-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement new packages auth, azure and git for passwordless authentication scenarios #789
Conversation
@darkowlzz I removed all the caching-related code from the PR as I wanted to get thoughts about moving some files around before implementing.
|
A few months ago in a dev meeting, we discussed about this possibility, that maybe the respective clients can have most of the authentication code and very few essential common code in auth package. With the recent discussions around caching in the client itself and looking at the simplicity of the credentials.go code, it appears to me that this would be the obvious design to go with, unless we find some good reason not to. At present, this sounds good to me.
Looking at the old PR, it seems that the Regarding the proposed |
a2f84e1
to
20ffe16
Compare
9ed437e
to
8aa2d25
Compare
Manually validated when proxy server configuration is specified in GitRepository Relevant logs from source-controller and proxy server are below
|
16adfc9
to
c8cf7e4
Compare
c8cf7e4
to
3447de1
Compare
2b2fb00
to
abee735
Compare
abee735
to
6cd9385
Compare
6cd9385
to
8f8a78e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested the usage of this in source-controller in fluxcd/source-controller#1591 and everything looks good to me.
Thanks for the detailed tests of all the scenarios.
- Add packages auth, azure to fetch access token using azidentity DefaultAzureCredential API and default ARM scope - Provide the capability to override the scope of the access token for Azure DevOps. - Provide the capability to pass proxy settings to the client options if specified. - Provide the option to specify a fake token credential for unit tests. - Add ProviderOptions in git AuthOptions to configure the provider options from consumers. - Use the credentials API to fetch Azure DevOps access token if the provider is Azure from gogit client. - Add new unit tests for new functionality in azure, git and gogit client. Signed-off-by: Dipti Pai <[email protected]>
8f8a78e
to
1686996
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks @dipti-pai 🥇
Changes include partial implementation of RFC-007 for Azure provider.
azure
sub-package inauth
with API to get azure devops access token using workload identity and associated token provider unit tests.git
andgogit
package using the API to get credentials invoking provider specific implementation (only Azure is added currently) and associated git credentials/gogit client unit tests.