Resolve "Extend git secret creation to include CA" (!801) · Merge requests · Big Bang / bigbang

Michael Martin requested to merge 660-extend-git-secret-creation-to-include-ca into master Aug 25, 2021

Summary

Added in changes to support the caFile for Flux git repositories. The chart logic was updated to follow the Flux use of this param to allow caFile to be present without username and password in the case where a public repository is used.

Tested using a copy of the monitoring package in a local apache-hosted git web repository using a self-signed certificate.

Without caFile set, flux would report the error:

bigbang  	gitrepository/monitoring          	False	unable to clone 'https://blackpearl/git/test', error: Get "https://blackpearl/git/test/info/refs?service=git-upload-pack": x509: certificate signed by unknown authority	14.0.0-bb.6/661f4fb010e085e0c13f9d64f2a0bbac496129fb	False

With the caFile set, flux accepted the certificate:

monitoring   https://blackpearl/git/test   True    Fetched revision: 14.0.0-bb.6/661f4fb010e085e0c13f9d64f2a0bbac496129fb   8m26s

Verified the logic creates the bigbang-git-credentials with the caFile field set.

Closes #660 (closed)

Edited Aug 25, 2021 by Michael Martin

Admin message

Resolve "Extend git secret creation to include CA"

Merge request reports