Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add git ssh auth support #197

Open
ron1 opened this issue Feb 7, 2023 · 4 comments
Open

Add git ssh auth support #197

ron1 opened this issue Feb 7, 2023 · 4 comments
Labels
enhancement New feature or request

Comments

@ron1
Copy link
Contributor

ron1 commented Feb 7, 2023

What problem are you facing?

Some environments rely on gith ssh based auth for private repositories instead of the currently supported token one.

The Upbound provider-terraform shares this problem as described here.

How could Crossplane help solve your problem?

Extend the current code around credentials setup with ssh support.

This code is similar to the code in provider-terraform around credentials setup.

@ron1 ron1 added the enhancement New feature or request label Feb 7, 2023
@glennpratt
Copy link
Contributor

glennpratt commented Dec 12, 2023

If you'd like a monstrously terrible hack workaround:

{{- $now := now | unixEpoch -}}

---
apiVersion: ansible.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: {{ $myName }}
spec:
  credentials:
  - filename: .git-credentials-{{ $now }}
    source: Secret
    secretRef:
      namespace: mynamespace
      name: git-deploy-secret
      key: sshPrivateKey
  vars:
    - key: GIT_SSH_COMMAND
      value: ssh -i $(find /ansibleDir -name '.git-credentials-{{ $now }}' -maxdepth 2 -mindepth 2 | head -n1) -o StrictHostKeyChecking=accept-new

@WintonHuang1893
Copy link

If you'd like a monstrously terrible hack workaround:

{{- $now := now | unixEpoch -}}

---
apiVersion: ansible.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: {{ $myName }}
spec:
  credentials:
  - filename: .git-credentials-{{ $now }}
    source: Secret
    secretRef:
      namespace: mynamespace
      name: git-deploy-secret
      key: sshPrivateKey
  vars:
    - key: GIT_SSH_COMMAND
      value: ssh -i $(find /ansibleDir -name '.git-credentials-{{ $now }}' -maxdepth 2 -mindepth 2 | head -n1) -o StrictHostKeyChecking=accept-new

@glennpratt Thanks, but still no luck to me using GIT_SSH_COMMAND

  status:
    atProvider: {}
    conditions:
    - lastTransitionTime: "2024-01-29T03:39:47Z"
      message: |-
        connect failed: failed to install galaxy collections/roles: [WARNING]: - role-repo was NOT installed successfully: - command
        /usr/bin/git clone git@gitlab.private:group/role-repo.git
        role-repo failed in directory /home/ansible/.ansible/tmp/ansible-
        local-5600490048dvjn/tmp4fc9p3aq (rc=128) - Cloning into 'role-repo'
        ... error: cannot fork() for ssh -i $(find /ansibleDir -name '.git-
        credentials-ssh' -maxdepth 2 -mindepth 2 | head -n1) -o
        StrictHostKeyChecking=accept-new: Resource temporarily unavailable fatal:
        unable to fork
        ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
        No config file found; using defaults
        Starting galaxy role install process
        : exit status 1
      reason: ReconcileError
      status: "False"
      type: Synced

@glennpratt
Copy link
Contributor

glennpratt commented Mar 7, 2024

@WintonHuang1893

Resource temporarily unavailable fatal: unable to fork

That sounds like #304 which is fixed but not yet released. Restarting the deployment or deleting the pod would help if that is the issue.

@lukas-andrade
Copy link

Up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants