feat: allow ssh git clone

burrito/config/config.go

@@ -34,10 +34,10 @@ type ControllerTimers struct {
 }
 
 type RepositoryConfig struct {
-	URL      string `yaml:"url"`
-	SSH      string `yaml:"ssh"`
-	Username string `yaml:"username"`
-	Password string `yaml:"password"`
+	URL           string `yaml:"url"`
+	SSHPrivateKey string `yaml:"sshPrivateKey"`
+	// Username      string `yaml:"username"`
+	// Password      string `yaml:"password"`
 }
 
 type RunnerConfig struct {

controllers/pod.go

@@ -14,9 +14,9 @@ const (
 	ApplyAction Action = "apply"
 )
 
-func getPod(layer *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, action Action) corev1.Pod {
+func getPod(layer *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret, action Action) corev1.Pod {
 	pod := corev1.Pod{
-		Spec: defaultPodSpec(layer, repository),
+		Spec: defaultPodSpec(layer, repository, secret),
 	}
 	pod.SetNamespace(layer.Namespace)
 	pod.SetGenerateName(fmt.Sprintf("%s-%s-", layer.Name, action))
@@ -35,7 +35,7 @@ func getPod(layer *configv1alpha1.TerraformLayer, repository *configv1alpha1.Ter
 	return pod
 }
 
-func defaultPodSpec(layer *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) corev1.PodSpec {
+func defaultPodSpec(layer *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) corev1.PodSpec {
 	return corev1.PodSpec{
 		Volumes: []corev1.Volume{
 			{
@@ -75,17 +75,17 @@ func defaultPodSpec(layer *configv1alpha1.TerraformLayer, repository *configv1al
 						Value: repository.Spec.Repository.Url,
 					},
 					{
-						Name:  "BURRITO_RUNNER_REPOSITORY_SSH",
-						Value: "",
-					},
-					{
-						Name:  "BURRITO_RUNNER_REPOSITORY_USERNAME",
-						Value: "",
-					},
-					{
-						Name:  "BURRITO_RUNNER_REPOSITORY_PASSWORD",
-						Value: "",
+						Name:  "BURRITO_RUNNER_REPOSITORY_SSHPRIVATEKEY",
+						Value: secret.StringData["sshPrivateKey"],
 					},
+					// {
+					// 	Name:  "BURRITO_RUNNER_REPOSITORY_USERNAME",
+					// 	Value: "",
+					// },
+					// {
+					// 	Name:  "BURRITO_RUNNER_REPOSITORY_PASSWORD",
+					// 	Value: "",
+					// },
 					{
 						Name:  "BURRITO_RUNNER_PATH",
 						Value: layer.Spec.Path,

controllers/terraformlayer_controller.go

@@ -18,10 +18,12 @@ package controllers
 
 import (
 	"context"
+	baseErr "errors"
 	"time"
 
 	"github.com/padok-team/burrito/burrito/config"
 	"github.com/padok-team/burrito/internal/lock"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -88,9 +90,29 @@ func (r *TerraformLayerReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		log.Error(err, "Failed to get TerraformRepository")
 		return ctrl.Result{RequeueAfter: time.Second * time.Duration(r.Config.Controller.Timers.OnError)}, err
 	}
+	secret := &corev1.Secret{}
+	log.Info("Getting linked Secret")
+	err = r.Client.Get(ctx, types.NamespacedName{
+		Namespace: repository.Spec.Repository.SecretRef.Namespace,
+		Name:      repository.Spec.Repository.SecretRef.Name,
+	}, secret)
+	if (corev1.SecretReference{} == repository.Spec.Repository.SecretRef) {
+		log.Info("No SecretRef defined in TerraformRepository, might be trying to clone public repository.")
+	} else if errors.IsNotFound(err) {
+		log.Info("Secret not found, ignoring layer until it's modified.")
+		return ctrl.Result{RequeueAfter: time.Second * time.Duration(r.Config.Controller.Timers.OnError)}, err
+	} else if err != nil {
+		log.Error(err, "Failed to get Secret")
+		return ctrl.Result{RequeueAfter: time.Second * time.Duration(r.Config.Controller.Timers.OnError)}, err
+	}
+	if _, ok := secret.Data["sshPrivateKey"]; !ok {
+		err = baseErr.New("key missing in secret")
+		log.Error(err, "'sshPrivateKey' not found in secret")
+		return ctrl.Result{RequeueAfter: time.Second * time.Duration(r.Config.Controller.Timers.OnError)}, err
+	}
 	state, conditions := GetState(ctx, layer)
 	layer.Status = configv1alpha1.TerraformLayerStatus{Conditions: conditions}
-	result := state.getHandler()(ctx, r, layer, repository)
+	result := state.getHandler()(ctx, r, layer, repository, secret)
 	err = r.Client.Status().Update(ctx, layer)
 	if err != nil {
 		log.Error(err, "Could not update resource status")

controllers/terraformlayer_states.go

@@ -6,13 +6,14 @@ import (
 
 	configv1alpha1 "github.com/padok-team/burrito/api/v1alpha1"
 	"github.com/padok-team/burrito/internal/lock"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
 type State interface {
-	getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) ctrl.Result
+	getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) ctrl.Result
 }
 
 func GetState(ctx context.Context, r *configv1alpha1.TerraformLayer) (State, []metav1.Condition) {
@@ -39,23 +40,23 @@ func GetState(ctx context.Context, r *configv1alpha1.TerraformLayer) (State, []m
 
 type IdleState struct{}
 
-func (s *IdleState) getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) ctrl.Result {
-	return func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) ctrl.Result {
+func (s *IdleState) getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) ctrl.Result {
+	return func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) ctrl.Result {
 		return ctrl.Result{RequeueAfter: time.Second * time.Duration(t.Config.Controller.Timers.DriftDetection)}
 	}
 }
 
 type PlanNeededState struct{}
 
-func (s *PlanNeededState) getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) ctrl.Result {
-	return func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) ctrl.Result {
+func (s *PlanNeededState) getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) ctrl.Result {
+	return func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) ctrl.Result {
 		log := log.FromContext(ctx)
 		err := lock.CreateLock(ctx, t.Client, r)
 		if err != nil {
 			log.Error(err, "Could not set lock on layer, requeing resource")
 			return ctrl.Result{RequeueAfter: time.Second * time.Duration(t.Config.Controller.Timers.OnError)}
 		}
-		pod := getPod(r, repository, "plan")
+		pod := getPod(r, repository, secret, "plan")
 		err = t.Client.Create(ctx, &pod)
 		if err != nil {
 			log.Error(err, "Failed to create pod for Plan action")
@@ -68,15 +69,15 @@ func (s *PlanNeededState) getHandler() func(ctx context.Context, t *TerraformLay
 
 type ApplyNeededState struct{}
 
-func (s *ApplyNeededState) getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) ctrl.Result {
-	return func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) ctrl.Result {
+func (s *ApplyNeededState) getHandler() func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) ctrl.Result {
+	return func(ctx context.Context, t *TerraformLayerReconciler, r *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository, secret *corev1.Secret) ctrl.Result {
 		log := log.FromContext(ctx)
 		err := lock.CreateLock(ctx, t.Client, r)
 		if err != nil {
 			log.Error(err, "Could not set lock on layer, requeing resource")
 			return ctrl.Result{RequeueAfter: time.Second * time.Duration(t.Config.Controller.Timers.OnError)}
 		}
-		pod := getPod(r, repository, "apply")
+		pod := getPod(r, repository, secret, "apply")
 		err = t.Client.Create(ctx, &pod)
 		if err != nil {
 			log.Error(err, "[TerraformApplyNeeded] Failed to create pod for Apply action")

go.mod

@@ -31,41 +31,26 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.104.0 // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-git/go-git v4.7.0+incompatible
 	github.com/go-git/go-git/v5 v5.5.1
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/zapr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
-	github.com/go-playground/webhooks v5.17.0+incompatible
-	github.com/go-redis/redis v6.15.9+incompatible
-	github.com/go-redis/redis/v8 v8.11.5 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
+	github.com/go-redis/redis/v8 v8.11.5
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/hc-install v0.4.0
@@ -82,8 +67,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nxadm/tail v1.4.8 // indirect
-	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -93,10 +76,10 @@ require (
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/spf13/afero v1.9.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/cobra v1.6.1 // indirect
+	github.com/spf13/cobra v1.6.1
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.14.0 // indirect
+	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.14.0
 	github.com/subosito/gotenv v1.4.1 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
@@ -108,16 +91,14 @@ require (
 	golang.org/x/term v0.3.0 // indirect
 	golang.org/x/text v0.5.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.2.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.26.0 // indirect
+	k8s.io/api v0.26.0
 	k8s.io/apiextensions-apiserver v0.26.0 // indirect
 	k8s.io/component-base v0.26.0 // indirect
 	k8s.io/klog/v2 v2.80.1 // indirect