Implement RFC-007: Passwordless authentication for Git repositories for all providers and controllers
dipti-pai opened this issue · 5 comments
This issue tracks the implementation of RFC-007 : Passwordless authentication for Git repositories
WorkItems
Implement pkg changes
- Implement azure auth pkg to obtain workload identity credentials to access ADO - fluxcd/pkg#789
- Implement GitHub provider to read the provided secret and get the gh app installation token - fluxcd/pkg#818
- Implement GitLab provider to read the provided secret and get the access token
- Implement gcp auth pkg to fetch the access token to access CSR
- Implement caching of git credentials to avoid fetching the credentials from provider repeatedly
Controller changes
- Add .spec.provider to GitRepository API - fluxcd/source-controller#1591
- Implement source-controller changes to use the
azure
provider to authenticate to git - fluxcd/source-controller#1591 - Implement IAC changes to use the
azure
provider to authenticate to git - fluxcd/image-automation-controller#747 - Implement source-controller changes to use the
github
provider to authenticate to git - fluxcd/source-controller#1647 - Implement IAC changes to use the
github
provider to authenticate to git - fluxcd/image-automation-controller#780
CLI changes
- Add
--provider
flag toflux create source git
- #4986
Integration tests
- Add terraform module for provisioning AzureDevOps project and repository in organization - fluxcd/test-infra#44
- Add end-to-end test for Azure that provisions the required cloud infrastructure (AKS cluster, workload identity) and Azure DevOps repository and validates cloning a git repository with cloud provider credentials - fluxcd/pkg#793
Code of Conduct
- I agree to follow this project's Code of Conduct
When we have issues to "Implement RFC-###" it would be helpful to put the RFC title in the issue title: "Implement RFC-007 Passwordless authentication for Git repositories"
If you want to put something else in, as you did here, we should at least put it in that first line, so instead of "This issue tracks the implementation of RFC-007" ... you'd save most people a click if it said "This issue tracks the implementation of RFC-007 Passwordless authentication for Git repositories"
I have removed CodeCommit
as this service has been shutdown by AWS.
Sorry to bother guys, I've just created a request about kinda this topic as I was redirected from the documentation directly to the issue template creation.
But, wouldn't it OIDC/OAuth2 standard implementation belong onto this as a method for GIT authentication against IaC for gitea/gitlab/forgejo/others too?