Rename to GIT_ASKPASS_URL and also update related examples.

cmd/git-sync/main.go

@@ -98,8 +98,8 @@ var flSSHKnownHostsFile = flag.String("ssh-known-hosts-file", envString("GIT_SSH
 var flCookieFile = flag.Bool("cookie-file", envBool("GIT_COOKIE_FILE", false),
 	"use git cookiefile")
 
-var flAuthURL = flag.String("auth-url", envString("GIT_SYNC_AUTH_URL", ""),
+var flAskPassURL = flag.String("askpass-url", envString("GIT_ASKPASS_URL", ""),
-	"the URL for git auth callback")
+	"the URL for GIT_ASKPASS callback")
 
 var flGitCmd = flag.String("git", envString("GIT_SYNC_GIT", "git"),
 	"the git command to run (subject to PATH search, mostly for testing)")
@@ -236,7 +236,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	if (*flUsername != "" || *flPassword != "" || *flCookieFile || *flAuthURL != "") && *flSSH {
+	if (*flUsername != "" || *flPassword != "" || *flCookieFile || *flAskPassURL != "") && *flSSH {
 		fmt.Fprintf(os.Stderr, "ERROR: --ssh is set but --username, --password, --auth-url, or --cookie-file were provided\n")
 		os.Exit(1)
 	}
@@ -266,9 +266,9 @@ func main() {
 		}
 	}
 
-	if *flAuthURL != "" {
+	if *flAskPassURL != "" {
-		if err := setupGitAuthURL(ctx); err != nil {
+		if err := setupGitAskPassURL(ctx); err != nil {
-			fmt.Fprintf(os.Stderr, "ERROR: can't set auth callback url: %v\n", err)
+			fmt.Fprintf(os.Stderr, "ERROR: failed to call ASKPASS callback URL: %v\n", err)
 			os.Exit(1)
 		}
 	}
@@ -325,7 +325,7 @@ func main() {
 	for {
 		start := time.Now()
 		ctx, cancel := context.WithTimeout(context.Background(), time.Second*time.Duration(*flSyncTimeout))
-		if changed, hash, err := syncRepo(ctx, *flRepo, *flBranch, *flRev, *flDepth, *flRoot, *flDest, *flAuthURL); err != nil {
+		if changed, hash, err := syncRepo(ctx, *flRepo, *flBranch, *flRev, *flDepth, *flRoot, *flDest, *flAskPassURL); err != nil {
 			syncDuration.WithLabelValues("error").Observe(time.Since(start).Seconds())
 			syncCount.WithLabelValues("error").Inc()
 			if *flMaxSyncFailures != -1 && failCount >= *flMaxSyncFailures {
@@ -585,8 +585,8 @@ func syncRepo(ctx context.Context, repo, branch, rev string, depth int, gitRoot,
 	if authUrl != "" {
 		// For Auth Callback URL, the credentials behind is dynamic, it needs to be
 		// re-fetched each time.
-		if err := setupGitAuthURL(ctx); err != nil {
+		if err := setupGitAskPassURL(ctx); err != nil {
-			return false, "", fmt.Errorf("can't set auth callback url: %v", err)
+			return false, "", fmt.Errorf("failed to call GIT_ASKPASS_URL: %v", err)
 		}
 	}
 
@@ -775,11 +775,12 @@ func setupGitCookieFile(ctx context.Context) error {
 	return nil
 }
 
-// The expected output of the auth URL are:
+// The expected ASKPASS callback output are below,
+// see https://git-scm.com/docs/gitcredentials for more examples:
 // username=xxx@example.com
 // password=ya29.xxxyyyzzz
-func setupGitAuthURL(ctx context.Context) error {
+func setupGitAskPassURL(ctx context.Context) error {
-	log.V(1).Info("configuring auth callback URL")
+	log.V(1).Info("configuring GIT_ASKPASS_URL")
 
 	var netClient = &http.Client{
 		Timeout: time.Second * 1,
@@ -787,7 +788,7 @@ func setupGitAuthURL(ctx context.Context) error {
 			return http.ErrUseLastResponse
 		},
 	}
-	httpReq, err := http.NewRequestWithContext(ctx, "GET", *flAuthURL, nil)
+	httpReq, err := http.NewRequestWithContext(ctx, "GET", *flAskPassURL, nil)
 	if err != nil {
 		return fmt.Errorf("error create auth request: %v", err)
 	}

docs/auth-url.md

@@ -1,26 +1,28 @@
 # Using an Http Auth URL with git-sync
 
-# Step 1: Create Auth Service
+## Step 1: Create a GIT_ASKPASS HTTP Service
 
-First, create a http service which can provide the username and password for the
+The GIT ASKPASS Service expose via HTTP and provide the answer to GIT_ASKPASS.
-git repo.
 
-Example of the auth url output:
+Example of the servcie's output, see more at https://git-scm.com/docs/gitcredentials
 
-```
+```json
 username=xxx@example.com
-password=ya29.xxxxyyyyzzzz
+password=ya29.mysecret
 ```
 
-# Step 2: Configure git-sync container
+## Step 2: Configure git-sync container
 
-In your git-sync container configuration, specify the auth url.
+In your git-sync container configuration, specify the GIT_ASKPASS_URL
 
 The credentials will pass in plain text, make sure the connection between git-sync
-and auth server are secure. The recommended way is the auth server running within
+and GIT ASKPASS Service are secure.
-the same pod as git-sync.
 
-```
+The recommended way is the ASKPASS Service running within the same pod as git-sync.
+
+See https://github.com/cydu-cloud/git-askpass-gce-node as a full example which use GCE Node Service Account credential to access Google Cloud Source Repo.
+
+```json
 {
     name: "git-sync",
     ...
@@ -29,8 +31,8 @@ the same pod as git-sync.
             name: "GIT_SYNC_REPO",
             value: "https://source.developers.google.com/p/[GCP PROJECT ID]/r/[REPO NAME]"
         }, {
-            name: "GIT_SYNC_AUTH_URL",
+            name: "GIT_ASKPASS_URL",
-            value: "http://localhost:8080/gce_node_auth",
+            value: "http://localhost:9102/git_askpass",
         },
     ...
     ]

docs/cookie-file.md

@@ -2,27 +2,27 @@
 
 Git-sync supports use of an HTTP Cookie File for accessing git content.
 
-# Step 1: Create Secret
+## Step 1: Create Secret
 
 First, create a secret file from the git cookie file you wish to
 use.
 
 Example: if the cookie-file is `~/.gitcookies`:
 
-```
+```bash
 kubectl create secret generic git-cookie-file --from-file=cookie_file=~/.gitcookies
 ```
 
 Note that the key is `cookie_file`. This is the filename that git-sync will look
 for.
 
-# Step 2: Configure Pod/Deployment Volume
+## Step 2: Configure Pod/Deployment Volume
 
 In your Pod or Deployment configuration, specify a Volume for mounting the
 cookie-file Secret. Make sure to set `secretName` to the same name you used to
 create the secret (`git-cookie-file` in the example above).
 
-```
+```json
 volumes: [
     {
         "name": "git-secret",
@@ -34,7 +34,7 @@ volumes: [
 ],
 ```
 
-# Step 3: Configure git-sync container
+## Step 3: Configure git-sync container
 
 In your git-sync container configuration, mount your volume at
 "/etc/git-secret". Make sure to pass the `--cookie-file` flag or set the
@@ -42,7 +42,7 @@ environment variable `GIT_COOKIE_FILE` to "true", and to use a git repo
 (`--repo` flag or `GIT_SYNC_REPO` env) is set to use a URL with the HTTP
 protocol.
 
-```
+```json
 {
     name: "git-sync",
     ...