fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use auth sub package methods 

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This commit is contained in:
Sanskar Jaiswal 2023-10-11 17:39:04 +05:30
parent f511dc5d26
commit a3afeb301f
No known key found for this signature in database
GPG Key ID: 5982D0279C227FFD
3 changed files with 40 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
internal/controller/gitrepository_controller.go
View File

@ -47,6 +47,7 @@ import (
eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1"
"github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/apis/meta"
gitauth "github.com/fluxcd/pkg/auth/git"
"github.com/fluxcd/pkg/git" "github.com/fluxcd/pkg/git"
"github.com/fluxcd/pkg/git/gogit" "github.com/fluxcd/pkg/git/gogit"
"github.com/fluxcd/pkg/git/repository" "github.com/fluxcd/pkg/git/repository"
@ -637,29 +638,29 @@ func (r *GitRepositoryReconciler) getProxyOpts(ctx context.Context, proxySecretN
func (r *GitRepositoryReconciler) getAuthOpts(ctx context.Context, obj *sourcev1.GitRepository, u url.URL, func (r *GitRepositoryReconciler) getAuthOpts(ctx context.Context, obj *sourcev1.GitRepository, u url.URL,
proxyOpts *transport.ProxyOptions) (*git.AuthOptions, error) { proxyOpts *transport.ProxyOptions) (*git.AuthOptions, error) {
var authSecret *corev1.Secret var authSecret *corev1.Secret
var err error
// Fetch the secret, if specified
if obj.Spec.SecretRef != nil { if obj.Spec.SecretRef != nil {
var err error
authSecret, err = r.getSecretData(ctx, obj.Spec.SecretRef.Name, obj.GetNamespace()) authSecret, err = r.getSecretData(ctx, obj.Spec.SecretRef.Name, obj.GetNamespace())
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to get secret '%s/%s': %w", obj.GetNamespace(), obj.Spec.SecretRef.Name, err) return nil, fmt.Errorf("failed to get secret '%s/%s': %w", obj.GetNamespace(), obj.Spec.SecretRef.Name, err)
} }
} }
if obj.Spec.Provider != "" {
authOpts, err := r.getAuthOptsForProvider(ctx, u, obj, authSecret, proxyOpts)
if err != nil {
return nil, err
}
if authOpts != nil {
return authOpts, nil
}
}
// Configure authentication strategy to access the source
var data map[string][]byte var data map[string][]byte
if authSecret != nil { if authSecret != nil {
data = authSecret.Data data = authSecret.Data
} }
// If a auth provider is specified, then get the auth data from the provider.
if obj.Spec.Provider != "" {
data, err = r.getAuthDataFromProvider(ctx, obj, authSecret, proxyOpts)
if err != nil {
return nil, err
}
}
authOpts, err := git.NewAuthOptions(u, data) authOpts, err := git.NewAuthOptions(u, data)
if err != nil { if err != nil {
return nil, err return nil, err
@ -667,14 +668,14 @@ func (r *GitRepositoryReconciler) getAuthOpts(ctx context.Context, obj *sourcev1
return authOpts, nil return authOpts, nil
} }
func (r *GitRepositoryReconciler) getAuthOptsForProvider(ctx context.Context, u url.URL, obj *sourcev1.GitRepository, func (r *GitRepositoryReconciler) getAuthDataFromProvider(ctx context.Context, obj *sourcev1.GitRepository,
authSecret *corev1.Secret, proxyOpts *transport.ProxyOptions) (*git.AuthOptions, error) { authSecret *corev1.Secret, proxyOpts *transport.ProxyOptions) (map[string][]byte, error) {
authenticator := &auth.Authenticator{} var providerOpts *auth.ProviderOptions
if obj.Spec.Provider == auth.GitHubProvider { if obj.Spec.Provider == auth.GitHubProvider {
if authSecret == nil { if authSecret == nil {
return nil, fmt.Errorf("secret ref is required for %s", obj.Spec.Provider) return nil, fmt.Errorf("secret ref is required for %s", obj.Spec.Provider)
} }
authenticator.GitHubOpts = []github.ProviderOptFunc{github.WithSecret(*authSecret)}
if proxyOpts != nil { if proxyOpts != nil {
tr := http.DefaultTransport.(*http.Transport).Clone() tr := http.DefaultTransport.(*http.Transport).Clone()
proxyUrl, err := proxyOpts.FullURL() proxyUrl, err := proxyOpts.FullURL()
@ -682,10 +683,21 @@ func (r *GitRepositoryReconciler) getAuthOptsForProvider(ctx context.Context, u
return nil, err return nil, err
} }
tr.Proxy = http.ProxyURL(proxyUrl) tr.Proxy = http.ProxyURL(proxyUrl)
authenticator.GitHubOpts = append(authenticator.GitHubOpts, github.WithTransport(tr)) providerOpts = &auth.ProviderOptions{
GitHubOpts: []github.ProviderOptFunc{github.WithTransport(tr)},
}
} }
} }
return authenticator.GetGitAuthOptions(ctx, u, obj.Spec.Provider, string(obj.UID)) authOpts := &auth.AuthOptions{
CacheKey: string(obj.UID),
Secret: authSecret,
}
creds, err := gitauth.GetCredentials(ctx, obj.Spec.Provider, authOpts, providerOpts)
if err != nil {
return nil, err
}
return creds.ToSecretData(), nil
} }
func (r *GitRepositoryReconciler) getSecretData(ctx context.Context, name, namespace string) (*corev1.Secret, error) { func (r *GitRepositoryReconciler) getSecretData(ctx context.Context, name, namespace string) (*corev1.Secret, error) {

7
internal/controller/ocirepository_controller.go
View File

@ -54,6 +54,7 @@ import (
eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1"
"github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/apis/meta"
authpkg "github.com/fluxcd/pkg/auth" authpkg "github.com/fluxcd/pkg/auth"
"github.com/fluxcd/pkg/auth/registry"
"github.com/fluxcd/pkg/oci" "github.com/fluxcd/pkg/oci"
"github.com/fluxcd/pkg/runtime/conditions" "github.com/fluxcd/pkg/runtime/conditions"
helper "github.com/fluxcd/pkg/runtime/controller" helper "github.com/fluxcd/pkg/runtime/controller"
@ -348,8 +349,10 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, sp *patch
} }
if _, ok := keychain.(soci.Anonymous); obj.Spec.Provider != ociv1.GenericOCIProvider && ok { if _, ok := keychain.(soci.Anonymous); obj.Spec.Provider != ociv1.GenericOCIProvider && ok {
authenticator := authpkg.Authenticator{} authOpts := &authpkg.AuthOptions{
auth, err = authenticator.GetRegistryAuthenticator(ctxTimeout, obj.Spec.URL, obj.Spec.Provider, string(obj.UID)) CacheKey: string(obj.UID),
}
auth, err = registry.GetAuthenticator(ctxTimeout, obj.Spec.URL, obj.Spec.Provider, authOpts, nil)
if err != nil { if err != nil {
e := serror.NewGeneric( e := serror.NewGeneric(
fmt.Errorf("failed to get credential from %s: %w", obj.Spec.Provider, err), fmt.Errorf("failed to get credential from %s: %w", obj.Spec.Provider, err),

8
internal/helm/getter/client_opts.go
View File

@ -25,6 +25,7 @@ import (
"path" "path"
"github.com/fluxcd/pkg/auth" "github.com/fluxcd/pkg/auth"
regauth "github.com/fluxcd/pkg/auth/registry"
"github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/authn"
helmgetter "helm.sh/helm/v3/pkg/getter" helmgetter "helm.sh/helm/v3/pkg/getter"
helmreg "helm.sh/helm/v3/pkg/registry" helmreg "helm.sh/helm/v3/pkg/registry"
@ -134,12 +135,13 @@ func GetClientOpts(ctx context.Context, c client.Client, obj *helmv1.HelmReposit
} }
} }
} else if obj.Spec.Provider != helmv1.GenericOCIProvider && obj.Spec.Type == helmv1.HelmRepositoryTypeOCI && ociRepo { } else if obj.Spec.Provider != helmv1.GenericOCIProvider && obj.Spec.Type == helmv1.HelmRepositoryTypeOCI && ociRepo {
authenticator := auth.Authenticator{} authOpts := &auth.AuthOptions{
regAuthenticator, err := authenticator.GetRegistryAuthenticator(ctx, obj.Spec.URL, obj.Spec.Provider, string(obj.UID)) CacheKey: string(obj.UID),
}
hrOpts.Authenticator, err = regauth.GetAuthenticator(ctx, obj.Spec.URL, obj.Spec.Provider, authOpts, nil)
if err != nil { if err != nil {
return nil, "", fmt.Errorf("failed to get credential from '%s': %w", obj.Spec.Provider, err) return nil, "", fmt.Errorf("failed to get credential from '%s': %w", obj.Spec.Provider, err)
} }
hrOpts.Authenticator = regAuthenticator
} }
if ociRepo { if ociRepo {