From d725f5dd79270c655b7bbad6183c6f49f6e2ad3d Mon Sep 17 00:00:00 2001 From: reggie-k Date: Sun, 9 Feb 2025 18:22:01 +0200 Subject: [PATCH] docs clarifications that only for bit bucket Signed-off-by: reggie-k --- assets/swagger.json | 4 ++-- cmd/argocd/commands/admin/repo.go | 4 ++-- cmd/argocd/commands/repocreds.go | 3 +++ cmd/util/repo.go | 2 +- .../commands/argocd_admin_repo_generate-spec.md | 6 +++--- docs/user-guide/commands/argocd_repo_add.md | 2 +- docs/user-guide/commands/argocd_repocreds_add.md | 3 +++ pkg/apis/application/v1alpha1/generated.proto | 4 ++-- pkg/apis/application/v1alpha1/repository_types.go | 4 ++-- util/git/creds.go | 11 +++++++---- 10 files changed, 26 insertions(+), 17 deletions(-) diff --git a/assets/swagger.json b/assets/swagger.json index 6ef225e4585ad..d855f10e1e531 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -8908,7 +8908,7 @@ "properties": { "bearerToken": { "type": "string", - "title": "BearerToken contains the bearer token used for Git auth at the repo server" + "title": "BearerToken contains the bearer token used for Git BitBucket auth at the repo server" }, "enableOCI": { "type": "boolean", @@ -9003,7 +9003,7 @@ "properties": { "bearerToken": { "type": "string", - "title": "BearerToken contains the bearer token used for Git auth at the repo server" + "title": "BearerToken contains the bearer token used for Git BitBucket auth at the repo server" }, "connectionState": { "$ref": "#/definitions/v1alpha1ConnectionState" diff --git a/cmd/argocd/commands/admin/repo.go b/cmd/argocd/commands/admin/repo.go index 141e91cda9156..d33d86ef9c4f4 100644 --- a/cmd/argocd/commands/admin/repo.go +++ b/cmd/argocd/commands/admin/repo.go @@ -54,8 +54,8 @@ func NewGenRepoSpecCommand() *cobra.Command { # Add a private Git repository via HTTPS using username/password and TLS client certificates: argocd admin repo generate-spec https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key - # Add a private Git repository via HTTPS using bearer token: - argocd admin repo generate-spec https://git.example.com/repos/repo --bearer-token secret-token + # Add a private Git BitBucket repository via HTTPS using bearer token: + argocd admin repo generate-spec https://bitbucket.example.com/scm/proj/repo --bearer-token secret-token # Add a private Git repository via HTTPS using username/password without verifying the server's TLS certificate argocd admin repo generate-spec https://git.example.com/repos/repo --username git --password secret --insecure-skip-server-verification diff --git a/cmd/argocd/commands/repocreds.go b/cmd/argocd/commands/repocreds.go index 22ad84bf5ee29..f5e5d51a87575 100644 --- a/cmd/argocd/commands/repocreds.go +++ b/cmd/argocd/commands/repocreds.go @@ -66,6 +66,9 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma repocredsAddExamples := ` # Add credentials with user/pass authentication to use for all repositories under https://git.example.com/repos argocd repocreds add https://git.example.com/repos/ --username git --password secret + # Add credentials with bearer token authentication to use for all BitBucket repositories under https://bitbucket.example.com/scm + argocd repocreds add https://bitbucket.example.com/scm/ --bearer-token secret-token + # Add credentials with SSH private key authentication to use for all repositories under ssh://git@git.example.com/repos argocd repocreds add ssh://git@git.example.com/repos/ --ssh-private-key-path ~/.ssh/id_rsa diff --git a/cmd/util/repo.go b/cmd/util/repo.go index c915992206de0..f2a748ae259ba 100644 --- a/cmd/util/repo.go +++ b/cmd/util/repo.go @@ -34,7 +34,7 @@ func AddRepoFlags(command *cobra.Command, opts *RepoOptions) { command.Flags().StringVar(&opts.Repo.Project, "project", "", "project of the repository") command.Flags().StringVar(&opts.Repo.Username, "username", "", "username to the repository") command.Flags().StringVar(&opts.Repo.Password, "password", "", "password to the repository") - command.Flags().StringVar(&opts.Repo.BearerToken, "bearer-token", "", "bearer token to the Git repository") + command.Flags().StringVar(&opts.Repo.BearerToken, "bearer-token", "", "bearer token to the Git BitBucket repository") command.Flags().StringVar(&opts.SshPrivateKeyPath, "ssh-private-key-path", "", "path to the private ssh key (e.g. ~/.ssh/id_rsa)") command.Flags().StringVar(&opts.TlsClientCertPath, "tls-client-cert-path", "", "path to the TLS client cert (must be PEM format)") command.Flags().StringVar(&opts.TlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key path (must be PEM format)") diff --git a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md index b547b410e72e4..b86a2384d80cd 100644 --- a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md @@ -21,8 +21,8 @@ argocd admin repo generate-spec REPOURL [flags] # Add a private Git repository via HTTPS using username/password and TLS client certificates: argocd admin repo generate-spec https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key - # Add a private Git repository via HTTPS using bearer token: - argocd admin repo generate-spec https://git.example.com/repos/repo --bearer-token secret-token + # Add a private Git BitBucket repository via HTTPS using bearer token: + argocd admin repo generate-spec https://bitbucket.example.com/scm/proj/repo --bearer-token secret-token # Add a private Git repository via HTTPS using username/password without verifying the server's TLS certificate argocd admin repo generate-spec https://git.example.com/repos/repo --username git --password secret --insecure-skip-server-verification @@ -41,7 +41,7 @@ argocd admin repo generate-spec REPOURL [flags] ### Options ``` - --bearer-token string bearer token to the Git repository + --bearer-token string bearer token to the Git BitBucket repository --enable-lfs enable git-lfs (Large File Support) on this repository --enable-oci enable helm-oci (Helm OCI-Based Repository) --force-http-basic-auth whether to force use of basic auth when connecting repository via HTTP diff --git a/docs/user-guide/commands/argocd_repo_add.md b/docs/user-guide/commands/argocd_repo_add.md index af3c378f333da..8c054edc2ded6 100644 --- a/docs/user-guide/commands/argocd_repo_add.md +++ b/docs/user-guide/commands/argocd_repo_add.md @@ -52,7 +52,7 @@ argocd repo add REPOURL [flags] ### Options ``` - --bearer-token string bearer token to the Git repository + --bearer-token string bearer token to the Git BitBucket repository --enable-lfs enable git-lfs (Large File Support) on this repository --enable-oci enable helm-oci (Helm OCI-Based Repository) --force-http-basic-auth whether to force use of basic auth when connecting repository via HTTP diff --git a/docs/user-guide/commands/argocd_repocreds_add.md b/docs/user-guide/commands/argocd_repocreds_add.md index 5446eb8911685..532498e34f889 100644 --- a/docs/user-guide/commands/argocd_repocreds_add.md +++ b/docs/user-guide/commands/argocd_repocreds_add.md @@ -14,6 +14,9 @@ argocd repocreds add REPOURL [flags] # Add credentials with user/pass authentication to use for all repositories under https://git.example.com/repos argocd repocreds add https://git.example.com/repos/ --username git --password secret + # Add credentials with bearer token authentication to use for all BitBucket repositories under https://bitbucket.example.com/scm + argocd repocreds add https://bitbucket.example.com/scm/ --bearer-token secret-token + # Add credentials with SSH private key authentication to use for all repositories under ssh://git@git.example.com/repos argocd repocreds add ssh://git@git.example.com/repos/ --ssh-private-key-path ~/.ssh/id_rsa diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 192668714c40a..fdaa672b838fc 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -1701,7 +1701,7 @@ message RepoCreds { // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication optional bool useAzureWorkloadIdentity = 24; - // BearerToken contains the bearer token used for Git auth at the repo server + // BearerToken contains the bearer token used for Git BitBucket auth at the repo server optional string bearerToken = 25; } @@ -1787,7 +1787,7 @@ message Repository { // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication optional bool useAzureWorkloadIdentity = 24; - // BearerToken contains the bearer token used for Git auth at the repo server + // BearerToken contains the bearer token used for Git BitBucket auth at the repo server optional string bearerToken = 25; } diff --git a/pkg/apis/application/v1alpha1/repository_types.go b/pkg/apis/application/v1alpha1/repository_types.go index c90daf8877c12..bb90175b9e359 100644 --- a/pkg/apis/application/v1alpha1/repository_types.go +++ b/pkg/apis/application/v1alpha1/repository_types.go @@ -51,7 +51,7 @@ type RepoCreds struct { NoProxy string `json:"noProxy,omitempty" protobuf:"bytes,23,opt,name=noProxy"` // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication UseAzureWorkloadIdentity bool `json:"useAzureWorkloadIdentity,omitempty" protobuf:"bytes,24,opt,name=useAzureWorkloadIdentity"` - // BearerToken contains the bearer token used for Git auth at the repo server + // BearerToken contains the bearer token used for Git BitBucket auth at the repo server BearerToken string `json:"bearerToken,omitempty" protobuf:"bytes,25,opt,name=bearerToken"` } @@ -106,7 +106,7 @@ type Repository struct { NoProxy string `json:"noProxy,omitempty" protobuf:"bytes,23,opt,name=noProxy"` // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication UseAzureWorkloadIdentity bool `json:"useAzureWorkloadIdentity,omitempty" protobuf:"bytes,24,opt,name=useAzureWorkloadIdentity"` - // BearerToken contains the bearer token used for Git auth at the repo server + // BearerToken contains the bearer token used for Git BitBucket auth at the repo server BearerToken string `json:"bearerToken,omitempty" protobuf:"bytes,25,opt,name=bearerToken"` } diff --git a/util/git/creds.go b/util/git/creds.go index 47a965d2a77d0..da875481c6e2b 100644 --- a/util/git/creds.go +++ b/util/git/creds.go @@ -181,9 +181,7 @@ func (creds HTTPSCreds) BasicAuthHeader() string { } func (creds HTTPSCreds) BearerAuthHeader() string { - h := "Authorization: Bearer " - t := creds.bearerToken - h += base64.StdEncoding.EncodeToString([]byte(t)) + h := "Authorization: Bearer " + creds.bearerToken return h } @@ -252,7 +250,12 @@ func (creds HTTPSCreds) Environ() (io.Closer, []string, error) { // If bearer token is set, we will set ARGOCD_BEARER_AUTH_HEADER to hold the HTTP authorization header env = append(env, fmt.Sprintf("%s=%s", bearerAuthHeaderEnv, creds.BearerAuthHeader())) } - nonce := creds.store.Add(text.FirstNonEmpty(creds.username, githubAccessTokenUsername), creds.password) + nonce := "" + // if creds.password != "" { + nonce = creds.store.Add(text.FirstNonEmpty(creds.username, githubAccessTokenUsername), creds.password) + // } else if creds.bearerToken != "" { + // nonce = creds.store.Add("", creds.bearerToken) + // } env = append(env, creds.store.Environ(nonce)...) return argoioutils.NewCloser(func() error { creds.store.Remove(nonce)