Fix helm context path (!65770) · Merge requests · GitLab.org / GitLab

Mathieu Parent requested to merge sathieu/gitlab:helm_fix_context_path into master Jul 08, 2021

Context

When working with the helm package registry, users can use helm push to publish their charts to GitLab.

To use helm push, users first must add GitLab as a repository. When added, the Helm client makes a request to download the chart index. This is used to help the Helm client know how to push helm charts with helm push.

The problem is, the returned chart index contains an incorrect value for contextPath. It returns a full URL rather than just a path, which leads the helm client to make a request to the wrong URL when using helm push.

What does this MR do?

Fix helm push, by setting the context path to a path (and not an URL).

See #18997 (comment 621773912) and !65760 (closed) for context.

Screenshots or Screencasts (strongly suggested)

Before (index request)


→ curl --user root:$TOKEN http://gdk.test:3001/api/v4/projects/83/packages/helm/stable/index.yaml
---
apiVersion: v1
entries:
  my-chart:
  - name: my-chart
    type: application
    version: 0.1.0
    apiVersion: v2
    appVersion: 1.16.0
    description: A Helm chart for Kubernetes
    created: '2021-07-07T22:22:58.351263000Z'
    digest:
    urls:
    - charts/my-chart-0.1.0.tgz
  test-gitlab-chart:
  - name: test-gitlab-chart
    type: application
    version: 0.1.0
    apiVersion: v2
    appVersion: 1.16.0
    description: A Helm chart for Kubernetes
    created: '2021-07-08T17:03:16.901701000Z'
    digest:
    urls:
    - charts/test-gitlab-chart-0.1.0.tgz
generated: '2021-07-08T17:17:45.892185000Z'
serverInfo:
  contextPath: "http://gdk.test:3001/api/v4/projects/83/packages/helm"

After (index request)


→ curl --user root:$TOKEN http://gdk.test:3001/api/v4/projects/83/packages/helm/stable/index.yaml
---
apiVersion: v1
entries:
  my-chart:
  - name: my-chart
    type: application
    version: 0.1.0
    apiVersion: v2
    appVersion: 1.16.0
    description: A Helm chart for Kubernetes
    created: '2021-07-07T22:22:58.351263000Z'
    digest:
    urls:
    - charts/my-chart-0.1.0.tgz
  test-gitlab-chart:
  - name: test-gitlab-chart
    type: application
    version: 0.1.0
    apiVersion: v2
    appVersion: 1.16.0
    description: A Helm chart for Kubernetes
    created: '2021-07-08T17:03:16.901701000Z'
    digest:
    urls:
    - charts/test-gitlab-chart-0.1.0.tgz
generated: '2021-07-08T17:17:45.892185000Z'
serverInfo:
  contextPath: "/api/v4/projects/83/packages/helm"

Before (helm push command)


# This results in an incorrect API request being made to http://gdk.test:3001/http:/gdk.test:3001/api/v4/projects/83/packages/helm/api/api/v4/projects/83/packages/helm/stable/charts
→ helm push test-gitlab-chart-0.1.0.tgz localproj
Pushing test-gitlab-chart-0.1.0.tgz to localproj...
Error: 404: could not properly parse response JSON:

After (helm push command)


# This results in the correct API request being made to http://gdk.test:3001/api/v4/projects/83/packages/helm/api/stable/charts
→ helm push test-gitlab-chart-0.1.0.tgz localproj
Pushing test-gitlab-chart-0.1.0.tgz to localproj...
Done.

Does this MR meet the acceptance criteria?

Conformity

I have included changelog trailers, or none are needed. (Does this MR need a changelog?)
I have added/updated documentation, or it's not needed. (Is documentation required?)
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
I have self-reviewed this MR per code review guidelines.
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
I have followed the style guides.
This change is backwards compatible across updates, or this does not apply.

Availability and Testing

I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
I have tested this MR in all supported browsers, or it's not needed.
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Jul 08, 2021 by Steve Abrams

Fix helm context path