From fe3166913d2987afbadeffcc9180d338c1b12b40 Mon Sep 17 00:00:00 2001 From: Roman Hros Date: Wed, 28 Aug 2024 10:12:04 +0200 Subject: [PATCH] Add basic auth option for the oci client Signed-off-by: Roman Hros --- config/manager/credentials.yaml | 2 ++ config/manager/manager.yaml | 10 ++++++++++ pkg/assetsclient/oci/client.go | 2 ++ pkg/assetsclient/oci/credentials.go | 24 +++++++++++++++++++----- 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/config/manager/credentials.yaml b/config/manager/credentials.yaml index 6b7a14a8f..10388eba6 100644 --- a/config/manager/credentials.yaml +++ b/config/manager/credentials.yaml @@ -12,3 +12,5 @@ data: oci-registry: ${OCI_REGISTRY_B64:=""} oci-repository: ${OCI_REPOSITORY_B64:=""} oci-access-token: ${OCI_ACCESS_TOKEN_B64:=""} + oci-username: ${OCI_USERNAME_B64:=""} + oci-password: ${OCI_PASSWORD_B64:=""} diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 8cbb1aadf..20787bd94 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -63,6 +63,16 @@ spec: secretKeyRef: name: cso-cluster-stack-variables key: oci-access-token + - name: OCI_USERNAME + valueFrom: + secretKeyRef: + name: cso-cluster-stack-variables + key: oci-username + - name: OCI_PASSWORD + valueFrom: + secretKeyRef: + name: cso-cluster-stack-variables + key: oci-password args: - --leader-elect=true - --log-level=info diff --git a/pkg/assetsclient/oci/client.go b/pkg/assetsclient/oci/client.go index c061ae880..d7218d63d 100644 --- a/pkg/assetsclient/oci/client.go +++ b/pkg/assetsclient/oci/client.go @@ -54,6 +54,8 @@ func (*factory) NewClient(ctx context.Context) (assetsclient.Client, error) { client := auth.Client{ Credential: auth.StaticCredential(config.registry, auth.Credential{ AccessToken: config.accessToken, + Username: config.username, + Password: config.password, }), } diff --git a/pkg/assetsclient/oci/credentials.go b/pkg/assetsclient/oci/credentials.go index a3b05ff45..74edecd95 100644 --- a/pkg/assetsclient/oci/credentials.go +++ b/pkg/assetsclient/oci/credentials.go @@ -27,12 +27,16 @@ const ( envOCIRegistry = "OCI_REGISTRY" envOCIRepository = "OCI_REPOSITORY" envOCIAccessToken = "OCI_ACCESS_TOKEN" + envOCIUsername = "OCI_USERNAME" + envOCIPassword = "OCI_PASSWORD" ) type ociConfig struct { registry string repository string accessToken string + username string + password string } func newOCIConfig() (ociConfig, error) { @@ -51,12 +55,22 @@ func newOCIConfig() (ociConfig, error) { config.repository = val val = os.Getenv(envOCIAccessToken) - if val == "" { - return ociConfig{}, fmt.Errorf("environment variable %s is not set", envOCIAccessToken) - } + if val != "" { + base64AccessToken := base64.StdEncoding.EncodeToString([]byte(val)) + config.accessToken = base64AccessToken + } else { + val = os.Getenv(envOCIUsername) + if val == "" { + return ociConfig{}, fmt.Errorf("environment variable %s is not set", envOCIUsername) + } + config.username = val - base64AccessToken := base64.StdEncoding.EncodeToString([]byte(val)) - config.accessToken = base64AccessToken + val = os.Getenv(envOCIPassword) + if val == "" { + return ociConfig{}, fmt.Errorf("environment variable %s is not set", envOCIPassword) + } + config.password = val + } return config, nil }