github.com/defensepoint-snyk-test/helm-new@v0.0.0-20211130153739-c57ea64d6603/cmd/helm/fetch.go (about) 1 /* 2 Copyright The Helm Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package main 18 19 import ( 20 "fmt" 21 "io" 22 "io/ioutil" 23 "os" 24 "path/filepath" 25 26 "github.com/spf13/cobra" 27 "k8s.io/helm/pkg/chartutil" 28 "k8s.io/helm/pkg/downloader" 29 "k8s.io/helm/pkg/getter" 30 "k8s.io/helm/pkg/repo" 31 ) 32 33 const fetchDesc = ` 34 Retrieve a package from a package repository, and download it locally. 35 36 This is useful for fetching packages to inspect, modify, or repackage. It can 37 also be used to perform cryptographic verification of a chart without installing 38 the chart. 39 40 There are options for unpacking the chart after download. This will create a 41 directory for the chart and uncompress into that directory. 42 43 If the --verify flag is specified, the requested chart MUST have a provenance 44 file, and MUST pass the verification process. Failure in any part of this will 45 result in an error, and the chart will not be saved locally. 46 ` 47 48 type fetchCmd struct { 49 untar bool 50 untardir string 51 chartRef string 52 destdir string 53 version string 54 repoURL string 55 username string 56 password string 57 58 verify bool 59 verifyLater bool 60 keyring string 61 62 certFile string 63 keyFile string 64 caFile string 65 66 devel bool 67 68 out io.Writer 69 } 70 71 func newFetchCmd(out io.Writer) *cobra.Command { 72 fch := &fetchCmd{out: out} 73 74 cmd := &cobra.Command{ 75 Use: "fetch [flags] [chart URL | repo/chartname] [...]", 76 Short: "download a chart from a repository and (optionally) unpack it in local directory", 77 Long: fetchDesc, 78 RunE: func(cmd *cobra.Command, args []string) error { 79 if len(args) == 0 { 80 return fmt.Errorf("need at least one argument, url or repo/name of the chart") 81 } 82 83 if fch.version == "" && fch.devel { 84 debug("setting version to >0.0.0-0") 85 fch.version = ">0.0.0-0" 86 } 87 88 for i := 0; i < len(args); i++ { 89 fch.chartRef = args[i] 90 if err := fch.run(); err != nil { 91 return err 92 } 93 } 94 return nil 95 }, 96 } 97 98 f := cmd.Flags() 99 f.BoolVar(&fch.untar, "untar", false, "if set to true, will untar the chart after downloading it") 100 f.StringVar(&fch.untardir, "untardir", ".", "if untar is specified, this flag specifies the name of the directory into which the chart is expanded") 101 f.BoolVar(&fch.verify, "verify", false, "verify the package against its signature") 102 f.BoolVar(&fch.verifyLater, "prov", false, "fetch the provenance file, but don't perform verification") 103 f.StringVar(&fch.version, "version", "", "specific version of a chart. Without this, the latest version is fetched") 104 f.StringVar(&fch.keyring, "keyring", defaultKeyring(), "keyring containing public keys") 105 f.StringVarP(&fch.destdir, "destination", "d", ".", "location to write the chart. If this and tardir are specified, tardir is appended to this") 106 f.StringVar(&fch.repoURL, "repo", "", "chart repository url where to locate the requested chart") 107 f.StringVar(&fch.certFile, "cert-file", "", "identify HTTPS client using this SSL certificate file") 108 f.StringVar(&fch.keyFile, "key-file", "", "identify HTTPS client using this SSL key file") 109 f.StringVar(&fch.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") 110 f.BoolVar(&fch.devel, "devel", false, "use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored.") 111 f.StringVar(&fch.username, "username", "", "chart repository username") 112 f.StringVar(&fch.password, "password", "", "chart repository password") 113 114 return cmd 115 } 116 117 func (f *fetchCmd) run() error { 118 c := downloader.ChartDownloader{ 119 HelmHome: settings.Home, 120 Out: f.out, 121 Keyring: f.keyring, 122 Verify: downloader.VerifyNever, 123 Getters: getter.All(settings), 124 Username: f.username, 125 Password: f.password, 126 } 127 128 if f.verify { 129 c.Verify = downloader.VerifyAlways 130 } else if f.verifyLater { 131 c.Verify = downloader.VerifyLater 132 } 133 134 // If untar is set, we fetch to a tempdir, then untar and copy after 135 // verification. 136 dest := f.destdir 137 if f.untar { 138 var err error 139 dest, err = ioutil.TempDir("", "helm-") 140 if err != nil { 141 return fmt.Errorf("Failed to untar: %s", err) 142 } 143 defer os.RemoveAll(dest) 144 } 145 146 if f.repoURL != "" { 147 chartURL, err := repo.FindChartInAuthRepoURL(f.repoURL, f.username, f.password, f.chartRef, f.version, f.certFile, f.keyFile, f.caFile, getter.All(settings)) 148 if err != nil { 149 return err 150 } 151 f.chartRef = chartURL 152 } 153 154 saved, v, err := c.DownloadTo(f.chartRef, f.version, dest) 155 if err != nil { 156 return err 157 } 158 159 if f.verify { 160 fmt.Fprintf(f.out, "Verification: %v\n", v) 161 } 162 163 // After verification, untar the chart into the requested directory. 164 if f.untar { 165 ud := f.untardir 166 if !filepath.IsAbs(ud) { 167 ud = filepath.Join(f.destdir, ud) 168 } 169 if fi, err := os.Stat(ud); err != nil { 170 if err := os.MkdirAll(ud, 0755); err != nil { 171 return fmt.Errorf("Failed to untar (mkdir): %s", err) 172 } 173 174 } else if !fi.IsDir() { 175 return fmt.Errorf("Failed to untar: %s is not a directory", ud) 176 } 177 178 return chartutil.ExpandFile(ud, saved) 179 } 180 return nil 181 } 182 183 // defaultKeyring returns the expanded path to the default keyring. 184 func defaultKeyring() string { 185 return os.ExpandEnv("$HOME/.gnupg/pubring.gpg") 186 }