Skip to content

[FE]: Support for private key connection #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
damsien opened this issue Dec 13, 2024 · 0 comments
Open

[FE]: Support for private key connection #32

damsien opened this issue Dec 13, 2024 · 0 comments
Labels
feature A feature that is listed in the roadmap

Comments

@damsien
Copy link
Collaborator

damsien commented Dec 13, 2024
edited
Loading

Roadmap 2025/07 Ability to choose the git push error default behavior
As a the DevOps of my team, I want to be able to connect to my git platform using a private ssh key instead of a token.

What to do

1. Add a sshPrivateKey field in the gitUser struct

syngit/internal/interceptor/webhook_request_checker.go

Lines 26 to 30 in 4b54d53

type gitUser struct {
gitUser string
gitEmail string
gitToken string
}

2. Allow kubernetes.io/ssh-auth secret type

When getting the user's secret, check for the Secret type (secret.Type). If it is kubernetes.io/basic-auth, then keep the existing lines (get username & password). If it is kubernetes.io/ssh-auth, then get the ssh-privatekey key from the Secret like describe in the Kubernetes documentation.

syngit/internal/interceptor/webhook_request_checker.go

Lines 414 to 422 in 4b54d53

secret := &corev1.Secret{}
err := wrc.k8sClient.Get(ctx, *secretNamespacedName, secret)
if err == nil {
userGitName = string(secret.Data["username"])
userGitToken = string(secret.Data["password"])
secretCount++
userGitEmail = remoteUser.Spec.Email
}

3. Add the ssh private key to the existing gitUser

syngit/internal/interceptor/webhook_request_checker.go

Lines 424 to 428 in 4b54d53

gitUser := &gitUser{
gitUser: userGitName,
gitEmail: userGitEmail,
gitToken: userGitToken,
}

4. Add a sshPrivateKey field in the GitPusher struct

syngit/internal/interceptor/git_pusher.go

Lines 24 to 35 in 4b54d53

type GitPusher struct {
remoteSyncer syngit.RemoteSyncer
remoteTarget syngit.RemoteTarget
interceptedYAML string
interceptedGVR schema.GroupVersionResource
interceptedName string
gitUser string
gitEmail string
gitToken string
operation admissionv1.Operation
caBundle []byte
}

5. Global BasicAuth

Create a http.BasicAuth object that will be used to clone & push. Create a function that build the BasicAuth depending on the the type (basic auth or ssh). Replace the existing ones with the global one.

syngit/internal/interceptor/git_pusher.go

Lines 269 to 272 in 4b54d53

Auth: &http.BasicAuth{
Username: gp.gitUser,
Password: gp.gitToken,
},

Each http.BasicAuth object must also be changed in the repo retriever file.

Remove the Name field from the commit signature (because it can not to exist if the type is ssh).

syngit/internal/interceptor/git_pusher.go

Lines 241 to 245 in 4b54d53

Author: &object.Signature{
Name: gp.gitUser,
Email: gp.gitEmail,
When: time.Now(),
},

Additional context

If you have any questions, please tag @damsien.
@damsien damsien added enhancement Request for enhancement good first issue Good for newcomers feature A feature that is listed in the roadmap labels Dec 13, 2024
@damsien damsien changed the title [FE]: Support for ssh connection [FE]: Support for private key connection Dec 23, 2024
@damsien damsien removed good first issue Good for newcomers enhancement Request for enhancement labels Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature A feature that is listed in the roadmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@damsien