From a3afeb301fa6e9638e5a3ddf04d29570139aac0d Mon Sep 17 00:00:00 2001 From: Sanskar Jaiswal Date: Wed, 11 Oct 2023 17:39:04 +0530 Subject: [PATCH] use auth sub package methods Signed-off-by: Sanskar Jaiswal --- .../controller/gitrepository_controller.go | 48 ++++++++++++------- .../controller/ocirepository_controller.go | 7 ++- internal/helm/getter/client_opts.go | 8 ++-- 3 files changed, 40 insertions(+), 23 deletions(-) diff --git a/internal/controller/gitrepository_controller.go b/internal/controller/gitrepository_controller.go index 22349e89..f31367e1 100644 --- a/internal/controller/gitrepository_controller.go +++ b/internal/controller/gitrepository_controller.go @@ -47,6 +47,7 @@ import ( eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" + gitauth "github.com/fluxcd/pkg/auth/git" "github.com/fluxcd/pkg/git" "github.com/fluxcd/pkg/git/gogit" "github.com/fluxcd/pkg/git/repository" @@ -637,29 +638,29 @@ func (r *GitRepositoryReconciler) getProxyOpts(ctx context.Context, proxySecretN func (r *GitRepositoryReconciler) getAuthOpts(ctx context.Context, obj *sourcev1.GitRepository, u url.URL, proxyOpts *transport.ProxyOptions) (*git.AuthOptions, error) { var authSecret *corev1.Secret + var err error + + // Fetch the secret, if specified if obj.Spec.SecretRef != nil { - var err error authSecret, err = r.getSecretData(ctx, obj.Spec.SecretRef.Name, obj.GetNamespace()) if err != nil { return nil, fmt.Errorf("failed to get secret '%s/%s': %w", obj.GetNamespace(), obj.Spec.SecretRef.Name, err) } } - if obj.Spec.Provider != "" { - authOpts, err := r.getAuthOptsForProvider(ctx, u, obj, authSecret, proxyOpts) - if err != nil { - return nil, err - } - if authOpts != nil { - return authOpts, nil - } - } - - // Configure authentication strategy to access the source var data map[string][]byte if authSecret != nil { data = authSecret.Data } + + // If a auth provider is specified, then get the auth data from the provider. + if obj.Spec.Provider != "" { + data, err = r.getAuthDataFromProvider(ctx, obj, authSecret, proxyOpts) + if err != nil { + return nil, err + } + } + authOpts, err := git.NewAuthOptions(u, data) if err != nil { return nil, err @@ -667,14 +668,14 @@ func (r *GitRepositoryReconciler) getAuthOpts(ctx context.Context, obj *sourcev1 return authOpts, nil } -func (r *GitRepositoryReconciler) getAuthOptsForProvider(ctx context.Context, u url.URL, obj *sourcev1.GitRepository, - authSecret *corev1.Secret, proxyOpts *transport.ProxyOptions) (*git.AuthOptions, error) { - authenticator := &auth.Authenticator{} +func (r *GitRepositoryReconciler) getAuthDataFromProvider(ctx context.Context, obj *sourcev1.GitRepository, + authSecret *corev1.Secret, proxyOpts *transport.ProxyOptions) (map[string][]byte, error) { + var providerOpts *auth.ProviderOptions + if obj.Spec.Provider == auth.GitHubProvider { if authSecret == nil { return nil, fmt.Errorf("secret ref is required for %s", obj.Spec.Provider) } - authenticator.GitHubOpts = []github.ProviderOptFunc{github.WithSecret(*authSecret)} if proxyOpts != nil { tr := http.DefaultTransport.(*http.Transport).Clone() proxyUrl, err := proxyOpts.FullURL() @@ -682,10 +683,21 @@ func (r *GitRepositoryReconciler) getAuthOptsForProvider(ctx context.Context, u return nil, err } tr.Proxy = http.ProxyURL(proxyUrl) - authenticator.GitHubOpts = append(authenticator.GitHubOpts, github.WithTransport(tr)) + providerOpts = &auth.ProviderOptions{ + GitHubOpts: []github.ProviderOptFunc{github.WithTransport(tr)}, + } } } - return authenticator.GetGitAuthOptions(ctx, u, obj.Spec.Provider, string(obj.UID)) + authOpts := &auth.AuthOptions{ + CacheKey: string(obj.UID), + Secret: authSecret, + } + + creds, err := gitauth.GetCredentials(ctx, obj.Spec.Provider, authOpts, providerOpts) + if err != nil { + return nil, err + } + return creds.ToSecretData(), nil } func (r *GitRepositoryReconciler) getSecretData(ctx context.Context, name, namespace string) (*corev1.Secret, error) { diff --git a/internal/controller/ocirepository_controller.go b/internal/controller/ocirepository_controller.go index bed856d3..c36cef4b 100644 --- a/internal/controller/ocirepository_controller.go +++ b/internal/controller/ocirepository_controller.go @@ -54,6 +54,7 @@ import ( eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" authpkg "github.com/fluxcd/pkg/auth" + "github.com/fluxcd/pkg/auth/registry" "github.com/fluxcd/pkg/oci" "github.com/fluxcd/pkg/runtime/conditions" helper "github.com/fluxcd/pkg/runtime/controller" @@ -348,8 +349,10 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, sp *patch } if _, ok := keychain.(soci.Anonymous); obj.Spec.Provider != ociv1.GenericOCIProvider && ok { - authenticator := authpkg.Authenticator{} - auth, err = authenticator.GetRegistryAuthenticator(ctxTimeout, obj.Spec.URL, obj.Spec.Provider, string(obj.UID)) + authOpts := &authpkg.AuthOptions{ + CacheKey: string(obj.UID), + } + auth, err = registry.GetAuthenticator(ctxTimeout, obj.Spec.URL, obj.Spec.Provider, authOpts, nil) if err != nil { e := serror.NewGeneric( fmt.Errorf("failed to get credential from %s: %w", obj.Spec.Provider, err), diff --git a/internal/helm/getter/client_opts.go b/internal/helm/getter/client_opts.go index 159ee03c..c0d376d8 100644 --- a/internal/helm/getter/client_opts.go +++ b/internal/helm/getter/client_opts.go @@ -25,6 +25,7 @@ import ( "path" "github.com/fluxcd/pkg/auth" + regauth "github.com/fluxcd/pkg/auth/registry" "github.com/google/go-containerregistry/pkg/authn" helmgetter "helm.sh/helm/v3/pkg/getter" helmreg "helm.sh/helm/v3/pkg/registry" @@ -134,12 +135,13 @@ func GetClientOpts(ctx context.Context, c client.Client, obj *helmv1.HelmReposit } } } else if obj.Spec.Provider != helmv1.GenericOCIProvider && obj.Spec.Type == helmv1.HelmRepositoryTypeOCI && ociRepo { - authenticator := auth.Authenticator{} - regAuthenticator, err := authenticator.GetRegistryAuthenticator(ctx, obj.Spec.URL, obj.Spec.Provider, string(obj.UID)) + authOpts := &auth.AuthOptions{ + CacheKey: string(obj.UID), + } + hrOpts.Authenticator, err = regauth.GetAuthenticator(ctx, obj.Spec.URL, obj.Spec.Provider, authOpts, nil) if err != nil { return nil, "", fmt.Errorf("failed to get credential from '%s': %w", obj.Spec.Provider, err) } - hrOpts.Authenticator = regAuthenticator } if ociRepo {