recover is requesting credentials

[endophage]

I'm testing recovery against a local (docker desktop) k8s cluster. I've been able to install argocd using autopilot successfully. I then used docker desktop's "Reset Kubernetes Cluster" and I'm testing that recovery works.

Even with the GIT_TOKEN set in the env and passed using --git-token, running an argocd-autopilot repo bootstrap --recover is asking for my credentials to login to github.

autopilot version is 0.3.7

[endophage]

Adding onto this after more debugging.

It seems that the CLI only asks for github credentials when --app is passed. If instead I just use --repo everything works fine. The CLI help text says --recover is meant to be used with --app but based on my experience testing, it seems like --app is redundant, you can just use --repo instead. Am I missing something there?

[endophage]

Even more testing and running the command in a debugger. --recover is really broken. When the bootstrap hands off to kustomize (via the krusty library), that asks for a github login rather than using the provided token because it's not at all integrated into your code (and our security policies won't allow us to login to our private repos using a username and password only).

So, the alternative would be to let a user checkout their private repo themselves and provide a local filepath to the bootstrap/argo-cd kustomization. However that doesn't work because kustomize throws a security error due to the local path being outside the temporary directory you create for your wrapping kustomization.

[debovema]

I can confirm the same bug when using a custom app specifier (--app) as described here.

[Roguito]

same issue as @debovema . I patched argocd's cm to exclude ciliumIdentity and then had to do a recover and thought I'd need to explicitly specify the app and ran into this as well.