From 3d3d563cf8cb9a1654711926a95143f4e845be55 Mon Sep 17 00:00:00 2001 From: Yannik Beaulieu Date: Fri, 23 Jun 2023 13:43:41 -0400 Subject: [PATCH] Simplify auto-generated pac-gitauth secret URL --- docs/content/docs/guide/privaterepo.md | 6 ++++++ pkg/secrets/basic_auth.go | 3 ++- pkg/secrets/basic_auth_test.go | 15 +++++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/docs/content/docs/guide/privaterepo.md b/docs/content/docs/guide/privaterepo.md index 7ad57ae87..f6aa397a7 100644 --- a/docs/content/docs/guide/privaterepo.md +++ b/docs/content/docs/guide/privaterepo.md @@ -18,6 +18,12 @@ This secret contains a [Git Config](https://git-scm.com/docs/git-config) file: file: .git-credentials, which includes the https URL using the token obtained from the GitHub application or secret attached to the repo CR. +{{< hint info >}} For compatibility, the [Git +Config](https://git-scm.com/docs/git-config) file uses the detected repository's +base URL instead of the full URL. For more information, see [this +issue](https://github.com/openshift-pipelines/pipelines-as-code/issues/1307) {{< +/hint >}} + The secret includes a key referencing the token as a key to let you easily use it in your task for other provider operations. See the documentation with example on how to use it [here](../authoringprs/#using-the-temporary-github-app-token-for-github-api-operations) diff --git a/pkg/secrets/basic_auth.go b/pkg/secrets/basic_auth.go index 5be951eb1..3a67f4149 100644 --- a/pkg/secrets/basic_auth.go +++ b/pkg/secrets/basic_auth.go @@ -54,9 +54,10 @@ func MakeBasicAuthSecret(runevent *info.Event, secretName string) (*corev1.Secre // in the *** to do it in shell. token := url.QueryEscape(runevent.Provider.Token) + baseCloneURL := fmt.Sprintf("%s://%s", repoURL.Scheme, repoURL.Host) urlWithToken := fmt.Sprintf("%s://%s:%s@%s%s", repoURL.Scheme, gitUser, token, repoURL.Host, repoURL.Path) secretData := map[string]string{ - ".gitconfig": fmt.Sprintf(basicAuthGitConfigData, cloneURL), + ".gitconfig": fmt.Sprintf(basicAuthGitConfigData, baseCloneURL), ".git-credentials": urlWithToken, // With the GitHub APP method the token is available for 8h if you have // the user to server token expiration. the token is scoped to the diff --git a/pkg/secrets/basic_auth_test.go b/pkg/secrets/basic_auth_test.go index 57e137940..ebc440d72 100644 --- a/pkg/secrets/basic_auth_test.go +++ b/pkg/secrets/basic_auth_test.go @@ -1,6 +1,8 @@ package secrets import ( + "fmt" + "regexp" "strings" "testing" @@ -25,6 +27,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { name string targetNS string event info.Event + expectedGitConfigURL string expectedGitCredentials string expectedStartSecretName string expectedError bool @@ -34,6 +37,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { name: "Target secret not there", targetNS: nsNotThere, event: event, + expectedGitConfigURL: "https://forge", expectedGitCredentials: "https://git:verysecrete@forge/owner/repo", expectedStartSecretName: "pac-gitauth-owner-repo", expectedLabels: map[string]string{ @@ -50,6 +54,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { Repository: "yoyo", URL: "https://forge/owner/yoyo/foo/bar/linux/kernel", }, + expectedGitConfigURL: "https://forge", expectedGitCredentials: "https://git:verysecrete@forge/owner/yoyo/foo/bar/linux/kernel", expectedStartSecretName: "pac-gitauth-owner-repo", expectedLabels: map[string]string{ @@ -62,6 +67,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { name: "Use clone URL", targetNS: nsNotThere, event: event, + expectedGitConfigURL: "https://forge", expectedGitCredentials: "https://git:verysecrete@forge/owner/repo", expectedStartSecretName: "pac-gitauth-owner-repo", }, @@ -69,6 +75,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { name: "Target secret already there", targetNS: nsthere, event: event, + expectedGitConfigURL: "https://forge", expectedGitCredentials: "https://git:verysecrete@forge/owner/repo", expectedStartSecretName: "pac-gitauth-owner-repo", }, @@ -80,6 +87,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { Repository: "CASE", URL: "https://forge/UPPER/CASE", }, + expectedGitConfigURL: "https://forge", expectedGitCredentials: "https://git:verysecrete@forge/UPPER/CASE", expectedStartSecretName: "pac-gitauth-upper-case", }, @@ -92,6 +100,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { URL: "https://forge/hello/moto", CloneURL: "https://forge/miss/robinson", }, + expectedGitConfigURL: "https://forge", expectedGitCredentials: "https://git:verysecrete@forge/miss/robinson", expectedStartSecretName: "pac-gitauth-upper-case", }, @@ -107,6 +116,7 @@ func TestCreateBasicAuthSecret(t *testing.T) { Token: "supersecrete", }, }, + expectedGitConfigURL: "https://forge", expectedGitCredentials: "https://superman:supersecrete@forge/bat/cave", expectedStartSecretName: "pac-gitauth-upper-case", }, @@ -126,6 +136,11 @@ func TestCreateBasicAuthSecret(t *testing.T) { } } assert.Assert(t, strings.HasPrefix(secret.GetName(), tt.expectedStartSecretName)) + gitConfig := secret.StringData[".gitconfig"] + regPattern := fmt.Sprintf("\\[credential\\s+\\\"%s\\\"\\]", tt.expectedGitConfigURL) + match, err := regexp.MatchString(regPattern, gitConfig) + assert.NilError(t, err) + assert.Assert(t, match, ".gitconfig URL should not have path component: %s", gitConfig) assert.Equal(t, secret.StringData[".git-credentials"], tt.expectedGitCredentials) }) }