Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: use argocd-git-ask-pass to pass git credentials to git/kustomize #8516

Merged
merged 3 commits into from
Feb 23, 2022
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
apply reviewer notes: move repeated strings into constants
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
alexmt committed Feb 18, 2022
commit 1b2a4cf306734277f31c94d8375fdc7174edf020
10 changes: 6 additions & 4 deletions cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go
Original file line number Diff line number Diff line change
@@ -6,6 +6,8 @@ import (
"os"
"strings"

"github.com/argoproj/argo-cd/v2/util/git"

"github.com/spf13/cobra"
"google.golang.org/grpc"

@@ -29,15 +31,15 @@ func NewCommand() *cobra.Command {
if len(os.Args) != 2 {
errors.CheckError(fmt.Errorf("expected 1 argument, got %d", len(os.Args)-1))
}
nonce := os.Getenv(git.ASKPASS_NONCE_ENV)
if nonce == "" {
errors.CheckError(fmt.Errorf("%s is not set", git.ASKPASS_NONCE_ENV))
}
conn, err := grpc_util.BlockingDial(context.Background(), "unix", askpass.SocketPath, nil, grpc.WithInsecure())
errors.CheckError(err)
defer io.Close(conn)
client := askpass.NewAskPassServiceClient(conn)

nonce := os.Getenv("ARGOCD_GIT_ASKPASS_NONCE")
if nonce == "" {
errors.CheckError(fmt.Errorf("ARGOCD_GIT_ASKPASS_NONCE is not set"))
}
creds, err := client.GetCredentials(context.Background(), &askpass.CredentialsRequest{Nonce: nonce})
errors.CheckError(err)
switch {
6 changes: 3 additions & 3 deletions reposerver/askpass/server_test.go
Original file line number Diff line number Diff line change
@@ -8,10 +8,10 @@ import (

func TestAdd(t *testing.T) {
s := NewServer()
id := s.Add("foo", "bar")
nonce := s.Add("foo", "bar")

assert.Equal(t, "foo", s.creds[id].Username)
assert.Equal(t, "bar", s.creds[id].Password)
assert.Equal(t, "foo", s.creds[nonce].Username)
assert.Equal(t, "bar", s.creds[nonce].Password)
}

func TestRemove(t *testing.T) {
23 changes: 15 additions & 8 deletions util/git/creds.go
Original file line number Diff line number Diff line change
@@ -22,11 +22,18 @@ import (
argoioutils "github.com/argoproj/argo-cd/v2/util/io"
)

// In memory cache for storing github APP api token credentials
var (
// In memory cache for storing github APP api token credentials
githubAppTokenCache *gocache.Cache
)

const (
// ASKPASS_NONCE_ENV is the environment variable that is used to pass the nonce to the askpass script
ASKPASS_NONCE_ENV = "ARGOCD_GIT_ASKPASS_NONCE"
// githubAccessTokenUsername is a username that is used to with the github access token
githubAccessTokenUsername = "x-access-token"
)

func init() {
githubAppCredsExp := common.GithubAppCredsExpirationDuration
if exp := os.Getenv(common.EnvGithubAppCredsExpirationDuration); exp != "" {
@@ -60,7 +67,7 @@ type Creds interface {
func getGitAskPassEnv(id string) []string {
return []string{
fmt.Sprintf("GIT_ASKPASS=%s", "argocd"),
fmt.Sprintf("ARGOCD_GIT_ASKPASS_NONCE=%s", id),
fmt.Sprintf("%s=%s", ASKPASS_NONCE_ENV, id),
"GIT_TERMINAL_PROMPT=0",
"ARGOCD_BINARY_NAME=argocd-git-ask-pass",
}
@@ -181,10 +188,10 @@ func (c HTTPSCreds) Environ() (io.Closer, []string, error) {
// GIT_SSL_KEY is the full path to a client certificate's key to be used
env = append(env, fmt.Sprintf("GIT_SSL_KEY=%s", keyFile.Name()))
}
id := c.store.Add(text.FirstNonEmpty(c.username, "x-access-token"), c.password)
env = append(env, getGitAskPassEnv(id)...)
nonce := c.store.Add(text.FirstNonEmpty(c.username, githubAccessTokenUsername), c.password)
env = append(env, getGitAskPassEnv(nonce)...)
return argoioutils.NewCloser(func() error {
c.store.Remove(id)
c.store.Remove(nonce)
return httpCloser.Close()
}), env, nil
}
@@ -344,10 +351,10 @@ func (g GitHubAppCreds) Environ() (io.Closer, []string, error) {
env = append(env, fmt.Sprintf("GIT_SSL_KEY=%s", keyFile.Name()))

}
id := g.store.Add("x-access-token", token)
env = append(env, getGitAskPassEnv(id)...)
nonce := g.store.Add(githubAccessTokenUsername, token)
env = append(env, getGitAskPassEnv(nonce)...)
return argoioutils.NewCloser(func() error {
g.store.Remove(id)
g.store.Remove(nonce)
return httpCloser.Close()
}), env, nil
}