removing username being mandatory with password in source secret with…

… test Signed-off-by: talife <[email protected]>
fluxcd · Aug 1, 2023 · ff49907 · ff49907
1 parent 4d76ff4
commit ff49907
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 4 deletions.
diff --git a/cmd/flux/create_secret_git.go b/cmd/flux/create_secret_git.go
@@ -151,13 +151,13 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 		opts.ECDSACurve = secretGitArgs.ecdsaCurve.Curve
 		opts.Password = secretGitArgs.password
 	case "http", "https":
-		if (secretGitArgs.username == "" || secretGitArgs.password == "") && secretGitArgs.bearerToken == "" {
+		if secretGitArgs.password == "" && secretGitArgs.bearerToken == "" {
 			return fmt.Errorf("for Git over HTTP/S the username and password, or a bearer token is required")
 		}
 		opts.Username = secretGitArgs.username
 		opts.Password = secretGitArgs.password
 		opts.BearerToken = secretGitArgs.bearerToken
-		if secretGitArgs.username != "" && secretGitArgs.password != "" && secretGitArgs.bearerToken != "" {
+		if secretGitArgs.password != "" && secretGitArgs.bearerToken != "" {
 			return fmt.Errorf("user credentials and bearer token cannot be used together")
 		}
 		if secretGitArgs.caFile != "" {

diff --git a/cmd/flux/create_secret_git_test.go b/cmd/flux/create_secret_git_test.go
@@ -40,6 +40,11 @@ func TestCreateGitSecret(t *testing.T) {
 			args:   "create secret git podinfo-auth --url=https://github.com/stefanprodan/podinfo --username=aaa --password=zzzz --bearer-token=aaaa --namespace=my-namespace --export",
 			assert: assertError("user credentials and bearer token cannot be used together"),
 		},
+		{
+			name:   "git authentication with basic auth consisting of only one password without a username",
+			args:   "create secret git podinfo-auth --url=https://github.com/stefanprodan/podinfo --password=my-password --namespace=my-namespace --export",
+			assert: assertGoldenFile("./testdata/create_secret/git/secret-git-only-pwd.yaml"),
+		},
 	}
 
 	for _, tt := range tests {

diff --git a/cmd/flux/testdata/create_secret/git/secret-git-only-pwd.yaml b/cmd/flux/testdata/create_secret/git/secret-git-only-pwd.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: podinfo-auth
+  namespace: my-namespace
+stringData:
+  password: my-password
+
diff --git a/pkg/manifestgen/sourcesecret/sourcesecret.go b/pkg/manifestgen/sourcesecret/sourcesecret.go
@@ -148,8 +148,10 @@ func buildSecret(keypair *ssh.KeyPair, hostKey, caFile, certFile, keyFile, docke
 		return
 	}
 
-	if options.Username != "" && options.Password != "" {
-		secret.StringData[UsernameSecretKey] = options.Username
+	if options.Password != "" {
+		if options.Username != "" {
+			secret.StringData[UsernameSecretKey] = options.Username
+		}
 		secret.StringData[PasswordSecretKey] = options.Password
 	}
 	if options.BearerToken != "" {