-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(artifacts/gitRepo): support SSH auth #4052
feat(artifacts/gitRepo): support SSH auth #4052
Conversation
44ea60b
to
c81daa0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Just a few small comments.
authType = AuthType.HTTP; | ||
} else if (!StringUtils.isEmpty(token)) { | ||
authType = AuthType.TOKEN; | ||
} else if (!StringUtils.isEmpty(sshPrivateKeyFilePath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would we want to support the case where users have an SSH key without a passphrase?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Possibly? I copied all of this logic from the App Engine logic so I assume most cases have been accounted for since it's been around longer. If cases like this come up I don't see why we couldn't just relax this condition in a patch.
new JschConfigSessionFactory() { | ||
@Override | ||
protected void configure(OpenSshConfig.Host hc, Session session) { | ||
if (sshKnownHostsFilePath == null && sshTrustUnknownHosts) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a use case for trusting unknown hosts even if you provide a known hosts file?
defaultJSch.addIdentity(sshPrivateKeyFilePath, sshPrivateKeyPassphrase); | ||
|
||
if (sshKnownHostsFilePath != null && sshTrustUnknownHosts) { | ||
log.warn( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It feels like this warning could be closer to where we actually ignore the value of sshTrustUnknownHosts
(ie, in confgure
). (Or maybe that gets called too often to log...)
c81daa0
to
0165cc7
Compare
add support for ssh as an alternative authentication mechanisim
improve UX around errors for authentication. if the accounts authentication type doesn't support references of a type throw an error before trying to download it.
add support for ssh without a passphrase
3d4a3ce
to
754fa59
Compare
adds support for SSH authentication and also improves UX around what
happens if the users supplies a reference that isn't supported by the
auth type.