Allow Helm Chart Collator to access private repos

This allows a user of the Helm Chart Collator to specify a private key
to be used when accessing Helm Charts from private git repositories.

Closes: #15

Change-Id: I063ddea72a4e2db0e51fbdcb927e7c019f6f042b
This commit is contained in:
Ian Howell 2021-04-30 08:58:41 -05:00
parent aa18cae9c7
commit 60bd29cd45
4 changed files with 30 additions and 1 deletions

View File

@ -34,10 +34,13 @@ heading. Listings must include:
used for caching during the cloning process. used for caching during the cloning process.
* `path`: The path to the desired chart within the repo (e.g. `keystone`) * `path`: The path to the desired chart within the repo (e.g. `keystone`)
* `url`: The URL where the git repo is hosted (e.g. `https://github.com/openstack/openstack-helm`) * `url`: The URL where the git repo is hosted (e.g. `https://github.com/openstack/openstack-helm`)
* `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g. `30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`). * `sha`: The SHA-1 of the commit from which the chart should be pulled (e.g.
`30c9f003d227b799c636458dea161e24d5823c33`). (default: `HEAD`).
* `refspec`: The refspec associated with the `sha`. This is only required if the `sha` * `refspec`: The refspec associated with the `sha`. This is only required if the `sha`
can't be reached from the default (e.g. `refs/heads/master`) can't be reached from the default (e.g. `refs/heads/master`)
* `chart_version`: The version to package the chart with (e.g. `1.2.3`) * `chart_version`: The version to package the chart with (e.g. `1.2.3`)
* `key`: The contents of the private key needed to access a private repo. This
is only required for private repos (see examples/charts.yaml for example)
If a chart in a git repo specifies dependencies which are not accessible, the If a chart in a git repo specifies dependencies which are not accessible, the
dependencies must also be listed under the `dependencies` heading. Dependencies have the dependencies must also be listed under the `dependencies` heading. Dependencies have the

View File

@ -26,3 +26,11 @@ git_repos:
path: helm-toolkit path: helm-toolkit
url: https://github.com/openstack/openstack-helm-infra url: https://github.com/openstack/openstack-helm-infra
sha: b1e66fd308b6bc9df090aebb5b3807a0df2d87dd sha: b1e66fd308b6bc9df090aebb5b3807a0df2d87dd
- name: private-repo
path: hidden
url: https://github.com/example-user/private-repo
sha: 037b976d91fa4679bc5528b7306ffc209eb03db3
key: |
-----BEGIN OPENSSH PRIVATE KEY-----
*** REDACTED ***
-----END OPENSSH PRIVATE KEY-----

View File

@ -5,6 +5,8 @@
repo: "{{ chart_dependency['url'] }}" repo: "{{ chart_dependency['url'] }}"
version: "{{ chart_dependency['sha'] | default('HEAD') }}" version: "{{ chart_dependency['sha'] | default('HEAD') }}"
refspec: "{{ chart_dependency['refspec'] | default('refs/heads/master') }}" refspec: "{{ chart_dependency['refspec'] | default('refs/heads/master') }}"
accept_hostkey: "{{ 'key' in chart }}"
key_file: "/tmp/{{ chart['name'] }}-key_file"
- name: ensure the parent's charts directory exists - name: ensure the parent's charts directory exists
file: file:

View File

@ -1,10 +1,26 @@
--- ---
- when: "'key' in chart"
block:
- name: create key file
copy:
dest: "/tmp/{{ chart['name'] }}-key_file"
content: "{{ chart['key'] }}"
mode: 0600
- name: assert key file ends in newline
shell:
executable: /bin/bash
cmd: |
echo >> "/tmp/{{ chart['name'] }}-key_file"
- name: clone repos - name: clone repos
git: git:
dest: /tmp/{{ chart['name'] }} dest: /tmp/{{ chart['name'] }}
repo: "{{ chart['url'] }}" repo: "{{ chart['url'] }}"
version: "{{ chart['sha'] | default('HEAD') }}" version: "{{ chart['sha'] | default('HEAD') }}"
refspec: "{{ chart['refspec'] | default('refs/heads/master') }}" refspec: "{{ chart['refspec'] | default('refs/heads/master') }}"
accept_hostkey: "{{ 'key' in chart }}"
key_file: "/tmp/{{ chart['name'] }}-key_file"
- include_tasks: dependencies.yaml - include_tasks: dependencies.yaml
loop: "{{ chart['dependencies'] | default([]) }}" loop: "{{ chart['dependencies'] | default([]) }}"