Open vhbfernandes opened 8 months ago
Left a couple comment, but also with regards to https://github.com/yannh/kubeconform/issues/237 it looks like some have the need for authentication for non-GH repos. I'm wondering how we could pass authentication headers to only some schema registries :thinking:
@vhbfernandes @yannh any follow up on this? is there anything I can help with?
For Github, we could pass the token as a URL query param ?token=<token>
. Potential invokation might look something like this:
kubeconform -strict -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -schema-location 'https://<internal-github>/raw/<org>/<repo>/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json?token=<token>'
BUT, we would need to change the logic here a bit before that will work: https://github.com/yannh/kubeconform/blob/master/pkg/registry/registry.go#L87
Closes https://github.com/yannh/kubeconform/issues/237
Pointing out that I went for the "magic env" approach to avoid breaking the interface and backwards compatibility :)