Merge pull request #157 from fluxcd/helm-index-chart-download

Factor out Helm repo index and chart download

Author: hiddeco

controllers/helmchart_controller.go

@@ -231,52 +231,6 @@ func (r *HelmChartReconciler) getSource(ctx context.Context, chart sourcev1.Helm
 
 func (r *HelmChartReconciler) reconcileFromHelmRepository(ctx context.Context,
 	repository sourcev1.HelmRepository, chart sourcev1.HelmChart, force bool) (sourcev1.HelmChart, error) {
-	cv, err := helm.GetDownloadableChartVersionFromIndex(r.Storage.LocalPath(*repository.GetArtifact()),
-		chart.Spec.Chart, chart.Spec.Version)
-	if err != nil {
-		return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
-	}
-
-	// Return early if the revision is still the same as the current artifact
-	newArtifact := r.Storage.NewArtifactFor(chart.Kind, chart.GetObjectMeta(), cv.Version,
-		fmt.Sprintf("%s-%s.tgz", cv.Name, cv.Version))
-	if !force && sourcev1.InReadyCondition(chart.Status.Conditions) && chart.GetArtifact().HasRevision(newArtifact.Revision) {
-		if newArtifact.URL != repository.GetArtifact().URL {
-			r.Storage.SetArtifactURL(chart.GetArtifact())
-			chart.Status.URL = r.Storage.SetHostname(chart.Status.URL)
-		}
-		return chart, nil
-	}
-
-	// TODO(hidde): according to the Helm source the first item is not
-	//  always the correct one to pick, check for updates once in awhile.
-	//  Ref: https://github.com/helm/helm/blob/v3.3.0/pkg/downloader/chart_downloader.go#L241
-	ref := cv.URLs[0]
-	u, err := url.Parse(ref)
-	if err != nil {
-		err = fmt.Errorf("invalid chart URL format '%s': %w", ref, err)
-	}
-
-	// Prepend the chart repository base URL if the URL is relative
-	if !u.IsAbs() {
-		repoURL, err := url.Parse(repository.Spec.URL)
-		if err != nil {
-			err = fmt.Errorf("invalid repository URL format '%s': %w", repository.Spec.URL, err)
-			return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
-		}
-		q := repoURL.Query()
-		// Trailing slash is required for ResolveReference to work
-		repoURL.Path = strings.TrimSuffix(repoURL.Path, "/") + "/"
-		u = repoURL.ResolveReference(u)
-		u.RawQuery = q.Encode()
-	}
-
-	// Get the getter for the protocol
-	c, err := r.Getters.ByScheme(u.Scheme)
-	if err != nil {
-		return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
-	}
-
 	var clientOpts []getter.Option
 	if repository.Spec.SecretRef != nil {
 		name := types.NamespacedName{
@@ -299,6 +253,46 @@ func (r *HelmChartReconciler) reconcileFromHelmRepository(ctx context.Context,
 		defer cleanup()
 		clientOpts = opts
 	}
+	clientOpts = append(clientOpts, getter.WithTimeout(repository.GetTimeout()))
+
+	// Initialize the chart repository and load the index file
+	chartRepo, err := helm.NewChartRepository(repository.Spec.URL, r.Getters, clientOpts)
+	if err != nil {
+		switch err.(type) {
+		case *url.Error:
+			return sourcev1.HelmChartNotReady(chart, sourcev1.URLInvalidReason, err.Error()), err
+		default:
+			return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
+		}
+	}
+	indexFile, err := os.Open(r.Storage.LocalPath(*repository.GetArtifact()))
+	if err != nil {
+		return sourcev1.HelmChartNotReady(chart, sourcev1.StorageOperationFailedReason, err.Error()), err
+	}
+	b, err := ioutil.ReadAll(indexFile)
+	if err != nil {
+		return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
+	}
+	if err = chartRepo.LoadIndex(b); err != nil {
+		return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
+	}
+
+	// Lookup the chart version in the chart repository index
+	chartVer, err := chartRepo.Get(chart.Spec.Chart, chart.Spec.Version)
+	if err != nil {
+		return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
+	}
+
+	// Return early if the revision is still the same as the current artifact
+	newArtifact := r.Storage.NewArtifactFor(chart.Kind, chart.GetObjectMeta(), chartVer.Version,
+		fmt.Sprintf("%s-%s.tgz", chartVer.Name, chartVer.Version))
+	if !force && repository.GetArtifact().HasRevision(newArtifact.Revision) {
+		if newArtifact.URL != chart.GetArtifact().URL {
+			r.Storage.SetArtifactURL(chart.GetArtifact())
+			chart.Status.URL = r.Storage.SetHostname(chart.Status.URL)
+		}
+		return chart, nil
+	}
 
 	// Ensure artifact directory exists
 	err = r.Storage.MkdirAll(newArtifact)
@@ -315,9 +309,8 @@ func (r *HelmChartReconciler) reconcileFromHelmRepository(ctx context.Context,
 	}
 	defer unlock()
 
-	// TODO(hidde): implement timeout from the HelmRepository
-	//  https://github.com/helm/helm/pull/7950
-	res, err := c.Get(u.String(), clientOpts...)
+	// Attempt to download the chart
+	res, err := chartRepo.DownloadChart(chartVer)
 	if err != nil {
 		return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPullFailedReason, err.Error()), err
 	}
@@ -345,7 +338,7 @@ func (r *HelmChartReconciler) reconcileFromHelmRepository(ctx context.Context,
 		}
 
 		// Overwrite values file
-		chartPath := path.Join(tmpDir, cv.Name)
+		chartPath := path.Join(tmpDir, chartVer.Name)
 		if err := helm.OverwriteChartDefaultValues(chartPath, chart.Spec.ValuesFile); err != nil {
 			return sourcev1.HelmChartNotReady(chart, sourcev1.ChartPackageFailedReason, err.Error()), err
 		}
@@ -376,7 +369,7 @@ func (r *HelmChartReconciler) reconcileFromHelmRepository(ctx context.Context,
 	}
 
 	// Update symlink
-	chartUrl, err := r.Storage.Symlink(newArtifact, fmt.Sprintf("%s-latest.tgz", cv.Name))
+	chartUrl, err := r.Storage.Symlink(newArtifact, fmt.Sprintf("%s-latest.tgz", chartVer.Name))
 	if err != nil {
 		err = fmt.Errorf("storage error: %w", err)
 		return sourcev1.HelmChartNotReady(chart, sourcev1.StorageOperationFailedReason, err.Error()), err

controllers/helmrepository_controller.go

@@ -20,15 +20,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
 	"net/url"
-	"path"
 	"strings"
 	"time"
 
 	"github.com/go-logr/logr"
 	"helm.sh/helm/v3/pkg/getter"
-	"helm.sh/helm/v3/pkg/repo"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -163,19 +160,6 @@ func (r *HelmRepositoryReconciler) SetupWithManagerAndOptions(mgr ctrl.Manager,
 }
 
 func (r *HelmRepositoryReconciler) reconcile(ctx context.Context, repository sourcev1.HelmRepository) (sourcev1.HelmRepository, error) {
-	u, err := url.Parse(repository.Spec.URL)
-	if err != nil {
-		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.URLInvalidReason, err.Error()), err
-	}
-
-	c, err := r.Getters.ByScheme(u.Scheme)
-	if err != nil {
-		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.URLInvalidReason, err.Error()), err
-	}
-
-	u.RawPath = path.Join(u.RawPath, "index.yaml")
-	u.Path = path.Join(u.Path, "index.yaml")
-
 	var clientOpts []getter.Option
 	if repository.Spec.SecretRef != nil {
 		name := types.NamespacedName{
@@ -198,25 +182,27 @@ func (r *HelmRepositoryReconciler) reconcile(ctx context.Context, repository sou
 		defer cleanup()
 		clientOpts = opts
 	}
-
 	clientOpts = append(clientOpts, getter.WithTimeout(repository.GetTimeout()))
-	res, err := c.Get(u.String(), clientOpts...)
-	if err != nil {
-		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.IndexationFailedReason, err.Error()), err
-	}
 
-	b, err := ioutil.ReadAll(res)
+	chartRepo, err := helm.NewChartRepository(repository.Spec.URL, r.Getters, clientOpts)
 	if err != nil {
-		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.IndexationFailedReason, err.Error()), err
+		switch err.(type) {
+		case *url.Error:
+			return sourcev1.HelmRepositoryNotReady(repository, sourcev1.URLInvalidReason, err.Error()), err
+		default:
+			return sourcev1.HelmRepositoryNotReady(repository, sourcev1.IndexationFailedReason, err.Error()), err
+		}
 	}
-	i := repo.IndexFile{}
-	if err := yaml.Unmarshal(b, &i); err != nil {
+	if err := chartRepo.DownloadIndex(); err != nil {
+		err = fmt.Errorf("failed to download repository index: %w", err)
 		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.IndexationFailedReason, err.Error()), err
 	}
 
 	// return early on unchanged generation
-	artifact := r.Storage.NewArtifactFor(repository.Kind, repository.ObjectMeta.GetObjectMeta(), i.Generated.Format(time.RFC3339Nano),
-		fmt.Sprintf("index-%s.yaml", url.PathEscape(i.Generated.Format(time.RFC3339Nano))))
+	artifact := r.Storage.NewArtifactFor(repository.Kind,
+		repository.ObjectMeta.GetObjectMeta(),
+		chartRepo.Index.Generated.Format(time.RFC3339Nano),
+		fmt.Sprintf("index-%s.yaml", url.PathEscape(chartRepo.Index.Generated.Format(time.RFC3339Nano))))
 	if sourcev1.InReadyCondition(repository.Status.Conditions) && repository.GetArtifact().HasRevision(artifact.Revision) {
 		if artifact.URL != repository.GetArtifact().URL {
 			r.Storage.SetArtifactURL(repository.GetArtifact())
@@ -225,12 +211,6 @@ func (r *HelmRepositoryReconciler) reconcile(ctx context.Context, repository sou
 		return repository, nil
 	}
 
-	i.SortEntries()
-	b, err = yaml.Marshal(&i)
-	if err != nil {
-		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.IndexationFailedReason, err.Error()), err
-	}
-
 	// create artifact dir
 	err = r.Storage.MkdirAll(artifact)
 	if err != nil {
@@ -247,6 +227,10 @@ func (r *HelmRepositoryReconciler) reconcile(ctx context.Context, repository sou
 	defer unlock()
 
 	// save artifact to storage
+	b, err := yaml.Marshal(&chartRepo.Index)
+	if err != nil {
+		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.IndexationFailedReason, err.Error()), err
+	}
 	if err := r.Storage.AtomicWriteFile(&artifact, bytes.NewReader(b), 0644); err != nil {
 		err = fmt.Errorf("unable to write repository index file: %w", err)
 		return sourcev1.HelmRepositoryNotReady(repository, sourcev1.StorageOperationFailedReason, err.Error()), err

controllers/helmrepository_controller_test.go

@@ -121,7 +121,7 @@ var _ = Describe("HelmRepositoryReconciler", func() {
 			Eventually(func() bool {
 				_ = k8sClient.Get(context.Background(), key, updated)
 				for _, c := range updated.Status.Conditions {
-					if c.Reason == sourcev1.URLInvalidReason {
+					if c.Reason == sourcev1.IndexationFailedReason {
 						return true
 					}
 				}

internal/helm/getter.go

@@ -26,6 +26,8 @@ import (
 	corev1 "k8s.io/api/core/v1"
 )
 
+// ClientOptionsFromSecret constructs a getter.Option slice for the given secret.
+// It returns the slice, and a callback to remove temporary files.
 func ClientOptionsFromSecret(secret corev1.Secret) ([]getter.Option, func(), error) {
 	var opts []getter.Option
 	basicAuth, err := BasicAuthFromSecret(secret)
@@ -45,6 +47,11 @@ func ClientOptionsFromSecret(secret corev1.Secret) ([]getter.Option, func(), err
 	return opts, cleanup, nil
 }
 
+// BasicAuthFromSecret attempts to construct a basic auth getter.Option for the
+// given v1.Secret and returns the result.
+//
+// Secrets with no username AND password are ignored, if only one is defined it
+// returns an error.
 func BasicAuthFromSecret(secret corev1.Secret) (getter.Option, error) {
 	username, password := string(secret.Data["username"]), string(secret.Data["password"])
 	switch {
@@ -56,6 +63,12 @@ func BasicAuthFromSecret(secret corev1.Secret) (getter.Option, error) {
 	return getter.WithBasicAuth(username, password), nil
 }
 
+// TLSClientConfigFromSecret attempts to construct a TLS client config
+// getter.Option for the given v1.Secret. It returns the getter.Option and a
+// callback to remove the temporary TLS files.
+//
+// Secrets with no certFile, keyFile, AND caFile are ignored, if only a
+// certBytes OR keyBytes is defined it returns an error.
 func TLSClientConfigFromSecret(secret corev1.Secret) (getter.Option, func(), error) {
 	certBytes, keyBytes, caBytes := secret.Data["certFile"], secret.Data["keyFile"], secret.Data["caFile"]
 	switch {