From 628d971fcde46b84e8b9fdc11a553181af28a114 Mon Sep 17 00:00:00 2001
From: Sean Sundberg <seansund@us.ibm.com>
Date: Mon, 3 Oct 2022 15:40:26 -0500
Subject: [PATCH 1/2] Updates handling of git with self-signed cert

- Updates git-client to v1.14.7
- Updates logging
- Adds caCert to logic that retrieves gitops config from git server

Signed-off-by: Sean Sundberg <seansund@us.ibm.com>
---
 package-lock.json                             | 14 ++++++-------
 package.json                                  |  2 +-
 .../gitops-module/gitops-module-pr.impl.ts    | 21 +++++++++++++------
 .../gitops-module/gitops-module.api.ts        |  1 +
 4 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0415885c..3d7619e2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "1.41.8",
       "license": "MIT",
       "dependencies": {
-        "@cloudnativetoolkit/git-client": "^1.14.6",
+        "@cloudnativetoolkit/git-client": "^1.14.7",
         "@cloudnativetoolkit/kubernetes-client": "^9.1.3",
         "chalk": "^4.1.2",
         "dot-properties": "^1.0.1",
@@ -2712,9 +2712,9 @@
       "dev": true
     },
     "node_modules/@cloudnativetoolkit/git-client": {
-      "version": "1.14.6",
-      "resolved": "https://registry.npmjs.org/@cloudnativetoolkit/git-client/-/git-client-1.14.6.tgz",
-      "integrity": "sha512-LISGICF23qBB049I40VWC7zfSHJmPR2eMWsl8heF6JgQRfF5k8hV+k7A9bpp7Cm/at3nFEcfaeeZF1Gn7TS5Ig==",
+      "version": "1.14.7",
+      "resolved": "https://registry.npmjs.org/@cloudnativetoolkit/git-client/-/git-client-1.14.7.tgz",
+      "integrity": "sha512-kYgXArciHS/9rkZl4cJpcPy1IOJjabaIqms1GF6UDT60FczaTzgOYDg0fnj6hd+pSy5WYSy3kUHH0eZswDvajg==",
       "dependencies": {
         "@octokit/core": "^3.6.0",
         "@octokit/plugin-retry": "^3.0.9",
@@ -11511,9 +11511,9 @@
       "dev": true
     },
     "@cloudnativetoolkit/git-client": {
-      "version": "1.14.6",
-      "resolved": "https://registry.npmjs.org/@cloudnativetoolkit/git-client/-/git-client-1.14.6.tgz",
-      "integrity": "sha512-LISGICF23qBB049I40VWC7zfSHJmPR2eMWsl8heF6JgQRfF5k8hV+k7A9bpp7Cm/at3nFEcfaeeZF1Gn7TS5Ig==",
+      "version": "1.14.7",
+      "resolved": "https://registry.npmjs.org/@cloudnativetoolkit/git-client/-/git-client-1.14.7.tgz",
+      "integrity": "sha512-kYgXArciHS/9rkZl4cJpcPy1IOJjabaIqms1GF6UDT60FczaTzgOYDg0fnj6hd+pSy5WYSy3kUHH0eZswDvajg==",
       "requires": {
         "@octokit/core": "^3.6.0",
         "@octokit/plugin-retry": "^3.0.9",
diff --git a/package.json b/package.json
index 04a01d77..9a6ea516 100644
--- a/package.json
+++ b/package.json
@@ -84,7 +84,7 @@
     "typescript": "^4.5.2"
   },
   "dependencies": {
-    "@cloudnativetoolkit/git-client": "^1.14.6",
+    "@cloudnativetoolkit/git-client": "^1.14.7",
     "@cloudnativetoolkit/kubernetes-client": "^9.1.3",
     "chalk": "^4.1.2",
     "dot-properties": "^1.0.1",
diff --git a/src/services/gitops-module/gitops-module-pr.impl.ts b/src/services/gitops-module/gitops-module-pr.impl.ts
index e9b8282d..7781ba66 100644
--- a/src/services/gitops-module/gitops-module-pr.impl.ts
+++ b/src/services/gitops-module/gitops-module-pr.impl.ts
@@ -120,7 +120,11 @@ export class GitopsModulePRImpl implements GitOpsModuleApi {
 
   async populate(options: GitOpsModuleOptions): Promise<GitOpsModuleResult> {
 
-    this.logger.log(`Populating gitops repo for component ${options.name} in namespace ${options.namespace}`);
+    if (options.isNamespace) {
+      this.logger.log(`Populating gitops repo for namespace ${options.name}`);
+    } else {
+      this.logger.log(`Populating gitops repo for component ${options.name} in namespace ${options.namespace}`);
+    }
 
     const input: GitOpsModuleInput = await this.defaultInputs(options);
 
@@ -201,7 +205,7 @@ export class GitopsModulePRImpl implements GitOpsModuleApi {
     return result;
   }
 
-  async loadGitOpsConfig({bootstrapRepoUrl, gitopsConfigFile, token, branch, gitopsCredentials}: {bootstrapRepoUrl?: string, gitopsConfigFile?: string, branch?: string, token?: string, gitopsCredentials: GitOpsCredentials}): Promise<GitOpsConfig> {
+  async loadGitOpsConfig({bootstrapRepoUrl, gitopsConfigFile, caCert, branch, gitopsCredentials}: {bootstrapRepoUrl?: string, gitopsConfigFile?: string, branch?: string, caCert?: string | {cert: string, certFile: string}, gitopsCredentials: GitOpsCredentials}): Promise<GitOpsConfig> {
     if (!gitopsConfigFile && !bootstrapRepoUrl && !process.env.GITOPS_CONFIG) {
       throw new Error('Missing gitops config file name, bootstrap repo location, or GITOPS_CONFIG env variable');
     }
@@ -213,7 +217,7 @@ export class GitopsModulePRImpl implements GitOpsModuleApi {
     } else {
       const credential: GitOpsCredential = this.lookupGitCredential(gitopsCredentials, bootstrapRepoUrl);
 
-      return await parseGitFile(bootstrapRepoUrl, 'config.yaml', {username: credential.username, password: credential.token}, branch) as GitOpsConfig;
+      return await parseGitFile(bootstrapRepoUrl, 'config.yaml', {username: credential.username, password: credential.token, caCert}, branch) as GitOpsConfig;
     }
   }
 
@@ -545,7 +549,7 @@ async function parseFile(filename: string): Promise<object> {
   return parser(await fs.readFile(filename));
 }
 
-async function parseGitFile(gitUrl: string, filename: string, credentials: {username: string, password: string}, branch?: string): Promise<object> {
+async function parseGitFile(gitUrl: string, filename: string, credentials: {username: string, password: string, caCert?: string | {cert: string, certFile: string}}, branch?: string): Promise<object> {
 
   const extension = filename.replace(/.*[.](.*)$/, '$1');
 
@@ -554,9 +558,14 @@ async function parseGitFile(gitUrl: string, filename: string, credentials: {user
     throw new Error('Unknown extension for parsing: ' + extension);
   }
 
-  const gitApi: GitApi = await apiFromUrl(gitUrl, credentials);
+  try {
+    const gitApi: GitApi = await apiFromUrl(gitUrl, credentials, branch);
 
-  return parser(await gitApi.getFileContents({path: filename}));
+    return parser(await gitApi.getFileContents({path: filename}));
+  } catch (err) {
+    console.log('Error getting file from git: ', {filename, gitUrl})
+    throw err
+  }
 }
 
 async function copy(sourceDir: string, destDir: string): Promise<{stdout: string | Buffer, stderr: string | Buffer}> {
diff --git a/src/services/gitops-module/gitops-module.api.ts b/src/services/gitops-module/gitops-module.api.ts
index 65af3a06..871534d2 100644
--- a/src/services/gitops-module/gitops-module.api.ts
+++ b/src/services/gitops-module/gitops-module.api.ts
@@ -47,6 +47,7 @@ export type GitOpsModuleOptions = GitOpsModuleInputBase & Partial<GitOpsModuleIn
   valueFiles?: string;
   delete?: boolean;
   waitForBlocked?: string;
+  branch?: string;
 };
 export type GitOpsModuleInput = GitOpsModuleInputBase & GitOpsModuleInputDefaults & {
   valueFiles: string[];

From 2f83d573c9462309b09a808acefad27006e5baf4 Mon Sep 17 00:00:00 2001
From: Sean Sundberg <seansund@us.ibm.com>
Date: Mon, 3 Oct 2022 15:50:58 -0500
Subject: [PATCH 2/2] Adds username arg to gitops-namespace and gitops-module

Signed-off-by: Sean Sundberg <seansund@us.ibm.com>
---
 src/commands/gitops-module.ts                   | 6 ++++++
 src/commands/gitops-namespace.ts                | 6 ++++++
 src/services/gitops-module/gitops-module.api.ts | 1 +
 3 files changed, 13 insertions(+)

diff --git a/src/commands/gitops-module.ts b/src/commands/gitops-module.ts
index 02ebe12c..4d9e6c3f 100644
--- a/src/commands/gitops-module.ts
+++ b/src/commands/gitops-module.ts
@@ -75,6 +75,12 @@ export const builder = (yargs: Argv<any>) => {
         conflicts: 'token',
         demandOption: false,
       },
+      'username': {
+        describe: 'Git username to access gitops repo',
+        type: 'string',
+        conflicts: 'gitopsCredentialsFile',
+        demandOption: false,
+      },
       'token': {
         describe: 'Git personal access token to access gitops repo',
         type: 'string',
diff --git a/src/commands/gitops-namespace.ts b/src/commands/gitops-namespace.ts
index 3c6b0b8d..71a3ffff 100644
--- a/src/commands/gitops-namespace.ts
+++ b/src/commands/gitops-namespace.ts
@@ -60,6 +60,12 @@ export const builder = (yargs: Argv<any>) => {
         conflicts: 'token',
         demandOption: false,
       },
+      'username': {
+        describe: 'Git username to access gitops repo',
+        type: 'string',
+        conflicts: 'gitopsCredentialsFile',
+        demandOption: false,
+      },
       'token': {
         describe: 'Git personal access token to access gitops repo',
         type: 'string',
diff --git a/src/services/gitops-module/gitops-module.api.ts b/src/services/gitops-module/gitops-module.api.ts
index 871534d2..846b8512 100644
--- a/src/services/gitops-module/gitops-module.api.ts
+++ b/src/services/gitops-module/gitops-module.api.ts
@@ -43,6 +43,7 @@ export type GitOpsModuleOptions = GitOpsModuleInputBase & Partial<GitOpsModuleIn
   gitopsCredentialsFile?: string;
   autoMerge?: boolean;
   rateLimit?: boolean;
+  username?: string;
   token?: string;
   valueFiles?: string;
   delete?: boolean;