UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit efde88d5 authored by Ryan Garcia's avatar Ryan Garcia :dizzy:
Browse files

Merge branch '660-extend-git-secret-creation-to-include-ca' into 'master'

Resolve "Extend git secret creation to include CA"

Closes #660

See merge request platform-one/big-bang/bigbang!801
parents 25bd94fb a22b090d
No related branches found
No related tags found
1 merge request!801Resolve "Extend git secret creation to include CA"
Pipeline #446093 passed
......@@ -60,7 +60,7 @@ Build the appropriate git credentials secret for private git repositories
{{- if .Values.git.existingSecret -}}
secretRef:
name: {{ .Values.git.existingSecret }}
{{- else if coalesce .Values.git.credentials.username .Values.git.credentials.password .Values.git.credentials.privateKey .Values.git.credentials.publicKey .Values.git.credentials.knownHosts "" -}}
{{- else if coalesce .Values.git.credentials.username .Values.git.credentials.password .Values.git.credentials.caFile .Values.git.credentials.privateKey .Values.git.credentials.publicKey .Values.git.credentials.knownHosts "" -}}
{{- /* Input validation happens in git-credentials.yaml template */ -}}
secretRef:
name: {{ $.Release.Name }}-git-credentials
......
{{- if not .Values.git.existingSecret }}
{{- with .Values.git -}}
{{- if coalesce .credentials.username .credentials.password .credentials.privateKey .credentials.publicKey .credentials.knownHosts -}}
{{- $http := coalesce .credentials.username .credentials.password "" }}
{{- if coalesce .credentials.username .credentials.password .credentials.caFile .credentials.privateKey .credentials.publicKey .credentials.knownHosts -}}
{{- $http := coalesce .credentials.username .credentials.password .credentials.caFile "" }}
{{- $ssh := coalesce .credentials.privateKey .credentials.publicKey .credentials.knownHosts "" }}
apiVersion: v1
kind: Secret
......@@ -11,11 +11,19 @@ metadata:
type: Opaque
data:
{{- if $http }}
{{- if not (and .credentials.username .credentials.password) }}
{{- fail "When using http git credentials, username and password must both be specified" }}
{{- if .credentials.caFile }}
caFile: {{ .credentials.caFile | b64enc }}
{{- end }}
{{- if and .credentials.username (not .credentials.password ) }}
{{- fail "When using http git username, password must be specified" }}
{{- end }}
{{- if and .credentials.password (not .credentials.username ) }}
{{- fail "When using http git password, username must be specified" }}
{{- end }}
{{- if and .credentials.username .credentials.password }}
username: {{ .credentials.username | b64enc }}
password: {{ .credentials.password | b64enc }}
{{- end }}
{{- else }}
{{- if not (and (and .credentials.privateKey .credentials.publicKey) .credentials.knownHosts) }}
{{- fail "When using ssh git credentials, privateKey, publicKey, and knownHosts must all be specified" }}
......
......@@ -30,7 +30,7 @@ openshift: false
# -- Git credential settings for accessing private repositories
# Order of precedence is:
# 1. existingSecret
# 2. http credentials (username/password)
# 2. http credentials (username/password/caFile)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
......@@ -41,7 +41,8 @@ git:
# -- HTTP git credentials, both username and password must be provided
username: ""
password: ""
# -- HTTPS certificate authority file. Required for any repo with a self signed certificate
caFile: ""
# -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment