Merge pull request #12 from bluebosh/env-tls

Support TLS environment variables

install-binary.sh

@@ -0,0 +1,127 @@
+#!/usr/bin/env bash
+
+# Shamelessly copied from https://github.com/technosophos/helm-template
+
+PROJECT_NAME="helm-update-config"
+PROJECT_GH="bluebosh/${PROJECT_NAME}"
+
+: "${HELM_PLUGIN_DIR:=\"$(helm home --debug=false)/plugins/helm-update-config\"}"
+
+# Convert the HELM_PLUGIN_DIR to unix if cygpath is
+# available. This is the case when using MSYS2 or Cygwin
+# on Windows where helm returns a Windows path but we
+# need a Unix path
+
+if type cygpath > /dev/null 2>&1; then
+  HELM_PLUGIN_DIR=$(cygpath -u "${HELM_PLUGIN_DIR}")
+fi
+
+if [[ $SKIP_BIN_INSTALL == "1" ]]; then
+  echo "Skipping binary install"
+  exit
+fi
+
+# initArch discovers the architecture for this system.
+initArch() {
+  ARCH=$(uname -m)
+  case $ARCH in
+    armv5*) ARCH="armv5";;
+    armv6*) ARCH="armv6";;
+    armv7*) ARCH="armv7";;
+    aarch64) ARCH="arm64";;
+    x86) ARCH="386";;
+    x86_64) ARCH="amd64";;
+    i686) ARCH="386";;
+    i386) ARCH="386";;
+  esac
+}
+
+# initOS discovers the operating system for this system.
+initOS() {
+  OS=$(uname | tr '[:upper:]' '[:lower:]')
+}
+
+# verifySupported checks that the os/arch combination is supported for
+# binary builds.
+verifySupported() {
+  local supported="linux-amd64\nfreebsd-amd64\nmacos-amd64\nwindows-amd64\ndarwin-amd64"
+  if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then
+    echo "No prebuild binary for ${OS}-${ARCH}."
+    exit 1
+  fi
+
+  if ! type "curl" > /dev/null && ! type "wget" > /dev/null; then
+    echo "Either curl or wget is required"
+    exit 1
+  fi
+}
+
+# getDownloadURL checks the latest available version.
+getDownloadURL() {
+  local version
+  version=$(git -C "$HELM_PLUGIN_DIR" describe --tags --exact-match 2>/dev/null || true)
+  if [ -n "$version" ]; then
+    DOWNLOAD_URL="https://github.com/${PROJECT_GH}/releases/download/${version}/helm-update-config_${OS}"
+  else
+    # Use the GitHub API to find the download url for this project.
+    local url="https://api.github.com/repos/$PROJECT_GH/releases/latest"
+    if type "curl" > /dev/null; then
+      DOWNLOAD_URL=$(curl -s $url | grep $OS | awk '/\"browser_download_url\":/{gsub( /[,\"]/,"", $2); print $2}')
+    elif type "wget" > /dev/null; then
+      DOWNLOAD_URL=$(wget -q -O - $url | grep $OS | awk '/\"browser_download_url\":/{gsub( /[,\"]/,"", $2); print $2}')
+    fi
+  fi
+}
+
+# downloadFile downloads the latest binary package and also the checksum
+# for that binary.
+downloadFile() {
+  PLUGIN_TMP_FILE="/tmp/${PROJECT_NAME}"
+  echo "Downloading $DOWNLOAD_URL"
+  if type "curl" > /dev/null; then
+    curl -L "$DOWNLOAD_URL" -o "$PLUGIN_TMP_FILE"
+  elif type "wget" > /dev/null; then
+    wget -q -O "$PLUGIN_TMP_FILE" "$DOWNLOAD_URL"
+  fi
+}
+
+# installFile verifies the SHA256 for the file, then unpacks and
+# installs it.
+installFile() {
+  HELM_TMP_BIN="/tmp/$PROJECT_NAME"
+  chmod +x "${HELM_TMP_BIN}"
+  echo "Preparing to install into ${HELM_PLUGIN_DIR}"
+  mkdir -p "$HELM_PLUGIN_DIR/bin"
+  mv "$HELM_TMP_BIN" "$HELM_PLUGIN_DIR/bin/"
+}
+
+# fail_trap is executed if an error occurs.
+fail_trap() {
+  result=$?
+  if [ "$result" != "0" ]; then
+    echo "Failed to install ${PROJECT_NAME}"
+    printf "\tFor support, go to https://github.com/bluebosh/helm-update-config"
+  fi
+  exit $result
+}
+
+# testVersion tests the installed client to make sure it is working.
+testVersion() {
+  set +e
+  echo "$PROJECT_NAME installed into $HELM_PLUGIN_DIR/$PROJECT_NAME"
+  "${HELM_PLUGIN_DIR}/bin/helm-update-config" -h
+  set -e
+}
+
+# Execution
+
+#Stop execution on any error
+trap "fail_trap" EXIT
+set -e
+initArch
+initOS
+verifySupported
+getDownloadURL
+downloadFile
+installFile
+testVersion

main.go

@@ -5,7 +5,7 @@ import (
 )
 
 func main() {
-	cmd := newUpdatecfgCmd(nil)
+	cmd := newUpdatecfgCmd()
 	if err := cmd.Execute(); err != nil {
 		os.Exit(1)
 	}

plugin.yaml

@@ -1,9 +1,10 @@
 name: "update-config"
-version: "0.5.3"
+version: "0.6.0"
 usage: "update config of a running release"
 description: Update configuration values of a running release.
 ignoreFlags: false
 useTunnel: true
 command: "$HELM_PLUGIN_DIR/bin/helm-update-config"
 hooks:
-  install: "$HELM_PLUGIN_DIR/install.sh"
+  install: "$HELM_PLUGIN_DIR/install-binary.sh"
+  update: "$HELM_PLUGIN_DIR/install-binary.sh"

updatecfg.go

@@ -4,29 +4,45 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
-	yaml "gopkg.in/yaml.v1"
+	flag "github.com/spf13/pflag"
+	"gopkg.in/yaml.v1"
+	"k8s.io/client-go/util/homedir"
 	"k8s.io/helm/pkg/helm"
+	helmEnv "k8s.io/helm/pkg/helm/environment"
 	"k8s.io/helm/pkg/strvals"
 	"k8s.io/helm/pkg/tlsutil"
 )
 
-const (
-	// DefaultTLSCaCert is the default value for HELM_TLS_CA_CERT
-	DefaultTLSCaCert = "$HELM_HOME/ca.pem"
-	// DefaultTLSCert is the default value for HELM_TLS_CERT
-	DefaultTLSCert = "$HELM_HOME/cert.pem"
-	// DefaultTLSKeyFile is the default value for HELM_TLS_KEY_FILE
-	DefaultTLSKeyFile = "$HELM_HOME/key.pem"
-	// DefaultTLSEnable is the default value for HELM_TLS_ENABLE
-	DefaultTLSEnable = false
-	// DefaultTLSVerify is the default value for HELM_TLS_VERIFY
-	DefaultTLSVerify = false
+//const (
+//	// DefaultTLSCaCert is the default value for HELM_TLS_CA_CERT
+//	DefaultTLSCaCert = "$HELM_HOME/ca.pem"
+//	// DefaultTLSCert is the default value for HELM_TLS_CERT
+//	DefaultTLSCert = "$HELM_HOME/cert.pem"
+//	// DefaultTLSKeyFile is the default value for HELM_TLS_KEY_FILE
+//	DefaultTLSKeyFile = "$HELM_HOME/key.pem"
+//	// DefaultTLSEnable is the default value for HELM_TLS_ENABLE
+//	DefaultTLSEnable = false
+//	// DefaultTLSVerify is the default value for HELM_TLS_VERIFY
+//	DefaultTLSVerify = false
+//)
+
+var (
+	settings        helmEnv.EnvSettings
+	DefaultHelmHome = filepath.Join(homedir.HomeDir(), ".helm")
 )
 
+func addCommonCmdOptions(f *flag.FlagSet) {
+	settings.AddFlagsTLS(f)
+	settings.InitTLS(f)
+
+	f.StringVar((*string)(&settings.Home), "home", DefaultHelmHome, "location of your Helm config. Overrides $HELM_HOME")
+}
+
 type cmdFlags struct {
 	cliValues  []string
 	valueFiles ValueFiles
@@ -64,7 +80,39 @@ func (v *ValueFiles) Set(value string) error {
 	return nil
 }
 
-func newUpdatecfgCmd(client helm.Interface) *cobra.Command {
+func createHelmClient() helm.Interface {
+	options := []helm.Option{helm.Host(os.Getenv("TILLER_HOST")), helm.ConnectTimeout(int64(30))}
+
+	if settings.TLSVerify || settings.TLSEnable {
+		tlsopts := tlsutil.Options{
+			ServerName:         settings.TLSServerName,
+			KeyFile:            settings.TLSKeyFile,
+			CertFile:           settings.TLSCertFile,
+			InsecureSkipVerify: true,
+		}
+
+		if settings.TLSVerify {
+			tlsopts.CaCertFile = settings.TLSCaCertFile
+			tlsopts.InsecureSkipVerify = false
+		}
+
+		tlscfg, err := tlsutil.ClientConfig(tlsopts)
+		if err != nil {
+			_, _ = fmt.Fprintln(os.Stderr, err)
+			os.Exit(2)
+		}
+
+		options = append(options, helm.WithTLS(tlscfg))
+	}
+
+	return helm.NewClient(options...)
+}
+
+func isHelm3() bool {
+	return os.Getenv("TILLER_HOST") == ""
+}
+
+func newUpdatecfgCmd() *cobra.Command {
 	var flags cmdFlags
 
 	cmd := &cobra.Command{
@@ -79,53 +127,8 @@ func newUpdatecfgCmd(client helm.Interface) *cobra.Command {
 				}
 			}
 
-			options := []helm.Option{helm.Host(os.Getenv("TILLER_HOST"))}
-
-			if flags.TLSEnable {
-
-				tlsServerName := ""
-				tlsCaCertFile := DefaultTLSCaCert
-				tlsKeyFile := DefaultTLSKeyFile
-				tlsCertFile := DefaultTLSCert
-				if flags.TLSServerName != "" {
-					tlsServerName = flags.TLSServerName
-				} else {
-					tlsServerName = os.Getenv("TILLER_HOST")
-				}
-				if flags.TLSCaCertFile != "" {
-					tlsCaCertFile = flags.TLSCaCertFile
-				} else {
-					tlsCaCertFile = os.Getenv("HELM_HOME") + "/ca.pem"
-				}
-				if flags.TLSKeyFile != "" {
-					tlsKeyFile = flags.TLSKeyFile
-				} else {
-					tlsKeyFile = os.Getenv("HELM_HOME") + "/key.pem"
-				}
-				if flags.TLSCertFile != "" {
-					tlsCertFile = flags.TLSCertFile
-				} else {
-					tlsCertFile = os.Getenv("HELM_HOME") + "/cert.pem"
-				}
-
-				tlsopts := tlsutil.Options{
-					ServerName:         tlsServerName,
-					CaCertFile:         tlsCaCertFile,
-					KeyFile:            tlsKeyFile,
-					CertFile:           tlsCertFile,
-					InsecureSkipVerify: true,
-				}
-
-				tlscfg, err := tlsutil.ClientConfig(tlsopts)
-				if err != nil {
-					fmt.Fprintln(os.Stderr, err)
-					os.Exit(2)
-				}
-				options = append(options, helm.WithTLS(tlscfg))
-			}
-
 			update := updateConfigCommand{
-				client:     helm.NewClient(options...),
+				client:     createHelmClient(),
 				release:    args[0],
 				values:     flags.cliValues,
 				valueFiles: flags.valueFiles,
@@ -135,16 +138,14 @@ func newUpdatecfgCmd(client helm.Interface) *cobra.Command {
 			return update.run()
 		},
 	}
-	cmd.Flags().StringArrayVar(&flags.cliValues, "set-value", []string{}, "set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)")
-	cmd.Flags().VarP(&flags.valueFiles, "values", "f", "specify values in a YAML file")
+	f := cmd.Flags()
 
-	cmd.Flags().StringVar(&flags.TLSServerName, "tls-hostname", "", "The server name used to verify the hostname on the returned certificates from the server")
-	cmd.Flags().StringVar(&flags.TLSCaCertFile, "tls-ca-cert", DefaultTLSCaCert, "Path to TLS CA certificate file")
-	cmd.Flags().StringVar(&flags.TLSCertFile, "tls-cert", DefaultTLSCert, "Path to TLS certificate file")
-	cmd.Flags().StringVar(&flags.TLSKeyFile, "tls-key", DefaultTLSKeyFile, "Path to TLS key file")
-	cmd.Flags().BoolVar(&flags.TLSVerify, "tls-verify", DefaultTLSVerify, "Enable TLS for request and verify remote")
-	cmd.Flags().BoolVar(&flags.TLSEnable, "tls", DefaultTLSEnable, "Use TLS in helm Client interactions")
+	f.StringArrayVar(&flags.cliValues, "set-value", []string{}, "set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)")
+	f.VarP(&flags.valueFiles, "values", "f", "specify values in a YAML file")
 
+	if !isHelm3() {
+		addCommonCmdOptions(f)
+	}
 	return cmd
 }