From 95e703405628b898b90bf5f06077921c41173bd3 Mon Sep 17 00:00:00 2001
From: dbw7 <danial.bekhit@suse.com>
Date: Mon, 11 Mar 2024 22:46:49 -0400
Subject: [PATCH] add helm auth validation

---
 pkg/image/validation/kubernetes.go      | 12 ++++++
 pkg/image/validation/kubernetes_test.go | 52 +++++++++++++++++++++++++
 2 files changed, 64 insertions(+)

diff --git a/pkg/image/validation/kubernetes.go b/pkg/image/validation/kubernetes.go
index 43713dbb..993767aa 100644
--- a/pkg/image/validation/kubernetes.go
+++ b/pkg/image/validation/kubernetes.go
@@ -238,6 +238,18 @@ func validateRepo(repo *image.HelmRepository, seenHelmRepos map[string]bool) []F
 		})
 	}
 
+	if repo.Authentication.Username != "" && repo.Authentication.Password == "" {
+		failures = append(failures, FailedValidation{
+			UserMessage: fmt.Sprintf("Helm repository 'password' field not defined for %q.", repo.Name),
+		})
+	}
+
+	if repo.Authentication.Username == "" && repo.Authentication.Password != "" {
+		failures = append(failures, FailedValidation{
+			UserMessage: fmt.Sprintf("Helm repository 'username' field not defined for %q.", repo.Name),
+		})
+	}
+
 	return failures
 }
 
diff --git a/pkg/image/validation/kubernetes_test.go b/pkg/image/validation/kubernetes_test.go
index b9644324..282c9abc 100644
--- a/pkg/image/validation/kubernetes_test.go
+++ b/pkg/image/validation/kubernetes_test.go
@@ -692,6 +692,58 @@ func TestValidateHelmCharts(t *testing.T) {
 				"Helm repository 'url' field for \"apache-repo\" must begin with either 'oci://', 'http://', or 'https://'.",
 			},
 		},
+		`helm repository username no password`: {
+			K8s: image.Kubernetes{
+				Helm: image.Helm{
+					Charts: []image.HelmChart{
+						{
+							Name:           "apache",
+							RepositoryName: "apache-repo",
+							Version:        "10.7.0",
+						},
+					},
+					Repositories: []image.HelmRepository{
+						{
+							Name: "apache-repo",
+							URL:  "oci://registry-1.docker.io/bitnamicharts/apache",
+							Authentication: image.HelmAuthentication{
+								Username: "user",
+								Password: "",
+							},
+						},
+					},
+				},
+			},
+			ExpectedFailedMessages: []string{
+				"Helm repository 'password' field not defined for \"apache-repo\".",
+			},
+		},
+		`helm repository password no username`: {
+			K8s: image.Kubernetes{
+				Helm: image.Helm{
+					Charts: []image.HelmChart{
+						{
+							Name:           "apache",
+							RepositoryName: "apache-repo",
+							Version:        "10.7.0",
+						},
+					},
+					Repositories: []image.HelmRepository{
+						{
+							Name: "apache-repo",
+							URL:  "oci://registry-1.docker.io/bitnamicharts/apache",
+							Authentication: image.HelmAuthentication{
+								Username: "",
+								Password: "pass",
+							},
+						},
+					},
+				},
+			},
+			ExpectedFailedMessages: []string{
+				"Helm repository 'username' field not defined for \"apache-repo\".",
+			},
+		},
 	}
 
 	for name, test := range tests {