Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic auth #2242

Merged
merged 5 commits into from
Mar 26, 2024
Merged

Basic auth #2242

merged 5 commits into from
Mar 26, 2024

Conversation

lkingland
Copy link
Member

@lkingland lkingland commented Mar 21, 2024
edited
Loading

This PR adds HTTP basic auth via CLI arguments to the "host" builder.

Because the Host builder is still behind a feature flag as it is experimental, the newly added flags are currently hidden.

The purpose of this addition is to enable a common use-case of using a third-party credentials management system rather than relying on those provided by the respective registries (docker credentials manager, AWS, etc) or the system. This is especially useful when considering that the "host" builder does not require docker nor podman be installed.

For example the venerable pass command line tool, or the recent Bitwarden, 1Password, etc.

Simple Example

Here is an example of how this works using the Bitwarden bw command, which will prompt the user for the repository master password on each deploy.

func deploy --username=func --password=$(bw get password registry.example.com)

This workflow is roughly the same for the CLI password management apps.

Caching Credentials Example

While the following is Bitwarden-specific, it may serve to be illustrative on how this paradigm can be used to cache credentials. The above command will prompt the user interactively for the master password. To "cache" the credentials one would us bw unlock followed by providing the resultant session key to the bw get command.

bw unlock --raw > ~/.bw-session
alias bw='bw --session=$(<~/.bw-session)'

Now the same deploy command will have credentials cached:

func deploy --username=func --password=$(bw  get password registry.example.com)

Future Work

There is a small amount of overlap between the docker pusher's credentials management and this implemention. I would hope to factor out some of these primitives into a shared creds package or similar.

@knative-prow knative-prow bot requested review from dsimansk and maximilien March 21, 2024 10:30
@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 21, 2024
@lkingland
cleanup
57b6359 
- Remove debug statements
- Fix test race
- Update licenses
@knative-prow knative-prow bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 21, 2024
matzew
matzew approved these changes Mar 25, 2024
View reviewed changes
Copy link
Member

@matzew matzew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

/retest

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 25, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Mar 25, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lkingland, matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@matzew matzew closed this Mar 26, 2024
@matzew matzew reopened this Mar 26, 2024
@matzew
Copy link
Member

matzew commented Mar 26, 2024

close/reopen, as the CI seemed to be stuck in nirvana

@knative-prow knative-prow bot merged commit 9beea04 into knative:main Mar 26, 2024
68 of 70 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matzew matzew matzew approved these changes

Assignees

@matzew matzew

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lkingland @matzew