Skip to content

Commit

Permalink
Simplify auto-generated pac-gitauth secret URL
Browse files Browse the repository at this point in the history
  • Loading branch information
Bibz87 committed Jun 23, 2023
1 parent 0e4cddb commit 3d3d563
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 1 deletion.
6 changes: 6 additions & 0 deletions docs/content/docs/guide/privaterepo.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ This secret contains a [Git Config](https://git-scm.com/docs/git-config) file:
file: .git-credentials, which includes the https URL using the token obtained
from the GitHub application or secret attached to the repo CR.

{{< hint info >}} For compatibility, the [Git
Config](https://git-scm.com/docs/git-config) file uses the detected repository's
base URL instead of the full URL. For more information, see [this
issue](https://github.com/openshift-pipelines/pipelines-as-code/issues/1307) {{<
/hint >}}

The secret includes a key referencing the token as a key to let you easily use it in your task for
other provider operations. See the documentation with example on how to use it
[here](../authoringprs/#using-the-temporary-github-app-token-for-github-api-operations)
Expand Down
3 changes: 2 additions & 1 deletion pkg/secrets/basic_auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,10 @@ func MakeBasicAuthSecret(runevent *info.Event, secretName string) (*corev1.Secre
// in the *** to do it in shell.
token := url.QueryEscape(runevent.Provider.Token)

baseCloneURL := fmt.Sprintf("%s://%s", repoURL.Scheme, repoURL.Host)
urlWithToken := fmt.Sprintf("%s://%s:%s@%s%s", repoURL.Scheme, gitUser, token, repoURL.Host, repoURL.Path)
secretData := map[string]string{
".gitconfig": fmt.Sprintf(basicAuthGitConfigData, cloneURL),
".gitconfig": fmt.Sprintf(basicAuthGitConfigData, baseCloneURL),
".git-credentials": urlWithToken,
// With the GitHub APP method the token is available for 8h if you have
// the user to server token expiration. the token is scoped to the
Expand Down
15 changes: 15 additions & 0 deletions pkg/secrets/basic_auth_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package secrets

import (
"fmt"
"regexp"
"strings"
"testing"

Expand All @@ -25,6 +27,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
name string
targetNS string
event info.Event
expectedGitConfigURL string
expectedGitCredentials string
expectedStartSecretName string
expectedError bool
Expand All @@ -34,6 +37,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
name: "Target secret not there",
targetNS: nsNotThere,
event: event,
expectedGitConfigURL: "https://forge",
expectedGitCredentials: "https://git:verysecrete@forge/owner/repo",
expectedStartSecretName: "pac-gitauth-owner-repo",
expectedLabels: map[string]string{
Expand All @@ -50,6 +54,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
Repository: "yoyo",
URL: "https://forge/owner/yoyo/foo/bar/linux/kernel",
},
expectedGitConfigURL: "https://forge",
expectedGitCredentials: "https://git:verysecrete@forge/owner/yoyo/foo/bar/linux/kernel",
expectedStartSecretName: "pac-gitauth-owner-repo",
expectedLabels: map[string]string{
Expand All @@ -62,13 +67,15 @@ func TestCreateBasicAuthSecret(t *testing.T) {
name: "Use clone URL",
targetNS: nsNotThere,
event: event,
expectedGitConfigURL: "https://forge",
expectedGitCredentials: "https://git:verysecrete@forge/owner/repo",
expectedStartSecretName: "pac-gitauth-owner-repo",
},
{
name: "Target secret already there",
targetNS: nsthere,
event: event,
expectedGitConfigURL: "https://forge",
expectedGitCredentials: "https://git:verysecrete@forge/owner/repo",
expectedStartSecretName: "pac-gitauth-owner-repo",
},
Expand All @@ -80,6 +87,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
Repository: "CASE",
URL: "https://forge/UPPER/CASE",
},
expectedGitConfigURL: "https://forge",
expectedGitCredentials: "https://git:verysecrete@forge/UPPER/CASE",
expectedStartSecretName: "pac-gitauth-upper-case",
},
Expand All @@ -92,6 +100,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
URL: "https://forge/hello/moto",
CloneURL: "https://forge/miss/robinson",
},
expectedGitConfigURL: "https://forge",
expectedGitCredentials: "https://git:verysecrete@forge/miss/robinson",
expectedStartSecretName: "pac-gitauth-upper-case",
},
Expand All @@ -107,6 +116,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
Token: "supersecrete",
},
},
expectedGitConfigURL: "https://forge",
expectedGitCredentials: "https://superman:supersecrete@forge/bat/cave",
expectedStartSecretName: "pac-gitauth-upper-case",
},
Expand All @@ -126,6 +136,11 @@ func TestCreateBasicAuthSecret(t *testing.T) {
}
}
assert.Assert(t, strings.HasPrefix(secret.GetName(), tt.expectedStartSecretName))
gitConfig := secret.StringData[".gitconfig"]
regPattern := fmt.Sprintf("\\[credential\\s+\\\"%s\\\"\\]", tt.expectedGitConfigURL)
match, err := regexp.MatchString(regPattern, gitConfig)
assert.NilError(t, err)
assert.Assert(t, match, ".gitconfig URL should not have path component: %s", gitConfig)
assert.Equal(t, secret.StringData[".git-credentials"], tt.expectedGitCredentials)
})
}
Expand Down

0 comments on commit 3d3d563

Please sign in to comment.