Skip to content

Commit

Permalink
Honour endpoint's ssl config when cloning private git repos (#4852)
Browse files Browse the repository at this point in the history
* Fix helm chart note for ClusterIP

* CF Push: Ensure git credentials are not stored in env var
- use a specific var for clone url instead of obj that becomes env var
- tidy up logic

* Fix issue where path was unescaped, causing proxy fetch of gitlab projects containing %2f to 404

* Update clone failed text, repo does not now have to be public

* Apply nginx uri substituion fix to nginx.dev.conf as well
- think this is only used by docker compose, which isn't supported anymore

* Honour endpoint's ssl config when cloning private git repos
  • Loading branch information
richard-cox authored Jan 4, 2021
1 parent 39b4bd9 commit bc65c31
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 4 deletions.
11 changes: 10 additions & 1 deletion src/jetstream/plugins/cfapppush/deploy.go
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,7 @@ func (cfAppPush *CFAppPush) getGitSCMSource(clientWebSocket *websocket.Conn, tem

loggerURL := info.URL
cloneURL := info.URL
skipSLL := false

// Apply credentials associated with the endpoint
if len(info.EndpointGUID) != 0 {
Expand All @@ -398,6 +399,13 @@ func (cfAppPush *CFAppPush) getGitSCMSource(clientWebSocket *websocket.Conn, tem
return StratosProject{}, tempDir, errors.New("Failed to parse SCM URL")
}

cnsiRecord, err := cfAppPush.portalProxy.GetCNSIRecord(info.EndpointGUID)
if err != nil {
return StratosProject{}, tempDir, errors.New("Failed to find endpoint with guid " + info.EndpointGUID)
}

skipSLL = cnsiRecord.SkipSSLValidation

tokenRecord, isTokenFound := cfAppPush.portalProxy.GetCNSITokenRecord(info.EndpointGUID, userGUID)
if isTokenFound {
authTokenDecodedBytes, err := base64.StdEncoding.DecodeString(tokenRecord.AuthToken)
Expand Down Expand Up @@ -443,6 +451,7 @@ func (cfAppPush *CFAppPush) getGitSCMSource(clientWebSocket *websocket.Conn, tem
LoggerUrl: loggerURL,
Branch: info.Branch,
Commit: info.CommitHash,
SkipSSL: skipSLL,
}
info.CommitHash, err = cloneRepository(cloneDetails, clientWebSocket, tempDir)
if err != nil {
Expand Down Expand Up @@ -601,7 +610,7 @@ func cloneRepository(cloneDetails CloneDetails, clientWebSocket *websocket.Conn,

vcsGit := GetVCS()

err := vcsGit.Create(tempDir, cloneDetails.Url, cloneDetails.Branch)
err := vcsGit.Create(cloneDetails.SkipSSL, tempDir, cloneDetails.Url, cloneDetails.Branch)
if err != nil {
log.Infof("Failed to clone repo %s due to %+v", cloneDetails.LoggerUrl, err)
sendErrorMessage(clientWebSocket, err, CLOSE_FAILED_CLONE)
Expand Down
1 change: 1 addition & 0 deletions src/jetstream/plugins/cfapppush/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -121,4 +121,5 @@ type CloneDetails struct {
LoggerUrl string
Branch string
Commit string
SkipSSL bool
}
7 changes: 4 additions & 3 deletions src/jetstream/plugins/cfapppush/vcs.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"bytes"
"os"
"os/exec"
"strconv"
"strings"

log "github.com/sirupsen/logrus"
Expand All @@ -14,7 +15,7 @@ import (
var vcsGit = &vcsCmd{
name: "Git",
cmd: "git",
createCmd: []string{"clone -b {branch} {repo} {dir}"},
createCmd: []string{"clone -c http.sslVerify={sslVerify} -b {branch} {repo} {dir} "},
resetToCommitCmd: []string{"reset --hard {commit}"},
checkoutCmd: []string{"checkout refs/remotes/origin/{branch}"},
headCmd: []string{"rev-parse HEAD"},
Expand All @@ -35,9 +36,9 @@ type vcsCmd struct {
resetToCommitCmd []string // reset branch to commit
}

func (vcs *vcsCmd) Create(dir string, repo string, branch string) error {
func (vcs *vcsCmd) Create(skipSSL bool, dir string, repo string, branch string) error {
for _, cmd := range vcs.createCmd {
if err := vcs.run(".", cmd, "dir", dir, "repo", repo, "branch", branch); err != nil {
if err := vcs.run(".", cmd, "sslVerify", strconv.FormatBool(!skipSSL), "dir", dir, "repo", repo, "branch", branch); err != nil {
return err
}
}
Expand Down

0 comments on commit bc65c31

Please sign in to comment.