Allow Helm Chart Collator to access private repos

This allows a user of the Helm Chart Collator to specify a private key to be used when accessing Helm Charts from private git repositories. Closes: #15 Change-Id: I063ddea72a4e2db0e51fbdcb927e7c019f6f042b
2021-04-30 08:58:41 -05:00 · 2021-04-30 08:58:41 -05:00 · 60bd29cd45
commit 60bd29cd45
parent aa18cae9c7
4 changed files with 30 additions and 1 deletions
--- a/helm-chart-collator/README.md
+++ b/helm-chart-collator/README.md
@ -34,10 +34,13 @@ heading. Listings must include:
  used for caching during the cloning process.
 * `path`: The path to the desired chart within the repo (e.g. `keystone`)
 * `url`: The URL where the git repo is hosted (e.g. `https://github.com/openstack/openstack-helm`)
-* `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g. `30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`).
+* `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g.
+  `30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`).
 * `refspec`: The refspec associated with the `sha`. This is only required if the `sha`
  can't be reached from the default (e.g. `refs/heads/master`)
 * `chart_version`: The version to package the chart with (e.g. `1.2.3`)
+* `key`: The contents of the private key needed to access a private repo. This
+  is only required for private repos (see examples/charts.yaml for example)

 If a chart in a git repo specifies dependencies which are not accessible, the
 dependencies must also be listed under the `dependencies` heading. Dependencies have the
--- a/helm-chart-collator/examples/charts.yaml
+++ b/helm-chart-collator/examples/charts.yaml
@ -26,3 +26,11 @@ git_repos:
        path: helm-toolkit
        url: https://github.com/openstack/openstack-helm-infra
        sha: b1e66fd308b6bc9df090aebb5b3807a0df2d87dd
+  - name: private-repo
+    path: hidden
+    url: https://github.com/example-user/private-repo
+    sha: 037b976d91fa4679bc5528b7306ffc209eb03db3
+    key: |
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      *** REDACTED ***
+      -----END OPENSSH PRIVATE KEY-----
--- a/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/dependencies.yaml
+++ b/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/dependencies.yaml
@ -5,6 +5,8 @@
    repo: "{{ chart_dependency['url'] }}"
    version: "{{ chart_dependency['sha'] | default('HEAD') }}"
    refspec: "{{ chart_dependency['refspec'] | default('refs/heads/master') }}"
+    accept_hostkey: "{{ 'key' in chart }}"
+    key_file: "/tmp/{{ chart['name'] }}-key_file"

 - name: ensure the parent's charts directory exists
  file:
--- a/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/main.yaml
+++ b/helm-chart-collator/playbooks/roles/install_git_repo_charts/tasks/main.yaml
@ -1,10 +1,26 @@
 ---
+- when: "'key' in chart"
+  block:
+  - name: create key file
+    copy:
+      dest: "/tmp/{{ chart['name'] }}-key_file"
+      content: "{{ chart['key'] }}"
+      mode: 0600
+
+  - name: assert key file ends in newline
+    shell:
+      executable: /bin/bash
+      cmd: |
+        echo >> "/tmp/{{ chart['name'] }}-key_file"
+
 - name: clone repos
  git:
    dest: /tmp/{{ chart['name'] }}
    repo: "{{ chart['url'] }}"
    version: "{{ chart['sha'] | default('HEAD') }}"
    refspec: "{{ chart['refspec'] | default('refs/heads/master') }}"
+    accept_hostkey: "{{ 'key' in chart }}"
+    key_file: "/tmp/{{ chart['name'] }}-key_file"

 - include_tasks: dependencies.yaml
  loop: "{{ chart['dependencies'] | default([]) }}"