-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3891683
commit 3727db3
Showing
3 changed files
with
182 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
package git | ||
|
||
import ( | ||
"bytes" | ||
"fmt" | ||
"net/url" | ||
"os/exec" | ||
"strings" | ||
) | ||
|
||
type CredentialProvider interface { | ||
Credentials(url string) (map[string]string, error) | ||
} | ||
|
||
type GitCredential struct{} | ||
|
||
func (c *GitCredential) Credentials(url string) (map[string]string, error) { | ||
cmd := exec.Command("git", "credential", "fill") | ||
cmd.Stdin = strings.NewReader("url=" + url + "\n") | ||
|
||
var stdout bytes.Buffer | ||
cmd.Stdout = &stdout | ||
if err := cmd.Run(); err != nil { | ||
return nil, err | ||
} | ||
|
||
credentials := make(map[string]string) | ||
lines := strings.Split(stdout.String(), "\n") | ||
for _, line := range lines { | ||
parts := strings.SplitN(line, "=", 2) | ||
if len(parts) == 2 { | ||
credentials[parts[0]] = parts[1] | ||
} | ||
} | ||
|
||
return credentials, nil | ||
} | ||
|
||
type git struct { | ||
Provider CredentialProvider | ||
} | ||
|
||
var Git = &git{ | ||
Provider: &GitCredential{}, | ||
} | ||
|
||
func CredentialsFill(source map[string]string) (map[string]string, error) { | ||
return Git.CredentialsFill(source) | ||
} | ||
|
||
// CredentialsFill calls git credential fill for each source and returns | ||
// a new source map with templating as well as a map of credentials for the templated values. | ||
func (g *git) CredentialsFill(source map[string]string) (map[string]string, error) { | ||
secrets := make(map[string]string) | ||
i := 0 | ||
for k, v := range source { | ||
i++ | ||
u, err := url.Parse(v) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed to parse url %s: %w", v, err) | ||
} | ||
credentials, err := g.Provider.Credentials(v) | ||
if err != nil { | ||
return nil, err | ||
} | ||
if credentials["password"] == "" { | ||
continue | ||
} | ||
|
||
if credentials["host"] != u.Host { | ||
return nil, fmt.Errorf("host %s does not match %s (this should never happend)", credentials["host"], u.Host) | ||
} | ||
|
||
var ( | ||
uservar = fmt.Sprintf("git_username_%d", i) | ||
passvar = fmt.Sprintf("git_password_%d", i) | ||
) | ||
|
||
u.User = url.UserPassword(fmt.Sprintf("{{ %s }}", uservar), fmt.Sprintf("{{ %s }}", passvar)) | ||
secrets[uservar] = credentials["username"] | ||
secrets[passvar] = credentials["password"] | ||
source[k] = fmt.Sprintf("%s://{{ .Secrets.%s }}:{{ .Secrets.%s }}@%s%s", u.Scheme, uservar, passvar, u.Host, u.Path) | ||
} | ||
return secrets, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
package git | ||
|
||
import ( | ||
"reflect" | ||
"testing" | ||
) | ||
|
||
type MockCredentialProvider struct { | ||
creds map[string]string | ||
} | ||
|
||
func (m *MockCredentialProvider) Credentials(url string) (map[string]string, error) { | ||
return m.creds, nil | ||
} | ||
|
||
func TestCredentialsFill(t *testing.T) { | ||
for _, tc := range []struct { | ||
name string | ||
source map[string]string | ||
credentials map[string]string | ||
expectedSource map[string]string | ||
expectedSecrets map[string]string | ||
}{ | ||
{ | ||
name: "no credentials", | ||
source: map[string]string{ | ||
"foo": "git+https://example.com/foo", | ||
}, | ||
credentials: map[string]string{}, | ||
expectedSource: map[string]string{ | ||
"foo": "git+https://example.com/foo", | ||
}, | ||
expectedSecrets: map[string]string{}, | ||
}, | ||
{ | ||
name: "single credential", | ||
source: map[string]string{ | ||
"foo": "git+https://example.com/foo", | ||
}, | ||
credentials: map[string]string{ | ||
"username": "foo", | ||
"password": "bar", | ||
"host": "example.com", | ||
}, | ||
expectedSource: map[string]string{ | ||
"foo": "git+https://{{ git_username_1 }}:{{ git_password_1 }}@example.com/foo", | ||
}, | ||
expectedSecrets: map[string]string{ | ||
"git_username_1": "foo", | ||
"git_password_1": "bar", | ||
}, | ||
}, | ||
} { | ||
t.Run(tc.name, func(t *testing.T) { | ||
git := &git{ | ||
Provider: &MockCredentialProvider{tc.credentials}, | ||
} | ||
secrets, err := git.CredentialsFill(tc.source) | ||
if err != nil { | ||
t.Fatalf("unexpected error: %s", err) | ||
} | ||
if !reflect.DeepEqual(tc.expectedSource, tc.source) { | ||
t.Fatalf("expected source %v, got %v", tc.expectedSource, tc.source) | ||
} | ||
if !reflect.DeepEqual(tc.expectedSecrets, secrets) { | ||
t.Fatalf("expected secrets %v, got %v", tc.expectedSecrets, secrets) | ||
} | ||
}) | ||
} | ||
} |