From aa668b157dc6867dc0fb59c96ce99c295759555a Mon Sep 17 00:00:00 2001 From: Zadkiel AHARONIAN Date: Fri, 17 Feb 2023 15:12:51 +0100 Subject: [PATCH] feat(artifacts): add git https insecure option Signed-off-by: Zadkiel AHARONIAN --- pkg/apis/workflow/v1alpha1/workflow_types.go | 3 +++ workflow/artifacts/artifacts.go | 1 + workflow/artifacts/git/git.go | 14 ++++++++------ 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/pkg/apis/workflow/v1alpha1/workflow_types.go b/pkg/apis/workflow/v1alpha1/workflow_types.go index f86e84d80934..750f00a06fe4 100644 --- a/pkg/apis/workflow/v1alpha1/workflow_types.go +++ b/pkg/apis/workflow/v1alpha1/workflow_types.go @@ -2616,6 +2616,9 @@ type GitArtifact struct { // Branch is the branch to fetch when `SingleBranch` is enabled Branch string `json:"branch,omitempty" protobuf:"bytes,11,opt,name=branch"` + + // InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections + InsecureSkipTLS bool `json:"insecureSkipTLS,omitempty" protobuf:"varint,12,opt,name=insecureSkipTLS"` } func (g *GitArtifact) HasLocation() bool { diff --git a/workflow/artifacts/artifacts.go b/workflow/artifacts/artifacts.go index 8501242adb14..32a48998c908 100644 --- a/workflow/artifacts/artifacts.go +++ b/workflow/artifacts/artifacts.go @@ -163,6 +163,7 @@ func newDriver(ctx context.Context, art *wfv1.Artifact, ri resource.Interface) ( if art.Git != nil { gitDriver := git.ArtifactDriver{ InsecureIgnoreHostKey: art.Git.InsecureIgnoreHostKey, + InsecureSkipTLS: art.Git.InsecureSkipTLS, DisableSubmodules: art.Git.DisableSubmodules, } if art.Git.UsernameSecret != nil { diff --git a/workflow/artifacts/git/git.go b/workflow/artifacts/git/git.go index fb611ffe75e2..54a754b012a7 100644 --- a/workflow/artifacts/git/git.go +++ b/workflow/artifacts/git/git.go @@ -27,6 +27,7 @@ type ArtifactDriver struct { Password string SSHPrivateKey string InsecureIgnoreHostKey bool + InsecureSkipTLS bool DisableSubmodules bool } @@ -92,10 +93,11 @@ func (g *ArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error { defer closer() depth := a.GetDepth() cloneOptions := &git.CloneOptions{ - URL: a.Repo, - Auth: auth, - Depth: depth, - SingleBranch: a.SingleBranch, + URL: a.Repo, + Auth: auth, + Depth: depth, + SingleBranch: a.SingleBranch, + InsecureSkipTLS: g.InsecureSkipTLS, } if a.SingleBranch && a.Branch == "" { return errors.New("single branch mode without a branch specified") @@ -133,7 +135,7 @@ func (g *ArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error { for i, spec := range a.Fetch { refSpecs[i] = config.RefSpec(spec) } - opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs, Depth: depth} + opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs, Depth: depth, InsecureSkipTLS: g.InsecureSkipTLS} if err := opts.Validate(); err != nil { return fmt.Errorf("failed to validate fetch %v: %w", refSpecs, err) } @@ -151,7 +153,7 @@ func (g *ArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error { if a.SingleBranch { refSpecs = []config.RefSpec{config.RefSpec(fmt.Sprintf("refs/heads/%s:refs/heads/%s", a.Branch, a.Branch))} } - opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs} + opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs, InsecureSkipTLS: g.InsecureSkipTLS} if err := opts.Validate(); err != nil { return fmt.Errorf("failed to validate fetch %v: %w", refSpecs, err) }