Make username optional for create secret git

talife · Max Jonas Werner · commit a6cb5930f8e2 · 2023-08-23T11:59:10.000+02:00
Git authentication with basic auth doesn't necessarily require a
username to be present.

Signed-off-by: talife &lt;gilletvincent@gmail.com&gt;
Signed-off-by: Max Jonas Werner &lt;mail@makk.es&gt;
diff --git a/cmd/flux/create_secret_git.go b/cmd/flux/create_secret_git.go
@@ -153,13 +153,13 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 		opts.ECDSACurve = secretGitArgs.ecdsaCurve.Curve
 		opts.Password = secretGitArgs.password
 	case "http", "https":
-		if (secretGitArgs.username == "" || secretGitArgs.password == "") && secretGitArgs.bearerToken == "" {
+		if secretGitArgs.password == "" && secretGitArgs.bearerToken == "" {
 			return fmt.Errorf("for Git over HTTP/S the username and password, or a bearer token is required")
 		}
 		opts.Username = secretGitArgs.username
 		opts.Password = secretGitArgs.password
 		opts.BearerToken = secretGitArgs.bearerToken
-		if secretGitArgs.username != "" && secretGitArgs.password != "" && secretGitArgs.bearerToken != "" {
+		if secretGitArgs.password != "" && secretGitArgs.bearerToken != "" {
 			return fmt.Errorf("user credentials and bearer token cannot be used together")
 		}
 
diff --git a/cmd/flux/create_secret_git_test.go b/cmd/flux/create_secret_git_test.go
@@ -56,6 +56,11 @@ func TestCreateGitSecret(t *testing.T) {
 			args:   "create secret git podinfo-auth --url=https://github.com/stefanprodan/podinfo --username=aaa --password=zzzz --bearer-token=aaaa --namespace=my-namespace --export",
 			assert: assertError("user credentials and bearer token cannot be used together"),
 		},
+		{
+			name:   "git authentication with basic auth consisting of only one password without a username",
+			args:   "create secret git podinfo-auth --url=https://github.com/stefanprodan/podinfo --password=my-password --namespace=my-namespace --export",
+			assert: assertGoldenFile("./testdata/create_secret/git/secret-git-only-pwd.yaml"),
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/cmd/flux/testdata/create_secret/git/secret-git-only-pwd.yaml b/cmd/flux/testdata/create_secret/git/secret-git-only-pwd.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: podinfo-auth
+  namespace: my-namespace
+stringData:
+  password: my-password
+
diff --git a/pkg/manifestgen/sourcesecret/sourcesecret.go b/pkg/manifestgen/sourcesecret/sourcesecret.go
@@ -148,8 +148,10 @@ func buildSecret(keypair *ssh.KeyPair, hostKey, dockerCfg []byte, options Option
 		return
 	}
 
-	if options.Username != "" && options.Password != "" {
-		secret.StringData[UsernameSecretKey] = options.Username
+	if options.Password != "" {
+		if options.Username != "" {
+			secret.StringData[UsernameSecretKey] = options.Username
+		}
 		secret.StringData[PasswordSecretKey] = options.Password
 	}
 	if options.BearerToken != "" {

Original file line number	Diff line number	Diff line change
`@@ -148,8 +148,10 @@ func buildSecret(keypair *ssh.KeyPair, hostKey, dockerCfg []byte, options Option`
`148`	`148`	`return`
`149`	`149`	`}`
`150`	`150`
`151`		`- if options.Username != "" && options.Password != "" {`
`152`		`- secret.StringData[UsernameSecretKey] = options.Username`
	`151`	`+ if options.Password != "" {`
	`152`	`+ if options.Username != "" {`
	`153`	`+ secret.StringData[UsernameSecretKey] = options.Username`
	`154`	`+ }`
`153`	`155`	`secret.StringData[PasswordSecretKey] = options.Password`
`154`	`156`	`}`
`155`	`157`	`if options.BearerToken != "" {`