From e9ee5abb9aaf93fe5ba6428f6c4eaa2f85bd17b1 Mon Sep 17 00:00:00 2001 From: Michael Bridgen Date: Tue, 8 Nov 2022 10:28:39 +0000 Subject: [PATCH] Fail if SSH is used but no private key given When using SSH, a key must be obtained from somewhere. On the command line, git would either use the ssh-agent socket, or try to use a key in ~/.ssh. go-git mirrors this, by resorting to ssh-agent if it is not given any other choices. But in the operator container, it doesn't make sense too try to use ssh-agent, because there's no chance to add keys to it -- its only purpose would be to stop go-git from complaining. So: treat it as an error if someone uses an SSH git URL, but doesn't supply a private SSH key. Signed-off-by: Michael Bridgen --- pkg/controller/stack/stack_controller.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/controller/stack/stack_controller.go b/pkg/controller/stack/stack_controller.go index 66118b92..907a1484 100644 --- a/pkg/controller/stack/stack_controller.go +++ b/pkg/controller/stack/stack_controller.go @@ -1433,6 +1433,12 @@ func (sess *reconcileStackSession) DestroyStack(ctx context.Context) error { func (sess *reconcileStackSession) SetupGitAuth(ctx context.Context) (*auto.GitAuth, error) { gitAuth := &auto.GitAuth{} + // check that the URL is valid (and we'll use it later to check we got appropriate auth) + u, err := giturls.Parse(sess.stack.ProjectRepo) + if err != nil { + return gitAuth, err + } + if sess.stack.GitAuth != nil { if sess.stack.GitAuth.SSHAuth != nil { privateKey, err := sess.resolveResourceRef(ctx, &sess.stack.GitAuth.SSHAuth.SSHPrivateKey) @@ -1516,6 +1522,10 @@ func (sess *reconcileStackSession) SetupGitAuth(ctx context.Context) (*auto.GitA } } + if u.Scheme == "ssh" && gitAuth.SSHPrivateKey == "" { + return gitAuth, fmt.Errorf("a private key must be provided for SSH") + } + return gitAuth, nil }