-
Type:
Bug
-
Status: Done
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 7.24.1
-
Component/s: Artifactory, Helm
-
Labels:None
-
Location:External
Issue:
When we resolve the charts from Artifactory pointing to helm virtual repository by using helm client of version 3.6.1, we are seeing a "401 Unauthorized" error.
Steps to reproduce:
- Install helm client of version 3.6.1
- Create a local, remote and virtual helm repository in Artifactory of version 7.19.9
- Run below command :
a. helm repo add mill-test-helm http://10.168.0.111:12687/artifactory/test-helm --username admin --password AP51khUVNaYAQ8gMToBvARcKNrk
b. helm repo update
c. helm install mill-test-helm/bitnami/postgresql --generate-name --debug
Error: failed to fetch http://10.168.0.111:12687/artifactory/api/helm/test-helm/bitnami/postgresql-10.4.10.tgz : 401 Unauthorized
helm.go:81: [debug] failed to fetch http://10.168.0.111:12687/artifactory/api/helm/test-helm/bitnami/postgresql-10.4.10.tgz : 401 Unauthorized
helm.sh/helm/v3/pkg/getter.(*HTTPGetter).get
helm.sh/helm/v3/pkg/getter/httpgetter.go:90
helm.sh/helm/v3/pkg/getter.(*HTTPGetter).Get
helm.sh/helm/v3/pkg/getter/httpgetter.go:42
helm.sh/helm/v3/pkg/downloader.(*ChartDownloader).DownloadTo
helm.sh/helm/v3/pkg/downloader/chart_downloader.go:99
helm.sh/helm/v3/pkg/action.(*ChartPathOptions).LocateChart
helm.sh/helm/v3/pkg/action/install.go:704
main.runInstall
helm.sh/helm/v3/cmd/helm/install.go:185
main.newInstallCmd.func2
helm.sh/helm/v3/cmd/helm/install.go:120
github.com/spf13/cobra.(*Command).execute
github.com/spf13/cobra@v1.1.3/command.go:852
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/cobra@v1.1.3/command.go:960
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/cobra@v1.1.3/command.go:897
main.main
helm.sh/helm/v3/cmd/helm/helm.go:80
runtime.main
runtime/proc.go:225
runtime.goexit
runtime/asm_amd64.s:1371
Helm v3.6.1 is a security (patch) release. Users are strongly recommended to update to this release.
While working on the Helm source, a Helm core maintainer discovered a situation where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. More information can be found in the security advisory: https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf.
Workaround:
Add "--pass-credentials" flag with "helm repo add" command to resolve the charts.
VVersion:
- Helm version -3.6.1
- Artifactory version - 7.19.9