Add the ability to specify privateKey contents to AutomationAPI (#5557)
Fixes: #5383
This commit is contained in:
parent
38152ba6f0
commit
156aa9862e
|
@ -40,6 +40,9 @@ CHANGELOG
|
|||
|
||||
- [cli] Validate cloudUrl formats before `pulumi login` and throw an error if incorrect format specified
|
||||
[#5550](https://github.com/pulumi/pulumi/pull/5545)
|
||||
|
||||
- [automation api] Add support for passing a private ssh key for git authentication that doesn't rely on a file path
|
||||
[#5557](https://github.com/pulumi/pulumi/pull/5557)
|
||||
|
||||
- [cli] Improve user experience when pulumi plugin rm --all finds no plugins
|
||||
to remove. The previous behaviour was an error and should not be so.
|
||||
|
|
|
@ -244,6 +244,24 @@ func ExampleGitRepo_privateKeyPath() {
|
|||
NewStackRemoteSource(ctx, stackName, repo)
|
||||
}
|
||||
|
||||
func ExampleGitRepo_privateKey() {
|
||||
ctx := context.Background()
|
||||
pName := "go_remote_proj"
|
||||
stackName := FullyQualifiedStackName("myOrg", pName, "myStack")
|
||||
|
||||
repo := GitRepo{
|
||||
URL: "git@github.com:pulumi/test-repo.git",
|
||||
ProjectPath: "goproj",
|
||||
Auth: &GitAuth{
|
||||
SSHPrivateKey: "<PRIVATE KEY FILE CONTENTS HERE>",
|
||||
Password: "PrivateKeyPassword",
|
||||
},
|
||||
}
|
||||
|
||||
// initialize a stack from the git repo, specifying our project override
|
||||
NewStackRemoteSource(ctx, stackName, repo)
|
||||
}
|
||||
|
||||
func ExampleGitRepo_usernameAndPassword() {
|
||||
ctx := context.Background()
|
||||
pName := "go_remote_proj"
|
||||
|
|
|
@ -34,16 +34,27 @@ func setupGitRepo(ctx context.Context, workDir string, repoArgs *GitRepo) (strin
|
|||
|
||||
authDetails := repoArgs.Auth
|
||||
// Each of the authentication options are mutually exclusive so let's check that only 1 is specified
|
||||
if (authDetails.SSHPrivateKeyPath != "" && authDetails.PersonalAccessToken != "") ||
|
||||
(authDetails.SSHPrivateKeyPath != "" && authDetails.Username != "") ||
|
||||
(authDetails.PersonalAccessToken != "" && authDetails.Username != "") {
|
||||
if authDetails.SSHPrivateKeyPath != "" && authDetails.Username != "" ||
|
||||
authDetails.PersonalAccessToken != "" && authDetails.Username != "" ||
|
||||
authDetails.PersonalAccessToken != "" && authDetails.SSHPrivateKeyPath != "" ||
|
||||
authDetails.Username != "" && authDetails.SSHPrivateKey != "" {
|
||||
return "", errors.New("please specify one authentication option of `Personal Access Token`, " +
|
||||
"`Username\\Password` or `SSH Private Key Path`")
|
||||
"`Username\\Password`, `SSH Private Key Path` or `SSH Private Key`")
|
||||
}
|
||||
|
||||
// Firstly we will try to check that an SSH Private Key Path has been specified
|
||||
if authDetails.SSHPrivateKeyPath != "" {
|
||||
publicKeys, err := ssh.NewPublicKeysFromFile("git", repoArgs.Auth.SSHPrivateKeyPath, repoArgs.Auth.Password)
|
||||
if err != nil {
|
||||
return "", errors.Wrap(err, "unable to use SSH Private Key Path")
|
||||
}
|
||||
|
||||
cloneOptions.Auth = publicKeys
|
||||
}
|
||||
|
||||
// Then we check if the details of a SSH Private Key as passed
|
||||
if authDetails.SSHPrivateKey != "" {
|
||||
publicKeys, err := ssh.NewPublicKeys("git", []byte(repoArgs.Auth.SSHPrivateKey), repoArgs.Auth.Password)
|
||||
if err != nil {
|
||||
return "", errors.Wrap(err, "unable to use SSH Private Key")
|
||||
}
|
||||
|
|
|
@ -633,6 +633,11 @@ type GitAuth struct {
|
|||
// git@github.com:org/repository.git - if the url is not in this format, then an error
|
||||
// `unable to clone repo: invalid auth method` will be returned
|
||||
SSHPrivateKeyPath string
|
||||
// The (contents) private key for access to the git repo.
|
||||
// When using `SSHPrivateKey`, the URL of the repository must be in the format
|
||||
// git@github.com:org/repository.git - if the url is not in this format, then an error
|
||||
// `unable to clone repo: invalid auth method` will be returned
|
||||
SSHPrivateKey string
|
||||
// The password that pairs with a username or as part of an SSH Private Key
|
||||
Password string
|
||||
// PersonalAccessToken is a Git personal access token in replacement of your password
|
||||
|
|
Loading…
Reference in a new issue