Add git ssh auth support

upbound / provider-terraform

A @crossplane provider for Terraform

Apache License 2.0

122 stars 55 forks source link

Add git ssh auth support #53

Open ytsarev opened 1 year ago

ytsarev commented 1 year ago

What problem are you facing?

Some environments rely on gith ssh based auth for private repositories instead of the currently supported token one.

There were multiple requests in slack, an issue in this repo and even an implementation attempt in the old repo

How could Official Terraform Provider help solve your problem?

Extend the current code around credentials setup with ssh support.

project-administrator commented 1 year ago

While this is not implemented yet, the workaround to handle the ssh:// URLs might be the custom provider-terraform docker image with /.gitconfig replaced with the following:

[url "https://git"]
insteadOf = "ssh://git@git"

[credential]
    helper = store --file=$GIT_CRED_DIR/.git-credentials

davidwincent commented 1 year ago

Has anyone successfully used private github repositories with provider-terraform?

github seems to have dropped support for password authentication 2021?

❯ git config --global credential.helper store
❯ git clone https://github.com/***/argocd-apps.git
Cloning into 'argocd-apps'...
Username for 'https://github.com': ***
Password for 'https://***@github.com':
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/***/argocd-apps.git/'

See https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls

ytsarev commented 1 year ago

@davidwincent we recommend using personal access tokens https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#using-a-personal-access-token-on-the-command-line that is totally supported.

autarchprinceps commented 1 month ago

Personal access tokens are tied to individuals. A SSH key can be uploaded as a deploy key to allow access independent of when an individual leaves and not exposing other permissions of that individual. Usage of PAT for something like this is not git best practice, since this is a technical system accessing the repo, not a human user.