provider-ansible icon indicating copy to clipboard operation
provider-ansible copied to clipboard
verified publisher icon crossplane-contrib

Cannot configure Git credentials

Open malins opened this issue 2 years ago • 4 comments

Hello,

I'm trying to install a role from a private repository at github, but I do not succeed.

I'm using latest version of this provider (0.6.0).

My provider configuration looks like this:

apiVersion: ansible.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: ansible-test
spec:
  credentials:
  - filename: .git-credentials
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: git-credentials
      key: .git-credentials

My secret contains the credentials in the following format:

https://malins:[email protected]

Then, I reference my role in the ansiblerun resource:

apiVersion: ansible.crossplane.io/v1alpha1
kind: AnsibleRun
metadata:
  name: example
spec:
  forProvider:
    inventoryInline: |
      [...]
    roles:
    - name: myrole
      src: https://github.com/malins/myrole.git
    vars:
      [...]
  providerConfigRef:
    name: ansible-test

The error I'm getting is:

connect failed: failed to install galaxy collections/roles: [WARNING]: - myrole was NOT installed successfully: - command /usr/bin/git clone
https://github.com/malins/myrole.git myrole failed in
directory /home/ansible/.ansible/tmp/ansible-local-243zzwzx8cq/tmp2sx5cq34
(rc=128) - Cloning into 'myrole'... fatal: could not read Username for
'https://github.com': No such device or address
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
No config file found; using defaults
Starting galaxy role install process: exit status 1

I tried to exec into the pod and issue the command "git config --global credential.helper store" -- and suddenly it start working.

Any help appreciated. Thank you

Manuel

malins avatar Apr 22 '24 08:04 malins

I have the same issue. The feature mentioned in docs would be very handy to solve that problem

https://github.com/crossplane-contrib/provider-ansible/blob/main/docs/design.md#passing-variables

lukas-andrade avatar Oct 03 '24 14:10 lukas-andrade

I have the same problem. The file created in /ansibleRun/UUID/.git-credentials is in the wrong path. According to git docs, it was supposed to be in /home/ansible but the file is not created there.

lukas-andrade avatar Oct 18 '24 18:10 lukas-andrade

I just checked and actually, the file is not written in /home/ansible. See: https://github.com/crossplane-contrib/provider-ansible/blob/main/internal/controller/ansibleRun/ansibleRun.go#L288-L297

Every time a new AnsibleRun is created, foreach credentials defined in the ProviderConfig - the value is fetched and written in /ansibleRun/<uuid>/<base filename>

If we look above and if we're using roles in the custom resource, the git credentials are written instead under /tmp/ ansibleRun/<uuid>/<base filename> and we set GIT_CRED_DIR env var. I've never encountered this one. https://github.com/crossplane-contrib/provider-ansible/blob/main/internal/controller/ansibleRun/ansibleRun.go#L258-L278

I guess we're executing twice that logic because not only .git_credentials can be passed that way. I will check if .git_credentials works when using roles though.

EDIT: it does not work indeed but I may have an idea, I will propose something

MadJlzz avatar Aug 13 '25 12:08 MadJlzz

I've made a proposal in https://github.com/crossplane-contrib/provider-ansible/pull/376 to fix this issue.

MadJlzz avatar Aug 13 '25 14:08 MadJlzz