From ae4dc181d1c7adb794408974a4fe53e8826732ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roberto=20Jim=C3=A9nez=20S=C3=A1nchez?= Date: Thu, 17 Jul 2025 10:25:02 +0200 Subject: [PATCH] Provisioning: Add user token to git and bitbucket repository specs (#108186) * Add token user to git and bitbucket specs * Use token user if available in git type --- pkg/apis/provisioning/v0alpha1/types.go | 4 ++++ .../provisioning/v0alpha1/zz_generated.openapi.go | 14 ++++++++++++++ .../v0alpha1/bitbucketrepositoryconfig.go | 9 +++++++++ .../provisioning/v0alpha1/gitrepositoryconfig.go | 9 +++++++++ pkg/registry/apis/provisioning/register.go | 1 + .../apis/provisioning/repository/git/repository.go | 8 +++++++- .../provisioning.grafana.app-v0alpha1.json | 8 ++++++++ .../clients/provisioning/v0alpha1/endpoints.gen.ts | 4 ++++ 8 files changed, 56 insertions(+), 1 deletion(-) diff --git a/pkg/apis/provisioning/v0alpha1/types.go b/pkg/apis/provisioning/v0alpha1/types.go index fc18abdcaf7..5ea21495add 100644 --- a/pkg/apis/provisioning/v0alpha1/types.go +++ b/pkg/apis/provisioning/v0alpha1/types.go @@ -64,6 +64,8 @@ type GitRepositoryConfig struct { URL string `json:"url,omitempty"` // The branch to use in the repository. Branch string `json:"branch"` + // TokenUser is the user that will be used to access the repository if it's a personal access token. + TokenUser string `json:"tokenUser,omitempty"` // Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again. Token string `json:"token,omitempty"` // Token for accessing the repository, but encrypted. This is not possible to read back to a user decrypted. @@ -82,6 +84,8 @@ type BitbucketRepositoryConfig struct { URL string `json:"url,omitempty"` // The branch to use in the repository. Branch string `json:"branch"` + // TokenUser is the user that will be used to access the repository if it's a personal access token. + TokenUser string `json:"tokenUser,omitempty"` // Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again. Token string `json:"token,omitempty"` // Token for accessing the repository, but encrypted. This is not possible to read back to a user decrypted. diff --git a/pkg/apis/provisioning/v0alpha1/zz_generated.openapi.go b/pkg/apis/provisioning/v0alpha1/zz_generated.openapi.go index 9505205943f..cdac15c0c6f 100644 --- a/pkg/apis/provisioning/v0alpha1/zz_generated.openapi.go +++ b/pkg/apis/provisioning/v0alpha1/zz_generated.openapi.go @@ -115,6 +115,13 @@ func schema_pkg_apis_provisioning_v0alpha1_BitbucketRepositoryConfig(ref common. Format: "", }, }, + "tokenUser": { + SchemaProps: spec.SchemaProps{ + Description: "TokenUser is the user that will be used to access the repository if it's a personal access token.", + Type: []string{"string"}, + Format: "", + }, + }, "token": { SchemaProps: spec.SchemaProps{ Description: "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.", @@ -447,6 +454,13 @@ func schema_pkg_apis_provisioning_v0alpha1_GitRepositoryConfig(ref common.Refere Format: "", }, }, + "tokenUser": { + SchemaProps: spec.SchemaProps{ + Description: "TokenUser is the user that will be used to access the repository if it's a personal access token.", + Type: []string{"string"}, + Format: "", + }, + }, "token": { SchemaProps: spec.SchemaProps{ Description: "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.", diff --git a/pkg/generated/applyconfiguration/provisioning/v0alpha1/bitbucketrepositoryconfig.go b/pkg/generated/applyconfiguration/provisioning/v0alpha1/bitbucketrepositoryconfig.go index 3a1e2c1c423..6a81bf1625b 100644 --- a/pkg/generated/applyconfiguration/provisioning/v0alpha1/bitbucketrepositoryconfig.go +++ b/pkg/generated/applyconfiguration/provisioning/v0alpha1/bitbucketrepositoryconfig.go @@ -9,6 +9,7 @@ package v0alpha1 type BitbucketRepositoryConfigApplyConfiguration struct { URL *string `json:"url,omitempty"` Branch *string `json:"branch,omitempty"` + TokenUser *string `json:"tokenUser,omitempty"` Token *string `json:"token,omitempty"` EncryptedToken []byte `json:"encryptedToken,omitempty"` Path *string `json:"path,omitempty"` @@ -36,6 +37,14 @@ func (b *BitbucketRepositoryConfigApplyConfiguration) WithBranch(value string) * return b } +// WithTokenUser sets the TokenUser field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TokenUser field is set to the value of the last call. +func (b *BitbucketRepositoryConfigApplyConfiguration) WithTokenUser(value string) *BitbucketRepositoryConfigApplyConfiguration { + b.TokenUser = &value + return b +} + // WithToken sets the Token field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Token field is set to the value of the last call. diff --git a/pkg/generated/applyconfiguration/provisioning/v0alpha1/gitrepositoryconfig.go b/pkg/generated/applyconfiguration/provisioning/v0alpha1/gitrepositoryconfig.go index 8b268c448fe..8725c3a4fcd 100644 --- a/pkg/generated/applyconfiguration/provisioning/v0alpha1/gitrepositoryconfig.go +++ b/pkg/generated/applyconfiguration/provisioning/v0alpha1/gitrepositoryconfig.go @@ -9,6 +9,7 @@ package v0alpha1 type GitRepositoryConfigApplyConfiguration struct { URL *string `json:"url,omitempty"` Branch *string `json:"branch,omitempty"` + TokenUser *string `json:"tokenUser,omitempty"` Token *string `json:"token,omitempty"` EncryptedToken []byte `json:"encryptedToken,omitempty"` Path *string `json:"path,omitempty"` @@ -36,6 +37,14 @@ func (b *GitRepositoryConfigApplyConfiguration) WithBranch(value string) *GitRep return b } +// WithTokenUser sets the TokenUser field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TokenUser field is set to the value of the last call. +func (b *GitRepositoryConfigApplyConfiguration) WithTokenUser(value string) *GitRepositoryConfigApplyConfiguration { + b.TokenUser = &value + return b +} + // WithToken sets the Token field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Token field is set to the value of the last call. diff --git a/pkg/registry/apis/provisioning/register.go b/pkg/registry/apis/provisioning/register.go index a0f02502dba..4e4ba04d578 100644 --- a/pkg/registry/apis/provisioning/register.go +++ b/pkg/registry/apis/provisioning/register.go @@ -1196,6 +1196,7 @@ func (b *APIBuilder) AsRepository(ctx context.Context, r *provisioning.Repositor URL: r.Spec.Git.URL, Branch: r.Spec.Git.Branch, Path: r.Spec.Git.Path, + TokenUser: r.Spec.Git.TokenUser, Token: token, EncryptedToken: r.Spec.Git.EncryptedToken, } diff --git a/pkg/registry/apis/provisioning/repository/git/repository.go b/pkg/registry/apis/provisioning/repository/git/repository.go index 2b252ca9c09..a822b20eb8d 100644 --- a/pkg/registry/apis/provisioning/repository/git/repository.go +++ b/pkg/registry/apis/provisioning/repository/git/repository.go @@ -33,6 +33,7 @@ const gitTokenSecretSuffix = "-git-token" type RepositoryConfig struct { URL string Branch string + TokenUser string Token string EncryptedToken []byte Path string @@ -54,7 +55,12 @@ func NewGitRepository( ) (GitRepository, error) { var opts []options.Option if len(gitConfig.Token) > 0 { - opts = append(opts, options.WithBasicAuth("git", gitConfig.Token)) + tokenUser := gitConfig.TokenUser + if tokenUser == "" { + tokenUser = "git" + } + + opts = append(opts, options.WithBasicAuth(tokenUser, gitConfig.Token)) } client, err := nanogit.NewHTTPClient(gitConfig.URL, opts...) diff --git a/pkg/tests/apis/openapi_snapshots/provisioning.grafana.app-v0alpha1.json b/pkg/tests/apis/openapi_snapshots/provisioning.grafana.app-v0alpha1.json index 15ca8b2677e..3fc3d7c5bb4 100644 --- a/pkg/tests/apis/openapi_snapshots/provisioning.grafana.app-v0alpha1.json +++ b/pkg/tests/apis/openapi_snapshots/provisioning.grafana.app-v0alpha1.json @@ -2597,6 +2597,10 @@ "description": "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.", "type": "string" }, + "tokenUser": { + "description": "TokenUser is the user that will be used to access the repository if it's a personal access token.", + "type": "string" + }, "url": { "description": "The repository URL (e.g. `https://bitbucket.org/example/test`).", "type": "string" @@ -2782,6 +2786,10 @@ "description": "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.", "type": "string" }, + "tokenUser": { + "description": "TokenUser is the user that will be used to access the repository if it's a personal access token.", + "type": "string" + }, "url": { "description": "The repository URL (e.g. `https://github.com/example/test.git`).", "type": "string" diff --git a/public/app/api/clients/provisioning/v0alpha1/endpoints.gen.ts b/public/app/api/clients/provisioning/v0alpha1/endpoints.gen.ts index 8f25d5fe74b..77a65889cca 100644 --- a/public/app/api/clients/provisioning/v0alpha1/endpoints.gen.ts +++ b/public/app/api/clients/provisioning/v0alpha1/endpoints.gen.ts @@ -862,6 +862,8 @@ export type BitbucketRepositoryConfig = { path?: string; /** Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again. */ token?: string; + /** TokenUser is the user that will be used to access the repository if it's a personal access token. */ + tokenUser?: string; /** The repository URL (e.g. `https://bitbucket.org/example/test`). */ url?: string; }; @@ -876,6 +878,8 @@ export type GitRepositoryConfig = { path?: string; /** Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again. */ token?: string; + /** TokenUser is the user that will be used to access the repository if it's a personal access token. */ + tokenUser?: string; /** The repository URL (e.g. `https://github.com/example/test.git`). */ url?: string; };