Add ca and insecure to clone & push

syngit-org · May 31, 2024 · a3b883a · a3b883a
1 parent 91e2325
commit a3b883a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/internal/controller/git_pusher.go b/internal/controller/git_pusher.go
@@ -51,6 +51,7 @@ func (gp *GitPusher) Push() (GitPushResponse, error) {
 		},
 		SingleBranch:    true,
 		InsecureSkipTLS: gp.remoteConfiguration.InsecureSkipTlsVerify,
+		CABundle:        []byte(gp.remoteConfiguration.CaBundle),
 	}
 	if gp.remoteConfiguration.CaBundle != "" {
 		cloneOption.CABundle = []byte(gp.remoteConfiguration.CaBundle)
@@ -253,6 +254,8 @@ func (gp *GitPusher) pushChanges(repo *git.Repository) error {
 			Username: gp.gitUser,
 			Password: gp.gitToken,
 		},
+		InsecureSkipTLS: gp.remoteConfiguration.InsecureSkipTlsVerify,
+		CABundle:        []byte(gp.remoteConfiguration.CaBundle),
 	})
 	if err != nil {
 		errMsg := "failed to push changes: " + err.Error()

diff --git a/internal/controller/gitremote_controller.go b/internal/controller/gitremote_controller.go
@@ -182,19 +182,21 @@ func (r *GitRemoteReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		}
 
 		// Perform Git provider authentication check
-		caCertPool := x509.NewCertPool()
-		if ok := caCertPool.AppendCertsFromPEM([]byte(gpc.CaBundle)); !ok {
-			gitRemote.Status.ConnexionStatus.Status = kgiov1.GitConfigParseError
-			gitRemote.Status.ConnexionStatus.Details = "the certificate should be base64-encoded (in PEM format)"
-			errUpdate := r.updateStatus(ctx, &gitRemote)
-			return ctrl.Result{}, errUpdate
-		}
 		transport := &http.Transport{
 			TLSClientConfig: &tls.Config{
-				RootCAs:            caCertPool,
 				InsecureSkipVerify: gpc.InsecureSkipTlsVerify,
 			},
 		}
+		if !gpc.InsecureSkipTlsVerify {
+			caCertPool := x509.NewCertPool()
+			if ok := caCertPool.AppendCertsFromPEM([]byte(gpc.CaBundle)); !ok {
+				gitRemote.Status.ConnexionStatus.Status = kgiov1.GitConfigParseError
+				gitRemote.Status.ConnexionStatus.Details = "x509 cert pool maker failed"
+				errUpdate := r.updateStatus(ctx, &gitRemote)
+				return ctrl.Result{}, errUpdate
+			}
+			transport.TLSClientConfig.RootCAs = caCertPool
+		}
 		httpClient := &http.Client{
 			Transport: transport,
 		}