Provisioning: Add user token to git and bitbucket repository specs (#108186)

* Add token user to git and bitbucket specs

* Use token user if available in git type

pkg/apis/provisioning/v0alpha1/types.go

@@ -64,6 +64,8 @@ type GitRepositoryConfig struct {
 	URL string `json:"url,omitempty"`
 	// The branch to use in the repository.
 	Branch string `json:"branch"`
+	// TokenUser is the user that will be used to access the repository if it's a personal access token.
+	TokenUser string `json:"tokenUser,omitempty"`
 	// Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.
 	Token string `json:"token,omitempty"`
 	// Token for accessing the repository, but encrypted. This is not possible to read back to a user decrypted.
@@ -82,6 +84,8 @@ type BitbucketRepositoryConfig struct {
 	URL string `json:"url,omitempty"`
 	// The branch to use in the repository.
 	Branch string `json:"branch"`
+	// TokenUser is the user that will be used to access the repository if it's a personal access token.
+	TokenUser string `json:"tokenUser,omitempty"`
 	// Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.
 	Token string `json:"token,omitempty"`
 	// Token for accessing the repository, but encrypted. This is not possible to read back to a user decrypted.

pkg/apis/provisioning/v0alpha1/zz_generated.openapi.go

@@ -115,6 +115,13 @@ func schema_pkg_apis_provisioning_v0alpha1_BitbucketRepositoryConfig(ref common.
 							Format:      "",
 						},
 					},
+					"tokenUser": {
+						SchemaProps: spec.SchemaProps{
+							Description: "TokenUser is the user that will be used to access the repository if it's a personal access token.",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
 					"token": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.",
@@ -447,6 +454,13 @@ func schema_pkg_apis_provisioning_v0alpha1_GitRepositoryConfig(ref common.Refere
 							Format:      "",
 						},
 					},
+					"tokenUser": {
+						SchemaProps: spec.SchemaProps{
+							Description: "TokenUser is the user that will be used to access the repository if it's a personal access token.",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
 					"token": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.",

pkg/generated/applyconfiguration/provisioning/v0alpha1/bitbucketrepositoryconfig.go

@@ -9,6 +9,7 @@ package v0alpha1
 type BitbucketRepositoryConfigApplyConfiguration struct {
 	URL            *string `json:"url,omitempty"`
 	Branch         *string `json:"branch,omitempty"`
+	TokenUser      *string `json:"tokenUser,omitempty"`
 	Token          *string `json:"token,omitempty"`
 	EncryptedToken []byte  `json:"encryptedToken,omitempty"`
 	Path           *string `json:"path,omitempty"`
@@ -36,6 +37,14 @@ func (b *BitbucketRepositoryConfigApplyConfiguration) WithBranch(value string) *
 	return b
 }
 
+// WithTokenUser sets the TokenUser field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TokenUser field is set to the value of the last call.
+func (b *BitbucketRepositoryConfigApplyConfiguration) WithTokenUser(value string) *BitbucketRepositoryConfigApplyConfiguration {
+	b.TokenUser = &value
+	return b
+}
+
 // WithToken sets the Token field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Token field is set to the value of the last call.

pkg/generated/applyconfiguration/provisioning/v0alpha1/gitrepositoryconfig.go

@@ -9,6 +9,7 @@ package v0alpha1
 type GitRepositoryConfigApplyConfiguration struct {
 	URL            *string `json:"url,omitempty"`
 	Branch         *string `json:"branch,omitempty"`
+	TokenUser      *string `json:"tokenUser,omitempty"`
 	Token          *string `json:"token,omitempty"`
 	EncryptedToken []byte  `json:"encryptedToken,omitempty"`
 	Path           *string `json:"path,omitempty"`
@@ -36,6 +37,14 @@ func (b *GitRepositoryConfigApplyConfiguration) WithBranch(value string) *GitRep
 	return b
 }
 
+// WithTokenUser sets the TokenUser field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TokenUser field is set to the value of the last call.
+func (b *GitRepositoryConfigApplyConfiguration) WithTokenUser(value string) *GitRepositoryConfigApplyConfiguration {
+	b.TokenUser = &value
+	return b
+}
+
 // WithToken sets the Token field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Token field is set to the value of the last call.

pkg/registry/apis/provisioning/register.go

@@ -1196,6 +1196,7 @@ func (b *APIBuilder) AsRepository(ctx context.Context, r *provisioning.Repositor
 			URL:            r.Spec.Git.URL,
 			Branch:         r.Spec.Git.Branch,
 			Path:           r.Spec.Git.Path,
+			TokenUser:      r.Spec.Git.TokenUser,
 			Token:          token,
 			EncryptedToken: r.Spec.Git.EncryptedToken,
 		}

pkg/registry/apis/provisioning/repository/git/repository.go

@@ -33,6 +33,7 @@ const gitTokenSecretSuffix = "-git-token"
 type RepositoryConfig struct {
 	URL            string
 	Branch         string
+	TokenUser      string
 	Token          string
 	EncryptedToken []byte
 	Path           string
@@ -54,7 +55,12 @@ func NewGitRepository(
 ) (GitRepository, error) {
 	var opts []options.Option
 	if len(gitConfig.Token) > 0 {
-		opts = append(opts, options.WithBasicAuth("git", gitConfig.Token))
+		tokenUser := gitConfig.TokenUser
+		if tokenUser == "" {
+			tokenUser = "git"
+		}
+
+		opts = append(opts, options.WithBasicAuth(tokenUser, gitConfig.Token))
 	}
 
 	client, err := nanogit.NewHTTPClient(gitConfig.URL, opts...)

pkg/tests/apis/openapi_snapshots/provisioning.grafana.app-v0alpha1.json

@@ -2597,6 +2597,10 @@
             "description": "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.",
             "type": "string"
           },
+          "tokenUser": {
+            "description": "TokenUser is the user that will be used to access the repository if it's a personal access token.",
+            "type": "string"
+          },
           "url": {
             "description": "The repository URL (e.g. `https://bitbucket.org/example/test`).",
             "type": "string"
@@ -2782,6 +2786,10 @@
             "description": "Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again.",
             "type": "string"
           },
+          "tokenUser": {
+            "description": "TokenUser is the user that will be used to access the repository if it's a personal access token.",
+            "type": "string"
+          },
           "url": {
             "description": "The repository URL (e.g. `https://github.com/example/test.git`).",
             "type": "string"

public/app/api/clients/provisioning/v0alpha1/endpoints.gen.ts

@@ -862,6 +862,8 @@ export type BitbucketRepositoryConfig = {
   path?: string;
   /** Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again. */
   token?: string;
+  /** TokenUser is the user that will be used to access the repository if it's a personal access token. */
+  tokenUser?: string;
   /** The repository URL (e.g. `https://bitbucket.org/example/test`). */
   url?: string;
 };
@@ -876,6 +878,8 @@ export type GitRepositoryConfig = {
   path?: string;
   /** Token for accessing the repository. If set, it will be encrypted into encryptedToken, then set to an empty string again. */
   token?: string;
+  /** TokenUser is the user that will be used to access the repository if it's a personal access token. */
+  tokenUser?: string;
   /** The repository URL (e.g. `https://github.com/example/test.git`). */
   url?: string;
 };