Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Passwordless authentication for Git repositories #4806

Merged
merged 1 commit into from
Jun 12, 2024
Merged

[RFC] Passwordless authentication for Git repositories #4806

merged 1 commit into from
Jun 12, 2024

Conversation

dipti-pai
Copy link
Member

Based on top of this PR - #4114
Created separate PR as I don't have the required permissions to the main repo.

@stefanprodan stefanprodan changed the title Rfc for git passwordless auth [RFC] Passwordless authentication for Git repositories May 22, 2024
@stefanprodan stefanprodan added area/git Git related issues and pull requests area/rfc Feature request proposals in the RFC format area/security Security related issues and pull requests labels May 22, 2024
@stefanprodan stefanprodan mentioned this pull request May 22, 2024
Closed
souleb
souleb reviewed May 22, 2024
View reviewed changes
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
@souleb
Copy link
Member

souleb commented May 23, 2024

@nagyv can this work with gitlab?

@nagyv
Copy link
Contributor

nagyv commented May 24, 2024

@souleb Kind of. Reading through the proposal, it's not really passwordless as you extract the password every time from the OIDC response, and the password is tied either to a service account or an app (in case of GitHub).

At GitLab, we support service accounts that are fully independent of every user account, can not log in through the UI, but are very much user-like. For example, they can own deploy keys and can be made members of projects.

Flux in its current state can already support service accounts. I'll try to extend the proposal to describe the "with GitLab" solution.

darkowlzz
darkowlzz reviewed May 31, 2024
View reviewed changes
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
@dipti-pai dipti-pai requested review from darkowlzz and nagyv June 7, 2024 16:19
nagyv
nagyv reviewed Jun 10, 2024
View reviewed changes
Copy link
Contributor

@nagyv nagyv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line wrapped and formatted the GitLab section. LGTM.

rfcs/0006-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
darkowlzz
darkowlzz approved these changes Jun 12, 2024
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Thanks for all the details.

rfcs/0000-git-repo-passwordless-auth/README.md Outdated Show resolved Hide resolved
stefanprodan
stefanprodan approved these changes Jun 12, 2024
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @dipti-pai 🏅

@aryan9600 @dipti-pai
@souleb @darkowlzz @nagyv
RFC: Add passswordless auth for git repos
d95e8b6 
Signed-off-by: Dipti Pai <[email protected]>
Signed-off-by: Soule BA <[email protected]>
Signed-off-by: Sunny <[email protected]>
Co-authored-by: Dipti Pai <[email protected]>
Co-authored-by: Sanskar Jaiswal <[email protected]>
Co-authored-by: Soule BA <[email protected]>
Co-authored-by: Sunny <[email protected]>
Co-authored-by: Viktor Nagy <[email protected]>
@souleb souleb self-assigned this Jun 12, 2024
@souleb souleb merged commit 638e537 into fluxcd:main Jun 12, 2024
5 checks passed
@stefanprodan stefanprodan mentioned this pull request Jul 31, 2024
Closed
@alvaroaleman
Copy link

For my understanding, how is the work to actually implement this tracked? Are there individual sub work items for the various provides one could follow and contribute to?

@dipti-pai
Copy link
Member Author

For my understanding, how is the work to actually implement this tracked? Are there individual sub work items for the various provides one could follow and contribute to?

#4846 has the workitems for tracking the implementation of this RFC

@dipti-pai dipti-pai mentioned this pull request Oct 2, 2024
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@souleb souleb souleb left review comments

@stefanprodan stefanprodan stefanprodan approved these changes

@nagyv nagyv nagyv left review comments

@darkowlzz darkowlzz darkowlzz approved these changes

Assignees

@souleb souleb

Labels
area/git Git related issues and pull requests area/rfc Feature request proposals in the RFC format area/security Security related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@dipti-pai @souleb @nagyv @alvaroaleman @darkowlzz @stefanprodan @aryan9600