go-git icon indicating copy to clipboard operation
go-git copied to clipboard

Published 20 hours ago verified publisher icon src-d

Issue using basic auth with tokens when credentials are passed via environment variables.

Open liafizan opened this issue 5 years ago • 2 comments

I am deploying my client using Kubernetes and it kept failing with error: time="2019-03-20T18:06:40Z" level=fatal msg="authentication required" Made modifications based on this SO post:

package main

import (
    "fmt"
    "os"
    "time"

    log "github.com/Sirupsen/logrus"
    gogit "gopkg.in/src-d/go-git.v4"
    gitconfig "gopkg.in/src-d/go-git.v4/config"
    "gopkg.in/src-d/go-git.v4/plumbing"
    "gopkg.in/src-d/go-git.v4/plumbing/transport/http"
)

func main() {
    var repository *gogit.Repository
    var err error

    // @TODO: Why not use clone?
    if _, err = os.Stat("/tmp/repo"); os.IsNotExist(err) {
        repository, err = gogit.PlainInit("/tmp/repo", false)
        if err != nil {
            log.Errorf("could not init local repository %s: %s", "/tmp", err.Error())
        }
    } else {
        repository, err = gogit.PlainOpen("/tmp/repo")
    }

    //fmt.Println((repository))
    if _, err = repository.Remote("origin"); err == gogit.ErrRemoteNotFound {
        _, err = repository.CreateRemote(&gitconfig.RemoteConfig{
            Name: "origin",
            URLs: []string{"https://xxxxx.git"},
        })
        if err != nil {
            log.Errorf("could not attach to origin %s: %s", "bb", err.Error())
        }
    }

    fmt.Println("Done with mapping")


    r, err := gogit.PlainOpen("/tmp/repo")
    if err != nil {
        log.Fatal(err)
    }
    //fmt.Println(r)
    branch := fmt.Sprintf("refs/heads/%s", "master")

    fmt.Println("Setup wotktree")
    w, err := r.Worktree()
    if err != nil {
        log.Fatal(err)
    }

    fmt.Println("pulling")
    fmt.Println(os.Getenv("GIT_USER"))
    fmt.Println(os.Getenv("GIT_TOKEN"))
    if err := w.Pull(&gogit.PullOptions{
        ReferenceName: plumbing.ReferenceName(branch),
        Auth: &http.BasicAuth{
            // Username: "xxxxxx",
            // Password: "xxxxxxxxxx",
            Username: os.Getenv("GIT_USER"),
            Password: os.Getenv("GIT_TOKEN"),
        },
    }); err != nil {
        log.Fatal(err)
    }
    fmt.Println("done")
    time.Sleep(120 * time.Second)
}

Ok, so the question here is how do we securely pass credentials as environment variables? Shall we rely on credential helper and carve out something for the purpose above

liafizan avatar Mar 20 '19 18:03 liafizan

This was due to https://github.com/kubernetes/kubernetes/issues/23404. My Kubernetes secret had a new line and it kept failing due to that. Wonder if we can add feature to strip newline when using basic auth.

liafizan avatar Mar 21 '19 22:03 liafizan

What I did to fix this is using kubectl create secret generic my-secret --from-literal= instead of --from-file=. This fixed the issue.

gabrielvcbessa avatar Jul 30 '19 18:07 gabrielvcbessa