Allow Helm Chart Collator to access private repos

This allows a user of the Helm Chart Collator to specify a private key
to be used when accessing Helm Charts from private git repositories.

Closes: #15

Change-Id: I063ddea72a4e2db0e51fbdcb927e7c019f6f042b

helm-chart-collator/README.md

@@ -34,10 +34,13 @@ heading. Listings must include:
   used for caching during the cloning process.
 * `path`: The path to the desired chart within the repo (e.g. `keystone`)
 * `url`: The URL where the git repo is hosted (e.g. `https://github.com/openstack/openstack-helm`)
-* `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g. `30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`).
+* `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g.
+  `30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`).
 * `refspec`: The refspec associated with the `sha`. This is only required if the `sha`
   can't be reached from the default (e.g. `refs/heads/master`)
 * `chart_version`: The version to package the chart with (e.g. `1.2.3`)
+* `key`: The contents of the private key needed to access a private repo. This
+  is only required for private repos (see examples/charts.yaml for example)
 
 If a chart in a git repo specifies dependencies which are not accessible, the
 dependencies must also be listed under the `dependencies` heading. Dependencies have the

helm-chart-collator/examples/charts.yaml

@@ -26,3 +26,11 @@ git_repos:
         path: helm-toolkit
         url: https://github.com/openstack/openstack-helm-infra
         sha: b1e66fd308b6bc9df090aebb5b3807a0df2d87dd
+  - name: private-repo
+    path: hidden
+    url: https://github.com/example-user/private-repo
+    sha: 037b976d91fa4679bc5528b7306ffc209eb03db3
+    key: |
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      *** REDACTED ***
+      -----END OPENSSH PRIVATE KEY-----

helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/dependencies.yaml

@@ -5,6 +5,8 @@
     repo: "{{ chart_dependency['url'] }}"
     version: "{{ chart_dependency['sha'] | default('HEAD') }}"
     refspec: "{{ chart_dependency['refspec'] | default('refs/heads/master') }}"
+    accept_hostkey: "{{ 'key' in chart }}"
+    key_file: "/tmp/{{ chart['name'] }}-key_file"
 
 - name: ensure the parent's charts directory exists
   file:

helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/main.yaml

@@ -1,10 +1,26 @@
 ---
+- when: "'key' in chart"
+  block:
+  - name: create key file
+    copy:
+      dest: "/tmp/{{ chart['name'] }}-key_file"
+      content: "{{ chart['key'] }}"
+      mode: 0600
+
+  - name: assert key file ends in newline
+    shell:
+      executable: /bin/bash
+      cmd: |
+        echo >> "/tmp/{{ chart['name'] }}-key_file"
+
 - name: clone repos
   git:
     dest: /tmp/{{ chart['name'] }}
     repo: "{{ chart['url'] }}"
     version: "{{ chart['sha'] | default('HEAD') }}"
     refspec: "{{ chart['refspec'] | default('refs/heads/master') }}"
+    accept_hostkey: "{{ 'key' in chart }}"
+    key_file: "/tmp/{{ chart['name'] }}-key_file"
 
 - include_tasks: dependencies.yaml
   loop: "{{ chart['dependencies'] | default([]) }}"