Adapting setupRegistryServer to be able to use https with the docker

registryClient

Signed-off-by: Soule BA <[email protected]>

Author: souleb

api/v1beta2/helmrepository_types.go

@@ -87,11 +87,6 @@ type HelmRepositorySpec struct {
 	// +optional
 	Timeout *metav1.Duration `json:"timeout,omitempty"`
 
-	// InsecureSkipTLSVerify skips the validation of the TLS certificate of the
-	// OCI registry endpoint.
-	// +optional
-	InsecureSkipTLSVerify bool `json:"insecureSkipTLSverify,omitempty"`
-
 	// Suspend tells the controller to suspend the reconciliation of this
 	// HelmRepository.
 	// +optional

docs/api/v1beta2/source.md

@@ -861,19 +861,6 @@ Its default value is 60s.</p>
 </tr>
 <tr>
 <td>
-<code>insecureSkipTLSverify</code><br>
-<em>
-bool
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>InsecureSkipTLSverify skips the validation of the TLS certificate of the
-OCI registry endpoint.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>suspend</code><br>
 <em>
 bool
@@ -2558,19 +2545,6 @@ Its default value is 60s.</p>
 </tr>
 <tr>
 <td>
-<code>insecureSkipTLSverify</code><br>
-<em>
-bool
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>InsecureSkipTLSverify skips the validation of the TLS certificate of the
-OCI registry endpoint.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>suspend</code><br>
 <em>
 bool

internal/controller/helmchart_controller_test.go

@@ -2241,16 +2241,15 @@ func TestHelmChartReconciler_reconcileSourceFromOCI_authStrategy(t *testing.T) {
 	}
 
 	tests := []struct {
-		name                  string
-		url                   string
-		registryOpts          registryOptions
-		secretOpts            secretOptions
-		insecureSkipTLSVerify bool
-		provider              string
-		providerImg           string
-		want                  sreconcile.Result
-		wantErr               bool
-		assertConditions      []metav1.Condition
+		name             string
+		url              string
+		registryOpts     registryOptions
+		secretOpts       secretOptions
+		provider         string
+		providerImg      string
+		want             sreconcile.Result
+		wantErr          bool
+		assertConditions []metav1.Condition
 	}{
 		{
 			name: "HTTP without basic auth",
@@ -2346,22 +2345,6 @@ func TestHelmChartReconciler_reconcileSourceFromOCI_authStrategy(t *testing.T) {
 				*conditions.UnknownCondition(meta.ReadyCondition, meta.ProgressingReason, "building artifact: pulled 'helmchart' chart with version '0.1.0'"),
 			},
 		},
-		{
-			name: "HTTPS With InsecureSkipTLSVerify",
-			want: sreconcile.ResultSuccess,
-			registryOpts: registryOptions{
-				withBasicAuth: true,
-			},
-			secretOpts: secretOptions{
-				username: testRegistryUsername,
-				password: testRegistryPassword,
-			},
-			insecureSkipTLSVerify: true,
-			assertConditions: []metav1.Condition{
-				*conditions.TrueCondition(meta.ReconcilingCondition, meta.ProgressingReason, "building artifact: pulled 'helmchart' chart with version '0.1.0'"),
-				*conditions.UnknownCondition(meta.ReadyCondition, meta.ProgressingReason, "building artifact: pulled 'helmchart' chart with version '0.1.0'"),
-			},
-		},
 	}
 
 	for _, tt := range tests {
@@ -2412,8 +2395,6 @@ func TestHelmChartReconciler_reconcileSourceFromOCI_authStrategy(t *testing.T) {
 				repo.Spec.URL = tt.providerImg
 			}
 
-			repo.Spec.InsecureSkipTLSVerify = tt.insecureSkipTLSVerify
-
 			var secret *corev1.Secret
 			if tt.secretOpts.username != "" && tt.secretOpts.password != "" {
 				secret = &corev1.Secret{

internal/controller/helmrepository_controller.go

@@ -414,10 +414,6 @@ func (r *HelmRepositoryReconciler) reconcileSource(ctx context.Context, sp *patc
 		}
 	}
 
-	if obj.Spec.InsecureSkipTLSVerify {
-		tlsConfig.InsecureSkipVerify = true
-	}
-
 	// Construct Helm chart repository with options and download index
 	newChartRepo, err := repository.NewChartRepository(obj.Spec.URL, "", r.Getters, clientOpts.TlsConfig, clientOpts.GetterOpts...)
 	if err != nil {

internal/controller/helmrepository_controller_oci.go

@@ -352,12 +352,6 @@ func (r *HelmRepositoryOCIReconciler) reconcile(ctx context.Context, sp *patch.S
 		}
 	}
 
-	if tlsConfig == nil {
-		tlsConfig = &tls.Config{}
-	}
-
-	tlsConfig.InsecureSkipVerify = obj.Spec.InsecureSkipTLSVerify
-
 	loginOpt, err := makeLoginOption(authenticator, keychain, obj.Spec.URL)
 	if err != nil {
 		conditions.MarkFalse(obj, meta.ReadyCondition, sourcev1.AuthenticationFailedReason, err.Error())

internal/controller/helmrepository_controller_oci_test.go

@@ -207,7 +207,6 @@ func TestHelmRepositoryOCIReconciler_authStrategy(t *testing.T) {
 		url                   string
 		registryOpts          registryOptions
 		secretOpts            secretOptions
-		insecureSkipTLSVerify bool
 		provider              string
 		providerImg           string
 		want                  ctrl.Result
@@ -307,21 +306,6 @@ func TestHelmRepositoryOCIReconciler_authStrategy(t *testing.T) {
 				*conditions.TrueCondition(meta.ReadyCondition, meta.SucceededReason, "Helm repository is ready"),
 			},
 		},
-		{
-			name: "HTTPS With InsecureSkipTLSVerify",
-			want: ctrl.Result{RequeueAfter: interval},
-			registryOpts: registryOptions{
-				withBasicAuth: true,
-			},
-			secretOpts: secretOptions{
-				username: testRegistryUsername,
-				password: testRegistryPassword,
-			},
-			insecureSkipTLSVerify: true,
-			assertConditions: []metav1.Condition{
-				*conditions.TrueCondition(meta.ReadyCondition, meta.SucceededReason, "Helm repository is ready"),
-			},
-		},
 	}
 
 	for _, tt := range tests {
@@ -364,8 +348,6 @@ func TestHelmRepositoryOCIReconciler_authStrategy(t *testing.T) {
 				obj.Spec.URL = tt.providerImg
 			}
 
-			obj.Spec.InsecureSkipTLSVerify = tt.insecureSkipTLSVerify
-
 			var secret *corev1.Secret
 			if tt.secretOpts.username != "" && tt.secretOpts.password != "" {
 				secret = &corev1.Secret{

internal/controller/suite_test.go

@@ -163,7 +163,6 @@ func setupRegistryServer(ctx context.Context, workspaceDir string, opts registry
 	if err != nil {
 		return nil, fmt.Errorf("failed to get free port: %s", err)
 	}
-
 	server.registryHost = fmt.Sprintf("localhost:%d", port)
 
 	// Change the registry host to a host which is not localhost and