this commit ensures that if ca.crt or caFile is available in the github app secret, a tls config with user provided certs is appended to system cert pool and passed to the underlying http transport
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): update target URL for TLSConfigFromSecret
this commit ensures that the target URL for runtime/secrets.TLSConfigFromSecret has the scheme and host
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): adds test scenarios
this commit adds test scenarios for mTLS GitHub app in reconcile source auth strategy
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): use runtime/secrets authMethods
this commit ensures that GitHubApp secret resolution happens via pkg/runtime/secrets
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): update docs
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): adds github app data check
this commit ensures that when provider is github and no github app data is present in the secret, it will error out with invalid configuration
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): removes getProxyOpts helper func
this commit removes the helper method getProxyOpts and uses the standardized pkg/runtime/secrets APIs to get proxy options.
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): removes getProxyOpts test
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): improves test coverage
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): do not stall on missing github app data
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
(chore): adds a note on mTLS configuration in docs
This commit mentions in the docs that if tls.crt and tls.key is part of the secret then mutual TLS configuration will be automatically enabled and should be used optionally.
Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com>
Update HelmRepository, OCIRepository, and Bucket documentation to use
"Mutual TLS Authentication" section titles instead of "Cert secret
reference". This improves discoverability of mTLS capabilities and
follows GitRepository's established pattern.
The previous generic titles obscured mutual TLS functionality, causing
users to miss this important security feature. Updated descriptions
explicitly mention mutual TLS authentication while maintaining all
existing YAML examples and technical accuracy.
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
- Add `.spec.sparseCheckout` and `.status.observedSparseCheckout` fields to `GitRepository`.
- Add controller support to send the sparse checkout directories to go-git via pkg methods.
- Use `.status/observedSparseCheckout` to detect drift in configuration.
- Trim leading "./" in directory paths.
- Validate spec configuration by checking directories specified in spec exist in the cloned repository after successful checkout
- Add tests for testing the observed sparse checkout behavior.
- Add docs describing the new fields.
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
- API change to add new `github` provider field in `GitRepository` spec.
- Controller change to use the GitHub authentication information specified in `.spec.secretRef` to create the auth options to authenticate to git repositories when the `provider` field is set to `github`,
- Tests for new `github` provider field
- Updated docs to use GitHub Apps for authentication in source-controller.
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
- Add a new provider field to GitRepository API spec which can be set to azure to enable passwordless authentication to Azure DevOps repositories.
- API docs for new provider field and guidance to setup Azure environment with workload identity.
- Controller changes to set the provider options in git authoptions to fetch credential while cloning the repository.
- Add unit tests for testing provider
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
Check the auth secret for the `ca.crt` key for CA certificate data.
`ca.crt` takes precdence over `caFile`.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add `.spec.proxySecretRef.name` to the `GitRepository` API to allow
referencing a secret containing the proxy settings to be used for all
remote Git operations for the particular `GitRepository` object.
It takes precedence over any proxy configured through enviornment
variables.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Remove the `OptimizedGitClones` feature gate, making optimized Git
clones when using a branch or tag to checkout, the default behavior.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Clarify that some popular Git servers require the bearer token to be
provided as basic auth credentials instead of in the Authorization
header.
Signed-off-by: Andy Hall <andy@ajhall.us>
- Use `kubectl events` in favor of `kubectl get events`.
- Remove deleted `URL` field from `Status` examples of `GitRepository`
v1.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Dipti Pai
cappyzawa
abhijith-darshan
Matheus Pimenta
Stefan Prodan
sneakernuts
Sanskar Jaiswal
Hidde Beydals
Andy Hall