Skip to content

Commit

Permalink
feat: insecure support for chart-sync (devtron-labs#5328)
Browse files Browse the repository at this point in the history
* passing allowInsecureConnection

* skipping validation for username, password and url

* update issue fix

* updating argocd secret

* migration default value

* migration script update
  • Loading branch information
iamayushm authored Jun 20, 2024
1 parent ba9c7a7 commit 3e8e3bf
Show file tree
Hide file tree
Showing 10 changed files with 374 additions and 334 deletions.
7 changes: 1 addition & 6 deletions api/chartRepo/ChartRepositoryRestHandler.go
Original file line number Diff line number Diff line change
Expand Up @@ -208,12 +208,7 @@ func (handler *ChartRepositoryRestHandlerImpl) UpdateChartRepo(w http.ResponseWr
common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
return
}
err = handler.chartRepositoryService.ValidateDeploymentCount(request)
if err != nil {
handler.Logger.Errorw("error updating, UpdateChartRepo", "err", err, "payload", request)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
return
}

token := r.Header.Get("token")
if ok := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*"); !ok {
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
Expand Down
594 changes: 303 additions & 291 deletions api/helm-app/gRPC/applist.pb.go

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions api/helm-app/gRPC/applist.proto
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,7 @@ message ChartRepository {
string url = 2;
string username = 3;
string password = 4;
bool allowInsecureConnection = 5;
}

message InstallReleaseRequest {
Expand Down
9 changes: 5 additions & 4 deletions api/helm-app/service/HelmAppService.go
Original file line number Diff line number Diff line change
Expand Up @@ -954,10 +954,11 @@ func (impl *HelmAppServiceImpl) TemplateChart(ctx context.Context, templateChart
}
} else {
chartRepository = &gRPC.ChartRepository{
Name: appStoreAppVersion.AppStore.ChartRepo.Name,
Url: appStoreAppVersion.AppStore.ChartRepo.Url,
Username: appStoreAppVersion.AppStore.ChartRepo.UserName,
Password: appStoreAppVersion.AppStore.ChartRepo.Password,
Name: appStoreAppVersion.AppStore.ChartRepo.Name,
Url: appStoreAppVersion.AppStore.ChartRepo.Url,
Username: appStoreAppVersion.AppStore.ChartRepo.UserName,
Password: appStoreAppVersion.AppStore.ChartRepo.Password,
AllowInsecureConnection: appStoreAppVersion.AppStore.ChartRepo.AllowInsecureConnection,
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -926,10 +926,11 @@ func (impl *AppStoreDeploymentServiceImpl) linkHelmApplicationToChartStore(insta
}
if chartRepoInfo != nil {
updateReleaseRequest.ChartRepository = &bean4.ChartRepository{
Name: chartRepoInfo.Name,
Url: chartRepoInfo.Url,
Username: chartRepoInfo.UserName,
Password: chartRepoInfo.Password,
Name: chartRepoInfo.Name,
Url: chartRepoInfo.Url,
Username: chartRepoInfo.UserName,
Password: chartRepoInfo.Password,
AllowInsecureConnection: chartRepoInfo.AllowInsecureConnection,
}
}
res, err := impl.helmAppService.UpdateApplicationWithChartInfo(ctx, installAppVersionRequest.ClusterId, updateReleaseRequest)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -128,10 +128,11 @@ func (impl *EAModeDeploymentServiceImpl) InstallApp(installAppVersionRequest *ap
}
} else {
chartRepository = &gRPC.ChartRepository{
Name: appStoreAppVersion.AppStore.ChartRepo.Name,
Url: appStoreAppVersion.AppStore.ChartRepo.Url,
Username: appStoreAppVersion.AppStore.ChartRepo.UserName,
Password: appStoreAppVersion.AppStore.ChartRepo.Password,
Name: appStoreAppVersion.AppStore.ChartRepo.Name,
Url: appStoreAppVersion.AppStore.ChartRepo.Url,
Username: appStoreAppVersion.AppStore.ChartRepo.UserName,
Password: appStoreAppVersion.AppStore.ChartRepo.Password,
AllowInsecureConnection: appStoreAppVersion.AppStore.ChartRepo.AllowInsecureConnection,
}
}
installReleaseRequest := &gRPC.InstallReleaseRequest{
Expand Down Expand Up @@ -340,10 +341,11 @@ func (impl *EAModeDeploymentServiceImpl) updateApplicationWithChartInfo(ctx cont
}
} else {
chartRepository = &gRPC.ChartRepository{
Name: appStoreApplicationVersion.AppStore.ChartRepo.Name,
Url: appStoreApplicationVersion.AppStore.ChartRepo.Url,
Username: appStoreApplicationVersion.AppStore.ChartRepo.UserName,
Password: appStoreApplicationVersion.AppStore.ChartRepo.Password,
Name: appStoreApplicationVersion.AppStore.ChartRepo.Name,
Url: appStoreApplicationVersion.AppStore.ChartRepo.Url,
Username: appStoreApplicationVersion.AppStore.ChartRepo.UserName,
Password: appStoreApplicationVersion.AppStore.ChartRepo.Password,
AllowInsecureConnection: appStoreApplicationVersion.AppStore.ChartRepo.AllowInsecureConnection,
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,10 +101,11 @@ func (impl *InstalledAppResourceServiceImpl) findNotesForArgoApplication(install
ValuesYaml: installedAppVerison.ValuesYaml,
K8SVersion: k8sServerVersion.String(),
ChartRepository: &gRPC.ChartRepository{
Name: appStoreAppVersion.AppStore.ChartRepo.Name,
Url: appStoreAppVersion.AppStore.ChartRepo.Url,
Username: appStoreAppVersion.AppStore.ChartRepo.UserName,
Password: appStoreAppVersion.AppStore.ChartRepo.Password,
Name: appStoreAppVersion.AppStore.ChartRepo.Name,
Url: appStoreAppVersion.AppStore.ChartRepo.Url,
Username: appStoreAppVersion.AppStore.ChartRepo.UserName,
Password: appStoreAppVersion.AppStore.ChartRepo.Password,
AllowInsecureConnection: appStoreAppVersion.AppStore.ChartRepo.AllowInsecureConnection,
},
ReleaseIdentifier: &gRPC.ReleaseIdentifier{
ReleaseNamespace: installedAppVerison.InstalledApp.Environment.Namespace,
Expand Down
56 changes: 39 additions & 17 deletions pkg/chartRepo/ChartRepositoryService.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
util3 "github.com/devtron-labs/common-lib/utils/k8s"
"io"
"io/ioutil"
errors2 "k8s.io/apimachinery/pkg/api/errors"
"net/http"
"net/url"
"strconv"
Expand Down Expand Up @@ -70,7 +71,6 @@ type ChartRepositoryService interface {
GetChartRepoByName(name string) (*ChartRepoDto, error)
GetChartRepoList() ([]*ChartRepoWithIsEditableDto, error)
GetChartRepoListMin() ([]*ChartRepoDto, error)
ValidateDeploymentCount(request *ChartRepoDto) error
ValidateChartRepo(request *ChartRepoDto) *DetailedErrorHelmRepoValidation
ValidateAndCreateChartRepo(request *ChartRepoDto) (*chartRepoRepository.ChartRepo, error, *DetailedErrorHelmRepoValidation)
ValidateAndUpdateChartRepo(request *ChartRepoDto) (*chartRepoRepository.ChartRepo, error, *DetailedErrorHelmRepoValidation)
Expand Down Expand Up @@ -111,12 +111,12 @@ func (impl *ChartRepositoryServiceImpl) CreateSecretDataForHelmChart(request *Ch
if isPrivateChart {
secretData[USERNAME] = request.UserName
secretData[PASSWORD] = request.Password
isInsecureConnection := "true"
if !request.AllowInsecureConnection {
isInsecureConnection = "false"
}
secretData[INSECRUE] = isInsecureConnection
}
isInsecureConnection := "true"
if !request.AllowInsecureConnection {
isInsecureConnection = "false"
}
secretData[INSECRUE] = isInsecureConnection

return secretData
}
Expand Down Expand Up @@ -225,17 +225,13 @@ func (impl *ChartRepositoryServiceImpl) CreateChartRepo(request *ChartRepoDto) (
return chartRepo, nil
}

func (impl *ChartRepositoryServiceImpl) ValidateDeploymentCount(request *ChartRepoDto) error {
activeDeploymentCount, err := impl.repoRepository.FindDeploymentCountByChartRepoId(request.Id)
func (impl *ChartRepositoryServiceImpl) getCountOfDeployedCharts(chartRepoId int) (int, error) {
activeDeploymentCount, err := impl.repoRepository.FindDeploymentCountByChartRepoId(chartRepoId)
if err != nil {
impl.logger.Errorw("error in getting deployment count, CheckDeploymentCount", "err", err, "payload", request)
return err
impl.logger.Errorw("error in getting deployment count, CheckDeploymentCount", "chartRepoId", chartRepoId, "err", err)
return 0, err
}
if activeDeploymentCount > 0 {
err = &util.ApiError{Code: "400", HttpStatusCode: 400, UserMessage: "cannot update, found charts deployed using this repo"}
return err
}
return err
return activeDeploymentCount, nil
}

func (impl *ChartRepositoryServiceImpl) UpdateData(request *ChartRepoDto) (*chartRepoRepository.ChartRepo, error) {
Expand All @@ -256,6 +252,18 @@ func (impl *ChartRepositoryServiceImpl) UpdateData(request *ChartRepoDto) (*char
if request.Name != previousName && strings.ToLower(request.Name) != request.Name {
return nil, errors.New("invalid repo name: please use lowercase")
}

deployedChartCount, err := impl.getCountOfDeployedCharts(request.Id)
if err != nil {
impl.logger.Errorw("error in getting charts deployed via chart repo", "chartRepoId", request.Id, "err", err)
return nil, err
}

if deployedChartCount > 0 && (request.Name != previousName || request.Url != previousUrl) {
err = &util.ApiError{Code: "400", HttpStatusCode: 400, UserMessage: "cannot update, found charts deployed using this repo"}
return nil, err
}

chartRepo.Url = request.Url
chartRepo.Name = request.Name
chartRepo.AuthMode = request.AuthMode
Expand Down Expand Up @@ -347,11 +355,24 @@ func (impl *ChartRepositoryServiceImpl) UpdateData(request *ChartRepoDto) (*char
} else {
secretData := impl.CreateSecretDataForHelmChart(request, isPrivateChart)
secret, err := impl.K8sUtil.GetSecret(impl.aCDAuthConfig.ACDConfigMapNamespace, previousName, client)
if err != nil {
statusError, ok := err.(*errors2.StatusError)
if err != nil && (ok && statusError != nil && statusError.Status().Code != http.StatusNotFound) {
impl.logger.Errorw("error in fetching secret", "err", err)
continue
}
secret.StringData = secretData

if ok && statusError != nil && statusError.Status().Code == http.StatusNotFound {
secretLabel := make(map[string]string)
secretLabel[LABEL] = REPOSITORY
_, err = impl.K8sUtil.CreateSecret(impl.aCDAuthConfig.ACDConfigMapNamespace, nil, chartRepo.Name, "", client, secretLabel, secretData)
if err != nil {
impl.logger.Errorw("Error in creating secret for chart repo", "Chart Name", chartRepo.Name, "err", err)
continue
}
updateSuccess = true
break
}

if previousName != request.Name {
err = impl.DeleteChartSecret(previousName)
if err != nil {
Expand All @@ -365,6 +386,7 @@ func (impl *ChartRepositoryServiceImpl) UpdateData(request *ChartRepoDto) (*char
impl.logger.Errorw("Error in creating secret for chart repo", "Chart Name", chartRepo.Name, "err", err)
}
} else {
secret.StringData = secretData
_, err = impl.K8sUtil.UpdateSecret(impl.aCDAuthConfig.ACDConfigMapNamespace, secret, client)
if err != nil {
impl.logger.Errorw("Error in creating secret for chart repo", "Chart Name", chartRepo.Name, "err", err)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
update chart_repo set allow_insecure_connection=false;
4 changes: 4 additions & 0 deletions scripts/sql/258_chart_repo_insecure_default_values.up.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-- till this migration script, allow_insecure_connection is FALSE in Database
-- insecureSkipTlsVerification was not derived from Database and was hardcoded as True in Kubelink.
-- Now we are deriving it's value from DB and to preserve existing behaviour, migration values in DB are set to TRUE
update chart_repo set allow_insecure_connection=true;

0 comments on commit 3e8e3bf

Please sign in to comment.