Maintain original scheme when using --token-auth

If you're using an HTTP-based Git server with Flux, you need to provide `--token-auth` to avoid triggering an SSH host key check (see [here](#2825 (comment))). Unfortunately, doing this forces the URL in the `GitRepository` resource created during bootstrapping to always use `https`. This will cause Kustomization reconcile errors for servers that do not have HTTPS enabled or do not have the appropriate certs installed or available. This pull request fixes this by keeping the repository URL scheme intact when using `--token-auth`. Signed-off-by: Carlos Nunez <75340335+carlosonunez-vmw@users.noreply.github.com>
fluxcd · Sep 28, 2022 · 45a00a0 · 45a00a0
1 parent 1ac380a
commit 45a00a0
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go
@@ -192,7 +192,9 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 
 		// Configure repository URL to match auth config for sync.
 		repositoryURL.User = nil
-		repositoryURL.Scheme = "https"
+		if !gitArgs.insecureHttpAllowed {
+			repositoryURL.Scheme = "https"
+		}
 	} else {
 		secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm)
 		secretOpts.Password = gitArgs.password