search

google-github-actions / auth

A GitHub Action for authenticating to Google Cloud.
https://cloud.google.com/iam
Apache License 2.0
966 stars 196 forks source link

URL-encoding not handled for proxy username. #429

Closed yangy-23 closed 3 months ago

yangy-23 commented 3 months ago

TL;DR

google-github-actions/auth action won't decode URL encoded proxy username and password when needed.

Expected behavior

Our Zscaler proxy requires @ to be used within the username. Because the username and password are specified as part of a URL, they must be URL-encoded by the caller; otherwise consider what would happen if the user's password or username contained an @ or a :, etc.

  1. Self-hosted runner with http_proxy and https_proxy setup with http://gcp-githubshr-np%40globaltest.com:*************@vse.swg.np.cyber.gcpnp.com:80
  2. Expect auth action load proxy username as gcp-githubshr-np@globaltest.com

Observed behavior

Auth action use plain text instead of decode %40 to @ image

Action YAML

- name: Google Cloud OIDC Authentication
        id: gcp-oidc
        uses: 'google-github-actions/auth@v2'
        env:
          NODE_DEBUG: http
          ACTIONS_RUNNER_DEBUG: true
          ACTIONS_STEP_DEBUG: true
        with:
          token_format: access_token
          workload_identity_provider: projects/10000000000/locations/global/workloadIdentityPools/github-enterprise-cloud/providers/xxxxx
          service_account: h-primary-services-np@xxx-bootstrap-np-487e09.iam.gserviceaccount.com

Log output

No response

Additional information

Self-hosted runner with http_proxy and https_proxy as part of global env.

http_proxy= http://gcp-xxxx-githubshr-np%40globaltest.com:*************@vse.swg.np.cyber.gcpnp.com:80
https_proxy= http://gcp-xxxx-githubshr-np%40globaltest.com:*************@vse.swg.np.cyber.gcpnp.com:80
github-actions[bot] commented 3 months ago

Hi there @yangy-23 :wave:!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

sethvargo commented 3 months ago

Hi @yangy-23 thank you for opening an issue. We do not control the proxy implementation. Please open a bug against GitHub's http-client at https://github.com/actions/toolkit/tree/main/packages/http-client. Thanks!