Merge pull request #11792 from MaxRink/clusterctl-gitlab-auth

✨Add support for clusterctl gitlab auth

Author: k8s-ci-robot

cmd/clusterctl/client/config/variables_client.go

@@ -19,6 +19,8 @@ package config
 const (
 	// GitHubTokenVariable defines a variable hosting the GitHub access token.
 	GitHubTokenVariable = "github-token"
+	// GitLabAccessTokenVariable defines a variable hosting the GitLab access token. This can be used with Personal and Project access tokens.
+	GitLabAccessTokenVariable = "gitlab-access-token"
 )
 
 // VariablesClient has methods to work with environment variables and with variables defined in the clusterctl configuration file.

cmd/clusterctl/client/repository/client.go

@@ -187,7 +187,7 @@ func repositoryFactory(ctx context.Context, providerConfig config.Provider, conf
 
 		// if the url is a GitLab repository
 		if strings.HasPrefix(rURL.Host, gitlabHostPrefix) && strings.HasPrefix(rURL.EscapedPath(), gitlabPackagesAPIPrefix) {
-			repo, err := NewGitLabRepository(providerConfig, configVariablesClient)
+			repo, err := NewGitLabRepository(ctx, providerConfig, configVariablesClient)
 			if err != nil {
 				return nil, errors.Wrap(err, "error creating the GitLab repository client")
 			}

cmd/clusterctl/client/repository/repository_gitlab.go

@@ -26,6 +26,7 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"golang.org/x/oauth2"
 
 	"sigs.k8s.io/cluster-api/cmd/clusterctl/client/config"
 )
@@ -42,21 +43,21 @@ const (
 // We support GitLab repositories that use the generic packages feature to publish artifacts and versions.
 // Repositories must use versioned releases.
 type gitLabRepository struct {
-	providerConfig        config.Provider
-	configVariablesClient config.VariablesClient
-	httpClient            *http.Client
-	host                  string
-	projectSlug           string
-	packageName           string
-	defaultVersion        string
-	rootPath              string
-	componentsPath        string
+	providerConfig           config.Provider
+	configVariablesClient    config.VariablesClient
+	authenticatingHTTPClient *http.Client
+	host                     string
+	projectSlug              string
+	packageName              string
+	defaultVersion           string
+	rootPath                 string
+	componentsPath           string
 }
 
 var _ Repository = &gitLabRepository{}
 
 // NewGitLabRepository returns a gitLabRepository implementation.
-func NewGitLabRepository(providerConfig config.Provider, configVariablesClient config.VariablesClient) (Repository, error) {
+func NewGitLabRepository(ctx context.Context, providerConfig config.Provider, configVariablesClient config.VariablesClient) (Repository, error) {
 	if configVariablesClient == nil {
 		return nil, errors.New("invalid arguments: configVariablesClient can't be nil")
 	}
@@ -87,20 +88,31 @@ func NewGitLabRepository(providerConfig config.Provider, configVariablesClient c
 	componentsPath := urlSplit[8]
 
 	repo := &gitLabRepository{
-		providerConfig:        providerConfig,
-		configVariablesClient: configVariablesClient,
-		httpClient:            httpClient,
-		host:                  host,
-		projectSlug:           projectSlug,
-		packageName:           packageName,
-		defaultVersion:        defaultVersion,
-		rootPath:              rootPath,
-		componentsPath:        componentsPath,
+		providerConfig:           providerConfig,
+		configVariablesClient:    configVariablesClient,
+		authenticatingHTTPClient: httpClient,
+		host:                     host,
+		projectSlug:              projectSlug,
+		packageName:              packageName,
+		defaultVersion:           defaultVersion,
+		rootPath:                 rootPath,
+		componentsPath:           componentsPath,
+	}
+	if token, err := configVariablesClient.Get(config.GitLabAccessTokenVariable); err == nil {
+		repo.setClientToken(ctx, token)
 	}
 
 	return repo, nil
 }
 
+// setClientToken sets authenticatingHTTPClient field of gitLabRepository struct.
+func (g *gitLabRepository) setClientToken(ctx context.Context, token string) {
+	ts := oauth2.StaticTokenSource(
+		&oauth2.Token{AccessToken: token, TokenType: "Bearer"},
+	)
+	g.authenticatingHTTPClient = oauth2.NewClient(ctx, ts)
+}
+
 // Host returns host field of gitLabRepository struct.
 func (g *gitLabRepository) Host() string {
 	return g.host
@@ -154,14 +166,18 @@ func (g *gitLabRepository) GetFile(ctx context.Context, version, path string) ([
 		return nil, errors.Wrapf(err, "failed to get file %q with version %q from %q: failed to create request", path, version, url)
 	}
 
-	response, err := g.httpClient.Do(request)
+	response, err := g.authenticatingHTTPClient.Do(request)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to get file %q with version %q from %q", path, version, url)
 	}
 
 	defer response.Body.Close()
 
 	if response.StatusCode != http.StatusOK {
+		// explicitly check for 401 and return a more specific error
+		if response.StatusCode == http.StatusUnauthorized {
+			return nil, errors.Errorf("failed to get file %q with version %q from %q: unauthorized access, please check your credentials", path, version, url)
+		}
 		return nil, errors.Errorf("failed to get file %q with version %q from %q, got %d", path, version, url, response.StatusCode)
 	}
 

cmd/clusterctl/client/repository/repository_gitlab_test.go

@@ -49,15 +49,15 @@ func Test_gitLabRepository_newGitLabRepository(t *testing.T) {
 				variableClient: test.NewFakeVariableClient(),
 			},
 			want: &gitLabRepository{
-				providerConfig:        config.NewProvider("test", "https://gitlab.example.org/api/v4/projects/group%2Fproject/packages/generic/my-package/v1.0/path", clusterctlv1.CoreProviderType),
-				configVariablesClient: test.NewFakeVariableClient(),
-				httpClient:            http.DefaultClient,
-				host:                  "gitlab.example.org",
-				projectSlug:           "group%2Fproject",
-				packageName:           "my-package",
-				defaultVersion:        "v1.0",
-				rootPath:              ".",
-				componentsPath:        "path",
+				providerConfig:           config.NewProvider("test", "https://gitlab.example.org/api/v4/projects/group%2Fproject/packages/generic/my-package/v1.0/path", clusterctlv1.CoreProviderType),
+				configVariablesClient:    test.NewFakeVariableClient(),
+				authenticatingHTTPClient: http.DefaultClient,
+				host:                     "gitlab.example.org",
+				projectSlug:              "group%2Fproject",
+				packageName:              "my-package",
+				defaultVersion:           "v1.0",
+				rootPath:                 ".",
+				componentsPath:           "path",
 			},
 			wantedErr: "",
 		},
@@ -131,7 +131,7 @@ func Test_gitLabRepository_newGitLabRepository(t *testing.T) {
 			g := NewWithT(t)
 			resetCaches()
 
-			gitLab, err := NewGitLabRepository(tt.field.providerConfig, tt.field.variableClient)
+			gitLab, err := NewGitLabRepository(context.Background(), tt.field.providerConfig, tt.field.variableClient)
 			if tt.wantedErr != "" {
 				g.Expect(err).To(MatchError(tt.wantedErr))
 				return
@@ -193,8 +193,8 @@ func Test_gitLabRepository_getFile(t *testing.T) {
 			g := NewWithT(t)
 			resetCaches()
 
-			gitLab, err := NewGitLabRepository(providerConfig, configVariablesClient)
-			gitLab.(*gitLabRepository).httpClient = client
+			gitLab, err := NewGitLabRepository(context.Background(), providerConfig, configVariablesClient)
+			gitLab.(*gitLabRepository).authenticatingHTTPClient = client
 			g.Expect(err).ToNot(HaveOccurred())
 
 			got, err := gitLab.GetFile(context.Background(), tt.version, tt.fileName)