Use base64 strings for chart repo certs [#74]
This should be a more flexible option since certificates aren't likely to be part of the actual workspace and may be environment-dependent. It also mirrors the kube_certificate, which is nice.
This commit is contained in:
Erin Call
77
internal/run/repocerts.go
Normal file
77
internal/run/repocerts.go
Normal file
@@ -0,0 +1,77 @@
|
||||
package run
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"github.com/pelotech/drone-helm3/internal/env"
|
||||
"io/ioutil"
|
||||
)
|
||||
|
||||
type repoCerts struct {
|
||||
*config
|
||||
cert string
|
||||
certFilename string
|
||||
caCert string
|
||||
caCertFilename string
|
||||
}
|
||||
|
||||
func newRepoCerts(cfg env.Config) *repoCerts {
|
||||
return &repoCerts{
|
||||
config: newConfig(cfg),
|
||||
cert: cfg.RepoCertificate,
|
||||
caCert: cfg.RepoCACertificate,
|
||||
}
|
||||
}
|
||||
|
||||
func (rc *repoCerts) write() error {
|
||||
if rc.cert != "" {
|
||||
file, err := ioutil.TempFile("", "repo********.cert")
|
||||
defer file.Close()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create certificate file: %w", err)
|
||||
}
|
||||
rc.certFilename = file.Name()
|
||||
rawCert, err := base64.StdEncoding.DecodeString(rc.cert)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to base64-decode certificate string: %w", err)
|
||||
}
|
||||
if rc.debug {
|
||||
fmt.Fprintf(rc.stderr, "writing repo certificate to %s\n", rc.certFilename)
|
||||
}
|
||||
if _, err := file.Write(rawCert); err != nil {
|
||||
return fmt.Errorf("failed to write certificate file: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
if rc.caCert != "" {
|
||||
file, err := ioutil.TempFile("", "repo********.ca.cert")
|
||||
defer file.Close()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create CA certificate file: %w", err)
|
||||
}
|
||||
rc.caCertFilename = file.Name()
|
||||
rawCert, err := base64.StdEncoding.DecodeString(rc.caCert)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to base64-decode CA certificate string: %w", err)
|
||||
}
|
||||
if rc.debug {
|
||||
fmt.Fprintf(rc.stderr, "writing repo ca certificate to %s\n", rc.caCertFilename)
|
||||
}
|
||||
if _, err := file.Write(rawCert); err != nil {
|
||||
return fmt.Errorf("failed to write CA certificate file: %w", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (rc *repoCerts) flags() []string {
|
||||
flags := make([]string, 0)
|
||||
if rc.certFilename != "" {
|
||||
flags = append(flags, "--cert-file", rc.certFilename)
|
||||
}
|
||||
if rc.caCertFilename != "" {
|
||||
flags = append(flags, "--ca-file", rc.caCertFilename)
|
||||
}
|
||||
|
||||
return flags
|
||||
}
|
||||
Reference in New Issue
Block a user