diff options
author | rameshiyer27 <ramesh.murugan.iyer@est.tech> | 2022-05-17 12:04:03 +0100 |
---|---|---|
committer | rameshiyer27 <ramesh.murugan.iyer@est.tech> | 2022-05-17 12:49:12 +0100 |
commit | b77b61847ddd169da9a71b05742ed51bc826f5f6 (patch) | |
tree | 9f8ef7d8cae38dbaf11d0838a9ce70b4887eb004 /participant/participant-impl/participant-impl-kubernetes/src/main/java | |
parent | 9fa11a0b5ef61399598cc84950209bd8b38eed82 (diff) |
Add user configurable parameter for permitted helm repo protocols
User can configure the permitted helm repository protocols http/https
based on the requirement.
Issue-ID: POLICY-4113
Signed-off-by: zrrmmua <ramesh.murugan.iyer@est.tech>
Change-Id: Ib7c91413babd15d0bd22ceffe10cdc1c3a6a0fd0
Diffstat (limited to 'participant/participant-impl/participant-impl-kubernetes/src/main/java')
2 files changed, 9 insertions, 6 deletions
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java index 4d00e38ec..61a813e8a 100644 --- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java +++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java @@ -38,4 +38,6 @@ public class HelmRepositoryConfig { private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); private List<HelmRepository> repos = new ArrayList<>(); + + private List<String> protocols = new ArrayList<>(); } diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java index e9cd8a2c3..888600fde 100644 --- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java +++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java @@ -93,7 +93,7 @@ public class ChartService { * @throws IOException in case of IO errors */ public boolean installChart(ChartInfo chart) throws ServiceException, IOException { - boolean whiteListed = false; + boolean permittedRepo = false; if (chart.getRepository() == null) { String repoName = findChartRepo(chart); if (repoName == null) { @@ -106,17 +106,18 @@ public class ChartService { } } else { // Add remote repository if passed via TOSCA - // check whether the repo is whitelisted + // check whether the repo is permitted for (HelmRepository repo : helmRepositoryConfig.getRepos()) { if (repo.getAddress().equals(chart.getRepository().getAddress()) - && chart.getRepository().getAddress().contains("https")) { + && helmRepositoryConfig.getProtocols() + .contains(chart.getRepository().getAddress().split(":")[0])) { configureRepository(chart.getRepository()); - whiteListed = true; + permittedRepo = true; break; } } - if (!whiteListed) { - logger.error("Repository is not Whitelisted / plain http in not allowed"); + if (!permittedRepo) { + logger.error("Helm Repository/Protocol is not permitted for {}", chart.getRepository().getAddress()); return false; } } |