Skip to content

Commit

Permalink
feat: Updating git step action to use credentials based authenticatio…
Browse files Browse the repository at this point in the history 
…n. (#151)

* feat: Updating git step action to use credentials based authentication.

Both github & gitlab allow credentials or token based authentication to the repo. Since this project is using distroless images, I didn't want to add an ssh-agent dependency on the project, and thought it might be better to use token based authentication to load private repos.

* Adding changes to make the implementation conformant to what argo-workflows is doing.

* Adding changes after running `make pre-commit`.

* Adding some additional logging for testing purposes.

* Updating docs to match tthe contents of this PR.

* Adding generated kube yaml files with new CRDs.

* Adding required dependencies & modifying sed command in makefile.

* Adding missing deps.

* Removing unnecessary log lines.

* Updating makefile to work with kustomize 4.2.0 & macos sed.
  • Loading branch information
@domderen
domderen authored Jul 28, 2021
1 parent 7a6ecb5 commit ed0cc74
Show file tree
Hide file tree
Showing 14 changed files with 459 additions and 43 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ config/quick-start.yaml:
config/metrics-server.yaml:
config/stan-dev.yaml:
config/%.yaml: config/$*
kustomize build --load_restrictor=none config/$* -o $@
kustomize build --load-restrictor LoadRestrictionsNone config/$* -o $@
sed -i '' "s/:latest/:$(TAG)/" $@

# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
Expand Down
16 changes: 12 additions & 4 deletions api/v1alpha1/git.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,18 @@ import (
)

type Git struct {
Image string `json:"image" protobuf:"bytes,1,opt,name=image"`
Command []string `json:"command,omitempty" protobuf:"bytes,6,rep,name=command"`
URL string `json:"url" protobuf:"bytes,2,opt,name=url"`
SSHPrivateKey *corev1.SecretKeySelector `json:"sshPrivateKey,omitempty" protobuf:"bytes,7,opt,name=sshPrivateKey"`
Image string `json:"image" protobuf:"bytes,1,opt,name=image"`
Command []string `json:"command,omitempty" protobuf:"bytes,6,rep,name=command"`
URL string `json:"url" protobuf:"bytes,2,opt,name=url"`

// UsernameSecret is the secret selector to the repository username
UsernameSecret *corev1.SecretKeySelector `json:"usernameSecret,omitempty" protobuf:"bytes,7,opt,name=usernameSecret"`

// PasswordSecret is the secret selector to the repository password
PasswordSecret *corev1.SecretKeySelector `json:"passwordSecret,omitempty" protobuf:"bytes,8,opt,name=passwordSecret"`

// SSHPrivateKeySecret is the secret selector to the repository ssh private key
SSHPrivateKeySecret *corev1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty" protobuf:"bytes,9,opt,name=sshPrivateKeySecret"`
// +kubebuilder:default=.
Path string `json:"path,omitempty" protobuf:"bytes,3,opt,name=path"`
// +kubebuilder:default=main
Expand Down
14 changes: 12 additions & 2 deletions api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

70 changes: 65 additions & 5 deletions config/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -664,11 +664,26 @@ spec:
type: array
image:
type: string
passwordSecret:
description: PasswordSecret is the secret selector to the repository password
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
path:
default: .
type: string
sshPrivateKey:
description: SecretKeySelector selects a key of a Secret.
sshPrivateKeySecret:
description: SSHPrivateKeySecret is the secret selector to the repository ssh private key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
Expand All @@ -684,6 +699,21 @@ spec:
type: object
url:
type: string
usernameSecret:
description: UsernameSecret is the secret selector to the repository username
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
required:
- image
- url
Expand Down Expand Up @@ -2935,11 +2965,26 @@ spec:
type: array
image:
type: string
passwordSecret:
description: PasswordSecret is the secret selector to the repository password
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
path:
default: .
type: string
sshPrivateKey:
description: SecretKeySelector selects a key of a Secret.
sshPrivateKeySecret:
description: SSHPrivateKeySecret is the secret selector to the repository ssh private key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
Expand All @@ -2955,6 +3000,21 @@ spec:
type: object
url:
type: string
usernameSecret:
description: UsernameSecret is the secret selector to the repository username
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
required:
- image
- url
Expand Down Expand Up @@ -4982,7 +5042,7 @@ metadata:
name: ssh
namespace: argo-dataflow-system
stringData:
known_hosts: |
known_hosts: |-
# github.com:22 SSH-2.0-babeld-83b59434
# github.com:22 SSH-2.0-babeld-83b59434
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
Expand Down
43 changes: 41 additions & 2 deletions config/crd/bases/dataflow.argoproj.io_pipelines.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1036,11 +1036,31 @@ spec:
type: array
image:
type: string
passwordSecret:
description: PasswordSecret is the secret selector to the
repository password
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
path:
default: .
type: string
sshPrivateKey:
description: SecretKeySelector selects a key of a Secret.
sshPrivateKeySecret:
description: SSHPrivateKeySecret is the secret selector
to the repository ssh private key
properties:
key:
description: The key of the secret to select from. Must
Expand All @@ -1059,6 +1079,25 @@ spec:
type: object
url:
type: string
usernameSecret:
description: UsernameSecret is the secret selector to the
repository username
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
required:
- image
- url
Expand Down
43 changes: 41 additions & 2 deletions config/crd/bases/dataflow.argoproj.io_steps.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -995,11 +995,31 @@ spec:
type: array
image:
type: string
passwordSecret:
description: PasswordSecret is the secret selector to the repository
password
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
path:
default: .
type: string
sshPrivateKey:
description: SecretKeySelector selects a key of a Secret.
sshPrivateKeySecret:
description: SSHPrivateKeySecret is the secret selector to the
repository ssh private key
properties:
key:
description: The key of the secret to select from. Must be
Expand All @@ -1018,6 +1038,25 @@ spec:
type: object
url:
type: string
usernameSecret:
description: UsernameSecret is the secret selector to the repository
username
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
required:
- image
- url
Expand Down
68 changes: 64 additions & 4 deletions config/default.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -664,11 +664,26 @@ spec:
type: array
image:
type: string
passwordSecret:
description: PasswordSecret is the secret selector to the repository password
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
path:
default: .
type: string
sshPrivateKey:
description: SecretKeySelector selects a key of a Secret.
sshPrivateKeySecret:
description: SSHPrivateKeySecret is the secret selector to the repository ssh private key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
Expand All @@ -684,6 +699,21 @@ spec:
type: object
url:
type: string
usernameSecret:
description: UsernameSecret is the secret selector to the repository username
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
required:
- image
- url
Expand Down Expand Up @@ -2935,11 +2965,26 @@ spec:
type: array
image:
type: string
passwordSecret:
description: PasswordSecret is the secret selector to the repository password
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
path:
default: .
type: string
sshPrivateKey:
description: SecretKeySelector selects a key of a Secret.
sshPrivateKeySecret:
description: SSHPrivateKeySecret is the secret selector to the repository ssh private key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
Expand All @@ -2955,6 +3000,21 @@ spec:
type: object
url:
type: string
usernameSecret:
description: UsernameSecret is the secret selector to the repository username
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
required:
- image
- url
Expand Down
Loading

0 comments on commit ed0cc74

Please sign in to comment.