/* Copyright The Helm Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ /*Package environment describes the operating environment for Tiller. Tiller's environment encapsulates all of the service dependencies Tiller has. These dependencies are expressed as interfaces so that alternate implementations (mocks, etc.) can be easily generated. */ package environment import ( "os" "path/filepath" "github.com/spf13/pflag" "k8s.io/client-go/util/homedir" "k8s.io/helm/pkg/helm/helmpath" ) const ( // DefaultTLSCaCert is the default value for HELM_TLS_CA_CERT DefaultTLSCaCert = "$HELM_HOME/ca.pem" // DefaultTLSCert is the default value for HELM_TLS_CERT DefaultTLSCert = "$HELM_HOME/cert.pem" // DefaultTLSKeyFile is the default value for HELM_TLS_KEY_FILE DefaultTLSKeyFile = "$HELM_HOME/key.pem" // DefaultTLSEnable is the default value for HELM_TLS_ENABLE DefaultTLSEnable = false // DefaultTLSVerify is the default value for HELM_TLS_VERIFY DefaultTLSVerify = false ) // DefaultHelmHome is the default HELM_HOME. var DefaultHelmHome = filepath.Join(homedir.HomeDir(), ".helm") // EnvSettings describes all of the environment settings. type EnvSettings struct { // TillerHost is the host and port of Tiller. TillerHost string // TillerConnectionTimeout is the duration (in seconds) helm will wait to establish a connection to Tiller. TillerConnectionTimeout int64 // TillerNamespace is the namespace in which Tiller runs. TillerNamespace string // Home is the local path to the Helm home directory. Home helmpath.Home // Debug indicates whether or not Helm is running in Debug mode. Debug bool // KubeContext is the name of the kubeconfig context. KubeContext string // KubeConfig is the path to an explicit kubeconfig file. This overwrites the value in $KUBECONFIG KubeConfig string // TLSEnable tells helm to communicate with Tiller via TLS TLSEnable bool // TLSVerify tells helm to communicate with Tiller via TLS and to verify remote certificates served by Tiller TLSVerify bool // TLSServerName tells helm to verify the hostname on the returned certificates from Tiller TLSServerName string // TLSCaCertFile is the path to a TLS CA certificate file TLSCaCertFile string // TLSCertFile is the path to a TLS certificate file TLSCertFile string // TLSKeyFile is the path to a TLS key file TLSKeyFile string } // AddFlags binds flags to the given flagset. func (s *EnvSettings) AddFlags(fs *pflag.FlagSet) { fs.StringVar((*string)(&s.Home), "home", DefaultHelmHome, "Location of your Helm config. Overrides $HELM_HOME") fs.StringVar(&s.TillerHost, "host", "", "Address of Tiller. Overrides $HELM_HOST") fs.StringVar(&s.KubeContext, "kube-context", "", "Name of the kubeconfig context to use") fs.StringVar(&s.KubeConfig, "kubeconfig", "", "Absolute path of the kubeconfig file to be used") fs.BoolVar(&s.Debug, "debug", false, "Enable verbose output") fs.StringVar(&s.TillerNamespace, "tiller-namespace", "kube-system", "Namespace of Tiller") fs.Int64Var(&s.TillerConnectionTimeout, "tiller-connection-timeout", int64(300), "The duration (in seconds) Helm will wait to establish a connection to Tiller") } // AddFlagsTLS adds the flags for supporting client side TLS to the given flagset. func (s *EnvSettings) AddFlagsTLS(fs *pflag.FlagSet) { fs.StringVar(&s.TLSServerName, "tls-hostname", s.TillerHost, "The server name used to verify the hostname on the returned certificates from the server") fs.StringVar(&s.TLSCaCertFile, "tls-ca-cert", DefaultTLSCaCert, "Path to TLS CA certificate file") fs.StringVar(&s.TLSCertFile, "tls-cert", DefaultTLSCert, "Path to TLS certificate file") fs.StringVar(&s.TLSKeyFile, "tls-key", DefaultTLSKeyFile, "Path to TLS key file") fs.BoolVar(&s.TLSVerify, "tls-verify", DefaultTLSVerify, "Enable TLS for request and verify remote") fs.BoolVar(&s.TLSEnable, "tls", DefaultTLSEnable, "Enable TLS for request") } // Init sets values from the environment. func (s *EnvSettings) Init(fs *pflag.FlagSet) { for name, envar := range envMap { setFlagFromEnv(name, envar, fs) } } // InitTLS sets TLS values from the environment. func (s *EnvSettings) InitTLS(fs *pflag.FlagSet) { for name, envar := range tlsEnvMap { setFlagFromEnv(name, envar, fs) } } // envMap maps flag names to envvars var envMap = map[string]string{ "debug": "HELM_DEBUG", "home": "HELM_HOME", "host": "HELM_HOST", "tiller-namespace": "TILLER_NAMESPACE", } var tlsEnvMap = map[string]string{ "tls-hostname": "HELM_TLS_HOSTNAME", "tls-ca-cert": "HELM_TLS_CA_CERT", "tls-cert": "HELM_TLS_CERT", "tls-key": "HELM_TLS_KEY", "tls-verify": "HELM_TLS_VERIFY", "tls": "HELM_TLS_ENABLE", } // PluginDirs is the path to the plugin directories. func (s EnvSettings) PluginDirs() string { if d, ok := os.LookupEnv("HELM_PLUGIN"); ok { return d } return s.Home.Plugins() } // HelmKeyPassphrase is the passphrase used to sign a helm chart. func (s EnvSettings) HelmKeyPassphrase() string { if d, ok := os.LookupEnv("HELM_KEY_PASSPHRASE"); ok { return d } return "" } // setFlagFromEnv looks up and sets a flag if the corresponding environment variable changed. // if the flag with the corresponding name was set during fs.Parse(), then the environment // variable is ignored. func setFlagFromEnv(name, envar string, fs *pflag.FlagSet) { if fs.Changed(name) { return } if v, ok := os.LookupEnv(envar); ok { fs.Set(name, v) } } // Deprecated const ( HomeEnvVar = "HELM_HOME" PluginEnvVar = "HELM_PLUGIN" PluginDisableEnvVar = "HELM_NO_PLUGINS" HostEnvVar = "HELM_HOST" DebugEnvVar = "HELM_DEBUG" )