This cookbook wraps the git cookbook for use at the Open Source Lab.
It installs git and offers a git_credentials resource for saving credentials within the
git credential store.
- AlmaLinux 8, 9
- Debian 12
| Key | Type | Description | Default |
|---|---|---|---|
| ['osl-git']['secrets_databag'] | String | Default databag for git_credentials to use | 'databag' |
| ['osl-git']['secrets_item'] | String | Default databag item for git_credentials to use | 'item' |
| ['osl-git']['secrets']['credentials'] | String | Don't use in production! Source for git_credentials to fall back to when databags are unavailable. | [] |
Installs git.
Enables the git credential store and stores credentials in the specified file.
In production credentials are specified in a databag item. When the databag item properties are not specified in the resource, these default to attributes: specified by this cookbook's attributes:
node['osl-git']['secrets_databag']node['osl-git']['secrets_item']
When testing credentials are read from attributes when databags are unavailable:
node['osl-git']['secrets]'['credentials']
The logic for choosing databags vs attributes is in libraries/default.rb
The full syntax for all of the resource's properties is:
git_credentials 'name' do
path String # default value: ~/.git-credentials
owner String # defaults to 'name' if not specified
secrets_databag String # default value: node['osl-git']['secrets_databag']
secrets_item String # default value: node['osl-git']['secrets_item']
action Symbol # defaults to :create
endAn example where git credentials is used with an explicitly specified databag:
git_credentials 'root' do
path '/root/.git-credentials'
secrets_databag 'secrets'
secrets_item 'git_tokens'
use_http_path true
end:create
Enable the git credentials store in the global git configuration and populate path with
credentials from secrets_databag:secrets_item (or from
node['osl-git']['secrets']['credentials'] in a testing environment).
:delete
Delete the credentials file at path and disable the git credential store in the global git
configuration.
:nothing
Do nothing until notified by another resource.
path - Ruby Type: String | Default Value: '~/.git-credentials'
The path to the file where git credentials are stored.
owner - Ruby Type: String
The user who's git configuration will be updated and the owner of the git credentials store file.
secrets_databag - Ruby Type: String | Default Value: node['osl-git']['secrets_databag']
The name of the databag where credentials are stored.
secrets_item - Ruby Type: String | Default Value: node['osl-git']['secrets_item']
The name of the databag item where credentials are stored.
use_http_path - Ruby Type: Boolean | Default Value: true
Whether or not to match stored credentials by the repo path in the remote's URL. When enabled, only credentials with a matching hostname and repo path will be applied. When disabled, only the credentials hostname must match the remote. See git documentation on useHttpPath
The git_credentials resource expects a credentials list in databag items:
{
"id": "git_tokens",
"credentials": [
"https://username:token@github.com/repo/path.git",
"foo:bar@gitlab.com/project/repo.git"
]
}The above example assumes use_http_path is enabled and includes repo paths in URLs.
- Fork the repository on Github
- Create a named feature branch (like
username/add_component_x) - Write tests for your change
- Write your change
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
- Author:: Oregon State University chef@osuosl.org
Copyright:: 2018, Oregon State University
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.