从Kubernetes secrets获取凭据时的go-git基本身份验证问题
从Kubernetes secrets获取凭据时的go-git基本身份验证问题
提问于 2019-03-19 14:12:45
使用go-git克隆github存储库。尝试使用个人令牌进行身份验证,如下所示
func (g *Git) pullOptions() *gogit.PullOptions {
branch := fmt.Sprintf("refs/heads/%s", g.BranchName)
// Return options with token auth if enabled
if g.GitToken != "" {
log.Debug("Prepare pull option using gittoken")
return &gogit.PullOptions{
ReferenceName: plumbing.ReferenceName(branch),
Auth: &githttp.BasicAuth{
Username: g.GitUser,
Password: g.GitToken,
},
}
}使用spew
还可以看到pull选项,它们似乎是有效的
(*git.PullOptions)(0xc42008de60)({
RemoteName: (string) (len=6) "origin",
ReferenceName: (plumbing.ReferenceName) (len=17) refs/heads/master,
SingleBranch: (bool) false,
Depth: (int) 0,
Auth: (*http.BasicAuth)(0xc4203be300)(http-basic-auth - mygitid
:*******),
RecurseSubmodules: (git.SubmoduleRescursivity) 0,
Progress: (sideband.Progress) <nil>,
Force: (bool) false
})但是不断得到这个错误:
time="2019-03-19T05:30:59Z" level=debug msg="Prepare pull option using
gittoken"
time="2019-03-19T05:30:59Z" level=error msg="Git clone error:
authentication required"如果我切换到SSHKey身份验证,则可以很好地工作。有什么建议吗?
EDIT-1:当从环境变量中提取基本身份验证凭据时,这显然是一个问题。例如,以下代码不起作用:
package main
import (
"fmt"
"os"
"time"
log "github.com/Sirupsen/logrus"
gogit "gopkg.in/src-d/go-git.v4"
gitconfig "gopkg.in/src-d/go-git.v4/config"
"gopkg.in/src-d/go-git.v4/plumbing"
"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
)
func main() {
var repository *gogit.Repository
var err error
// @TODO: Why not use clone?
if _, err = os.Stat("/tmp/repo"); os.IsNotExist(err) {
repository, err = gogit.PlainInit("/tmp/repo", false)
if err != nil {
log.Errorf("could not init local repository %s: %s", "/tmp", err.Error())
}
} else {
repository, err = gogit.PlainOpen("/tmp/repo")
}
//fmt.Println((repository))
if _, err = repository.Remote("origin"); err == gogit.ErrRemoteNotFound {
_, err = repository.CreateRemote(&gitconfig.RemoteConfig{
Name: "origin",
URLs: []string{"https://xxxxx.git"},
})
if err != nil {
log.Errorf("could not attach to origin %s: %s", "bb", err.Error())
}
}
fmt.Println("Done with mapping")
r, err := gogit.PlainOpen("/tmp/repo")
if err != nil {
log.Fatal(err)
}
//fmt.Println(r)
branch := fmt.Sprintf("refs/heads/%s", "master")
fmt.Println("Setup wotktree")
w, err := r.Worktree()
if err != nil {
log.Fatal(err)
}
fmt.Println("pulling")
fmt.Println(os.Getenv("GIT_USER"))
fmt.Println(os.Getenv("GIT_TOKEN"))
if err := w.Pull(&gogit.PullOptions{
ReferenceName: plumbing.ReferenceName(branch),
Auth: &http.BasicAuth{
// Username: "xxxxxx",
// Password: "xxxxxxxxxx",
Username: os.Getenv("GIT_USER"),
Password: os.Getenv("GIT_TOKEN"),
},
}); err != nil {
log.Fatal(err)
}
fmt.Println("done")
time.Sleep(120 * time.Second)
}但是,如果我像下面这样对凭据进行硬编码,那么它就可以工作。
Auth: &http.BasicAuth{
Username: "xxxxxx",
Password: "xxxxxxxxxx",
// Username: os.Getenv("GIT_USER"),
// Password: os.Getenv("GIT_TOKEN"),
},因此,现在的问题是,我们如何安全地将凭据传递给go-git进行基本身份验证?我们是否为git创建了一个凭证助手,但go-git不依赖于本地客户端的观点可能会被击败。
回答 1
Stack Overflow用户
发布于 2019-03-19 19:54:47
对于可能陷入麻烦的人来说,这是一个有效的例子:
package main
import (
"fmt"
"log"
"gopkg.in/src-d/go-git.v4"
"gopkg.in/src-d/go-git.v4/plumbing"
"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
)
func main() {
r, err := git.PlainOpen("<REPOSITORY_PATH>")
if err != nil {
log.Fatal(err)
}
branch := fmt.Sprintf("refs/heads/%s", "master")
w, err := r.Worktree()
if err != nil {
log.Fatal(err)
}
if err := w.Pull(&git.PullOptions{
ReferenceName: plumbing.ReferenceName(branch),
Auth: &http.BasicAuth{
Username: "<GITHUB_USERNAME>",
Password: "<GITHUB_API_KEY>",
},
}); err != nil {
log.Fatal(err)
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/55234675
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号