mirror of
https://github.com/argoproj/argo-cd.git
synced 2026-04-04 15:58:49 +02:00
48645db293
* fix: loosen source not permitted helm errors
With #12255, we check if a source is first permitted before running
`helm template`. This works a bit too well, since this may break
previously working manifests. If an `AppProject` has a set of
`sourceRepos` which are more restrictive than `*`, and it also has Helm
public dependencies (repos with credentials would not work with 2.7x
due to the fact they get filtered out before ending up on the repo
server). Whereas before this would work, this currently fails on
`HEAD` but not in `2.7x`.
What we instead do here is that we only run this check if the chart
failed to download - if it does then we run a check to see if the repo
is in the allowed repos list. If the repo is not in the allowed repos
list, we return the same error as in #12555, otherwise we bubble up the
error.
Should fix #13833.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* fix: check for 401 unauthorized in error
The regex check works fine for OCI artifacts, but the flow is slightly
different for standard Helm charts (specifically when running
`helm repo add`). To get around that, we also check the error for
`401 Unauthorized`.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* fix: loosen string check
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* Revert "chore: revert #12255 (#14858)"
This reverts commit c8ae5bc3e7.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* wip
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* wip
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: reword test to reduce confusion
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
---------
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>