add support for bearer token as header to bootstrap git
Signed-off-by: toomaj <toomaj@tuta.io> Set tokenAuth to true with withBearerToken Signed-off-by: toomaj <toomaj@tuta.io> Set breaderToken if tokenAuth & withBearerToken were set Signed-off-by: toomaj <toomaj@tuta.io>
This commit is contained in:
toomaj
@@ -67,6 +67,9 @@ command will perform an upgrade if needed.`,
|
|||||||
|
|
||||||
# Run bootstrap for a Git repository on Azure Devops
|
# Run bootstrap for a Git repository on Azure Devops
|
||||||
flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --ssh-key-algorithm=rsa --ssh-rsa-bits=4096 --path=clusters/my-cluster
|
flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --ssh-key-algorithm=rsa --ssh-rsa-bits=4096 --path=clusters/my-cluster
|
||||||
|
|
||||||
|
# Run bootstrap for a Git repository on Oracle VBS
|
||||||
|
flux bootstrap git --url=https://repository_url.git --with-bearer-token=true --password=<PAT> --path=clusters/my-cluster
|
||||||
`,
|
`,
|
||||||
RunE: bootstrapGitCmdRun,
|
RunE: bootstrapGitCmdRun,
|
||||||
}
|
}
|
||||||
@@ -79,6 +82,7 @@ type gitFlags struct {
|
|||||||
password string
|
password string
|
||||||
silent bool
|
silent bool
|
||||||
insecureHttpAllowed bool
|
insecureHttpAllowed bool
|
||||||
|
withBearerToken bool
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@@ -95,11 +99,16 @@ func init() {
|
|||||||
bootstrapGitCmd.Flags().StringVarP(&gitArgs.password, "password", "p", "", "basic authentication password")
|
bootstrapGitCmd.Flags().StringVarP(&gitArgs.password, "password", "p", "", "basic authentication password")
|
||||||
bootstrapGitCmd.Flags().BoolVarP(&gitArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
|
bootstrapGitCmd.Flags().BoolVarP(&gitArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
|
||||||
bootstrapGitCmd.Flags().BoolVar(&gitArgs.insecureHttpAllowed, "allow-insecure-http", false, "allows insecure HTTP connections")
|
bootstrapGitCmd.Flags().BoolVar(&gitArgs.insecureHttpAllowed, "allow-insecure-http", false, "allows insecure HTTP connections")
|
||||||
|
bootstrapGitCmd.Flags().BoolVar(&gitArgs.withBearerToken, "with-bearer-token", false, "use password as bearer token for Authorization header")
|
||||||
|
|
||||||
bootstrapCmd.AddCommand(bootstrapGitCmd)
|
bootstrapCmd.AddCommand(bootstrapGitCmd)
|
||||||
}
|
}
|
||||||
|
|
||||||
func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
|
func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
|
||||||
|
if gitArgs.withBearerToken {
|
||||||
|
bootstrapArgs.tokenAuth = true
|
||||||
|
}
|
||||||
|
|
||||||
gitPassword := os.Getenv(gitPasswordEnvVar)
|
gitPassword := os.Getenv(gitPasswordEnvVar)
|
||||||
if gitPassword != "" && gitArgs.password == "" {
|
if gitPassword != "" && gitArgs.password == "" {
|
||||||
gitArgs.password = gitPassword
|
gitArgs.password = gitPassword
|
||||||
@@ -225,9 +234,15 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
TargetPath: gitArgs.path.String(),
|
TargetPath: gitArgs.path.String(),
|
||||||
ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
|
ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
|
||||||
}
|
}
|
||||||
|
|
||||||
if bootstrapArgs.tokenAuth {
|
if bootstrapArgs.tokenAuth {
|
||||||
secretOpts.Username = gitArgs.username
|
if gitArgs.withBearerToken {
|
||||||
secretOpts.Password = gitArgs.password
|
secretOpts.BearerToken = gitArgs.password
|
||||||
|
} else {
|
||||||
|
secretOpts.Username = gitArgs.username
|
||||||
|
secretOpts.Password = gitArgs.password
|
||||||
|
}
|
||||||
|
|
||||||
secretOpts.CAFile = caBundle
|
secretOpts.CAFile = caBundle
|
||||||
|
|
||||||
// Remove port of the given host when not syncing over HTTP/S to not assume port for protocol
|
// Remove port of the given host when not syncing over HTTP/S to not assume port for protocol
|
||||||
@@ -320,18 +335,28 @@ func getAuthOpts(u *url.URL, caBundle []byte) (*git.AuthOptions, error) {
|
|||||||
if !gitArgs.insecureHttpAllowed {
|
if !gitArgs.insecureHttpAllowed {
|
||||||
return nil, fmt.Errorf("scheme http is insecure, pass --allow-insecure-http=true to allow it")
|
return nil, fmt.Errorf("scheme http is insecure, pass --allow-insecure-http=true to allow it")
|
||||||
}
|
}
|
||||||
return &git.AuthOptions{
|
httpAuth := git.AuthOptions{
|
||||||
Transport: git.HTTP,
|
Transport: git.HTTP,
|
||||||
Username: gitArgs.username,
|
}
|
||||||
Password: gitArgs.password,
|
if gitArgs.withBearerToken {
|
||||||
}, nil
|
httpAuth.BearerToken = gitArgs.password
|
||||||
|
} else {
|
||||||
|
httpAuth.Username = gitArgs.username
|
||||||
|
httpAuth.Password = gitArgs.password
|
||||||
|
}
|
||||||
|
return &httpAuth, nil
|
||||||
case "https":
|
case "https":
|
||||||
return &git.AuthOptions{
|
httpsAuth := git.AuthOptions{
|
||||||
Transport: git.HTTPS,
|
Transport: git.HTTPS,
|
||||||
Username: gitArgs.username,
|
|
||||||
Password: gitArgs.password,
|
|
||||||
CAFile: caBundle,
|
CAFile: caBundle,
|
||||||
}, nil
|
}
|
||||||
|
if gitArgs.withBearerToken {
|
||||||
|
httpsAuth.BearerToken = gitArgs.password
|
||||||
|
} else {
|
||||||
|
httpsAuth.Username = gitArgs.username
|
||||||
|
httpsAuth.Password = gitArgs.password
|
||||||
|
}
|
||||||
|
return &httpsAuth, nil
|
||||||
case "ssh":
|
case "ssh":
|
||||||
authOpts := &git.AuthOptions{
|
authOpts := &git.AuthOptions{
|
||||||
Transport: git.SSH,
|
Transport: git.SSH,
|
||||||
|
|||||||
Reference in New Issue
Block a user