Merge pull request #571 from thockin/v3_askpass_helper_simpler
v3: Clean up askpass_URL
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
7f8cfa7746
|
|
@ -123,7 +123,7 @@ docker run -d \
|
||||||
| `--ssh-known-hosts-file` | GIT_SSH_KNOWN_HOSTS_FILE | "/etc/git-secret/known_hosts" | the known_hosts file to use |
|
| `--ssh-known-hosts-file` | GIT_SSH_KNOWN_HOSTS_FILE | "/etc/git-secret/known_hosts" | the known_hosts file to use |
|
||||||
| `--add-user` | GIT_SYNC_ADD_USER | false | add a record to /etc/passwd for the current UID/GID (needed to use SSH with a different UID) |
|
| `--add-user` | GIT_SYNC_ADD_USER | false | add a record to /etc/passwd for the current UID/GID (needed to use SSH with a different UID) |
|
||||||
| `--cookie-file` | GIT_COOKIE_FILE | false | use git cookiefile |
|
| `--cookie-file` | GIT_COOKIE_FILE | false | use git cookiefile |
|
||||||
| `--askpass-url` | GIT_ASKPASS_URL | "" | the URL for GIT_ASKPASS callback |
|
| `--askpass-url` | GIT_ASKPASS_URL | "" | the URL to query for a username and password for git auth |
|
||||||
|
|
||||||
## Flags which configure hooks
|
## Flags which configure hooks
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,21 +14,13 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
# Ask pass when cloning new repo, fail if it mismatched the magic password.
|
# This script uses the in-container shell which is limited. For example, it
|
||||||
|
# does not support the 'pipefail' option.
|
||||||
mkdir -p "${XDG_CONFIG_HOME}/git/"
|
set -o errexit
|
||||||
# Override the default 'git --global' config location, the default location
|
set -o nounset
|
||||||
# outside the e2e test environment. See https://git-scm.com/docs/git-config
|
|
||||||
touch "${XDG_CONFIG_HOME}/git/config"
|
|
||||||
# Override the default 'git credential store' config location, the default location
|
|
||||||
# outside the e2e test environment. See https://git-scm.com/docs/git-credential-store
|
|
||||||
touch "${XDG_CONFIG_HOME}/git/credentials"
|
|
||||||
|
|
||||||
if [ "$1" != "clone" -a "$1" != "ls-remote" -a "$1" != "fetch" ]; then
|
|
||||||
git "$@"
|
|
||||||
exit $?
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
# Ask pass some ops, fail if it mismatched the magic password.
|
||||||
|
if [ "$1" = "clone" -o "$1" = "ls-remote" -o "$1" = "fetch" ]; then
|
||||||
# `git credential fill` requires the repo url match to consume the credentials stored by git-sync.
|
# `git credential fill` requires the repo url match to consume the credentials stored by git-sync.
|
||||||
# Askpass git only support repo started with "file://" which is used in test_e2e.sh.
|
# Askpass git only support repo started with "file://" which is used in test_e2e.sh.
|
||||||
REPO=$(echo "$@" | grep -o "file://[^ ]*")
|
REPO=$(echo "$@" | grep -o "file://[^ ]*")
|
||||||
|
|
@ -40,5 +32,6 @@ if [ "${USERNAME}" != "username=my-username" -o "${PASSWD}" != "password=my-pass
|
||||||
echo "invalid test username/password pair: ${USERNAME}:${PASSWD}"
|
echo "invalid test username/password pair: ${USERNAME}:${PASSWD}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
git "$@"
|
git "$@"
|
||||||
|
|
|
||||||
|
|
@ -121,7 +121,7 @@ var flCookieFile = flag.Bool("cookie-file", envBool("GIT_COOKIE_FILE", false),
|
||||||
"use git cookiefile")
|
"use git cookiefile")
|
||||||
|
|
||||||
var flAskPassURL = flag.String("askpass-url", envString("GIT_ASKPASS_URL", ""),
|
var flAskPassURL = flag.String("askpass-url", envString("GIT_ASKPASS_URL", ""),
|
||||||
"the URL for GIT_ASKPASS callback")
|
"the URL to query for a username and password for git auth")
|
||||||
|
|
||||||
var flGitCmd = flag.String("git", envString("GIT_SYNC_GIT", "git"),
|
var flGitCmd = flag.String("git", envString("GIT_SYNC_GIT", "git"),
|
||||||
"the git command to run (subject to PATH search, mostly for testing)")
|
"the git command to run (subject to PATH search, mostly for testing)")
|
||||||
|
|
@ -1025,11 +1025,11 @@ func revIsHash(ctx context.Context, rev, gitRoot string) (bool, error) {
|
||||||
// returns (1) whether a change occured, (2) the new hash, and (3) an error if one happened
|
// returns (1) whether a change occured, (2) the new hash, and (3) an error if one happened
|
||||||
func syncRepo(ctx context.Context, repo, branch, rev string, depth int, gitRoot, dest string, authURL string, submoduleMode string) (bool, string, error) {
|
func syncRepo(ctx context.Context, repo, branch, rev string, depth int, gitRoot, dest string, authURL string, submoduleMode string) (bool, string, error) {
|
||||||
if authURL != "" {
|
if authURL != "" {
|
||||||
// For ASKPASS Callback URL, the credentials behind is dynamic, it needs to be
|
// When using an auth URL, the credentials can be dynamic, it needs to be
|
||||||
// re-fetched each time.
|
// re-fetched each time.
|
||||||
if err := callGitAskPassURL(ctx, authURL); err != nil {
|
if err := callGitAskPassURL(ctx, authURL); err != nil {
|
||||||
askpassCount.WithLabelValues(metricKeyError).Inc()
|
askpassCount.WithLabelValues(metricKeyError).Inc()
|
||||||
return false, "", fmt.Errorf("failed to call GIT_ASKPASS_URL: %v", err)
|
return false, "", fmt.Errorf("failed to get credentials from auth URL: %v", err)
|
||||||
}
|
}
|
||||||
askpassCount.WithLabelValues(metricKeySuccess).Inc()
|
askpassCount.WithLabelValues(metricKeySuccess).Inc()
|
||||||
}
|
}
|
||||||
|
|
@ -1093,7 +1093,7 @@ func getRevs(ctx context.Context, repo, localDir, branch, rev string) (string, s
|
||||||
}
|
}
|
||||||
|
|
||||||
func setupGitAuth(ctx context.Context, username, password, gitURL string) error {
|
func setupGitAuth(ctx context.Context, username, password, gitURL string) error {
|
||||||
log.V(1).Info("setting up git credential store")
|
log.V(3).Info("storing git credentials")
|
||||||
|
|
||||||
_, err := cmdRunner.Run(ctx, "", nil, *flGitCmd, "config", "--global", "credential.helper", "store")
|
_, err := cmdRunner.Run(ctx, "", nil, *flGitCmd, "config", "--global", "credential.helper", "store")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -1155,12 +1155,12 @@ func setupGitCookieFile(ctx context.Context) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// The expected ASKPASS callback output are below,
|
// The expected URL callback output is below,
|
||||||
// see https://git-scm.com/docs/gitcredentials for more examples:
|
// see https://git-scm.com/docs/gitcredentials for more examples:
|
||||||
// username=xxx@example.com
|
// username=xxx@example.com
|
||||||
// password=xxxyyyzzz
|
// password=xxxyyyzzz
|
||||||
func callGitAskPassURL(ctx context.Context, url string) error {
|
func callGitAskPassURL(ctx context.Context, url string) error {
|
||||||
log.V(1).Info("calling GIT_ASKPASS URL to get credentials")
|
log.V(2).Info("calling auth URL to get credentials")
|
||||||
|
|
||||||
var netClient = &http.Client{
|
var netClient = &http.Client{
|
||||||
Timeout: time.Second * 1,
|
Timeout: time.Second * 1,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue