Bug 2052578

Summary:	Create new app from a private git repository using 'oc new app' with basic auth does not work.
Product:	OpenShift Container Platform	Reporter:	Gabriel Meghnagi <gmeghnag>
Component:	Build	Assignee:	Gabe Montero <gmontero>
Status:	CLOSED ERRATA	QA Contact:	Jitendar Singh <jitsingh>
Severity:	medium	Docs Contact:	Rolfe Dlugy-Hegwer <rdlugyhe>
Priority:	medium
Version:	4.9	CC:	cdaley, gmontero, pbhattac, pkumari, spandura
Target Milestone:	---
Target Release:	4.11.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	No Doc Update
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-08-10 10:48:33 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	2060419

Description Gabriel Meghnagi 2022-02-09 15:37:10 UTC

Description of problem:

Creating new app from a private git repository (tested with GitHub) using basic auth does not work.


Version-Release number of selected component (if applicable):

~~~
oc version
Client Version: 4.8.0-202108312109.p0.git.0d10c3f.assembly.stream-0d10c3f
Server Version: 4.9.17
Kubernetes Version: v1.22.3+e790d7f
~~~

Requirements to reproduce the issue:
- GitHub account
- OpenShift Cluster

Steps to Reproduce:
1. Create a private repository on GitHub
2. Create a GitHub personal access token [1]
3. Create `kubernetes.io/basic-auth` secret
   ~~~
   $ oc create secret generic user-at-github --from-literal=username=<github_username> --from-literal=password=<github_token> --type=kubernetes.io/basic-auth
   ~~~
4. Link secret to builder ServiceAccount
   ~~~
   $ oc secrets link builder user-at-github --for=pull,mount
   ~~~
5. Create a new app from the private GH repo
   ~~~
   $ oc new-app --source-secret=user-at-github https://github.com/<github_username>/<github_repo>
   ~~~

[1] https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token

Actual results:

~~~
oc new-app --source-secret=user-at-github  https://github.com/gmeghnag/prinquest -v=4
I0209 16:17:29.640935   38700 repository.go:450] Executing git ls-remote https://github.com/gmeghnag/prinquest
I0209 16:17:30.139123   38700 repository.go:541] Error executing command: exit status 128
I0209 16:17:30.139457   38700 repository.go:450] Executing git ls-remote https://github.com/gmeghnag/prinquest
I0209 16:17:30.662849   38700 repository.go:541] Error executing command: exit status 128
I0209 16:17:30.663037   38700 repository.go:450] Executing git ls-remote https://github.com/gmeghnag/prinquest
I0209 16:17:31.121662   38700 repository.go:541] Error executing command: exit status 128
I0209 16:17:31.122081   38700 newapp.go:346] treating https://github.com/gmeghnag/prinquest as a component ref
I0209 16:17:31.122506   38700 imagestreamlookup.go:49] image streams must be of the form [<namespace>/]<name>[:<tag>|@<digest>], term "https://github.com/gmeghnag/prinquest" did not qualify
I0209 16:17:31.122578   38700 templatelookup.go:39] template references must be of the form [<namespace>/]<name>, term "https://github.com/gmeghnag/prinquest" did not qualify
error: unable to load template file "https://github.com/gmeghnag/prinquest": unable to read URL "https://github.com/gmeghnag/prinquest", server reported 404 Not Found, status code=404
error: git ls-remote failed with: remote: Repository not found.
fatal: repository 'https://github.com/gmeghnag/prinquest/' non trovato;  local file access failed with: stat https://github.com/gmeghnag/prinquest: no such file or directory
error: unable to locate any images in image streams, templates loaded in accessible projects, template files, local docker images with name "https://github.com/gmeghnag/prinquest"

Argument 'https://github.com/gmeghnag/prinquest' was classified as an image, image~source, or loaded template reference.

The 'oc new-app' command will match arguments to the following types:

  1. Images tagged into image streams in the current project or the 'openshift' project
     - if you don't specify a tag, we'll add ':latest'
  2. Images in the Docker Hub, on remote registries, or on the local Docker engine
  3. Templates in the current project or the 'openshift' project
  4. Git repository URLs or local paths that point to Git repositories

--allow-missing-images can be used to point to an image that does not exist yet.

See 'oc new-app -h' for examples.
~~~

Expected results:

To have all the required resources created (build, buildconfig, ecc..)

Additional info:
1. I have the same issue trying to create a new app from the OpenShift Console (Developer Console > Add + > Import from Git > ...) with the following error:
   ~~~   
   URL is valid but cannot be reached. If this is a private repository, enter a source Secret in advanced Git options
   ~~~

2. Is not an issue related to the creds I've provided:
   ~~~
   $ GH_USERNAME=$(oc get secret/user-at-github -o template='{{index .data.username}}' | base64 -d )
   $ GH_PASSWORD=$(oc get secret/user-at-github -o template='{{index .data.password}}' | base64 -d )
   $ git clone https://${GH_USERNAME}:${GH_PASSWORD}@github.com/gmeghnag/prinquest.git
   Clone in 'prinquest' in corso...
   remote: Enumerating objects: 26, done.
   remote: Counting objects: 100% (26/26), done.
   remote: Compressing objects: 100% (17/17), done.
   remote: Total 26 (delta 8), reused 20 (delta 5), pack-reused 0
   Ricezione degli oggetti: 100% (26/26), fatto.
   Risoluzione dei delta: 100% (8/8), fatto.
   ~~~

3. Using `ssh-auth` instead of `basic-auth` as authentication method works:
   3.1 ssh-keygen -f git-cred -N ''
   3.2 oc create secret generic git-cred --type=kubernetes.io/ssh-auth --from-file=ssh-privatekey=${PWD}/git-cred.pub
   3.3 oc secrets link builder git-cred
   3.4 from GitHub repository > Settings > Deploy Keys > Add Deploy Key (paste the content of the file git-cred.pub)
   3.5 oc new-app git:<username>/<repo_name>.git --source-secret git-cred

Comment 13 Priti Kumari 2022-03-14 09:14:26 UTC

verified with 4.11 image

---------------

- clone the private repo using credential
- try to create the application

Comment 18 errata-xmlrpc 2022-08-10 10:48:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069