fluxcd/flux2

Implement RFC-007: Passwordless authentication for Git repositories for all providers and controllers

dipti-pai opened this issue · 5 comments

This issue tracks the implementation of RFC-007 : Passwordless authentication for Git repositories

WorkItems

Implement pkg changes

  • Implement azure auth pkg to obtain workload identity credentials to access ADO - fluxcd/pkg#789
  • Implement GitHub provider to read the provided secret and get the gh app installation token - fluxcd/pkg#818
  • Implement GitLab provider to read the provided secret and get the access token
  • Implement gcp auth pkg to fetch the access token to access CSR
  • Implement caching of git credentials to avoid fetching the credentials from provider repeatedly

Controller changes

CLI changes

  • Add --provider flag to flux create source git - #4986

Integration tests

  • Add terraform module for provisioning AzureDevOps project and repository in organization - fluxcd/test-infra#44
  • Add end-to-end test for Azure that provisions the required cloud infrastructure (AKS cluster, workload identity) and Azure DevOps repository and validates cloning a git repository with cloud provider credentials - fluxcd/pkg#793

Code of Conduct

  • I agree to follow this project's Code of Conduct

When we have issues to "Implement RFC-###" it would be helpful to put the RFC title in the issue title: "Implement RFC-007 Passwordless authentication for Git repositories"

If you want to put something else in, as you did here, we should at least put it in that first line, so instead of "This issue tracks the implementation of RFC-007" ... you'd save most people a click if it said "This issue tracks the implementation of RFC-007 Passwordless authentication for Git repositories"

I have removed CodeCommit as this service has been shutdown by AWS.

Sorry to bother guys, I've just created a request about kinda this topic as I was redirected from the documentation directly to the issue template creation.

But, wouldn't it OIDC/OAuth2 standard implementation belong onto this as a method for GIT authentication against IaC for gitea/gitlab/forgejo/others too?