ref(*): remove unused secure bundles

closes getporter#982
jdolitsky · Feb 13, 2020 · 7faa81d · 7faa81d
1 parent a1d785e
commit 7faa81d
Show file tree

Hide file tree

Showing 32 changed files with 27 additions and 94 deletions.
diff --git a/cmd/porter/bundle.go b/cmd/porter/bundle.go
@@ -71,7 +71,6 @@ The first argument is the bundle instance name to create for the installation. T
 Porter uses the Docker driver as the default runtime for executing a bundle's invocation image, but an alternate driver may be supplied via '--driver/-d'.
 For example, the 'debug' driver may be specified, which simply logs the info given to it and then exits.`,
  Example: ` porter bundle install
- porter bundle install --insecure
  porter bundle install MyAppInDev --file myapp/bundle.json
  porter bundle install --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter bundle install --cred azure --cred kubernetes
@@ -87,8 +86,6 @@ For example, the 'debug' driver may be specified, which simply logs the info giv
  }
 
  f := cmd.Flags()
- f.BoolVar(&opts.Insecure, "insecure", true,
- "Allow working with untrusted bundles")
  f.StringVarP(&opts.File, "file", "f", "",
  "Path to the porter manifest file. Defaults to the bundle in the current directory.")
  f.StringVar(&opts.CNABFile, "cnab-file", "",
@@ -122,7 +119,6 @@ The first argument is the bundle instance name to upgrade. This defaults to the
 Porter uses the Docker driver as the default runtime for executing a bundle's invocation image, but an alternate driver may be supplied via '--driver/-d'.
 For example, the 'debug' driver may be specified, which simply logs the info given to it and then exits.`,
  Example: ` porter bundle upgrade
- porter bundle upgrade --insecure
  porter bundle upgrade MyAppInDev --file myapp/bundle.json
  porter bundle upgrade --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter bundle upgrade --cred azure --cred kubernetes
@@ -138,8 +134,6 @@ For example, the 'debug' driver may be specified, which simply logs the info giv
  }
 
  f := cmd.Flags()
- f.BoolVar(&opts.Insecure, "insecure", true,
- "Allow working with untrusted bundles")
  f.StringVarP(&opts.File, "file", "f", "",
  "Path to the porter manifest file. Defaults to the bundle in the current directory.")
  f.StringVar(&opts.CNABFile, "cnab-file", "",
@@ -225,7 +219,6 @@ The first argument is the bundle instance name to uninstall. This defaults to th
 Porter uses the Docker driver as the default runtime for executing a bundle's invocation image, but an alternate driver may be supplied via '--driver/-d'.
 For example, the 'debug' driver may be specified, which simply logs the info given to it and then exits.`,
  Example: ` porter bundle uninstall
- porter bundle uninstall --insecure
  porter bundle uninstall MyAppInDev --file myapp/bundle.json
  porter bundle uninstall --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter bundle uninstall --cred azure --cred kubernetes
@@ -242,8 +235,6 @@ For example, the 'debug' driver may be specified, which simply logs the info giv
  }
 
  f := cmd.Flags()
- f.BoolVar(&opts.Insecure, "insecure", true,
- "Allow working with untrusted bundles")
  f.StringVarP(&opts.File, "file", "f", "",
  "Path to the porter manifest file. Defaults to the bundle in the current directory. Optional unless a newer version of the bundle should be used to uninstall the bundle.")
  f.StringVar(&opts.CNABFile, "cnab-file", "",
@@ -275,7 +266,6 @@ func buildBundlePublishCommand(p *porter.Porter) *cobra.Command {
  Long: "Publishes a bundle by pushing the invocation image and bundle to a registry.",
  Example: ` porter bundle publish
  porter bundle publish --file myapp/porter.yaml
- porter bundle publish --insecure
  porter bundle publish --archive /tmp/mybuns.tgz --tag myrepo/my-buns:0.1.0
  `,
  PreRunE: func(cmd *cobra.Command, args []string) error {

diff --git a/cmd/porter/credentials.go b/cmd/porter/credentials.go
@@ -77,7 +77,6 @@ When you wish to install, upgrade or delete a bundle, Porter will use the
 credential set to determine where to read the necessary information from and
 will then provide it to the bundle in the correct location. `,
  Example: ` porter credential generate
- porter bundle credential generate kubecred --insecure
  porter bundle credential generate kubecred --file myapp/porter.yaml
  porter bundle credential generate kubecred --tag getporter/porter-hello:v0.1.0
  porter bundle credential generate kubecred --cnab-file myapp/bundle.json --dry-run
@@ -91,8 +90,6 @@ will then provide it to the bundle in the correct location. `,
  }
 
  f := cmd.Flags()
- f.BoolVar(&opts.Insecure, "insecure", true,
- "Allow working with untrusted bundles.")
  f.StringVarP(&opts.File, "file", "f", "",
  "Path to the porter manifest file. Defaults to the bundle in the current directory.")
  f.StringVar(&opts.CNABFile, "cnab-file", "",

diff --git a/docs/content/cli/bundles_install.md b/docs/content/cli/bundles_install.md
@@ -24,7 +24,6 @@ porter bundles install [INSTANCE] [flags]
 
 ```
  porter bundle install
- porter bundle install --insecure
  porter bundle install MyAppInDev --file myapp/bundle.json
  porter bundle install --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter bundle install --cred azure --cred kubernetes
@@ -42,7 +41,6 @@ porter bundles install [INSTANCE] [flags]
  -f, --file string Path to the porter manifest file. Defaults to the bundle in the current directory.
  --force Force a fresh pull of the bundle and all dependencies
  -h, --help help for install
- --insecure Allow working with untrusted bundles (default true)
  --insecure-registry Don't require TLS for the registry
  --param strings Define an individual parameter in the form NAME=VALUE. Overrides parameters set with the same name using --param-file. May be specified multiple times.
  --param-file strings Path to a parameters definition file for the bundle, each line in the form of NAME=VALUE. May be specified multiple times.

diff --git a/docs/content/cli/bundles_uninstall.md b/docs/content/cli/bundles_uninstall.md
@@ -24,7 +24,6 @@ porter bundles uninstall [INSTANCE] [flags]
 
 ```
  porter bundle uninstall
- porter bundle uninstall --insecure
  porter bundle uninstall MyAppInDev --file myapp/bundle.json
  porter bundle uninstall --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter bundle uninstall --cred azure --cred kubernetes
@@ -43,7 +42,6 @@ porter bundles uninstall [INSTANCE] [flags]
  -f, --file string Path to the porter manifest file. Defaults to the bundle in the current directory. Optional unless a newer version of the bundle should be used to uninstall the bundle.
  --force Force a fresh pull of the bundle and all dependencies
  -h, --help help for uninstall
- --insecure Allow working with untrusted bundles (default true)
  --insecure-registry Don't require TLS for the registry
  --param strings Define an individual parameter in the form NAME=VALUE. Overrides parameters set with the same name using --param-file. May be specified multiple times.
  --param-file strings Path to a parameters definition file for the bundle, each line in the form of NAME=VALUE. May be specified multiple times.

diff --git a/docs/content/cli/bundles_upgrade.md b/docs/content/cli/bundles_upgrade.md
@@ -24,7 +24,6 @@ porter bundles upgrade [INSTANCE] [flags]
 
 ```
  porter bundle upgrade
- porter bundle upgrade --insecure
  porter bundle upgrade MyAppInDev --file myapp/bundle.json
  porter bundle upgrade --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter bundle upgrade --cred azure --cred kubernetes
@@ -42,7 +41,6 @@ porter bundles upgrade [INSTANCE] [flags]
  -f, --file string Path to the porter manifest file. Defaults to the bundle in the current directory.
  --force Force a fresh pull of the bundle and all dependencies
  -h, --help help for upgrade
- --insecure Allow working with untrusted bundles (default true)
  --insecure-registry Don't require TLS for the registry
  --param strings Define an individual parameter in the form NAME=VALUE. Overrides parameters set with the same name using --param-file. May be specified multiple times.
  --param-file strings Path to a parameters definition file for the bundle, each line in the form of NAME=VALUE. May be specified multiple times.

diff --git a/docs/content/cli/credentials_generate.md b/docs/content/cli/credentials_generate.md
@@ -35,7 +35,6 @@ porter credentials generate [NAME] [flags]
 
 ```
  porter credential generate
- porter bundle credential generate kubecred --insecure
  porter bundle credential generate kubecred --file myapp/porter.yaml
  porter bundle credential generate kubecred --tag getporter/porter-hello:v0.1.0
  porter bundle credential generate kubecred --cnab-file myapp/bundle.json --dry-run
@@ -49,7 +48,6 @@ porter credentials generate [NAME] [flags]
  --dry-run Generate credential but do not save it.
  -f, --file string Path to the porter manifest file. Defaults to the bundle in the current directory.
  -h, --help help for generate
- --insecure Allow working with untrusted bundles. (default true)
  --tag string Use a bundle in an OCI registry specified by the given tag.
 ```
 

diff --git a/docs/content/cli/install.md b/docs/content/cli/install.md
@@ -24,7 +24,6 @@ porter install [INSTANCE] [flags]
 
 ```
  porter install
- porter install --insecure
  porter install MyAppInDev --file myapp/bundle.json
  porter install --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter install --cred azure --cred kubernetes
@@ -42,7 +41,6 @@ porter install [INSTANCE] [flags]
  -f, --file string Path to the porter manifest file. Defaults to the bundle in the current directory.
  --force Force a fresh pull of the bundle and all dependencies
  -h, --help help for install
- --insecure Allow working with untrusted bundles (default true)
  --insecure-registry Don't require TLS for the registry
  --param strings Define an individual parameter in the form NAME=VALUE. Overrides parameters set with the same name using --param-file. May be specified multiple times.
  --param-file strings Path to a parameters definition file for the bundle, each line in the form of NAME=VALUE. May be specified multiple times.

diff --git a/docs/content/cli/publish.md b/docs/content/cli/publish.md
@@ -20,7 +20,6 @@ porter publish [flags]
 ```
  porter publish
  porter publish --file myapp/porter.yaml
- porter publish --insecure
  porter publish --archive /tmp/mybuns.tgz --tag myrepo/my-buns:0.1.0
  
 ```

diff --git a/docs/content/cli/uninstall.md b/docs/content/cli/uninstall.md
@@ -24,7 +24,6 @@ porter uninstall [INSTANCE] [flags]
 
 ```
  porter uninstall
- porter uninstall --insecure
  porter uninstall MyAppInDev --file myapp/bundle.json
  porter uninstall --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter uninstall --cred azure --cred kubernetes
@@ -43,7 +42,6 @@ porter uninstall [INSTANCE] [flags]
  -f, --file string Path to the porter manifest file. Defaults to the bundle in the current directory. Optional unless a newer version of the bundle should be used to uninstall the bundle.
  --force Force a fresh pull of the bundle and all dependencies
  -h, --help help for uninstall
- --insecure Allow working with untrusted bundles (default true)
  --insecure-registry Don't require TLS for the registry
  --param strings Define an individual parameter in the form NAME=VALUE. Overrides parameters set with the same name using --param-file. May be specified multiple times.
  --param-file strings Path to a parameters definition file for the bundle, each line in the form of NAME=VALUE. May be specified multiple times.

diff --git a/docs/content/cli/upgrade.md b/docs/content/cli/upgrade.md
@@ -24,7 +24,6 @@ porter upgrade [INSTANCE] [flags]
 
 ```
  porter upgrade
- porter upgrade --insecure
  porter upgrade MyAppInDev --file myapp/bundle.json
  porter upgrade --param-file base-values.txt --param-file dev-values.txt --param test-mode=true --param header-color=blue
  porter upgrade --cred azure --cred kubernetes
@@ -42,7 +41,6 @@ porter upgrade [INSTANCE] [flags]
  -f, --file string Path to the porter manifest file. Defaults to the bundle in the current directory.
  --force Force a fresh pull of the bundle and all dependencies
  -h, --help help for upgrade
- --insecure Allow working with untrusted bundles (default true)
  --insecure-registry Don't require TLS for the registry
  --param strings Define an individual parameter in the form NAME=VALUE. Overrides parameters set with the same name using --param-file. May be specified multiple times.
  --param-file strings Path to a parameters definition file for the bundle, each line in the form of NAME=VALUE. May be specified multiple times.

diff --git a/pkg/cnab/provider/action.go b/pkg/cnab/provider/action.go
@@ -23,9 +23,6 @@ type ActionArguments struct {
  // Target Path => File Contents
  Files map[string]string
 
- // Insecure bundle action allowed.
- Insecure bool
-
  // Params is the set of parameters to pass to the bundle.
  Params map[string]string
 

diff --git a/pkg/cnab/provider/bundle.go b/pkg/cnab/provider/bundle.go
@@ -6,30 +6,14 @@ import (
  "github.com/pkg/errors"
 )
 
-var ErrNotSigned = errors.New("bundle is not signed")
-
-func (d *Runtime) LoadBundle(bundleFile string, insecure bool) (*bundle.Bundle, error) {
- if !insecure {
- return nil, errors.New("secure bundles not implemented")
- }
-
+func (d *Runtime) LoadBundle(bundleFile string) (*bundle.Bundle, error) {
  l := loader.New()
 
  // Issue #439: Errors that come back from the loader can be
  // pretty opaque.
  bun, err := l.Load(bundleFile)
-
  if err != nil {
- if err.Error() == "no signature block in data" {
- return bun, ErrNotSigned
- }
- // Dear Go, Y U NO TERNARY, kthxbye
- secflag := "secure"
- if insecure {
- secflag = "insecure"
- }
- return bun, errors.Wrapf(err, "cannot load %s bundle", secflag)
+ return bun, errors.Wrapf(err, "cannot load bundle")
  }
-
  return bun, nil
 }
diff --git a/pkg/cnab/provider/install.go b/pkg/cnab/provider/install.go
@@ -17,7 +17,7 @@ func (d *Runtime) Install(args ActionArguments) error {
  return errors.Wrap(err, "invalid bundle instance name")
  }
 
- b, err := d.LoadBundle(args.BundlePath, args.Insecure)
+ b, err := d.LoadBundle(args.BundlePath)
  if err != nil {
  return err
  }

diff --git a/pkg/cnab/provider/invoke.go b/pkg/cnab/provider/invoke.go
@@ -46,7 +46,7 @@ func (d *Runtime) Invoke(action string, args ActionArguments) error {
  var bun *bundle.Bundle
  var err error
  if args.BundlePath != "" {
- bun, err = d.LoadBundle(args.BundlePath, args.Insecure)
+ bun, err = d.LoadBundle(args.BundlePath)
  if err != nil {
  return err
  }

diff --git a/pkg/cnab/provider/parameters_test.go b/pkg/cnab/provider/parameters_test.go
@@ -381,9 +381,8 @@ func Test_Paramapalooza(t *testing.T) {
  }
 
  args := ActionArguments{
- Claim: "test",
- Insecure: true,
- Driver: "debug",
+ Claim: "test",
+ Driver: "debug",
  }
  // If param is provided (via --param/--param-file)
  // it will be attached to args

diff --git a/pkg/cnab/provider/uninstall.go b/pkg/cnab/provider/uninstall.go
@@ -20,8 +20,7 @@ func (d *Runtime) Uninstall(args ActionArguments) error {
  }
 
  if args.BundlePath != "" {
- // TODO: if they installed an insecure bundle, do they really need to do --insecure again to uninstall it?
- c.Bundle, err = d.LoadBundle(args.BundlePath, args.Insecure)
+ c.Bundle, err = d.LoadBundle(args.BundlePath)
  if err != nil {
  return err
  }

diff --git a/pkg/cnab/provider/upgrade.go b/pkg/cnab/provider/upgrade.go
@@ -16,8 +16,7 @@ func (d *Runtime) Upgrade(args ActionArguments) error {
  }
 
  if args.BundlePath != "" {
- // TODO: if they installed an insecure bundle, do they really need to do --insecure again to upgrade it?
- c.Bundle, err = d.LoadBundle(args.BundlePath, args.Insecure)
+ c.Bundle, err = d.LoadBundle(args.BundlePath)
  if err != nil {
  return err
  }

diff --git a/pkg/porter/archive.go b/pkg/porter/archive.go
@@ -49,7 +49,7 @@ func (p *Porter) Archive(opts ArchiveOptions) error {
  return err
  }
 
- bun, err := p.CNAB.LoadBundle(opts.CNABFile, true)
+ bun, err := p.CNAB.LoadBundle(opts.CNABFile)
  if err != nil {
  return errors.Wrap(err, "couldn't open bundle for archiving")
  }

diff --git a/pkg/porter/cnab.go b/pkg/porter/cnab.go
@@ -18,7 +18,7 @@ import (
 
 // CNABProvider
 type CNABProvider interface {
- LoadBundle(bundleFile string, insecure bool) (*bundle.Bundle, error)
+ LoadBundle(bundleFile string) (*bundle.Bundle, error)
  Install(arguments cnabprovider.ActionArguments) error
  Upgrade(arguments cnabprovider.ActionArguments) error
  Invoke(action string, arguments cnabprovider.ActionArguments) error
@@ -59,9 +59,6 @@ type sharedOptions struct {
  // Name of the instance. Defaults to the name of the bundle.
  Name string
 
- // Insecure bundles allowed.
- Insecure bool
-
  // Params is the unparsed list of NAME=VALUE parameters set on the command line.
  Params []string
 
@@ -88,8 +85,6 @@ type sharedOptions struct {
 // For example, relative paths are converted to full paths and then checked that
 // they exist and are accessible.
 func (o *sharedOptions) Validate(args []string, cxt *context.Context) error {
- o.Insecure = true
-
  err := o.validateInstanceName(args)
  if err != nil {
  return err

diff --git a/pkg/porter/credentials.go b/pkg/porter/credentials.go
@@ -100,7 +100,7 @@ func (p *Porter) GenerateCredentials(opts CredentialOptions) error {
  if err != nil {
  return err
  }
- bundle, err := p.CNAB.LoadBundle(opts.CNABFile, opts.Insecure)
+ bundle, err := p.CNAB.LoadBundle(opts.CNABFile)
 
  if err != nil {
  return err

diff --git a/pkg/porter/dependencies.go b/pkg/porter/dependencies.go
@@ -124,12 +124,12 @@ func (e *dependencyExecutioner) identifyDependencies() error {
  return errors.Wrapf(err, "could not resolve bundle")
  }
 
- bun, err = e.CNAB.LoadBundle(bunPath, e.parentOpts.Insecure)
+ bun, err = e.CNAB.LoadBundle(bunPath)
  if err != nil {
  return errors.Wrap(err, "could not load bundle from cache")
  }
  } else {
- bun, _ = e.CNAB.LoadBundle(e.parentOpts.CNABFile, e.parentOpts.Insecure)
+ bun, _ = e.CNAB.LoadBundle(e.parentOpts.CNABFile)
  }
 
  solver := &extensions.DependencySolver{}
@@ -165,7 +165,7 @@ func (e *dependencyExecutioner) prepareDependency(dep *queuedDependency) error {
  }
 
  // Load and validate it
- depBun, err := e.CNAB.LoadBundle(dep.CNABFile, e.parentOpts.Insecure)
+ depBun, err := e.CNAB.LoadBundle(dep.CNABFile)
  if err != nil {
  return errors.Wrapf(err, "could not load bundle %s", dep.Alias)
  }
@@ -232,7 +232,6 @@ func (e *dependencyExecutioner) prepareDependency(dep *queuedDependency) error {
 
 func (e *dependencyExecutioner) executeDependency(dep *queuedDependency, parentArgs cnabprovider.ActionArguments, action manifest.Action) error {
  depArgs := cnabprovider.ActionArguments{
- Insecure: parentArgs.Insecure,
  BundlePath: dep.CNABFile,
  Claim: fmt.Sprintf("%s-%s", parentArgs.Claim, dep.Alias),
  Driver: parentArgs.Driver,

diff --git a/pkg/porter/explain.go b/pkg/porter/explain.go
@@ -146,7 +146,7 @@ func (p *Porter) Explain(o ExplainOpts) error {
  if err != nil {
  return err
  }
- bundle, err := p.CNAB.LoadBundle(o.CNABFile, o.Insecure)
+ bundle, err := p.CNAB.LoadBundle(o.CNABFile)
  // Print Bundle Details
 
  pb, err := generatePrintable(bundle)