If a git secret has ssh-auth type, warn about urls starting with https: and vice versa
#3094
Assignees
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
|
/assign @FogDong |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature request
Validate the creds-init Secrets that will be injected into a Step container. If a Git secret has a type of ssh-auth but is going to be used against a repo URL starting with
https://thengitwon't even try to use the SSH keys. We should warn about this via an Event on the TaskRun or similar.Similarly, if a creds-init Secret has a type of
basic-authbut the URL being used to initialize that credential is of the formuser@domain.comthengitwill ignore the basic auth credential, which can also be confusing. Again we should try and validate that the URL and credential line up and warn the user if they don't.This is another fiddly edge case in our creds-init dance. See #1983 (comment) for an example where a user hit a bump related to this.
Use case
User supplies SSH credential for their github repo in a k8s Secret. User accidentally puts the
https://URL in their Git PipelineResource. The git clone step fails because the URL is not an ssh URL and sogitignores the SSH creds. The user should be warned about this mismatch more explicitly.The text was updated successfully, but these errors were encountered: