Support kustomize apps with remote bases in private repos in the same…

… host (#1264)

Dockerfile

@@ -69,7 +69,7 @@ RUN curl -L -o /usr/local/bin/kustomize1 https://github.com/kubernetes-sigs/kust
     kustomize1 version
 
 
-ENV KUSTOMIZE_VERSION=2.0.2
+ENV KUSTOMIZE_VERSION=2.0.3
 RUN curl -L -o /usr/local/bin/kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64 && \
     chmod +x /usr/local/bin/kustomize && \
     kustomize version

reposerver/repository/repository.go

@@ -215,7 +215,7 @@ func GenerateManifests(appPath string, q *ManifestRequest) (*ManifestResponse, e
 			}
 		}
 	case v1alpha1.ApplicationSourceTypeKustomize:
-		k := kustomize.NewKustomizeApp(appPath)
+		k := kustomize.NewKustomizeApp(appPath, kustomizeCredentials(q.Repo))
 		targetObjs, _, err = k.Build(q.ApplicationSource.Kustomize)
 	case v1alpha1.ApplicationSourceTypePlugin:
 		targetObjs, err = runConfigManagementPlugin(appPath, q, q.Plugins)
@@ -635,7 +635,7 @@ func (s *Service) GetAppDetails(ctx context.Context, q *RepoServerAppDetailsQuer
 	case v1alpha1.ApplicationSourceTypeKustomize:
 		res.Kustomize = &KustomizeAppSpec{}
 		res.Kustomize.Path = q.Path
-		k := kustomize.NewKustomizeApp(appPath)
+		k := kustomize.NewKustomizeApp(appPath, kustomizeCredentials(q.Repo))
 		_, params, err := k.Build(nil)
 		if err != nil {
 			return nil, err
@@ -651,3 +651,13 @@ func (q *RepoServerAppDetailsQuery) valueFiles() []string {
 	}
 	return q.Helm.ValueFiles
 }
+
+func kustomizeCredentials(repo *v1alpha1.Repository) *kustomize.GitCredentials {
+	if repo == nil || repo.Password == "" {
+		return nil
+	}
+	return &kustomize.GitCredentials{
+		Username: repo.Username,
+		Password: repo.Password,
+	}
+}

util/git/git_test.go

@@ -10,6 +10,15 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+// TODO: move this into shared test package after resolving import cycle
+const (
+	// This is a throwaway gitlab test account/repo with a read-only personal access token for the
+	// purposes of testing private git repos
+	PrivateGitRepo     = "https://gitlab.com/argo-cd-test/test-apps.git"
+	PrivateGitUsername = "blah"
+	PrivateGitPassword = "B5sBDeoqAVUouoHkrovy"
+)
+
 func TestIsCommitSHA(t *testing.T) {
 	assert.True(t, IsCommitSHA("9d921f65f3c5373b682e2eb4b37afba6592e8f8b"))
 	assert.True(t, IsCommitSHA("9D921F65F3C5373B682E2EB4B37AFBA6592E8F8B"))
@@ -145,12 +154,6 @@ func TestGitClient(t *testing.T) {
 
 // TestPrivateGitRepo tests the ability to operate on a private git repo.
 func TestPrivateGitRepo(t *testing.T) {
-	repo := "https://gitlab.com/argo-cd-test/argocd-example-apps.git"
-	username := "blah"
-	// This is a personal access token generated with read only access in a throwaway gitlab test
-	// account/repo
-	password := "B5sBDeoqAVUouoHkrovy"
-
 	// add the hack path which has the git-ask-pass.sh shell script
 	osPath := os.Getenv("PATH")
 	hackPath, err := filepath.Abs("../../hack")
@@ -163,7 +166,7 @@ func TestPrivateGitRepo(t *testing.T) {
 	assert.NoError(t, err)
 	defer func() { _ = os.RemoveAll(dirName) }()
 
-	clnt, err := NewFactory().NewClient(repo, dirName, username, password, "")
+	clnt, err := NewFactory().NewClient(PrivateGitRepo, dirName, PrivateGitUsername, PrivateGitPassword, "")
 	assert.NoError(t, err)
 
 	testGitClient(t, clnt)

util/kustomize/kustomize.go

@@ -25,13 +25,22 @@ type Kustomize interface {
 	Build(opts *v1alpha1.ApplicationSourceKustomize) ([]*unstructured.Unstructured, []*v1alpha1.KustomizeImageTag, error)
 }
 
+type GitCredentials struct {
+	Username string
+	Password string
+}
+
 // NewKustomizeApp create a new wrapper to run commands on the `kustomize` command-line tool.
-func NewKustomizeApp(path string) Kustomize {
-	return &kustomize{path: path}
+func NewKustomizeApp(path string, creds *GitCredentials) Kustomize {
+	return &kustomize{
+		path:  path,
+		creds: creds,
+	}
 }
 
 type kustomize struct {
-	path string
+	path  string
+	creds *GitCredentials
 }
 
 func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize) ([]*unstructured.Unstructured, []*v1alpha1.KustomizeImageTag, error) {
@@ -67,7 +76,15 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize) ([]*unstruc
 		}
 	}
 
-	out, err := argoexec.RunCommand(commandName, "build", k.path)
+	cmd := exec.Command(commandName, "build", k.path)
+	cmd.Env = os.Environ()
+	if k.creds != nil {
+		cmd.Env = append(cmd.Env, "GIT_ASKPASS=git-ask-pass.sh")
+		cmd.Env = append(cmd.Env, fmt.Sprintf("GIT_USERNAME=%s", k.creds.Username))
+		cmd.Env = append(cmd.Env, fmt.Sprintf("GIT_PASSWORD=%s", k.creds.Password))
+	}
+
+	out, err := argoexec.RunCommandExt(cmd)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -104,7 +121,6 @@ var KustomizationNames = []string{"kustomization.yaml", "kustomization.yml", "Ku
 func (k *kustomize) findKustomization() (string, error) {
 	for _, file := range KustomizationNames {
 		kustomization := filepath.Join(k.path, file)
-		log.Infof("path=%s, file=%s", k.path, file)
 		if _, err := os.Stat(kustomization); err == nil {
 			return kustomization, nil
 		}
@@ -132,8 +148,6 @@ func (k *kustomize) getKustomizationVersion() (int, error) {
 		return 0, err
 	}
 
-	log.Infof("using kustomization=%s", kustomizationFile)
-
 	dat, err := ioutil.ReadFile(kustomizationFile)
 	if err != nil {
 		return 0, err

util/kustomize/kustomize_test.go

@@ -1,18 +1,28 @@
 package kustomize
 
 import (
+	"fmt"
 	"io/ioutil"
+	"os"
 	"path"
 	"path/filepath"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-
 	"github.com/argoproj/pkg/exec"
+	"github.com/stretchr/testify/assert"
 
 	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 )
 
+// TODO: move this into shared test package after resolving import cycle
+const (
+	// This is a throwaway gitlab test account/repo with a read-only personal access token for the
+	// purposes of testing private git repos
+	PrivateGitRepo     = "https://gitlab.com/argo-cd-test/test-apps.git"
+	PrivateGitUsername = "blah"
+	PrivateGitPassword = "B5sBDeoqAVUouoHkrovy"
+)
+
 const kustomization1 = "kustomization_yaml"
 const kustomization2a = "kustomization_yml"
 const kustomization2b = "Kustomization"
@@ -33,7 +43,7 @@ func TestKustomizeBuild(t *testing.T) {
 	appPath, err := testDataDir()
 	assert.Nil(t, err)
 	namePrefix := "namePrefix-"
-	kustomize := NewKustomizeApp(appPath)
+	kustomize := NewKustomizeApp(appPath, nil)
 	kustomizeSource := v1alpha1.ApplicationSourceKustomize{
 		NamePrefix: namePrefix,
 		ImageTags: []v1alpha1.KustomizeImageTag{
@@ -98,9 +108,28 @@ func TestGetCommandName(t *testing.T) {
 }
 
 func TestIsKustomization(t *testing.T) {
-
 	assert.True(t, IsKustomization("kustomization.yaml"))
 	assert.True(t, IsKustomization("kustomization.yml"))
 	assert.True(t, IsKustomization("Kustomization"))
 	assert.False(t, IsKustomization("rubbish.yml"))
 }
+
+// TestPrivateRemoteBase verifies we can supply git credentials to a private remote base
+func TestPrivateRemoteBase(t *testing.T) {
+	os.Setenv("GIT_CONFIG_NOSYSTEM", "true")
+	defer os.Unsetenv("GIT_CONFIG_NOSYSTEM")
+
+	// add the hack path which has the git-ask-pass.sh shell script
+	osPath := os.Getenv("PATH")
+	hackPath, err := filepath.Abs("../../hack")
+	assert.NoError(t, err)
+	err = os.Setenv("PATH", fmt.Sprintf("%s:%s", osPath, hackPath))
+	assert.NoError(t, err)
+	defer func() { _ = os.Setenv("PATH", osPath) }()
+
+	kust := NewKustomizeApp("./testdata/private-remote-base", &GitCredentials{Username: PrivateGitUsername, Password: PrivateGitPassword})
+
+	objs, _, err := kust.Build(nil)
+	assert.NoError(t, err)
+	assert.Len(t, objs, 2)
+}

util/kustomize/testdata/private-remote-base/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+bases:
+- https://gitlab.com/argo-cd-test/test-apps//remote-base
+
+namePrefix: child-