Merge pull request #290 from simeonkorchev/feature/submodule-config

Add config for private submodules from external git servers
concourse · Dec 20, 2019 · f0d57ba · f0d57ba
2 parents 2a168fd + 5192a1d
commit f0d57ba
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -52,6 +52,17 @@ Tracks the commits in a [git](http://git-scm.com/) repository.
   the `branch`. Patterns are [glob(7)](http://man7.org/linux/man-pages/man7/glob.7.html)
   compatible (as in, bash compatible).
 
+* `submodule_credentials`: *Optional.* List of credentials for HTTP(s) auth when pulling/pushing private git submodules which are not stored in the same git server as the container repository.
+    Example:
+    ```
+    submodule_credentials:
+    - host: github.com
+      username: git-user
+      password: git-password
+    - <another-configuration>
+    ```
+    Note that `host` is specified with no protocol extensions.
+
 * `git_config`: *Optional.* If specified as (list of pairs `name` and `value`)
   it will configure git global options, setting each name with each value.
 
@@ -124,6 +135,27 @@ resources:
       proxy_password: myverysecurepassword
 ```
 
+Resource configuration for a private repo with a private submodule from different git server:
+
+``` yaml
+resources:
+- name: source-code
+  type: git
+  source:
+    uri: git@github.com:concourse/git-resource.git
+    branch: master
+    submodule_credentials:
+    - host: some.other.git.server
+      username: user
+      password: verysecurepassword
+    private_key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIEowIBAAKCAQEAtCS10/f7W7lkQaSgD/mVeaSOvSF9ql4hf/zfMwfVGgHWjj+W
+      <Lots more text>
+      DWiJL+OFeg9kawcUL6hQ8JeXPhlImG6RTUffma9+iGQyyBMCGd1l
+      -----END RSA PRIVATE KEY-----
+```
+
 Fetching a repo with only 100 commits of history:
 
 ``` yaml

diff --git a/assets/common.sh b/assets/common.sh
@@ -178,13 +178,32 @@ git_metadata() {
     add_git_metadata_url
 }
 
+configure_submodule_credentials() {
+  local username
+  local password
+  if [[ "$(jq -r '.source.submodule_credentials // ""' < "$1")" == "" ]]; then
+    return
+  fi
+
+  for k in $(jq -r '.source.submodule_credentials | keys | .[]' < "$1"); do
+    host=$(jq -r --argjson k "$k" '.source.submodule_credentials[$k].host // ""' < "$1")
+    username=$(jq -r --argjson k "$k" '.source.submodule_credentials[$k].username // ""' < "$1")
+    password=$(jq -r --argjson k "$k" '.source.submodule_credentials[$k].password // ""' < "$1")
+    if [ "$username" != "" -a "$password" != "" -a "$host" != "" ]; then
+      echo "machine $host login $username password $password" >> "${HOME}/.netrc"
+    fi
+  done
+}
+
 configure_credentials() {
   local username=$(jq -r '.source.username // ""' < $1)
   local password=$(jq -r '.source.password // ""' < $1)
 
   rm -f $HOME/.netrc
+  configure_submodule_credentials "$1"
+
   if [ "$username" != "" -a "$password" != "" ]; then
-    echo "default login $username password $password" > $HOME/.netrc
+    echo "default login $username password $password" >> "${HOME}/.netrc"
   fi
 }
 

diff --git a/test/check.sh b/test/check.sh
@@ -82,6 +82,28 @@ it_can_check_with_credentials() {
   [ ! -f "$HOME/.netrc" ]
 }
 
+it_can_check_with_submodule_credentials() {
+  local repo=$(init_repo)
+  local ref=$(make_commit "$repo")
+  local expected_netrc
+  expected_netrc=$(cat <<EOF
+machine host1 login user2 password pass2
+default login user1 password pass1
+EOF
+)
+  check_uri_with_submodule_credentials "$repo" "user1" "pass1" "host1" "user2" "pass2" | jq -e "
+    . == [{ref: $(echo $ref | jq -R .)}]
+  "
+  echo "Generated netrc $(cat ${HOME}/.netrc)"
+  echo "Expected netrc $expected_netrc"
+  [ "$(cat $HOME/.netrc)" = "$expected_netrc" ]
+
+  check_uri_with_credentials $repo "" "" | jq -e "
+    . == [{ref: $(echo $ref | jq -R .)}]
+  "
+  [ ! -f "$HOME/.netrc" ]
+}
+
 it_clears_netrc_even_after_errors() {
   local repo=$(init_repo)
   local ref=$(make_commit $repo)
@@ -702,6 +724,7 @@ run it_fails_if_key_has_password
 run it_configures_forward_agent
 run it_skips_forward_agent_configuration
 run it_can_check_with_credentials
+run it_can_check_with_submodule_credentials
 run it_clears_netrc_even_after_errors
 run it_can_check_empty_commits
 run it_can_check_with_tag_filter

diff --git a/test/helpers.sh b/test/helpers.sh
@@ -293,6 +293,22 @@ check_uri_with_credentials() {
   }" | ${resource_dir}/check | tee /dev/stderr
 }
 
+check_uri_with_submodule_credentials() {
+  jq -n "{
+    source: {
+      uri: $(echo $1 | jq -R .),
+      username: $(echo $2 | jq -R .),
+      password: $(echo $3 | jq -R .),
+      submodule_credentials: [
+        {
+          host: $(echo $4 | jq -R .),
+          username: $(echo $5 | jq -R .),
+          password: $(echo $6 | jq -R .)
+        }
+      ]
+    }
+  }" | ${resource_dir}/check | tee /dev/stderr
+}
 
 check_uri_ignoring() {
   local uri=$1