Nephio is a Kubernetes-based automation platform for deploying and managing highly distributed, interconnected workloads such as 5G Network Functions, and the underlying infrastructure on which those workloads depend.
Apache License 2.0
93
stars
52
forks
source link
Support additional auth schemes to allow integration with other git providers #702
Original issue URL: https://github.com/kptdev/kpt/issues/3232
Original issue user: https://github.com/mortent
Original issue created at: 2022-05-25T14:25:02Z
Original issue last updated at: 2022-12-05T17:28:40Z
Original issue body: porch currently only supports basic authentication against git repositories. We need to support additional auth schemes such as ssh keys and GCP service accounts to enable integration with other git providers.
Original issue comments:
Comment user: https://github.com/bgrant0607
Comment created at: 2022-07-22T22:12:21Z
Comment last updated at: 2022-07-22T22:12:21Z
Comment body: FWIW, I use a personal access token with github, and that works using the kubernetes.io/basic-auth secret, with the token as the password. Not sure about other git providers.
Comment user: https://github.com/johnbelamaric
Comment created at: 2022-08-08T21:37:35Z
Comment last updated at: 2022-08-08T21:37:35Z
Comment body: Adding note from #3440 and closing that as a duplicate:
When using Porch, I can register a repository with basic auth or workload identity. The basic auth can be used with GitHub personal access tokens. However, those tokens are highly priviliged - so much so that for my testing I created a new, separate GitHub user.
Instead, if we can support ssh auth, then I should be able to use a deploy key, which is scoped to an individual repository.
Not a blocker at this time but will be needed as we move towards something that folks could use in prod.
Comment user: https://github.com/ianonavy
Comment created at: 2022-12-05T17:28:39Z
Comment last updated at: 2022-12-05T17:28:39Z
Comment body: Will this extend to kpt pkg get as well? Wasn't sure if I should open up a separate issue, but the desire is for kpt pkg get "ssh://git@github.com/organization/repo.git" to work. I would have expected this to work out of the box, but it seems like there is some special case logic for github.com URIs, and it doesn't currently accept git@github.com. See below:
Original issue URL: https://github.com/kptdev/kpt/issues/3232 Original issue user: https://github.com/mortent Original issue created at: 2022-05-25T14:25:02Z Original issue last updated at: 2022-12-05T17:28:40Z Original issue body: porch currently only supports basic authentication against git repositories. We need to support additional auth schemes such as ssh keys and GCP service accounts to enable integration with other git providers.
We have a separate issue to support [Cloud Source Repositories] using workload identity.
Original issue comments: Comment user: https://github.com/bgrant0607 Comment created at: 2022-07-22T22:12:21Z Comment last updated at: 2022-07-22T22:12:21Z Comment body: FWIW, I use a personal access token with github, and that works using the kubernetes.io/basic-auth secret, with the token as the password. Not sure about other git providers.
Comment user: https://github.com/johnbelamaric Comment created at: 2022-08-08T21:37:35Z Comment last updated at: 2022-08-08T21:37:35Z Comment body: Adding note from #3440 and closing that as a duplicate:
When using Porch, I can register a repository with basic auth or workload identity. The basic auth can be used with GitHub personal access tokens. However, those tokens are highly priviliged - so much so that for my testing I created a new, separate GitHub user.
Instead, if we can support ssh auth, then I should be able to use a deploy key, which is scoped to an individual repository.
Not a blocker at this time but will be needed as we move towards something that folks could use in prod.
Comment user: https://github.com/ianonavy Comment created at: 2022-12-05T17:28:39Z Comment last updated at: 2022-12-05T17:28:39Z Comment body: Will this extend to
kpt pkg getas well? Wasn't sure if I should open up a separate issue, but the desire is forkpt pkg get "ssh://git@github.com/organization/repo.git"to work. I would have expected this to work out of the box, but it seems like there is some special case logic for github.com URIs, and it doesn't currently acceptgit@github.com. See below:https://github.com/GoogleContainerTools/kpt/blob/519b56cfb9f19a73d375a31d19213f1ab8c44326/internal/util/parse/parse.go#L149