Added authentication functionality for the private index.

falcosecurity / falcoctl

Administrative tooling for Falco

Apache License 2.0

87 stars 59 forks source link

Added authentication functionality for the private index. #636

Open sh4n3e opened 2 months ago

sh4n3e commented 2 months ago

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

/kind flaky-test

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area library

/area cli

/area tests

/area examples

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

I have added authentication functionality for the private index. When I use private index on Enterprise Github environment (Internal/Private Repository), Exsisted Version's falcoctl is not supported.

> falcoctl index add private_index https://raw.enterprise-github.com/org_name/repo_name/main/index.yaml https {{ base64.encode("Header_name:Authentication_token") }}

poiana commented 2 months ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sh4n3e Once this PR has been reviewed and has the lgtm label, please assign alacuku for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/falcosecurity/falcoctl/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

alacuku commented 2 months ago

Hey @sh4n3e, thanks for the PR.

Authentication when retrieving index files could be handy in some contexts, and I thank you for bringing this up. However, we need a simpler user experience when using authentication. Furthermore, we support different backends for index files, and the solution proposed in this PR is not flexible enough to support all the existing backends or future ones.

The command should expose three new flags:

-p, --password string   index password
      --password-stdin    read password from stdin
  -u, --username string   index username

Those values should be then used for the current backend if supported.

Here is the PR that added the same feature for the authentication command: https://github.com/falcosecurity/falcoctl/pull/588