* @throws IOException in case of IO errors
*/
public boolean installChart(ChartInfo chart) throws ServiceException, IOException {
- boolean whiteListed = false;
+ boolean permittedRepo = false;
if (chart.getRepository() == null) {
String repoName = findChartRepo(chart);
if (repoName == null) {
}
} else {
// Add remote repository if passed via TOSCA
- // check whether the repo is whitelisted
+ // check whether the repo is permitted
for (HelmRepository repo : helmRepositoryConfig.getRepos()) {
if (repo.getAddress().equals(chart.getRepository().getAddress())
- && chart.getRepository().getAddress().contains("https")) {
+ && helmRepositoryConfig.getProtocols()
+ .contains(chart.getRepository().getAddress().split(":")[0])) {
configureRepository(chart.getRepository());
- whiteListed = true;
+ permittedRepo = true;
break;
}
}
- if (!whiteListed) {
- logger.error("Repository is not Whitelisted / plain http in not allowed");
+ if (!permittedRepo) {
+ logger.error("Helm Repository/Protocol is not permitted for {}", chart.getRepository().getAddress());
return false;
}
}
chart:
api:
enabled: false
-
+# Update the config here for permitting repositories and protocols
helm:
repos:
-
address: https://charts.konghq.com
-
repoName: bitnami
- address: https://charts.bitnami.com/bitnami
\ No newline at end of file
+ address: https://charts.bitnami.com/bitnami
+
+ protocols:
+ - http
+ - https
\ No newline at end of file
List<HelmRepository> helmRepositoryList = new ArrayList<>();
helmRepositoryList.add(HelmRepository.builder().address("https://localhost:8080").build());
doReturn(helmRepositoryList).when(helmRepositoryConfig).getRepos();
+ doReturn(List.of("http", "https")).when(helmRepositoryConfig).getProtocols();
assertDoesNotThrow(() -> chartService.installChart(charts.get(0)));
doThrow(ServiceException.class).when(helmClient).installChart(any());
assertThatThrownBy(() -> chartService.installChart(charts.get(0))).isInstanceOf(ServiceException.class);
Code Review / policy / clamp.git / commitdiff