Add basic auth option for the oci client

Signed-off-by: Roman Hros <roman.hros@dnation.cloud>
SovereignCloudStack · Sep 2, 2024 · fe31669 · fe31669
1 parent 5030a18
commit fe31669
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 5 deletions.
diff --git a/config/manager/credentials.yaml b/config/manager/credentials.yaml
@@ -12,3 +12,5 @@ data:
   oci-registry: ${OCI_REGISTRY_B64:=""}
   oci-repository: ${OCI_REPOSITORY_B64:=""}
   oci-access-token: ${OCI_ACCESS_TOKEN_B64:=""}
+  oci-username: ${OCI_USERNAME_B64:=""}
+  oci-password: ${OCI_PASSWORD_B64:=""}
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -63,6 +63,16 @@ spec:
                 secretKeyRef:
                   name: cso-cluster-stack-variables
                   key: oci-access-token
+            - name: OCI_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: cso-cluster-stack-variables
+                  key: oci-username
+            - name: OCI_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: cso-cluster-stack-variables
+                  key: oci-password
           args:
             - --leader-elect=true
             - --log-level=info

diff --git a/pkg/assetsclient/oci/client.go b/pkg/assetsclient/oci/client.go
@@ -54,6 +54,8 @@ func (*factory) NewClient(ctx context.Context) (assetsclient.Client, error) {
 	client := auth.Client{
 		Credential: auth.StaticCredential(config.registry, auth.Credential{
 			AccessToken: config.accessToken,
+			Username:    config.username,
+			Password:    config.password,
 		}),
 	}
 

diff --git a/pkg/assetsclient/oci/credentials.go b/pkg/assetsclient/oci/credentials.go
@@ -27,12 +27,16 @@ const (
 	envOCIRegistry    = "OCI_REGISTRY"
 	envOCIRepository  = "OCI_REPOSITORY"
 	envOCIAccessToken = "OCI_ACCESS_TOKEN"
+	envOCIUsername    = "OCI_USERNAME"
+	envOCIPassword    = "OCI_PASSWORD"
 )
 
 type ociConfig struct {
 	registry    string
 	repository  string
 	accessToken string
+	username    string
+	password    string
 }
 
 func newOCIConfig() (ociConfig, error) {
@@ -51,12 +55,22 @@ func newOCIConfig() (ociConfig, error) {
 	config.repository = val
 
 	val = os.Getenv(envOCIAccessToken)
-	if val == "" {
-		return ociConfig{}, fmt.Errorf("environment variable %s is not set", envOCIAccessToken)
-	}
+	if val != "" {
+		base64AccessToken := base64.StdEncoding.EncodeToString([]byte(val))
+		config.accessToken = base64AccessToken
+	} else {
+		val = os.Getenv(envOCIUsername)
+		if val == "" {
+			return ociConfig{}, fmt.Errorf("environment variable %s is not set", envOCIUsername)
+		}
+		config.username = val
 
-	base64AccessToken := base64.StdEncoding.EncodeToString([]byte(val))
-	config.accessToken = base64AccessToken
+		val = os.Getenv(envOCIPassword)
+		if val == "" {
+			return ociConfig{}, fmt.Errorf("environment variable %s is not set", envOCIPassword)
+		}
+		config.password = val
+	}
 
 	return config, nil
 }