Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for known_hosts file #1239

Merged
merged 3 commits into from
Jun 30, 2023
Merged

Add support for known_hosts file #1239

merged 3 commits into from
Jun 30, 2023

Conversation

chenbh
Copy link
Contributor

@chenbh chenbh commented Jun 29, 2023

fixes #1230

For more details see the docs change

  • Introduce a flag INSECURE_SSH_TRUST_UNKNOWN_HOSTS to automatically trust unknown hosts (default value is true to keep backwards compatibilty
  • If the flag is disabled, a known_hosts field can be specified on the ssh auth secret to configure it
  • Add e2e tests for authenticated git sources (basic auth + ssh auth)

chenbh added 3 commits June 22, 2023 17:18
@chenbh
add explicit known_hosts support for git ssh
010e959 
when we switched from libgit2 to go-git, the ssh source was broken
because libgit2 implicitly trusted unknown hosts whereas go-git required
it to be explicitly done in code.

this commit fixes that regression by introducing a flag on the
controller to explicitly trust all unknown hosts. at the same time, we
also introduce the ability to specify the trusted hosts via the git ssh
secret.

Signed-off-by: Bohan Chen <bohanc@vmware.com>
@chenbh
pass in known_hosts as string instead of file
3e93d7b 
for use cases like the source resolver controller where we have access
to the value in memory instead of as a file

Signed-off-by: Bohan Chen <bohanc@vmware.com>
@chenbh
add e2e tests for authenticated git sources
ec441ca 
Signed-off-by: Bohan Chen <bohanc@vmware.com>
tomkennedy513
tomkennedy513 reviewed Jun 29, 2023
View reviewed changes
pkg/buildpod/generator.go
@@ -11,7 +11,6 @@ import (
ggcrv1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/pkg/errors"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

tomkennedy513
tomkennedy513 approved these changes Jun 29, 2023
View reviewed changes
Copy link
Collaborator

@tomkennedy513 tomkennedy513 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

@chenbh chenbh merged commit 0d37790 into main Jun 30, 2023
@chenbh chenbh deleted the git-ssh-known-hosts branch June 30, 2023 16:08
@zarybnicky zarybnicky mentioned this pull request Nov 22, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomkennedy513 tomkennedy513 tomkennedy513 approved these changes

@matthewmcnew matthewmcnew Awaiting requested review from matthewmcnew

@pviraj59 pviraj59 Awaiting requested review from pviraj59

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@chenbh @tomkennedy513