Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to set git auth token using environment variables #1263

Merged
merged 1 commit into from
May 20, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,9 @@ If you are using Azure Blob Storage for context file, you will need to pass [Azu
### Using Private Git Repository
You can use `Personal Access Tokens` for Build Contexts from Private Repositories from [GitHub](https://blog.github.com/2012-09-21-easier-builds-and-deployments-using-git-over-https-and-oauth/).

You can either pass this in as part of the git URL (e.g., `git://TOKEN@github.com/acme/myproject.git#refs/heads/mybranch`)
or using the environment variable `GIT_USERNAME`.

### Using Standard Input
If running kaniko and using Standard Input build context, you will need to add the docker or kubernetes `-i, --interactive` flag.
Once running, kaniko will then get the data from `STDIN` and create the build context as a compressed tar.
Expand Down
18 changes: 18 additions & 0 deletions pkg/buildcontext/git.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,17 @@ import (
"github.com/GoogleContainerTools/kaniko/pkg/constants"
git "gopkg.in/src-d/go-git.v4"
"gopkg.in/src-d/go-git.v4/plumbing"
"gopkg.in/src-d/go-git.v4/plumbing/transport"
"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
)

const (
gitPullMethodEnvKey = "GIT_PULL_METHOD"
gitPullMethodHTTPS = "https"
gitPullMethodHTTP = "http"

gitAuthUsernameEnvKey = "GIT_USERNAME"
gitAuthPasswordEnvKey = "GIT_PASSWORD"
)

var (
Expand All @@ -46,6 +51,7 @@ func (g *Git) UnpackTarFromBuildContext() (string, error) {
parts := strings.Split(g.context, "#")
options := git.CloneOptions{
URL: getGitPullMethod() + "://" + parts[0],
Auth: getGitAuth(),
Progress: os.Stdout,
}
if len(parts) > 1 {
Expand All @@ -55,6 +61,18 @@ func (g *Git) UnpackTarFromBuildContext() (string, error) {
return directory, err
}

func getGitAuth() transport.AuthMethod {
username := os.Getenv(gitAuthUsernameEnvKey)
password := os.Getenv(gitAuthPasswordEnvKey)
if username != "" || password != "" {
tejal29 marked this conversation as resolved.
Show resolved Hide resolved
return &http.BasicAuth{
Username: username,
Password: password,
}
}
return nil
}

func getGitPullMethod() string {
gitPullMethod := os.Getenv(gitPullMethodEnvKey)
if ok := supportedGitPullMethods[gitPullMethod]; !ok {
Expand Down
87 changes: 87 additions & 0 deletions pkg/buildcontext/git_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ import (
"testing"

"github.com/GoogleContainerTools/kaniko/testutil"
"gopkg.in/src-d/go-git.v4/plumbing/transport"
"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
)

func TestGetGitPullMethod(t *testing.T) {
Expand Down Expand Up @@ -80,3 +82,88 @@ func TestGetGitPullMethod(t *testing.T) {
})
}
}

func TestGetGitAuth(t *testing.T) {
tests := []struct {
testName string
setEnv func() (expectedValue transport.AuthMethod)
}{
{
testName: "noEnv",
setEnv: func() (expectedValue transport.AuthMethod) {
expectedValue = nil
return
},
},
{
testName: "emptyUsernameEnv",
setEnv: func() (expectedValue transport.AuthMethod) {
_ = os.Setenv(gitAuthUsernameEnvKey, "")
expectedValue = nil
return
},
},
{
testName: "emptyPasswordEnv",
setEnv: func() (expectedValue transport.AuthMethod) {
_ = os.Setenv(gitAuthPasswordEnvKey, "")
expectedValue = nil
return
},
},
{
testName: "emptyEnv",
setEnv: func() (expectedValue transport.AuthMethod) {
_ = os.Setenv(gitAuthUsernameEnvKey, "")
_ = os.Setenv(gitAuthPasswordEnvKey, "")
expectedValue = nil
return
},
},
{
testName: "withUsername",
setEnv: func() (expectedValue transport.AuthMethod) {
username := "foo"
_ = os.Setenv(gitAuthUsernameEnvKey, username)
expectedValue = &http.BasicAuth{Username: username}
return
},
},
{
testName: "withPassword",
setEnv: func() (expectedValue transport.AuthMethod) {
pass := "super-secret-password-1234"
_ = os.Setenv(gitAuthPasswordEnvKey, pass)
expectedValue = &http.BasicAuth{Password: pass}
return
},
},
{
testName: "withUsernamePassword",
setEnv: func() (expectedValue transport.AuthMethod) {
username := "foo"
pass := "super-secret-password-1234"
_ = os.Setenv(gitAuthUsernameEnvKey, username)
_ = os.Setenv(gitAuthPasswordEnvKey, pass)
expectedValue = &http.BasicAuth{Username: username, Password: pass}
return
},
},
}

for _, tt := range tests {
t.Run(tt.testName, func(t *testing.T) {
// Make sure to unset environment vars to get a clean test each time
defer clearTestAuthEnv()

expectedValue := tt.setEnv()
testutil.CheckDeepEqual(t, expectedValue, getGitAuth())
})
}

}

func clearTestAuthEnv() {
_ = os.Unsetenv(gitAuthUsernameEnvKey)
_ = os.Unsetenv(gitAuthPasswordEnvKey)
}