search

openshift / ansible-service-broker

Ansible Service Broker
Apache License 2.0
226 stars 84 forks source link

Helm registry adapter HTTP basic authentication #1183

Closed RikuXan closed 4 years ago

RikuXan commented 5 years ago

Is it possible to use HTTP basic authentication with the Helm registry adapter?

The only reference to HTTP basic auth that I can see in the docs refer to the broker's authentication itself, for the registries I can only find the user and pass configuration variables which seem to be specific to certain registry types (e.g. Docker Hub or RHCC) and are not translated into HTTP basic auth headers.
Embedding the credentials in the URL does not seem to work either.

jmrodri commented 5 years ago

@RikuXan Looking at the code, the helm_adapter definitely doesn't use the user, password or auth_type that is supported in the registry Configuration. That being said the user and pass in the url should work.

registry:
  - name: stable
    type: helm
    url: "https://user:pass@kubernetes-charts.storage.googleapis.com"
    runner: "docker.io/automationbroker/helm-runner:latest"
    white_list:
      - ".*"

Seems like the above syntax should work. We don't do anything with the URL, we simply pass it along without transformation. What does your configuration look like? (please sanitize any sensitive values before posting configs).

RikuXan commented 5 years ago

@jmrodri Indeed, supplying the parameters in the URL does work. Apparently I did something wrong when I tried it first, thanks for the help.

RikuXan commented 5 years ago

Reopening this, because it seems that while the automationbroker/helm-runner image does add the repository with the basic auth parameters in the URL and can therefore pull the index.yaml file, the subsequent fetch/install/upgrade of an image does not "remember" the auth parameters and fails with a 401.
Is there a trick to this, or do I need to configure my helm repository to serve absolute URLs containing the basic auth parameters already?

openshift-bot commented 4 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

jmrodri commented 4 years ago

/close please reopen if this is still an issue.

jmrodri commented 4 years ago

/close

openshift-ci-robot commented 4 years ago

@jmrodri: Closing this issue.

In response to [this](https://github.com/openshift/ansible-service-broker/issues/1183#issuecomment-695430049): >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.