added support for insecure-git-server

Signed-off-by: Noam Gal <[email protected]>
argoproj-labs · Nov 10, 2022 · af907ab · af907ab
1 parent d8820f2
commit af907ab
Show file tree

Hide file tree

Showing 8 changed files with 55 additions and 5 deletions.
diff --git a/pkg/git/provider.go b/pkg/git/provider.go
@@ -26,6 +26,7 @@ type (
 	Auth struct {
 		Username string
 		Password string
+		Insecure bool
 	}
 
 	// ProviderOptions for a new git provider

diff --git a/pkg/git/provider_ado.go b/pkg/git/provider_ado.go
@@ -2,6 +2,7 @@ package git
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"net/url"
 	"strings"
@@ -47,6 +48,10 @@ func newAdo(opts *ProviderOptions) (Provider, error) {
 	}
 
 	connection := azuredevops.NewPatConnection(adoUrl.loginUrl, opts.Auth.Password)
+	if opts.Auth.Insecure {
+		connection.TlsConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), timeoutTime)
 	defer cancel()
 	// FYI: ado also has a "core" client that can be used to update project, teams, and other ADO constructs

diff --git a/pkg/git/provider_bitbucket-server.go b/pkg/git/provider_bitbucket-server.go
@@ -3,10 +3,11 @@ package git
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"path"
@@ -85,6 +86,10 @@ func newBitbucketServer(opts *ProviderOptions) (Provider, error) {
 	}
 
 	httpClient := &http.Client{}
+	if opts.Auth.Insecure {
+		httpClient.Transport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	g := &bitbucketServer{
 		baseURL: baseURL,
 		c:       httpClient,
@@ -215,7 +220,7 @@ func (bbs *bitbucketServer) request(ctx context.Context, method, urlPath string,
 	}
 	defer response.Body.Close()
 
-	data, err := ioutil.ReadAll(response.Body)
+	data, err := io.ReadAll(response.Body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read from response body: %w", err)
 	}

diff --git a/pkg/git/provider_bitbucket.go b/pkg/git/provider_bitbucket.go
@@ -2,8 +2,10 @@ package git
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
+	"net/http"
 
 	bb "github.com/ktrysmt/go-bitbucket"
 )
@@ -33,14 +35,18 @@ func newBitbucket(opts *ProviderOptions) (Provider, error) {
 	if c == nil {
 		return nil, errors.New("Authentication info is invalid")
 	}
+
+	if opts.Auth.Insecure {
+		c.HttpClient.Transport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	g := &bitbucket{
 		opts:       opts,
 		Repository: c.Repositories.Repository,
 		User:       c.User,
 	}
 
 	return g, nil
-
 }
 
 func (g *bitbucket) CreateRepository(ctx context.Context, orgRepo string) (defaultBranch string, err error) {

diff --git a/pkg/git/provider_gitea.go b/pkg/git/provider_gitea.go
@@ -2,7 +2,9 @@ package git
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	"net/http"
 
 	gt "code.gitea.io/sdk/gitea"
 )
@@ -28,6 +30,14 @@ func newGitea(opts *ProviderOptions) (Provider, error) {
 		return nil, err
 	}
 
+	if opts.Auth.Insecure {
+		c.SetHTTPClient(&http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			},
+		})
+	}
+
 	g := &gitea{
 		client: c,
 	}

diff --git a/pkg/git/provider_github.go b/pkg/git/provider_github.go
@@ -2,6 +2,7 @@ package git
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"net/http"
 	"strings"
@@ -29,10 +30,17 @@ func newGithub(opts *ProviderOptions) (Provider, error) {
 
 	hc := &http.Client{}
 	if opts.Auth != nil {
-		hc.Transport = &gh.BasicAuthTransport{
+		transport := &gh.BasicAuthTransport{
 			Username: opts.Auth.Username,
 			Password: opts.Auth.Password,
 		}
+
+		if opts.Auth.Insecure {
+			transport.Transport = http.DefaultTransport
+			transport.Transport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		}
+
+		hc.Transport = transport
 	}
 
 	host, _, _, _, _, _, _ := util.ParseGitUrl(opts.RepoURL)

diff --git a/pkg/git/provider_gitlab.go b/pkg/git/provider_gitlab.go
@@ -2,7 +2,9 @@ package git
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	"net/http"
 
 	"github.com/argoproj-labs/argocd-autopilot/pkg/util"
 	gl "github.com/xanzy/go-gitlab"
@@ -32,7 +34,18 @@ type (
 
 func newGitlab(opts *ProviderOptions) (Provider, error) {
 	host, _, _, _, _, _, _ := util.ParseGitUrl(opts.RepoURL)
-	c, err := gl.NewClient(opts.Auth.Password, gl.WithBaseURL(host))
+	clientOptions := []gl.ClientOptionFunc{
+		gl.WithBaseURL(host),
+	}
+	if opts.Auth.Insecure {
+		clientOptions = append(clientOptions, gl.WithHTTPClient(&http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			},
+		}))
+	}
+
+	c, err := gl.NewClient(opts.Auth.Password, clientOptions...)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/git/repository.go b/pkg/git/repository.go
@@ -156,11 +156,13 @@ func AddFlags(cmd *cobra.Command, opts *AddFlagsOptions) *CloneOptions {
 	envPrefix := strings.ReplaceAll(strings.ToUpper(opts.Prefix), "-", "_")
 	cmd.PersistentFlags().StringVar(&co.Auth.Password, opts.Prefix+"git-token", "", fmt.Sprintf("Your git provider api token [%sGIT_TOKEN]", envPrefix))
 	cmd.PersistentFlags().StringVar(&co.Auth.Username, opts.Prefix+"git-user", "", fmt.Sprintf("Your git provider user name [%sGIT_USER] (not required in GitHub)", envPrefix))
+	cmd.PersistentFlags().BoolVar(&co.Auth.Insecure, opts.Prefix+"insecure-git-server", false, fmt.Sprint("Disable repository server certificate validation", envPrefix))
 	cmd.PersistentFlags().StringVar(&co.Repo, opts.Prefix+"repo", "", fmt.Sprintf("Repository URL [%sGIT_REPO]", envPrefix))
 
 	util.Die(viper.BindEnv(opts.Prefix+"git-token", envPrefix+"GIT_TOKEN"))
 	util.Die(viper.BindEnv(opts.Prefix+"git-user", envPrefix+"GIT_USER"))
 	util.Die(viper.BindEnv(opts.Prefix+"repo", envPrefix+"GIT_REPO"))
+	util.Die(cmd.PersistentFlags().MarkHidden(opts.Prefix + "insecure-git-server"))
 
 	if opts.Prefix == "" {
 		cmd.Flag("git-token").Shorthand = "t"