From 45a00a01707759fed887960e2a2360a612aebce6 Mon Sep 17 00:00:00 2001
From: Carlos Nunez <75340335+carlosonunez-vmw@users.noreply.github.com>
Date: Fri, 16 Sep 2022 16:16:19 -0500
Subject: [PATCH] Maintain original scheme when using --token-auth

If you're using an HTTP-based Git server with Flux, you need to provide `--token-auth` to avoid triggering an SSH host key check (see [here](https://github.com/fluxcd/flux2/issues/2825#issuecomment-1151355914)). Unfortunately, doing this forces the URL in the `GitRepository` resource created during bootstrapping to always use `https`. This will cause Kustomization reconcile errors for servers that do not have HTTPS enabled or do not have the appropriate certs installed or available.

This pull request fixes this by keeping the repository URL scheme intact when using `--token-auth`.

Signed-off-by: Carlos Nunez <75340335+carlosonunez-vmw@users.noreply.github.com>
---
 cmd/flux/bootstrap_git.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go
index 27515775..2f5e2491 100644
--- a/cmd/flux/bootstrap_git.go
+++ b/cmd/flux/bootstrap_git.go
@@ -192,7 +192,9 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 
 		// Configure repository URL to match auth config for sync.
 		repositoryURL.User = nil
-		repositoryURL.Scheme = "https"
+		if !gitArgs.insecureHttpAllowed {
+			repositoryURL.Scheme = "https"
+		}
 	} else {
 		secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm)
 		secretOpts.Password = gitArgs.password