forked from argoproj/argo-cd
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added socks5 proxy support for ssh based git URL, upgraded go-git to …
…5.10.1 (argoproj#15864) Signed-off-by: Anand Francis Joseph <[email protected]> (cherry picked from commit 9b27aeb)
- Loading branch information
1 parent
8e408a5
commit 80b1da0
Showing
10 changed files
with
140 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -51,6 +51,12 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { | |
# Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here | ||
argocd repo add ssh://[email protected]:2222/repos/repo --ssh-private-key-path ~/id_rsa | ||
# Add a Git repository via SSH using socks5 proxy with no proxy credentials | ||
argocd repo add ssh://[email protected]/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://your.proxy.server.ip:1080 | ||
# Add a Git repository via SSH using socks5 proxy with proxy credentials | ||
argocd repo add ssh://[email protected]/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://username:[email protected]:1080 | ||
# Add a private Git repository via HTTPS using username/password and TLS client certificates: | ||
argocd repo add https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,6 +17,12 @@ argocd repo add REPOURL [flags] | |
# Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here | ||
argocd repo add ssh://[email protected]:2222/repos/repo --ssh-private-key-path ~/id_rsa | ||
# Add a Git repository via SSH using socks5 proxy with no proxy credentials | ||
argocd repo add ssh://[email protected]/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://your.proxy.server.ip:1080 | ||
# Add a Git repository via SSH using socks5 proxy with proxy credentials | ||
argocd repo add ssh://[email protected]/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://username:[email protected]:1080 | ||
# Add a private Git repository via HTTPS using username/password and TLS client certificates: | ||
argocd repo add https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -205,7 +205,7 @@ func Test_SSHCreds_Environ(t *testing.T) { | |
caFile := path.Join(tempDir, "caFile") | ||
err := os.WriteFile(caFile, []byte(""), os.FileMode(0600)) | ||
require.NoError(t, err) | ||
creds := NewSSHCreds("sshPrivateKey", caFile, insecureIgnoreHostKey, &NoopCredsStore{}) | ||
creds := NewSSHCreds("sshPrivateKey", caFile, insecureIgnoreHostKey, &NoopCredsStore{}, "") | ||
closer, env, err := creds.Environ() | ||
require.NoError(t, err) | ||
require.Len(t, env, 2) | ||
|
@@ -232,6 +232,76 @@ func Test_SSHCreds_Environ(t *testing.T) { | |
} | ||
} | ||
|
||
func Test_SSHCreds_Environ_WithProxy(t *testing.T) { | ||
for _, insecureIgnoreHostKey := range []bool{false, true} { | ||
tempDir := t.TempDir() | ||
caFile := path.Join(tempDir, "caFile") | ||
err := os.WriteFile(caFile, []byte(""), os.FileMode(0600)) | ||
require.NoError(t, err) | ||
creds := NewSSHCreds("sshPrivateKey", caFile, insecureIgnoreHostKey, &NoopCredsStore{}, "socks5://127.0.0.1:1080") | ||
closer, env, err := creds.Environ() | ||
require.NoError(t, err) | ||
require.Len(t, env, 2) | ||
|
||
assert.Equal(t, fmt.Sprintf("GIT_SSL_CAINFO=%s/caFile", tempDir), env[0], "CAINFO env var must be set") | ||
|
||
assert.True(t, strings.HasPrefix(env[1], "GIT_SSH_COMMAND=")) | ||
|
||
if insecureIgnoreHostKey { | ||
assert.Contains(t, env[1], "-o StrictHostKeyChecking=no") | ||
assert.Contains(t, env[1], "-o UserKnownHostsFile=/dev/null") | ||
} else { | ||
assert.Contains(t, env[1], "-o StrictHostKeyChecking=yes") | ||
hostsPath := cert.GetSSHKnownHostsDataPath() | ||
assert.Contains(t, env[1], fmt.Sprintf("-o UserKnownHostsFile=%s", hostsPath)) | ||
} | ||
assert.Contains(t, env[1], "-o ProxyCommand='connect-proxy -S 127.0.0.1:1080 -5 %h %p'") | ||
|
||
envRegex := regexp.MustCompile("-i ([^ ]+)") | ||
assert.Regexp(t, envRegex, env[1]) | ||
privateKeyFile := envRegex.FindStringSubmatch(env[1])[1] | ||
assert.FileExists(t, privateKeyFile) | ||
io.Close(closer) | ||
assert.NoFileExists(t, privateKeyFile) | ||
} | ||
} | ||
|
||
func Test_SSHCreds_Environ_WithProxyUserNamePassword(t *testing.T) { | ||
for _, insecureIgnoreHostKey := range []bool{false, true} { | ||
tempDir := t.TempDir() | ||
caFile := path.Join(tempDir, "caFile") | ||
err := os.WriteFile(caFile, []byte(""), os.FileMode(0600)) | ||
require.NoError(t, err) | ||
creds := NewSSHCreds("sshPrivateKey", caFile, insecureIgnoreHostKey, &NoopCredsStore{}, "socks5://user:[email protected]:1080") | ||
closer, env, err := creds.Environ() | ||
require.NoError(t, err) | ||
require.Len(t, env, 4) | ||
|
||
assert.Equal(t, fmt.Sprintf("GIT_SSL_CAINFO=%s/caFile", tempDir), env[0], "CAINFO env var must be set") | ||
|
||
assert.True(t, strings.HasPrefix(env[1], "GIT_SSH_COMMAND=")) | ||
assert.Equal(t, "SOCKS5_USER=user", env[2], "SOCKS5 user env var must be set") | ||
assert.Equal(t, "SOCKS5_PASSWD=password", env[3], "SOCKS5 password env var must be set") | ||
|
||
if insecureIgnoreHostKey { | ||
assert.Contains(t, env[1], "-o StrictHostKeyChecking=no") | ||
assert.Contains(t, env[1], "-o UserKnownHostsFile=/dev/null") | ||
} else { | ||
assert.Contains(t, env[1], "-o StrictHostKeyChecking=yes") | ||
hostsPath := cert.GetSSHKnownHostsDataPath() | ||
assert.Contains(t, env[1], fmt.Sprintf("-o UserKnownHostsFile=%s", hostsPath)) | ||
} | ||
assert.Contains(t, env[1], "-o ProxyCommand='connect-proxy -S 127.0.0.1:1080 -5 %h %p'") | ||
|
||
envRegex := regexp.MustCompile("-i ([^ ]+)") | ||
assert.Regexp(t, envRegex, env[1]) | ||
privateKeyFile := envRegex.FindStringSubmatch(env[1])[1] | ||
assert.FileExists(t, privateKeyFile) | ||
io.Close(closer) | ||
assert.NoFileExists(t, privateKeyFile) | ||
} | ||
} | ||
|
||
const gcpServiceAccountKeyJSON = `{ | ||
"type": "service_account", | ||
"project_id": "my-google-project", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters