fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon rancher

[SURE-6280] Not able to connect to GitRepos inside an org which has SSO enabled

Open gauravngandhi opened this issue 2 years ago • 8 comments

SURE-6280

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

We are trying to connect the fleet to a GItRepo which has resources to deploy to the managed cluster. The Git repository is hosted on Github inside an org which has SSO enabled. Tried with Basic Auth, using PAT(authorized it for the org). We also tried this with and without putting the Username. For both the scenarios we get the same error Git ls-remote -- https://github.com/<org-name>/<repo-name>.git refs/heads/main error: exit status 128, detail: fatal: could not read Username for 'https://github.com': terminal prompts disabled

Expected Behavior

We should be able to connect to repositories inside an org with SSO enabled

Steps To Reproduce

  1. Add a repository
  2. Put Basic auth creds, PAT in password field.

Environment

- Fleet Version: v0.5.0

Logs

No response

Anything else?

No response

gauravngandhi avatar Mar 13 '23 14:03 gauravngandhi

Can you try to use [email protected]:organization/repo.git as per this comment https://github.com/rancher/fleet/issues/238#issuecomment-1233015041 ?

If PAT only work with git@, not with https, that would mean we have a bug in our docs at https://fleet.rancher.io/gitrepo-add#using-http-auth

manno avatar May 05 '23 08:05 manno

part of #1504

kkaempf avatar May 05 '23 09:05 kkaempf

Can you try to use [email protected]:organization/repo.git as per this comment #238 (comment) ?

If PAT only work with git@, not with https, that would mean we have a bug in our docs at https://fleet.rancher.io/gitrepo-add#using-http-auth

Tried this, w/o usrername, error Parse "[email protected]:org/repo.git": first path segment in URL cannot contain colon with username, error Git ls-remote -- [email protected]:org/repo.git refs/heads/master error: exit status 128, detail: [email protected]: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists

I thought we use git@... only when we want to authenticate using SSH

gauravngandhi avatar May 10 '23 13:05 gauravngandhi

We would need a fix earlier than 2.9.x

kkaempf avatar Mar 18 '24 15:03 kkaempf

Tried with Basic Auth, using PAT(authorized it for the org).

Would something like https://<username>:<github-token>@github.com/org/repo.git work and be acceptable from a security point of view?

weyfonk avatar Apr 15 '24 14:04 weyfonk

Hi @gauravngandhi. I just wanted to confirm something; when attempted to access via SSO, did you ensure that either the ssh key or PAT had SSO correctly configured in Github? Just commenting because if correctly configured via SSO this should be considered a private repo and then you can follow the way to configure such a private git repository as documented in the fleet docs.

mmartin24 avatar Jul 31 '24 14:07 mmartin24

Dropping from Fleet project board as we're seeing no progress in the last months 😞

kkaempf avatar Oct 02 '24 14:10 kkaempf