From 60bd29cd457fd1bbc5371383961df8c5f140b0f4 Mon Sep 17 00:00:00 2001 From: Ian Howell Date: Fri, 30 Apr 2021 08:58:41 -0500 Subject: [PATCH] Allow Helm Chart Collator to access private repos This allows a user of the Helm Chart Collator to specify a private key to be used when accessing Helm Charts from private git repositories. Closes: #15 Change-Id: I063ddea72a4e2db0e51fbdcb927e7c019f6f042b --- helm-chart-collator/README.md | 5 ++++- helm-chart-collator/examples/charts.yaml | 8 ++++++++ .../tasks/dependencies.yaml | 2 ++ .../install_git_repo_charts/tasks/main.yaml | 16 ++++++++++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) diff --git a/helm-chart-collator/README.md b/helm-chart-collator/README.md index 467669b..b981f7c 100644 --- a/helm-chart-collator/README.md +++ b/helm-chart-collator/README.md @@ -34,10 +34,13 @@ heading. Listings must include: used for caching during the cloning process. * `path`: The path to the desired chart within the repo (e.g. `keystone`) * `url`: The URL where the git repo is hosted (e.g. `https://github.com/openstack/openstack-helm`) -* `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g. `30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`). +* `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g. + `30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`). * `refspec`: The refspec associated with the `sha`. This is only required if the `sha` can't be reached from the default (e.g. `refs/heads/master`) * `chart_version`: The version to package the chart with (e.g. `1.2.3`) +* `key`: The contents of the private key needed to access a private repo. This + is only required for private repos (see examples/charts.yaml for example) If a chart in a git repo specifies dependencies which are not accessible, the dependencies must also be listed under the `dependencies` heading. Dependencies have the diff --git a/helm-chart-collator/examples/charts.yaml b/helm-chart-collator/examples/charts.yaml index dcc44d1..8e93ff7 100644 --- a/helm-chart-collator/examples/charts.yaml +++ b/helm-chart-collator/examples/charts.yaml @@ -26,3 +26,11 @@ git_repos: path: helm-toolkit url: https://github.com/openstack/openstack-helm-infra sha: b1e66fd308b6bc9df090aebb5b3807a0df2d87dd + - name: private-repo + path: hidden + url: https://github.com/example-user/private-repo + sha: 037b976d91fa4679bc5528b7306ffc209eb03db3 + key: | + -----BEGIN OPENSSH PRIVATE KEY----- + *** REDACTED *** + -----END OPENSSH PRIVATE KEY----- diff --git a/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/dependencies.yaml b/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/dependencies.yaml index add0997..e5dc069 100644 --- a/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/dependencies.yaml +++ b/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/dependencies.yaml @@ -5,6 +5,8 @@ repo: "{{ chart_dependency['url'] }}" version: "{{ chart_dependency['sha'] | default('HEAD') }}" refspec: "{{ chart_dependency['refspec'] | default('refs/heads/master') }}" + accept_hostkey: "{{ 'key' in chart }}" + key_file: "/tmp/{{ chart['name'] }}-key_file" - name: ensure the parent's charts directory exists file: diff --git a/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/main.yaml b/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/main.yaml index 76356ec..21e50cb 100644 --- a/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/main.yaml +++ b/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/main.yaml @@ -1,10 +1,26 @@ --- +- when: "'key' in chart" + block: + - name: create key file + copy: + dest: "/tmp/{{ chart['name'] }}-key_file" + content: "{{ chart['key'] }}" + mode: 0600 + + - name: assert key file ends in newline + shell: + executable: /bin/bash + cmd: | + echo >> "/tmp/{{ chart['name'] }}-key_file" + - name: clone repos git: dest: /tmp/{{ chart['name'] }} repo: "{{ chart['url'] }}" version: "{{ chart['sha'] | default('HEAD') }}" refspec: "{{ chart['refspec'] | default('refs/heads/master') }}" + accept_hostkey: "{{ 'key' in chart }}" + key_file: "/tmp/{{ chart['name'] }}-key_file" - include_tasks: dependencies.yaml loop: "{{ chart['dependencies'] | default([]) }}"