { - diff.client = helm.NewClient(helm.Host(os.Getenv("TILLER_HOST")), helm.ConnectTimeout(int64(30))) + diff.client = createHelmClient() } return diff.backcast() @@ -62,6 +65,9 @@ func rollbackCmd() *cobra.Command { rollbackCmd.Flags().StringArrayVar(&diff.suppressedKinds, "suppress", []string{}, "allows suppression of the values listed in the diff output") rollbackCmd.Flags().IntVarP(&diff.outputContext, "context", "C", -1, "output NUM lines of context around changes") rollbackCmd.SuggestionsMinimumDistance = 1 + + addCommonCmdOptions(rollbackCmd.Flags()) + return rollbackCmd } diff --git a/cmd/upgrade.go b/cmd/upgrade.go index b018cdfc..efc82617 100644 --- a/cmd/upgrade.go +++ b/cmd/upgrade.go @@ -44,6 +44,9 @@ func newChartCommand() *cobra.Command { Args: func(cmd *cobra.Command, args []string) error { return checkArgsLength(len(args), "release name", "chart path") }, + PersistentPreRun: func(*cobra.Command, []string) { + expandTLSPaths() + }, RunE: func(cmd *cobra.Command, args []string) error { if q, _ := cmd.Flags().GetBool("suppress-secrets"); q { @@ -53,7 +56,7 @@ func newChartCommand() *cobra.Command { diff.release = args[0] diff.chart = args[1] if diff.client == nil { - diff.client = helm.NewClient(helm.Host(os.Getenv("TILLER_HOST")), helm.ConnectTimeout(int64(30))) + diff.client = createHelmClient() } return diff.run() }, @@ -70,6 +73,8 @@ func newChartCommand() *cobra.Command { f.StringArrayVar(&diff.suppressedKinds, "suppress", []string{}, "allows suppression of the values listed in the diff output") f.IntVarP(&diff.outputContext, "context", "C", -1, "output NUM lines of context around changes") + addCommonCmdOptions(f) + return cmd }