ref: https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx
* Skip invalid chart versions when reading the repository index file or
when programmatically adding a chart version.
* Adds semver validation and strips non-printable characters and
normalizes spaces for string fields in Metadata.Validate()
* Fixes a unit test that was pulling a remote repo. Now uses a local
repo.
* Fixes ignored error in repo update command
Signed-off-by: Adam Reese <adam@reese.io>
* Replace Helm Hub with Artifact Hub
Signed-off-by: Scott Rigby <scott@r6by.com>
* Update link to new doc entry for Monocular compatible search API
Signed-off-by: Scott Rigby <scott@r6by.com>
* Add struct for Artifact Hub data, and return correct URL for both artifact hub instances and backwards compatibility for Monocular search API
Signed-off-by: Scott Rigby <scott@r6by.com>
* Keep default endpoint hub.helm.sh, so the helm org controls the domain. At least until artifacthub moves to CNCF incubation
Signed-off-by: Scott Rigby <scott@r6by.com>
* Implement `helm dep update` for oci dependencies
* New unit tests
* Remove `helm chart pull` command
* New `helm pull` does not depend on registry cache
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Previously, if a range was specified for a file:// url as a
dependency the range would be put in the lockfile. Lockfiles are
designed to pin to a specific version and not support ranges. This
is for reproducibility.
The change here pins to a the specific version of the chart
specified using the file:// when update is run.
Signed-off-by: Matt Farina <matt@mattfarina.com>
Currently, whenever the chart is printed, the digest of the .tar.gz
content layer is printed as the digest. The manifest digest is important
for OCI purposes, particularly in pushing to a registry.
Resolves#8248.
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Cobra 1.0 introduces custom Go completions. This commit replaces Helm's
own solution to use Cobra's solution.
This allows to completely remove Helm's internal "completion" package.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Add a unit test that proves the digest of the received content being
checked. The check should ensure that the digest of the received content
is identical to the digest provided by the manifest in the layers[0]
descriptor. This check is currently implemented in containerd, so the
unit test ensures security in the case a breaking change is made in
containerd.
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
With a large list of charts, `helm chart list` will crash with the
following message:
```
$ helm chart list --debug
Error: open
/home/me/.cache/helm/registry/cache/blobs/sha256/109971e44d63f7fd11fff60d19db41c2429a136943be2e3f8fd3e4c165156536:
too many open files
helm.go:75: [debug] open
/home/me/.cache/helm/registry/cache/blobs/sha256/109971e44d63f7fd11fff60d19db41c2429a136943be2e3f8fd3e4c165156536:
too many open files
```
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
* fix: make the linter coalesce the passed-in values before running values tests
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fixed typo
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Helm had been exposing XDG based variables to end users. This lead
to confusion. For example, if a user wanted to change the cache
location Helm used should they change the XDG variable? Since this
would be like changing the HOME environment variable the answer
is no.
This change adds HELM_*_HOME environment variables to be used
in addition to XDG ones of the same name. Helm will now look
for the Helm specific variable. If not set, Helm will fall
back to XDG locations. If those are not set a default location
will be used. This keeps XDG in use as a default when present,
provides users with the ability to set the location, and removes
XDG from being exposed to end users to avoid confusion.
Closes#7919
Signed-off-by: Matt Farina <matt@mattfarina.com>
* fix: write index.yaml file atomically
This refactors the already-existing `AtomicWriteFile` utility
to a central location and uses it to write index files
atomically.
This is done to avoid having half-written index files break
client requests.
Drive-bys:
- Add test for AtomicWriteFile.
- Add test IndexFile.WriteFile.
Signed-off-by: rabadin <rvbadin@gmail.com>
* Review fix: use RenameWithFallback instead of os.Rename
Signed-off-by: rabadin <rvbadin@gmail.com>
Co-authored-by: rabadin <rvbadin@gmail.com>
Removes the BOM prefix if present, in read files before
processing the data.
Affects the following pkg:
- pkg/chart/loader: directory and archive loader
- internal/ignore: when loading .helmignore file
Signed-off-by: Thomas FREYSS <thomas.freyss@gmail.com>
This change lower the expectations on test env setup, i.e. tests could be executed in a container under a random UID,
without require an user in /etc/passwd
Signed-off-by: Predrag Knezevic <pknezevi@redhat.com>
Upgrade Kubernetes libraries to v0.18.0
Add new lazy load KubernetesClientSet to avoid missing kubeconfig error
In kubernetes v1.18 kubeconfig validation was added. Minikube and Kind
both remove kubeconfig when stopping clusters. This causes and error
when running any helm commands because we initialize the client before
executing the command.
Signed-off-by: Adam Reese <adam@reese.io>
* fix: add new static linter and fix issues it found
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fixed two additional linter errors.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
For each plugin, helm registers a ValidArgsFunction which the completion
script will call when it needs dynamic completion. This
ValidArgsFunction will setup the plugin environment and then call the
executable `plugin.complete`, if it is provided by the plugin.
The output of the call to `plugin.complete` will be used as completion
choices. The last line of the output can optionally be used by the
plugin to specify a completion directive.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
* Fix issue with apiVersion v1 lock digest
When apiVersion v1 chart dependencies are built with Helm 2
and then built with Helm 3, the lock digests differ. To avoid
this issue, a depdendency update is forced.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Check against Helm v2 hash
Handle scenario where dependency hash was generated by Helm v2
but need to do a dependency build with Helm v3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Add unit test
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Refactor unit test
Refactor unit test to use an existing chart as dependency
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comments:
- https://github.com/helm/helm/pull/7261#discussion_r373827088
- https://github.com/helm/helm/pull/7261#discussion_r373827250
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
This newly added tests was failing on MacOS because /proc does not
exist. This commit replaces /proc with /tmp to achieve the same result.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
To use error codes to indicate completion directive to the completion
script had us use os.Exit() in the __complete command. This prevented
go tests calling the __complete command from succeeding.
Another option was to return an error containing an error code
(like is done for helm plugins) instead of calling os.Exit(). However
such an approach requires a change in how helm handles the returned
error of a Cobra command; although we can do this for Helm, it would
be an annoying requirement for other programs if we ever push this
completion logic into Cobra.
The chosen solution instead is to printout the directive at the end
of the list of completions, and have the completion script extract it.
Note that we print both the completions and directive to stdout.
It would have been interesting to print the completions to stdout and
the directive to stderr; however, it is very complicated for the
completion script to extract both stdout and stderr to different
variables, and even if possible, such code would not be portable to
many shells. Printing both to stdout is much simpler.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Although it is spelling mistakes, it might make an affects while reading.
Signed-off-by: Nguyen Hai Truong <truongnh@fujitsu.com>
Signed-off-by: EItanya <eitan.yarmush@solo.io>
To make digests include information about Chart.yaml dependencies, not
only the lock file, digest calculation is changed to accept both
contents. This terminates the `dep build` command if Chart.yaml
dependencies have been updated so that `dep up` should be executed
properly, to prevent downloading wrong versions or mismatched subcharts.
Note that previous Helm cannot know whether Chart.yaml dependencies were changed
or not since the Chart.lock's digest is calculated by only Chart.lock
contents, which don't include information about SemVer ranges and extra
dependency fields such as aliases, conditions, and tags. Specially,
SemVer can be written as a version range in Chart.yaml, but Chart.lock
has the specific, resolved version of that range.
Signed-off-by: Hang Park <hangpark@kaist.ac.kr>
Mediatype changed to application/tar+gzip. Please see the
following OCI mailing list item for more info:
https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/pdc1lucm_Ak
Also, improved check for invalid manifests, a nil reference error was
occurring when upgrading from existing cache with old mediatype.
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
This code was ported over from PR #5038, #6738 which were originally for helm
v2. The code contains functions from golang/dep/internal/fs for renaming files.
Signed-off-by: Yagnesh Mistry <ysh@live.in>
We already had the copystructure library in our dependencies transitively
through sprig. This solves a gob encoding bug that was causing issues with
chart testing
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
this was partially fixed in #6430 but the fix only
worked for values without nesting. this PR fixes it.
this is done by doing a deep copy of values rather
than a top level keys copy. deep copy ensures
values are not mutated during coalesce()
execution which leads to bugs like #6659
the deep copy code has been copied from:
https://gist.github.com/soroushjp/0ec92102641ddfc3ad5515ca76405f4d
which is in turn inspired by this stackoverflow answer:
http://stackoverflow.com/a/28579297/1366283
Signed-off-by: Karuppiah Natarajan <karuppiah7890@gmail.com>
* Drop dependency on k8s.io/kubernetes
https://github.com/helm/helm/issues/6606
Depending on k8s.io/kubernetes is not recommended by Kubernetes, and
forces dependencies of Helm to also depend on them. We are only using
this dependency in one relatively isolated occurance, which can be
easily copied over rather than depending on the entire Kubernetes.
Copying this code is not very desirable, so if we don't want to have
this duplication we can at least use this PR as a PoC and see if we can
get Kubernetes to publish the controller package as a separate Go module
(see
https://github.com/kubernetes/kubernetes/issues/79384#issuecomment-538740756)
Signed-off-by: John Howard <howardjohn@google.com>
* Move to internal
Signed-off-by: John Howard <howardjohn@google.com>
* Exclude third_party from validate-license.sh
Signed-off-by: John Howard <howardjohn@google.com>
* Kubernetes updated to 1.16.1
* SemVer and Sprig updated to latest releases that leverage go
modules
* Tests and checks updated. These already landed in v2 via PR 6457
Signed-off-by: Matt Farina <matt@mattfarina.com>
Also:
* add --insecure flag to "registry login"
* fix bug parsing correct tag when port number present
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
* allow repository config via cli
* make `helm repo add` create repo config file if it does not exist
* squash a ton of bugs
Signed-off-by: Adam Reese <adam@reese.io>
Go 1.12.8 introduced some breaking fixes (see 3226f2d492)
for a CVE. This broke the way we were doing registry reference parsing.
This removes the call to the containerd libraries in favor of our own
parsing and adds additional unit tests
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
No more magic separating the metadata from chart tarball - charts are
pushed to registry as a single tarball layer with Chart.yaml in tact.
No more fragile custom symlink chart storage, now following
the OCI Image Layout Specification for chart filesystem cache.
Also:
- Update to ORAS 0.6.0
- Simplify registry client setup with NewClientWithDefaults()
- Remove needless annotations and constants
Fixes#6068Fixes#6141
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
These packages are generally used only for logic inside of Helm and
can later be re-exported as needed
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This adds a new `gates` package used for interacting with feature gates. It also marks the OCI registry work as experimental, signalling to users that it is not a stable feature of Helm.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
- strip GoVersion from `helm version` test output
- catch some edge cases when GitCommit is unset or less than 7 characters
- add a test case for `helm version --short`
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* Remove helmVersion constraint from charts
* Guard compile time set variables behind `internal/`
* Allow configuration of UserAgent for HTTPGetter
Signed-off-by: Adam Reese <adam@reese.io>
This fixes a dozen or so style errors, almost all of which were just missing comments.
I left several which are fixed in other outstanding PRs, or which belong to code that is about to be removed.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Adam Reese
Matt Farina
Scott Rigby
Peter Engelbert
Matt Butcher
bellkeyang
Bridget Kromhout
Matthew Fisher
Peter Engelbert
Guangwen Feng
ZouYu
Marc Khouzam
Adam Reese
Eitan Yarmush
Juned Memon
Raphaël
Thomas FREYSS
Predrag Knezevic
Pavel Macík
Martin Hickey
Josh Dolitsky
Nguyen Hai Truong
Hu Shuai
Josh Soref
Hang Park
Yagnesh Mistry
Taylor Thomas
Karuppiah Natarajan
John Howard
Josh Dolitsky
Torsten Walter
Tariq Ibrahim