From df69198ceffa808d1b4b7ed8fcf691f89537dbf8 Mon Sep 17 00:00:00 2001
From: Manuel Rueda <Manuel.Rueda@thomsonreuters.com>
Date: Thu, 25 Sep 2025 09:45:47 -0400
Subject: [PATCH] allows authentication of OCI charts

---
 api/core/v1alpha6/types.go |  4 ++--
 internal/helm/helm.go      | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/api/core/v1alpha6/types.go b/api/core/v1alpha6/types.go
index df29c597..3dacd9f6 100644
--- a/api/core/v1alpha6/types.go
+++ b/api/core/v1alpha6/types.go
@@ -274,8 +274,8 @@ type Chart struct {
 // repository.  Holos gets the username and password from the environment
 // variables represented by the Auth field.
 type Repository struct {
-	Name string `json:"name" yaml:"name"`
-	URL  string `json:"url" yaml:"url"`
+	Name string `json:"name,omitempty" yaml:"name,omitempty"`
+	URL  string `json:"url,omitempty" yaml:"url,omitempty"`
 	Auth Auth   `json:"auth,omitempty" yaml:"auth,omitempty"`
 }
 
diff --git a/internal/helm/helm.go b/internal/helm/helm.go
index 20da9927..a612a8b6 100644
--- a/internal/helm/helm.go
+++ b/internal/helm/helm.go
@@ -3,11 +3,13 @@ package helm
 import (
 	"context"
 	"fmt"
+	"net/url"
 
 	"github.com/holos-run/holos/internal/errors"
 	"github.com/holos-run/holos/internal/logger"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/registry"
 )
 
 // PullChart downloads and caches a Helm chart locally. It handles both OCI and
@@ -32,6 +34,20 @@ func PullChart(ctx context.Context, settings *cli.EnvSettings, chartRef, chartVe
 	}
 	actionConfig.RegistryClient = registryClient
 
+	chartRefURL, err := url.Parse(chartRef)
+	if err != nil {
+		return errors.Format("Failed to parse the Chart: %w", err)
+	}
+
+	// If the chart been pulled is an OCI chart, the repo authentication has to be done ahead of the pull.
+	if chartRefURL.Scheme == "oci" && username != "" && password != "" {
+		loginOption := registry.LoginOptBasicAuth(username, password)
+		err = registryClient.Login(chartRefURL.Host, loginOption)
+		if err != nil {
+			return errors.Format("failed to login to registry: %w", err)
+		}
+	}
+
 	pullClient := action.NewPullWithOpts(action.WithConfig(actionConfig))
 	pullClient.Untar = true
 	pullClient.RepoURL = repoURL