feature: adding private repo capability

yannh / kubeconform

A FAST Kubernetes manifests validator, with support for Custom Resources!

Apache License 2.0

2.07k stars 116 forks source link

feature: adding private repo capability #243

Open vhbfernandes opened 8 months ago

vhbfernandes commented 8 months ago

Added a new feature that uses an env GITHUB_TOKEN to allow for private repo support
- Refactored the http client to a more generic implementation to allow for the usage of headers
Some housekeeping to remove deprecated ioutil package

Closes https://github.com/yannh/kubeconform/issues/237

Pointing out that I went for the "magic env" approach to avoid breaking the interface and backwards compatibility :)

yannh commented 8 months ago

Left a couple comment, but also with regards to https://github.com/yannh/kubeconform/issues/237 it looks like some have the need for authentication for non-GH repos. I'm wondering how we could pass authentication headers to only some schema registries :thinking:

jvtartaglia commented 6 months ago

@vhbfernandes @yannh any follow up on this? is there anything I can help with?

sosimon commented 6 months ago

For Github, we could pass the token as a URL query param ?token=<token>. Potential invokation might look something like this:

kubeconform -strict -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -schema-location 'https://<internal-github>/raw/<org>/<repo>/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json?token=<token>'

BUT, we would need to change the logic here a bit before that will work: https://github.com/yannh/kubeconform/blob/master/pkg/registry/registry.go#L87