Description of problem: Git v2 supports ssh clones that use "scp-like" repo locations, which are often referenced in SSH clone instructions on platforms like GitHub: ``` $ git clone ssh://[user@]server:repo.git ``` When specifying such a location in a BuildConfig, this fails OpenShift's api validation: ``` spec.source.git.uri: Invalid value: "ssh://git:sclorg/nodejs-ex": parse ssh://git:sclorg/nodejs-ex: invalid port ":sclorg" after host ``` Version-Release number of selected component (if applicable): 4.6.0 How reproducible: Always Steps to Reproduce: 1. Create a BuildConfig YAML that clones source via the scp-style ssh location. 2. Attempt to create the BuildConfig via `oc create -f` or `oc apply -f` Actual results: Fails to create the BuildConfig with error: The BuildConfig "nodejs-git-clone" is invalid: spec.source.git.uri: Invalid value: "ssh://git:sclorg/nodejs-ex": parse ssh://git:sclorg/nodejs-ex: invalid port ":sclorg" after host Expected results: BuildConfig can be created. Additional info:
Reproduced with a new unit test in https://github.com/openshift/source-to-image/blob/master/pkg/scm/git/url_test.go Stepping through it with the debugger, Turns out, the golang url.Parse at https://github.com/openshift/source-to-image/blob/09e6ac0ca6febdc8afef8bbf9dcc5afbddd8b3f1/pkg/scm/git/url.go#L90 is complaining so we are going to have to do some pre-processing of the URL to circumvent this. And then vendor in this s2i change in openshift/openshift-apiserver, openshift/builder, and openshift/oc to cover all the bases. Also reproduced with `oc apply` on kind: BuildConfig apiVersion: v1 metadata: name: sample-build spec: source: type: Git git: uri: ssh://git:sclorg/nodejs-ex strategy: type: Source sourceStrategy: env: - name: BUILD_LOGLEVEL value: '5' from: kind: ImageStreamTag name: nodejs:12-ubi8 where the openshift/openshift-apiserver use of s2igit.Parse in https://github.com/openshift/source-to-image/blob/09e6ac0ca6febdc8afef8bbf9dcc5afbddd8b3f1/pkg/scm/git/url.go#L90 in `validateGitSource` at https://github.com/openshift/openshift-apiserver/blob/7babe09b1ddd5429893bc4c90a994a711139d8d4/pkg/build/apis/build/validation/validation.go#L264 flags the error
Verified in version: 4.7.0-0.nightly-2020-10-14-043821 Using oc create -f or oc apply of to create buildconfig successfully ``` kind: BuildConfig apiVersion: v1 metadata: name: sample-build1 spec: source: type: Git git: uri: ssh://git:sclorg/nodejs-ex strategy: type: Source sourceStrategy: ```
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633
We got this wrong in the initial bug request - when cloning using SCP style users call ``` git clone [user@]server:org/repo.git ``` with no "ssh://" prefix Using SCP style URIs with the ssh:// prefix led us to break pattern matching for SSH urls in https://bugzilla.redhat.com/show_bug.cgi?id=1971332. We still need to accept SCP style URIs, just with the knowledge that these do _not_ have an ssh:// prefix.