fix: Make Git credentials work again (#737)

* fix: Make Git credentials work again Signed-off-by: jannfis <jann@mistrust.net> * Update Signed-off-by: jannfis <jann@mistrust.net> --------- Signed-off-by: jannfis <jann@mistrust.net>
author: Jann Fischer <jann@mistrust.net> 2024-06-14 10:41:43 -0400
committer: GitHub <noreply@github.com> 2024-06-14 10:41:43 -0400
commit: a30912789ffa09eeee6633b3a67592de212aff0e (patch)
tree: b7f684eb30a5fab1bc387dc89564c3c2039cc912 /cmd
parent: cdb44282e4cbab2605415e44a8decb0978618f78 (diff)
3 files changed, 98 insertions, 1 deletions
diff --git a/cmd/ask_pass.go b/cmd/ask_pass.go
new file mode 100644
index 0000000..2a5f9d4
--- /dev/null
+++ b/cmd/ask_pass.go
@@ -0,0 +1,62 @@
+package main
+
+// Taken from https://github.com/argoproj/argo-cd/blob/ae19965ff75fd6ba199914b258d751d6b7ea876c/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go
+// All courtesy to the original authors.
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/argoproj/argo-cd/v2/util/git"
+
+	"github.com/spf13/cobra"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+
+	"github.com/argoproj/argo-cd/v2/reposerver/askpass"
+	"github.com/argoproj/argo-cd/v2/util/errors"
+	grpc_util "github.com/argoproj/argo-cd/v2/util/grpc"
+	"github.com/argoproj/argo-cd/v2/util/io"
+)
+
+const (
+	// cliName is the name of the CLI
+	cliName = "argocd-git-ask-pass"
+)
+
+func NewAskPassCommand() *cobra.Command {
+	var command = cobra.Command{
+		Use:               cliName,
+		Short:             "Argo CD git credential helper",
+		DisableAutoGenTag: true,
+		Run: func(c *cobra.Command, args []string) {
+			ctx := c.Context()
+
+			if len(os.Args) != 2 {
+				errors.CheckError(fmt.Errorf("expected 1 argument, got %d", len(os.Args)-1))
+			}
+			nonce := os.Getenv(git.ASKPASS_NONCE_ENV)
+			if nonce == "" {
+				errors.CheckError(fmt.Errorf("%s is not set", git.ASKPASS_NONCE_ENV))
+			}
+			conn, err := grpc_util.BlockingDial(ctx, "unix", askpass.SocketPath, nil, grpc.WithTransportCredentials(insecure.NewCredentials()))
+			errors.CheckError(err)
+			defer io.Close(conn)
+			client := askpass.NewAskPassServiceClient(conn)
+
+			creds, err := client.GetCredentials(ctx, &askpass.CredentialsRequest{Nonce: nonce})
+			errors.CheckError(err)
+			switch {
+			case strings.HasPrefix(os.Args[1], "Username"):
+				fmt.Println(creds.Username)
+			case strings.HasPrefix(os.Args[1], "Password"):
+				fmt.Println(creds.Password)
+			default:
+				errors.CheckError(fmt.Errorf("unknown credential type '%s'", os.Args[1]))
+			}
+		},
+	}
+
+	return &command
+}
diff --git a/cmd/main.go b/cmd/main.go
index 3a4019d..de6f0c6 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -5,6 +5,7 @@ import (
 	"text/template"
 	"time"
 
+	"github.com/argoproj-labs/argocd-image-updater/ext/git"
 	"github.com/argoproj-labs/argocd-image-updater/pkg/argocd"
 	"github.com/argoproj-labs/argocd-image-updater/pkg/kube"
 
@@ -45,6 +46,7 @@ type ImageUpdaterConfig struct {
 	GitCommitMail       string
 	GitCommitMessage    *template.Template
 	DisableKubeEvents   bool
+	GitCreds            git.CredsStore
 }
 
 // newRootCommand implements the root command of argocd-image-updater
@@ -62,7 +64,20 @@ func newRootCommand() error {
 }
 
 func main() {
-	err := newRootCommand()
+	var err error
+
+	// FIXME(jannfis):
+	// This is a workaround for supporting the Argo CD askpass implementation.
+	// When the environment ARGOCD_BINARY_NAME is set to argocd-git-ask-pass,
+	// we divert from the main path of execution to become a git credentials
+	// helper.
+	cmdName := os.Getenv("ARGOCD_BINARY_NAME")
+	if cmdName == "argocd-git-ask-pass" {
+		cmd := NewAskPassCommand()
+		err = cmd.Execute()
+	} else {
+		err = newRootCommand()
+	}
 	if err != nil {
 		os.Exit(1)
 	}
diff --git a/cmd/run.go b/cmd/run.go
index 305863d..bcc0e1f 100644
--- a/cmd/run.go
+++ b/cmd/run.go
@@ -19,6 +19,8 @@ import (
 	"github.com/argoproj-labs/argocd-image-updater/pkg/registry"
 	"github.com/argoproj-labs/argocd-image-updater/pkg/version"
 
+	"github.com/argoproj/argo-cd/v2/reposerver/askpass"
+
 	"github.com/spf13/cobra"
 
 	"golang.org/x/sync/semaphore"
@@ -155,6 +157,23 @@ func newRunCommand() *cobra.Command {
 				}
 			}
 
+			// Start up the credentials store server
+			cs := askpass.NewServer()
+			csErrCh := make(chan error)
+			go func() {
+				log.Debugf("Starting askpass server")
+				csErrCh <- cs.Run(askpass.SocketPath)
+			}()
+
+			// Wait for cred server to be started, just in case
+			err = <-csErrCh
+			if err != nil {
+				log.Errorf("Error running askpass server: %v", err)
+				return err
+			}
+
+			cfg.GitCreds = cs
+
 			// This is our main loop. We leave it only when our health probe server
 			// returns an error.
 			for {
@@ -309,6 +328,7 @@ func runImageUpdater(cfg *ImageUpdaterConfig, warmUp bool) (argocd.ImageUpdaterR
 				GitCommitEmail:    cfg.GitCommitMail,
 				GitCommitMessage:  cfg.GitCommitMessage,
 				DisableKubeEvents: cfg.DisableKubeEvents,
+				GitCreds:          cfg.GitCreds,
 			}
 			res := argocd.UpdateApplication(upconf, syncState)
 			result.NumApplicationsProcessed += 1
author	Jann Fischer <jann@mistrust.net>	2024-06-14 10:41:43 -0400
committer	GitHub <noreply@github.com>	2024-06-14 10:41:43 -0400
commit	a30912789ffa09eeee6633b3a67592de212aff0e (patch)
tree	b7f684eb30a5fab1bc387dc89564c3c2039cc912 /cmd
parent	cdb44282e4cbab2605415e44a8decb0978618f78 (diff)