Feat: Support SSH for retrieving terraform modules in private git repo

[motilayo]

Support SSH for retrieving terraform modules in private git repo

Enable support for terraform modules in private git repo through SSH. A kubernetes secret which holds the ssh private-key and known_hosts should be created and referenced in the component definition.

Terraform controller PR: kubevela/terraform-controller#349

Feature for kubevela/terraform-controller#292

I have:

• Read and followed KubeVela's contribution process.
• Related Docs updated properly. In a new feature or configuration option, an update to the documentation is necessary.
• Run make reviewable to ensure this PR is ready for review.
• Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Tested in a local cluster.

1. Create a kubernetes secret of type kubernetes.io/ssh-auth for the git ssh credentials & known-hosts

apiVersion: v1
kind: Secret
metadata:
  name: git-ssh
  namespace: vela-system
type: kubernetes.io/ssh-auth
stringData:
  ssh-privatekey: |
   <SSH Private Key> # the ssh private key used for authenticating git
  known_hosts: |
   <SSH known_hosts>  # use `ssh-keyscan github.com`  to generate known_hosts

2. Create a component definition

apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  annotations:
    definition.oam.dev/description: Terraform module to provision a KMS key with alias
  labels:
    type: terraform
  name: aws-kms-key
  namespace: vela-system
spec:
  schematic:
    terraform:
      configuration: git@github.com:motilayo/terraform-aws-kms-key.git # use terraform configuration in private git repo to test
      gitCredentialsSecretReference: # reference to the secret created earlier
        name: git-ssh # secret name
        namespace: vela-system  # secret namespace
      type: remote

3. Create an application and verify

Special notes for your reviewer

[codecov]

Codecov Report

Base: 49.60% // Head: 61.08% // Increases project coverage by +11.47% 🎉

Coverage data is based on head (8785823) compared to base (c7c6009).
Patch coverage: 71.42% of modified lines in pull request are covered.

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #5059       +/-   ##
===========================================
+ Coverage   49.60%   61.08%   +11.47%     
===========================================
  Files         304      305        +1     
  Lines       45429    45499       +70     
===========================================
+ Hits        22537    27792     +5255     
+ Misses      20544    14846     -5698     
- Partials     2348     2861      +513     

Flag	Coverage Δ
apiserver-e2etests	35.05% <0.00%> (?)
apiserver-unittests	36.84% <ø> (-0.05%)	⬇️
core-unittests	55.12% <62.50%> (-0.02%)	⬇️
e2e-multicluster-test	18.87% <14.28%> (-0.03%)	⬇️
e2e-rollout-tests	20.53% <16.07%> (+0.01%)	⬆️
e2etests	25.91% <16.07%> (-0.12%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/controller/utils/capability.go	80.64% <68.62%> (-0.57%)	⬇️
pkg/appfile/appfile.go	74.31% <100.00%> (+0.16%)	⬆️
...ponentdefinition/componentdefinition_controller.go	91.35% <100.00%> (ø)
pkg/addon/registry.go	38.65% <0.00%> (-5.05%)	⬇️
pkg/cue/definition/template.go	64.16% <0.00%> (-3.47%)	⬇️
...troller/core.oam.dev/v1alpha2/application/apply.go	87.84% <0.00%> (-2.09%)	⬇️
pkg/oam/util/helper.go	61.91% <0.00%> (-0.53%)	⬇️
pkg/apiserver/utils/container/container.go	83.33% <0.00%> (ø)
pkg/velaql/providers/query/tree.go	85.27% <0.00%> (+0.26%)	⬆️
pkg/multicluster/cluster_management.go	36.70% <0.00%> (+0.26%)	⬆️
... and 113 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[motilayo]

@wonderflow Please review when you get a chance. I've added some tests and rebased my branch with the master branch.

[Somefive]

LGTM after nit.

[wonderflow]

what if the value is still nil?

[chivalryq]

Then it's ok to have no credentials. Like when it is a public repo.

[wonderflow]

great job, generally LGTM!

[chivalryq]

LGTM! Please fix tests.