-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't enable TLS if enable_tls
is false
#245
Conversation
I've been playing a bit with this and if you set |
Hi @moleskin-smile. I see it is a patch to fix #244, but we cannot introduce another issue when resolving it. Unfortunately this cannot be merged in the current state. |
Hi @rporres. Actually this patch fixes a regression introduced in 0.9.0. It doesn't introduce another issue for
When But, to be sure, I've tested it with |
I understand your point. Your basically fixing the issue where |
I agree about general weirdness of TLS-related code in this provider. More work is required to handle it better. This PR is just a simple fix that prevents my organization from adding workarounds to helm providers everywhere where TLS is disabled. Thanks for looking at this. |
Hey, any update on this? This PR is already approved, there are no conflicts with the base branch and no other solution was developed in the last 4 months. |
@moleskin-smile Can you rebase from master to get the latest changes apply into your branch and see if there's anything breaking new tests? I think we're good to merge as there's no good fix that's either quite complicated or breaking. |
Terraform Helm provider 0.9.0 introduces a regression. In 0.8.0 if there is no `client_key`, `ca_certificate`, or `client_certificate` defined at the `provider "Helm"` level, TLS configuration is effectively disabled. The 0.9.0 version checks if there are `key.pem`, `cert.pem` and `ca.pem` present in Helm's home directory and if they are, TLS is enabled. This behaviour can break some configurations where these certificate files are present for other cluster(s) but current cluster doesn't use TLS. This change makes the Helm provider behave similar to Helm CLI. Helm CLI uses `--tls` option to explicitely enable TLS. This change makes `enable_tls` option to work as advertised (quoting documentation: `enable_tls` - (Optional) Enables TLS communications with the Tiller. Defaults to `false`).
d09248f
to
f4c635d
Compare
@rporres: Sure. Rebased and force-pushed. |
Terraform Helm provider 0.9.0 introduces a regression. In 0.8.0 if there
is no
client_key
,ca_certificate
, orclient_certificate
defined atthe
provider "Helm"
level, TLS configuration is effectively disabled.The 0.9.0 version checks if there are
key.pem
,cert.pem
andca.pem
present in Helm's home directory and if they are, TLS is enabled. This
behaviour can break some configurations where these certificate files
are present for other cluster(s) but current cluster doesn't use TLS.
This change makes the Helm provider behave similar to Helm CLI. Helm
CLI uses
--tls
option to explicitely enable TLS. This change makesenable_tls
option to work as advertised (quoting documentation:enable_tls
- (Optional) Enables TLS communications with the Tiller.Defaults to
false
).Fixes #244