hashicorp · sureshpalemoni · Feb 7, 2025
@@ -98,6 +98,7 @@ type HelmTemplateModel struct {
 	Version                  types.String     `tfsdk:"version"`
 	Verify                   types.Bool       `tfsdk:"verify"`
 	Wait                     types.Bool       `tfsdk:"wait"`
+	Insecure                 types.Bool       `tfsdk:"insecure"`
 }
 
 // SetValue represents the custom value to be merged with the Helm chart values
@@ -380,6 +381,10 @@ func (d *HelmTemplate) Schema(ctx context.Context, req datasource.SchemaRequest,
 				Optional:    true,
 				Description: "Will wait until all resources are in a ready state before marking the release as successful.",
 			},
+			"insecure": schema.BoolAttribute{
+				Optional:    true,
+				Description: "If set to true, the helm client will not verify the SSL certificate of the chart repository.",
+			},
 		},
 	}
 }
@@ -467,6 +472,9 @@ func (d *HelmTemplate) Read(ctx context.Context, req datasource.ReadRequest, res
 		}
 		state.Namespace = types.StringValue(defaultNamespace)
 	}
+	if state.Insecure.IsNull() || state.Insecure.IsUnknown() {
+		state.Insecure = types.BoolValue(false)
+	}
 
 	meta := d.meta
 
@@ -570,6 +578,7 @@ func (d *HelmTemplate) Read(ctx context.Context, req datasource.ReadRequest, res
 	client.Devel = state.Devel.ValueBool()
 	client.Description = state.Description.ValueString()
 	client.CreateNamespace = state.CreateNamespace.ValueBool()
+	client.InsecureSkipTLSverify = state.Insecure.ValueBool()
 
 	if state.KubeVersion.ValueString() != "" {
 		parsedVer, err := chartutil.ParseKubeVersion(state.KubeVersion.ValueString())
@@ -851,6 +860,7 @@ func chartPathOptionsModel(model *HelmTemplateModel, meta *Meta, cpo *action.Cha
 	cpo.Username = model.RepositoryUsername.ValueString()
 	cpo.Password = model.RepositoryPassword.ValueString()
 	cpo.PassCredentialsAll = model.PassCredentials.ValueBool()
+	cpo.InsecureSkipTLSverify = model.Insecure.ValueBool()
 
 	return cpo, chartName, diags
 }

@@ -235,6 +235,21 @@ func TestAccDataTemplate_kubeVersion(t *testing.T) {
 	})
 }
 
+func TestAccDataTemplate_insecure(t *testing.T) {
+	name := randName("insecure")
+	namespace := randName(testNamespacePrefix)
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: protoV6ProviderFactories(),
+		Steps: []resource.TestStep{{
+			Config: testAccDataHelmTemplateInsecure(testResourceName, namespace, name, "1.2.3"),
+			Check: resource.ComposeAggregateTestCheckFunc(
+				resource.TestCheckResourceAttr(fmt.Sprintf("data.helm_template.%s", testResourceName), "insecure", "true"),
+			),
+		}},
+	})
+}
+
 func testAccDataHelmTemplateConfigBasic(resource, ns, name, version string) string {
 	return fmt.Sprintf(`
 		data "helm_template" "%s" {
@@ -330,3 +345,16 @@ func testAccDataHelmTemplateCRDs(resource, ns, name, version string) string {
 		}
 	`, resource, name, ns, testRepositoryURL, version)
 }
+
+func testAccDataHelmTemplateInsecure(resource, ns, name, version string) string {
+	return fmt.Sprintf(`
+		data "helm_template" "%s" {
+			name        = %q
+			namespace   = %q
+			repository  = %q
+			chart       = "test-chart"
+			version     = %q
+			insecure    = true
+		}
+	`, resource, name, ns, testRepositoryURL, version)
+}
@@ -102,6 +102,7 @@ type HelmReleaseModel struct {
 	Version                  types.String     `tfsdk:"version"`
 	Wait                     types.Bool       `tfsdk:"wait"`
 	WaitForJobs              types.Bool       `tfsdk:"wait_for_jobs"`
+	Insecure                 types.Bool       `tfsdk:"insecure"`
 }
 
 var defaultAttributes = map[string]interface{}{
@@ -126,6 +127,7 @@ var defaultAttributes = map[string]interface{}{
 	"verify":                     false,
 	"wait":                       true,
 	"wait_for_jobs":              false,
+	"insecure":                   false,
 }
 
 type releaseMetaData struct {
@@ -509,6 +511,12 @@ func (r *HelmRelease) Schema(ctx context.Context, req resource.SchemaRequest, re
 				Default:     booldefault.StaticBool(defaultAttributes["wait_for_jobs"].(bool)),
 				Description: "If wait is enabled, will wait until all Jobs have been completed before marking the release as successful.",
 			},
+			"insecure": schema.BoolAttribute{
+				Optional:    true,
+				Computed:    true,
+				Default:     booldefault.StaticBool(defaultAttributes["insecure"].(bool)),
+				Description: "If set to true, the helm client will not verify the SSL certificate of the chart repository.",
+			},
 			"set": schema.ListNestedAttribute{
 				Description: "Custom values to be merged with the values",
 				Optional:    true,
@@ -723,6 +731,7 @@ func (r *HelmRelease) Create(ctx context.Context, req resource.CreateRequest, re
 	client.Replace = state.Replace.ValueBool()
 	client.Description = state.Description.ValueString()
 	client.CreateNamespace = state.CreateNamespace.ValueBool()
+	client.InsecureSkipTLSverify = state.Insecure.ValueBool()
 
 	if state.PostRender != nil {
 		binaryPath := state.PostRender.BinaryPath.ValueString()
@@ -925,6 +934,7 @@ func (r *HelmRelease) Update(ctx context.Context, req resource.UpdateRequest, re
 	client.MaxHistory = int(plan.MaxHistory.ValueInt64())
 	client.CleanupOnFail = plan.CleanupOnFail.ValueBool()
 	client.Description = plan.Description.ValueString()
+	client.InsecureSkipTLSverify = plan.Insecure.ValueBool()
 
 	if plan.PostRender != nil {
 		binaryPath := plan.PostRender.BinaryPath.ValueString()
@@ -1083,7 +1093,7 @@ func chartPathOptions(model *HelmReleaseModel, meta *Meta, cpo *action.ChartPath
 	cpo.Username = model.RepositoryUsername.ValueString()
 	cpo.Password = model.RepositoryPassword.ValueString()
 	cpo.PassCredentialsAll = model.PassCredentials.ValueBool()
-
+	cpo.InsecureSkipTLSverify = model.Insecure.ValueBool()
 	return cpo, chartName, diags
 }
 
@@ -1719,6 +1729,7 @@ func (r *HelmRelease) ModifyPlan(ctx context.Context, req resource.ModifyPlanReq
 			install.Description = plan.Description.ValueString()
 			install.CreateNamespace = plan.CreateNamespace.ValueBool()
 			install.PostRenderer = client.PostRenderer
+			install.InsecureSkipTLSverify = plan.Insecure.ValueBool()
 
 			values, diags := getValues(ctx, &plan)
 			resp.Diagnostics.Append(diags...)
@@ -1797,7 +1808,7 @@ func (r *HelmRelease) ModifyPlan(ctx context.Context, req resource.ModifyPlanReq
 		upgrade.CleanupOnFail = plan.CleanupOnFail.ValueBool()
 		upgrade.Description = plan.Description.ValueString()
 		upgrade.PostRenderer = client.PostRenderer
-
+		upgrade.InsecureSkipTLSverify = plan.Insecure.ValueBool()
 		values, diags := getValues(ctx, &plan)
 		resp.Diagnostics.Append(diags...)
 		if resp.Diagnostics.HasError() {

@@ -2181,3 +2181,35 @@ func testAccHelmReleaseRecomputeMetadataSet(resource, ns, name string) string {
 		}
 `, resource, name, ns, resource)
 }
+
+func TestAccResourceRelease_insecure(t *testing.T) {
+	name := randName("insecure")
+	namespace := createRandomNamespace(t)
+	defer deleteNamespace(t, namespace)
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: protoV6ProviderFactories(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccHelmReleaseConfigInsecure(testResourceName, namespace, name, "1.2.3"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("helm_release.test", "insecure", "true"),
+					resource.TestCheckResourceAttr("helm_release.test", "status", release.StatusDeployed.String()),
+				),
+			},
+		},
+	})
+}
+
+func testAccHelmReleaseConfigInsecure(resource, ns, name, version string) string {
+	return fmt.Sprintf(`
+        resource "helm_release" "%s" {
+            name        = %q
+            namespace   = %q
+            repository  = %q
+            chart       = "test-chart"
+            version     = %q
+            insecure    = true
+        }
+    `, resource, name, ns, testRepositoryURL, version)
+}