How to use helmDownloadUrl behind authentication wall?

Question

How to use helmDownloadUrl behind authentication wall?

alan-czajkowski opened this issue 2 years ago · comments

Is this a request for help?: YES

Is this a BUG REPORT or FEATURE REQUEST? (choose one): FEATURE REQUEST

Environment (plugin version, maven version, OS, ...):
plugin version: 6.0.0
Maven version: 3.8.x

What happened:
Unable to use helmDownloadUrl behind authentication wall (a URL that requires a username and password).
I am proxying https://get.helm.sh/helm-v3.8.1-linux-amd64.tar.gz behind Nexus (using a Nexus raw proxy for https://get.helm.sh/).
My Nexus requires authentication to download anything.

What you expected to happen:
Ability to configure authentication for helmDownloadUrl via pulling credentials from Maven settings.xml using the hostname from helmDownloadUrl as the server id inside settings.xml (the Docker Maven Plugin uses this convention).

How to reproduce it (as minimally and precisely as possible):
Set helmDownloadUrl to a URL that requires a username and password (HTTP Basic Auth).

Anything else we need to know:
n/a

Stephan Schnabel · Answer 1 · Tue May 03 2022 14:07:53 GMT+0800 (China Standard Time)

Right now it is not supported. Feel free to provide a pr.

Kirill Nazarov · Answer 2 · Thu May 12 2022 22:34:37 GMT+0800 (China Standard Time)

Tested on local env. At least works. :-)

Kirill Nazarov · Answer 3 · Thu May 12 2022 22:36:58 GMT+0800 (China Standard Time)

@alan-czajkowski are you ok to pass username and password from settings.xml?

Alan Czajkowski · Answer 4 · Thu May 12 2022 23:22:20 GMT+0800 (China Standard Time)

@nazarovkv yes, please follow the same conventions as the the Docker Maven Plugin ... they use the hostname from the URL as the ID to lookup in the settings.xml file to find the credentials

Kirill Nazarov · Answer 5 · Fri May 13 2022 03:57:55 GMT+0800 (China Standard Time)

@alan-czajkowski

I can add couple options:

Username and password(settings.xml scenario):
settings.xml:

...
<properties>
   <helm.downloadUser>my-username</helm.downloadUser>
   <helm.downloadPassword>my-password</helm.downloadPassword>
<properties>
...

Username and password(pom.xml + settings.xml scenario):
pom.xml :

    ...
    <build>
        <plugins>
            ...
            <plugin>
                <groupId>io.kokuwa.maven</groupId>
                <artifactId>helm-maven-plugin</artifactId>
                <configuration>
                    <helmDownloadUrl>http://org.example.com/helm-archive.zip</helmDownloadUrl>
                    <helmDownloadUser>${helm.bin.username}</helmDownloadUser>
                    <helmDownloadPassword>${helm.bin.password}</helmDownloadPassword>
                </configuration>
            </plugin>
            ...
        </plugins>
    </build>
    ...

settings.xml:

...
<properties>
   <helm.bin.username>my-username</helm.bin.username>
   <helm.bin.password>my-password</helm.bin.password>
<properties>
...

ServerId in settings.xml + pom.xml:
pom.xml :

    ...
    <build>
        <plugins>
            ...
            <plugin>
                <groupId>io.kokuwa.maven</groupId>
                <artifactId>helm-maven-plugin</artifactId>
                <configuration>
                    <helmDownloadUrl>http://org.example.com/helm-archive.zip</helmDownloadUrl>
                    <helmDownloadServerId>helm-binary-server</helmDownloadPassword>
                </configuration>
            </plugin>
            ...
        </plugins>
    </build>
    ...

settings.xml:

...
 <servers>
    <server>
      <id>helm-binary-server</id>
      <password>my_password</password>
      <username>my_login</username>
    </server>
  </servers>
...

Is any option can satisfy your requirements?

I've done quick overview of Docker Maven Plugin, conslusion: Docker Maven Plugin has pretty complex logic in terms of resolving credentails which can be used in various cases.

To have similar logic in Helm Maven Plugin we need to do some refactoring/improvements I guess. But I'm not sure is it worth it.
@sschnabe @fabian-schlegel @axdotl any thoughts/ideas? Can we go ahead with options I've described and later implement more complex credentails resolution/lookup?

Alan Czajkowski · Answer 6 · Fri May 13 2022 04:19:07 GMT+0800 (China Standard Time)

@nazarovkv it is definitely worth it to use the same conventions as the the Docker Maven Plugin because they are not the only ones using this convention (I've seen it used by other plugins, and it is also natural)

example:
IF helmDownloadUrl repo is: https://some.example.com/repository/helm-proxy-repo/helm-some-version.tar.gz
THEN credentials ID inside of settings.xml is some.example.com and the entry would look like:

  <server>
    <id>some.example.com</id>
    <username>...</username>
    <password>...</password>
  </server>

if this is too difficult to do at the moment, then I believe this compromise would suffice for now:
pom.xml

  <plugin>
    <groupId>io.kokuwa.maven</groupId>
    <artifactId>helm-maven-plugin</artifactId>
    <configuration>
      <helmDownloadUrl>https://some.example.com/repository/helm-proxy-repo/helm-some-version.tar.gz</helmDownloadUrl>
      <helmDownloadServerId>any-id-that-i-want</helmDownloadPassword>
      </configuration>
  </plugin>

settings.xml

  <server>
    <id>any-id-that-i-want</id>
    <username>...</username>
    <password>...</password>
  </server>

Kirill Nazarov · Answer 7 · Fri May 13 2022 04:38:43 GMT+0800 (China Standard Time)

@alan-czajkowski pushed. Review required.