(bug) login to private registries

gianlucam76 · gianlucam76 · commit d10a3cbe1fb4 · 2025-01-24T13:53:11.000+01:00
If the Secret with credentials is of type kubernetes.io/dockerconfigjson
create the credentials file and pass to Helm registry.
Otherwise expects secret to contain username and password and use just
those to login
diff --git a/controllers/handlers_helm.go b/controllers/handlers_helm.go
@@ -363,6 +363,7 @@ func uninstallHelmCharts(ctx context.Context, c client.Client, clusterSummary *c
 					if err != nil && !errors.Is(err, driver.ErrReleaseNotFound) {
 						return nil, err
 					}
+
 					if currentRelease != nil && currentRelease.Status != string(release.StatusUninstalled) {
 						err = doUninstallRelease(ctx, clusterSummary, currentChart, kubeconfig, registryOptions, logger)
 						if err != nil {
@@ -1253,7 +1254,6 @@ func getRegistryClient(namespace string, registryOptions *registryClientOptions,
 		}
 		return registry.NewClient(options...)
 	}
-
 	return registry.NewRegistryClientWithTLS(os.Stderr, "", "", registryOptions.caPath,
 		registryOptions.skipTLSVerify, registryOptions.credentialsPath, settings.Debug)
 }
@@ -2511,6 +2511,10 @@ func createFileWithCredentials(ctx context.Context, c client.Client, clusterName
 		return "", err
 	}
 
+	if secret.Type != corev1.SecretTypeDockerConfigJson {
+		return "", nil
+	}
+
 	if secret.Data == nil {
 		return "", errors.New(fmt.Sprintf("secret %s/%s referenced in HelmChart section contains no data",
 			namespace, credSecretRef.Name))
@@ -2636,7 +2640,7 @@ func doLogin(ctx context.Context, c client.Client, registryOptions *registryClie
 		return err
 	}
 
-	username, password, host, err := getUsernameAndPasswordFromSecret(registryURL, secret)
+	username, password, hostname, err := getUsernameAndPasswordFromSecret(registryURL, secret)
 	if err != nil {
 		return err
 	}
@@ -2646,8 +2650,15 @@ func doLogin(ctx context.Context, c client.Client, registryOptions *registryClie
 		return err
 	}
 
-	options := []registry.LoginOption{registry.LoginOptBasicAuth(username, password)}
-	return registryClient.Login(host, options...)
+	cfg := &action.Configuration{
+		RegistryClient: registryClient,
+	}
+
+	return action.NewRegistryLogin(cfg).Run(os.Stderr, hostname, username, password,
+		action.WithCertFile(""),
+		action.WithKeyFile(""),
+		action.WithCAFile(registryOptions.caPath),
+		action.WithInsecure(registryOptions.skipTLSVerify))
 }
 
 // usernameAndPasswordFromSecret derives authentication data from a Secret to login to an OCI registry. This Secret
diff --git a/controllers/handlers_helm_test.go b/controllers/handlers_helm_test.go
@@ -929,6 +929,7 @@ var _ = Describe("Hash methods", func() {
 			Data: map[string][]byte{
 				"config.json": credentialsBytes,
 			},
+			Type: corev1.SecretTypeDockerConfigJson,
 		}
 
 		caByte := []byte(randomString())

Original file line number	Diff line number	Diff line change
`@@ -363,6 +363,7 @@ func uninstallHelmCharts(ctx context.Context, c client.Client, clusterSummary *c`
`363`	`363`	`if err != nil && !errors.Is(err, driver.ErrReleaseNotFound) {`
`364`	`364`	`return nil, err`
`365`	`365`	`}`
	`366`	`+`
`366`	`367`	`if currentRelease != nil && currentRelease.Status != string(release.StatusUninstalled) {`
`367`	`368`	`err = doUninstallRelease(ctx, clusterSummary, currentChart, kubeconfig, registryOptions, logger)`
`368`	`369`	`if err != nil {`
`@@ -1253,7 +1254,6 @@ func getRegistryClient(namespace string, registryOptions *registryClientOptions,`
`1253`	`1254`	`}`
`1254`	`1255`	`return registry.NewClient(options...)`
`1255`	`1256`	`}`
`1256`		`-`
`1257`	`1257`	`return registry.NewRegistryClientWithTLS(os.Stderr, "", "", registryOptions.caPath,`
`1258`	`1258`	`registryOptions.skipTLSVerify, registryOptions.credentialsPath, settings.Debug)`
`1259`	`1259`	`}`
`@@ -2511,6 +2511,10 @@ func createFileWithCredentials(ctx context.Context, c client.Client, clusterName`
`2511`	`2511`	`return "", err`
`2512`	`2512`	`}`
`2513`	`2513`
	`2514`	`+ if secret.Type != corev1.SecretTypeDockerConfigJson {`
	`2515`	`+ return "", nil`
	`2516`	`+ }`
	`2517`	`+`
`2514`	`2518`	`if secret.Data == nil {`
`2515`	`2519`	`return "", errors.New(fmt.Sprintf("secret %s/%s referenced in HelmChart section contains no data",`
`2516`	`2520`	`namespace, credSecretRef.Name))`
`@@ -2636,7 +2640,7 @@ func doLogin(ctx context.Context, c client.Client, registryOptions *registryClie`
`2636`	`2640`	`return err`
`2637`	`2641`	`}`
`2638`	`2642`
`2639`		`- username, password, host, err := getUsernameAndPasswordFromSecret(registryURL, secret)`
	`2643`	`+ username, password, hostname, err := getUsernameAndPasswordFromSecret(registryURL, secret)`
`2640`	`2644`	`if err != nil {`
`2641`	`2645`	`return err`
`2642`	`2646`	`}`
`@@ -2646,8 +2650,15 @@ func doLogin(ctx context.Context, c client.Client, registryOptions *registryClie`
`2646`	`2650`	`return err`
`2647`	`2651`	`}`
`2648`	`2652`
`2649`		`- options := []registry.LoginOption{registry.LoginOptBasicAuth(username, password)}`
`2650`		`- return registryClient.Login(host, options...)`
	`2653`	`+ cfg := &action.Configuration{`
	`2654`	`+ RegistryClient: registryClient,`
	`2655`	`+ }`
	`2656`	`+`
	`2657`	`+ return action.NewRegistryLogin(cfg).Run(os.Stderr, hostname, username, password,`
	`2658`	`+ action.WithCertFile(""),`
	`2659`	`+ action.WithKeyFile(""),`
	`2660`	`+ action.WithCAFile(registryOptions.caPath),`
	`2661`	`+ action.WithInsecure(registryOptions.skipTLSVerify))`
`2651`	`2662`	`}`
`2652`	`2663`
`2653`	`2664`	`// usernameAndPasswordFromSecret derives authentication data from a Secret to login to an OCI registry. This Secret`
Original file line number	Diff line number	Diff line change
`@@ -929,6 +929,7 @@ var _ = Describe("Hash methods", func() {`
`929`	`929`	`Data: map[string][]byte{`
`930`	`930`	`"config.json": credentialsBytes,`
`931`	`931`	`},`
	`932`	`+ Type: corev1.SecretTypeDockerConfigJson,`
`932`	`933`	`}`
`933`	`934`
`934`	`935`	`caByte := []byte(randomString())`