feat: add support for authenticated git clone #8537
Conversation
|
Skipping CI for Draft Pull Request. |
tekton-robot
added
release-note
|
/assign @vdemeester @aThorp96 @waveywaves |
|
@chmouel: GitHub didn't allow me to assign the following users: aThorp96. Note that only tektoncd members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
The following is the coverage report on the affected files.
|
| @@ -449,7 +479,7 @@ func ResolveAPIGit(ctx context.Context, params map[string]string, kubeclient kub | |||
| }, nil | |||
| } | |||
|
|
|||
| func getAPIToken(ctx context.Context, apiSecret *secretCacheKey, kubeclient kubernetes.Interface, logger *zap.SugaredLogger, cache *cache.LRUExpireCache, ttl time.Duration, params map[string]string) ([]byte, error) { | |||
| func getAPIToken(ctx context.Context, apiSecret *secretCacheKey, kubeclient kubernetes.Interface, logger *zap.SugaredLogger, cache *cache.LRUExpireCache, ttl time.Duration, params map[string]string, key string) ([]byte, error) { | |||
There was a problem hiding this comment.
Is the gitToken also an APIToken? If not, since this now handles both the Git Token and the API Token, I wonder if it's helpful to rename the method name and local variables like (e.g. apiSecret) to be reflect this function becoming more generic.
There was a problem hiding this comment.
sure why not, both works tbh
chmouel
force-pushed
the
git-token-auth
branch
from
5af937d to
a99385a
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return nil, wrappedErr | ||
| } | ||
|
|
||
| secretVal, ok := secret.Data[apiSecret.key] | ||
| if !ok { | ||
| err := fmt.Errorf("cannot get API token, key %s not found in secret %s in namespace %s", apiSecret.key, apiSecret.name, apiSecret.ns) | ||
| logger.Info(err) | ||
| g.Logger.Info(err) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
There was a problem hiding this comment.
the log would only log the secret-name not the secret content (and nothing has changed in this patch compared to before) 🙃
|
The following is the coverage report on the affected files.
|
Added support for authenticated git cloning using `gitToken` and `gitTokenKey` parameters. Updated documentation to reflect the new parameters and their usage. Modified resolver functions to handle authentication when cloning repositories. Added tests to verify the functionality of authenticated git cloning. The differences between the two modes are: - The `git clone` method support anonymous cloning and authenticated cloning. - Depending of the Git provider `git clone` has a lower rate limit (if none) than the authenticated API. - The authenticated API supports private repositories and fetches only the file at the specified path rather than doing a full clone. Signed-off-by: Chmouel Boudjnah <[email protected]>
chmouel
force-pushed
the
git-token-auth
branch
from
a99385a to
94ec9c2
Compare
|
The following is the coverage report on the affected files.
|
|
/test all |
tekton-robot
removed
the
do-not-merge/work-in-progress
|
The following is the coverage report on the affected files.
|
Changes
Added support for authenticated git cloning using
gitTokenandgitTokenKeyparameters. Updated documentation to reflect the new parameters and their
usage. Modified resolver functions to handle authentication when cloning
repositories. Added tests to verify the functionality of authenticated git
cloning.
The differences between the two modes are:
git clonemethod support anonymous cloning and authenticated cloning.git clonehas a lower rate limit (if none)than the authenticated API.
at the specified path rather than doing a full clone.
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes
/kind feature