Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git checkouts wich ask for auth input must be serialized #62

Open
TheMeier opened this issue Jun 28, 2017 · 9 comments
Open

git checkouts wich ask for auth input must be serialized #62

TheMeier opened this issue Jun 28, 2017 · 9 comments

Comments

@TheMeier
Copy link

if you have multiple references to git modules in your Puppetfile wich will trigger git to prompt you for a password input g10k will give you multiple password inputs all at once.
i would expect g10k to serialize the git interactive inputs.
@xorpaul
Copy link
Owner

xorpaul commented Jun 28, 2017
edited
Loading

There is currently no support for any authentication for git repositories except SSH key authentication.

Do you know how r10k deals with this issue? Given that r10k usually does these things in sequence you should also get multiple password prompts.

@TheMeier
Copy link
Author

the authentication works in g10k, its just when multiple authentications are needed that you get multiple password prompts simultaniously.
since r10k is serial there is no problem there

@ntnn
Copy link
Contributor

ntnn commented Jul 5, 2017

No tool acting with ssh sessions handles this.
The user is responsible for setting up the environment with e.g. GIT_ASKPASS or via shared connections.

@TheMeier
Copy link
Author

TheMeier commented Jul 5, 2017

This is https. If I could use ssh I wouldn't run into this issue

@ntnn
Copy link
Contributor

ntnn commented Jul 5, 2017

Same problem. Without g10k starting to handle HTTPS/SSH/... itself, rather than using libraries or executing external commands, there is no easy way to know if there is a prompt coming up waiting for input.

Another possibility (for https) would be to template u/p data into the uri before passing the puppetfile to g10k or to add a format which allows g10k to retrieve the credentials from somewhere to deliver as a payload for the specified uris.

E.g.

mod 'somemodule',
    :uri => 'https://some.uri/somemodule',
    :user => 'someuser',
    :password => 'somepass'

But I'm still not convinced that this is g10k's job to handle.

@xorpaul
Copy link
Owner

xorpaul commented Jul 5, 2017

Yeah, I was thinking about adding some module attributes for this, which should be a quick fix.

Would that solve your problem?

@xorpaul
Copy link
Owner

xorpaul commented Jul 5, 2017
edited
Loading

Although if I keep thinking about it, something like

mod 'somemodule',
    :uri => 'https://some.uri/somemodule',
    :auth_file => '/home/foobar/.config/somemodule.auth'

should be better. Otherwise everyone with read access to the control repository can access the module.

@TheMeier
Copy link
Author

TheMeier commented Jul 6, 2017

Hmm, un this special scenario the repos are actually configured with uri: => 'git@...' but in an devel environment i use git config --global url."https://....".insteadOf git@... because the devel system is not allowed git-over-ssh.

So what actually might help me here would be passing in the auth (or better authfile) information via command line argument or environment variable.

@nudgegoonies nudgegoonies mentioned this issue Dec 21, 2020
Closed
@xorpaul
Copy link
Owner

xorpaul commented Mar 31, 2021
edited
Loading

Is the addition of the git module paramter :use_ssh_agent in #171 which skips the explicit ssh-add commands before each git command a possible solution for this or do you still want to enter the SSH key password?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xorpaul @TheMeier @ntnn