fix: parse username from git url when using SSH key auth (#5156)

argoproj · Apr 6, 2021 · 9b6c8b4 · 9b6c8b4
1 parent 7276bc3
commit 9b6c8b4
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 3 deletions.
diff --git a/workflow/artifacts/git/git.go b/workflow/artifacts/git/git.go
@@ -7,6 +7,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"regexp"
 	"strings"
 
 	log "github.com/sirupsen/logrus"
@@ -31,7 +32,18 @@ type ArtifactDriver struct {
 
 var _ common.ArtifactDriver = &ArtifactDriver{}
 
-func (g *ArtifactDriver) auth() (func(), transport.AuthMethod, []string, error) {
+var sshURLRegex = regexp.MustCompile("^(ssh://)?([^/:]*?)@[^@]+$")
+
+func GetUser(url string) string {
+	matches := sshURLRegex.FindStringSubmatch(url)
+	if len(matches) > 2 {
+		return matches[2]
+	}
+	// default to `git` user unless username is specified in SSH url
+	return "git"
+}
+
+func (g *ArtifactDriver) auth(sshUser string) (func(), transport.AuthMethod, []string, error) {
 	if g.SSHPrivateKey != "" {
 		signer, err := ssh.ParsePrivateKey([]byte(g.SSHPrivateKey))
 		if err != nil {
@@ -45,7 +57,7 @@ func (g *ArtifactDriver) auth() (func(), transport.AuthMethod, []string, error)
 		if err != nil {
 			return nil, nil, nil, err
 		}
-		auth := &ssh2.PublicKeys{User: "git", Signer: signer}
+		auth := &ssh2.PublicKeys{User: sshUser, Signer: signer}
 		if g.InsecureIgnoreHostKey {
 			auth.HostKeyCallback = ssh.InsecureIgnoreHostKey()
 		}
@@ -100,7 +112,8 @@ func (g *ArtifactDriver) Save(string, *wfv1.Artifact) error {
 }
 
 func (g *ArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error {
-	closer, auth, env, err := g.auth()
+	sshUser := GetUser(path)
+	closer, auth, env, err := g.auth(sshUser)
 	if err != nil {
 		return err
 	}

diff --git a/workflow/artifacts/git/git_test.go b/workflow/artifacts/git/git_test.go
@@ -98,3 +98,19 @@ func TestGitArtifactDriverLoad_SSL(t *testing.T) {
 		})
 	}
 }
+
+func TestGetUser(t *testing.T) {
+	for _, tt := range []struct {
+		name string
+		url  string
+		user string
+	}{
+		{"Username in SSH url", "gitaly@github.com:argoproj/argo-workflows.git", "gitaly"},
+		{"Default username", "https://github.com/argoproj/argo-workflows.git", "git"},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			sshUser := GetUser(tt.url)
+			assert.Equal(t, sshUser, tt.user)
+		})
+	}
+}