Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set STRONGBOX_HOME and gitconfig before running apply command #278

Merged
merged 2 commits into from
Jun 7, 2023
Merged

Set STRONGBOX_HOME and gitconfig before running apply command #278

merged 2 commits into from
Jun 7, 2023

Conversation

ffilippopoulos
Copy link
Member

@ffilippopoulos ffilippopoulos commented Jun 1, 2023
edited
Loading

Problem:
Repository clone happens using a global gitconfig for the current user (root)
that is already configured for strongbox in the Dockrfike we use to build
images. kustomize runs as part of Apply function when the controller has
created a temporary home dir to use in order to set ssh configs. If the
kustomize remote base contains strongbox encrypted files, then the temporary
home gitconfig is not configured to cover us so that we can decrypt successfully
on pull and remote base encrypted files remain encrypted.

This is trying to address the above by creating a temporary gitconfig under the
temp home per apply and sets STRONGBOX_HOME environment variable to point to
the temp home as well. More in particular:

  • Creates an interface for strongbox and adds it to the Runner.
  • Mocks the function that tries to exec strongbox in order to configure git for
    testing.
  • Explicitly sets STRONGBOX_HOME before running apply command

@ffilippopoulos ffilippopoulos force-pushed the set-sb-home-kustomize branch 2 times, most recently from bb43368 to ce52fdf Compare June 1, 2023 15:06
@ffilippopoulos ffilippopoulos changed the title Explicitly set STRONGBOX_HOME before running apply command Set STRONGBOX_HOME and gitconfig before running apply command Jun 1, 2023
@ffilippopoulos
Set gitconfig for strongbox under temp home dir
19909fd 
Problem:
Repository clone happens using a global gitconfig for the current user (root)
that is already configured for strongbox in the Dockrfike we use to build
images. `kustomize` runs as part of Apply function when the controller has
created a temporary home dir to use in order to set ssh configs. If the
kustomize remote base contains strongbox encrypted files, then the temporary
home gitconfig is not configured to cover us so that we can decrypt successfully
on pull and remote base encrypted files remain encrypted.

This is trying to address the above by creating a temporary gitconfig under the
temp home per apply and sets STRONGBOX_HOME environment variable to point to
the temp home as well. More in particular:
- Creates an interface for strongbox and adds it to the Runner.
- Mocks the function that tries to exec strongbox in order to configure git for
  testing.
- Explicitly sets STRONGBOX_HOME before running apply command
@ffilippopoulos ffilippopoulos merged commit 91b8937 into master Jun 7, 2023
4 checks passed
@ffilippopoulos ffilippopoulos deleted the set-sb-home-kustomize branch June 7, 2023 08:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@george-angel george-angel george-angel approved these changes

@asiyani asiyani asiyani approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ffilippopoulos @george-angel @asiyani