From d1f57ee18c9a1fb255cd12d722ffe0846b810076 Mon Sep 17 00:00:00 2001 From: Suresh Palemoni Date: Fri, 7 Feb 2025 15:55:28 +0400 Subject: [PATCH] make helm install with insecure tls Signed-off-by: Suresh Palemoni --- helm/data_helm_template.go | 10 ++++++++++ helm/data_helm_template_test.go | 28 ++++++++++++++++++++++++++ helm/resource_helm_release.go | 15 ++++++++++++-- helm/resource_helm_release_test.go | 32 ++++++++++++++++++++++++++++++ 4 files changed, 83 insertions(+), 2 deletions(-) diff --git a/helm/data_helm_template.go b/helm/data_helm_template.go index f4fdd2dda..8deda2966 100644 --- a/helm/data_helm_template.go +++ b/helm/data_helm_template.go @@ -98,6 +98,7 @@ type HelmTemplateModel struct { Version types.String `tfsdk:"version"` Verify types.Bool `tfsdk:"verify"` Wait types.Bool `tfsdk:"wait"` + Insecure types.Bool `tfsdk:"insecure"` } // SetValue represents the custom value to be merged with the Helm chart values @@ -380,6 +381,10 @@ func (d *HelmTemplate) Schema(ctx context.Context, req datasource.SchemaRequest, Optional: true, Description: "Will wait until all resources are in a ready state before marking the release as successful.", }, + "insecure": schema.BoolAttribute{ + Optional: true, + Description: "If set to true, the helm client will not verify the SSL certificate of the chart repository.", + }, }, } } @@ -467,6 +472,9 @@ func (d *HelmTemplate) Read(ctx context.Context, req datasource.ReadRequest, res } state.Namespace = types.StringValue(defaultNamespace) } + if state.Insecure.IsNull() || state.Insecure.IsUnknown() { + state.Insecure = types.BoolValue(false) + } meta := d.meta @@ -570,6 +578,7 @@ func (d *HelmTemplate) Read(ctx context.Context, req datasource.ReadRequest, res client.Devel = state.Devel.ValueBool() client.Description = state.Description.ValueString() client.CreateNamespace = state.CreateNamespace.ValueBool() + client.InsecureSkipTLSverify = state.Insecure.ValueBool() if state.KubeVersion.ValueString() != "" { parsedVer, err := chartutil.ParseKubeVersion(state.KubeVersion.ValueString()) @@ -851,6 +860,7 @@ func chartPathOptionsModel(model *HelmTemplateModel, meta *Meta, cpo *action.Cha cpo.Username = model.RepositoryUsername.ValueString() cpo.Password = model.RepositoryPassword.ValueString() cpo.PassCredentialsAll = model.PassCredentials.ValueBool() + cpo.InsecureSkipTLSverify = model.Insecure.ValueBool() return cpo, chartName, diags } diff --git a/helm/data_helm_template_test.go b/helm/data_helm_template_test.go index f2611f083..79d541525 100644 --- a/helm/data_helm_template_test.go +++ b/helm/data_helm_template_test.go @@ -235,6 +235,21 @@ func TestAccDataTemplate_kubeVersion(t *testing.T) { }) } +func TestAccDataTemplate_insecure(t *testing.T) { + name := randName("insecure") + namespace := randName(testNamespacePrefix) + + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: protoV6ProviderFactories(), + Steps: []resource.TestStep{{ + Config: testAccDataHelmTemplateInsecure(testResourceName, namespace, name, "1.2.3"), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr(fmt.Sprintf("data.helm_template.%s", testResourceName), "insecure", "true"), + ), + }}, + }) +} + func testAccDataHelmTemplateConfigBasic(resource, ns, name, version string) string { return fmt.Sprintf(` data "helm_template" "%s" { @@ -330,3 +345,16 @@ func testAccDataHelmTemplateCRDs(resource, ns, name, version string) string { } `, resource, name, ns, testRepositoryURL, version) } + +func testAccDataHelmTemplateInsecure(resource, ns, name, version string) string { + return fmt.Sprintf(` + data "helm_template" "%s" { + name = %q + namespace = %q + repository = %q + chart = "test-chart" + version = %q + insecure = true + } + `, resource, name, ns, testRepositoryURL, version) +} diff --git a/helm/resource_helm_release.go b/helm/resource_helm_release.go index 4e34e8f2b..30f40c711 100644 --- a/helm/resource_helm_release.go +++ b/helm/resource_helm_release.go @@ -102,6 +102,7 @@ type HelmReleaseModel struct { Version types.String `tfsdk:"version"` Wait types.Bool `tfsdk:"wait"` WaitForJobs types.Bool `tfsdk:"wait_for_jobs"` + Insecure types.Bool `tfsdk:"insecure"` } var defaultAttributes = map[string]interface{}{ @@ -126,6 +127,7 @@ var defaultAttributes = map[string]interface{}{ "verify": false, "wait": true, "wait_for_jobs": false, + "insecure": false, } type releaseMetaData struct { @@ -509,6 +511,12 @@ func (r *HelmRelease) Schema(ctx context.Context, req resource.SchemaRequest, re Default: booldefault.StaticBool(defaultAttributes["wait_for_jobs"].(bool)), Description: "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful.", }, + "insecure": schema.BoolAttribute{ + Optional: true, + Computed: true, + Default: booldefault.StaticBool(defaultAttributes["insecure"].(bool)), + Description: "If set to true, the helm client will not verify the SSL certificate of the chart repository.", + }, "set": schema.ListNestedAttribute{ Description: "Custom values to be merged with the values", Optional: true, @@ -723,6 +731,7 @@ func (r *HelmRelease) Create(ctx context.Context, req resource.CreateRequest, re client.Replace = state.Replace.ValueBool() client.Description = state.Description.ValueString() client.CreateNamespace = state.CreateNamespace.ValueBool() + client.InsecureSkipTLSverify = state.Insecure.ValueBool() if state.PostRender != nil { binaryPath := state.PostRender.BinaryPath.ValueString() @@ -925,6 +934,7 @@ func (r *HelmRelease) Update(ctx context.Context, req resource.UpdateRequest, re client.MaxHistory = int(plan.MaxHistory.ValueInt64()) client.CleanupOnFail = plan.CleanupOnFail.ValueBool() client.Description = plan.Description.ValueString() + client.InsecureSkipTLSverify = plan.Insecure.ValueBool() if plan.PostRender != nil { binaryPath := plan.PostRender.BinaryPath.ValueString() @@ -1083,7 +1093,7 @@ func chartPathOptions(model *HelmReleaseModel, meta *Meta, cpo *action.ChartPath cpo.Username = model.RepositoryUsername.ValueString() cpo.Password = model.RepositoryPassword.ValueString() cpo.PassCredentialsAll = model.PassCredentials.ValueBool() - + cpo.InsecureSkipTLSverify = model.Insecure.ValueBool() return cpo, chartName, diags } @@ -1719,6 +1729,7 @@ func (r *HelmRelease) ModifyPlan(ctx context.Context, req resource.ModifyPlanReq install.Description = plan.Description.ValueString() install.CreateNamespace = plan.CreateNamespace.ValueBool() install.PostRenderer = client.PostRenderer + install.InsecureSkipTLSverify = plan.Insecure.ValueBool() values, diags := getValues(ctx, &plan) resp.Diagnostics.Append(diags...) @@ -1797,7 +1808,7 @@ func (r *HelmRelease) ModifyPlan(ctx context.Context, req resource.ModifyPlanReq upgrade.CleanupOnFail = plan.CleanupOnFail.ValueBool() upgrade.Description = plan.Description.ValueString() upgrade.PostRenderer = client.PostRenderer - + upgrade.InsecureSkipTLSverify = plan.Insecure.ValueBool() values, diags := getValues(ctx, &plan) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { diff --git a/helm/resource_helm_release_test.go b/helm/resource_helm_release_test.go index 05a664f45..13354e89b 100644 --- a/helm/resource_helm_release_test.go +++ b/helm/resource_helm_release_test.go @@ -2181,3 +2181,35 @@ func testAccHelmReleaseRecomputeMetadataSet(resource, ns, name string) string { } `, resource, name, ns, resource) } + +func TestAccResourceRelease_insecure(t *testing.T) { + name := randName("insecure") + namespace := createRandomNamespace(t) + defer deleteNamespace(t, namespace) + + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: protoV6ProviderFactories(), + Steps: []resource.TestStep{ + { + Config: testAccHelmReleaseConfigInsecure(testResourceName, namespace, name, "1.2.3"), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("helm_release.test", "insecure", "true"), + resource.TestCheckResourceAttr("helm_release.test", "status", release.StatusDeployed.String()), + ), + }, + }, + }) +} + +func testAccHelmReleaseConfigInsecure(resource, ns, name, version string) string { + return fmt.Sprintf(` + resource "helm_release" "%s" { + name = %q + namespace = %q + repository = %q + chart = "test-chart" + version = %q + insecure = true + } + `, resource, name, ns, testRepositoryURL, version) +}