Support specifying bearerToken for git http token authentication.

As an alternative to username and password with http basic authentication. Signed-off-by: Christian Ihle <[email protected]>
fluxcd · Jan 10, 2023 · 19ba225 · 19ba225
1 parent ad2ee3c
commit 19ba225
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 7 deletions.
diff --git a/git/gogit/transport.go b/git/gogit/transport.go
@@ -43,6 +43,10 @@ func transportAuth(opts *git.AuthOptions, fallbackToDefaultKnownHosts bool) (tra
 				Username: opts.Username,
 				Password: opts.Password,
 			}, nil
+		} else if opts.BearerToken != "" {
+			return &http.TokenAuth{
+				Token: opts.BearerToken,
+			}, nil
 		}
 		return nil, nil
 	case git.SSH:

diff --git a/git/gogit/transport_test.go b/git/gogit/transport_test.go
@@ -111,6 +111,18 @@ func Test_transportAuth(t *testing.T) {
 				}))
 			},
 		},
+		{
+			name: "HTTP bearer token",
+			opts: &git.AuthOptions{
+				Transport:   git.HTTP,
+				BearerToken: "http-token",
+			},
+			wantFunc: func(g *WithT, t transport.AuthMethod, opts *git.AuthOptions) {
+				g.Expect(t).To(Equal(&http.TokenAuth{
+					Token: opts.BearerToken,
+				}))
+			},
+		},
 		{
 			name: "HTTPS basic auth",
 			opts: &git.AuthOptions{
@@ -125,6 +137,18 @@ func Test_transportAuth(t *testing.T) {
 				}))
 			},
 		},
+		{
+			name: "HTTPS bearer token",
+			opts: &git.AuthOptions{
+				Transport:   git.HTTPS,
+				BearerToken: "https-token",
+			},
+			wantFunc: func(g *WithT, t transport.AuthMethod, opts *git.AuthOptions) {
+				g.Expect(t).To(Equal(&http.TokenAuth{
+					Token: opts.BearerToken,
+				}))
+			},
+		},
 		{
 			name: "SSH private key",
 			opts: &git.AuthOptions{

diff --git a/git/options.go b/git/options.go
@@ -38,13 +38,14 @@ const (
 // AuthOptions are the authentication options for the Transport of
 // communication with a remote origin.
 type AuthOptions struct {
-	Transport  TransportType
-	Host       string
-	Username   string
-	Password   string
-	Identity   []byte
-	KnownHosts []byte
-	CAFile     []byte
+	Transport   TransportType
+	Host        string
+	Username    string
+	Password    string
+	BearerToken string
+	Identity    []byte
+	KnownHosts  []byte
+	CAFile      []byte
 }
 
 // KexAlgos hosts the key exchange algorithms to be used for SSH connections.
@@ -88,6 +89,7 @@ func NewAuthOptions(u url.URL, data map[string][]byte) (*AuthOptions, error) {
 	if len(data) > 0 {
 		opts.Username = string(data["username"])
 		opts.Password = string(data["password"])
+		opts.BearerToken = string(data["bearerToken"])
 		opts.CAFile = data["caFile"]
 		opts.Identity = data["identity"]
 		opts.KnownHosts = data["known_hosts"]

diff --git a/git/options_test.go b/git/options_test.go
@@ -186,6 +186,7 @@ func TestAuthOptionsFromData(t *testing.T) {
 			data: map[string][]byte{
 				"username":    []byte("example"), // This takes precedence over the one from the URL
 				"password":    []byte("secret"),
+				"bearerToken": []byte("token"),
 				"identity":    []byte(privateKeyFixture),
 				"known_hosts": []byte(knownHostsFixture),
 				"caFile":      []byte("mock"),
@@ -194,6 +195,7 @@ func TestAuthOptionsFromData(t *testing.T) {
 			wantFunc: func(g *WithT, opts *AuthOptions) {
 				g.Expect(opts.Username).To(Equal("example"))
 				g.Expect(opts.Password).To(Equal("secret"))
+				g.Expect(opts.BearerToken).To(Equal("token"))
 				g.Expect(opts.Identity).To(BeEquivalentTo(privateKeyFixture))
 				g.Expect(opts.KnownHosts).To(BeEquivalentTo(knownHostsFixture))
 				g.Expect(opts.CAFile).To(BeEquivalentTo("mock"))