feat(authentication): add support for all authentication types

Signed-off-by: Max Lacroix <[email protected]>

README.md

@@ -32,6 +32,7 @@ spec:
   baseURL: https://gitlab.com/
   credentials:
     source: Secret
+    method: PersonalAccessToken
     secretRef:
       namespace: crossplane-system
       name: gitlab-credentials

apis/v1beta1/providerconfig_types.go

@@ -21,6 +21,23 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+const (
+	// BasicAuth is gitlab's BasicAuth method of authentification that needs a username and a password
+	BasicAuth AuthType = "BasicAuth"
+
+	// JobToken is gitlab's JobToken method of authentification
+	JobToken AuthType = "JobToken"
+
+	// OAuthToken is gitlab's OAuthToken method of authentification
+	OAuthToken AuthType = "OAuthToken"
+
+	// PersonalAccessToken is gitlab's PersonalAccessToken method of authentification.
+	PersonalAccessToken AuthType = "PersonalAccessToken"
+)
+
+// AuthType represents an authentication type within GitLab.
+type AuthType string
+
 // A ProviderConfigSpec defines the desired state of a ProviderConfig.
 type ProviderConfigSpec struct {
 	// Base URL of the Gitlab Service
@@ -40,6 +57,10 @@ type ProviderCredentials struct {
 	// +kubebuilder:validation:Enum=None;Secret;InjectedIdentity;Environment;Filesystem
 	Source xpv1.CredentialsSource `json:"source"`
 
+	// Method of authentification can be BasicAuth, JobToken, OAuthToken or PersonalAccessToken (default)
+	// +optional
+	Method AuthType `json:"method"`
+
 	xpv1.CommonCredentialSelectors `json:",inline"`
 }
 

examples/providerconfig/provider.yaml

@@ -8,6 +8,7 @@ spec:
   baseURL: https://gitlab.com/
   credentials:
     source: Secret
+    method: PersonalAccessToken
     secretRef:
       namespace: crossplane-system
       name: gitlab-credentials

package/crds/gitlab.crossplane.io_providerconfigs.yaml

@@ -80,6 +80,10 @@ spec:
                     required:
                     - path
                     type: object
+                  method:
+                    description: Method of authentification can be BasicAuth, JobToken,
+                      OAuthToken or PersonalAccessToken (default)
+                    type: string
                   secretRef:
                     description: |-
                       A SecretRef is a reference to a secret key that contains the credentials

pkg/clients/gitlab.go

@@ -19,6 +19,7 @@ package clients
 import (
 	"context"
 	"crypto/tls"
+	"encoding/json"
 	"net/http"
 	"time"
 
@@ -38,15 +39,24 @@ import (
 	"github.com/crossplane-contrib/provider-gitlab/apis/v1beta1"
 )
 
+// BasicAuth is the expected struct that can be passed in the Config.Token field to add support for BasicAuth AuthMethod
+type BasicAuth struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
 // Config provides gitlab configurations for the Gitlab client
 type Config struct {
 	Token              string
 	BaseURL            string
 	InsecureSkipVerify bool
+	AuthMethod         v1beta1.AuthType
 }
 
 // NewClient creates new Gitlab Client with provided Gitlab Configurations/Credentials.
 func NewClient(c Config) *gitlab.Client {
+	var cl *gitlab.Client
+	var err error
 	options := []gitlab.ClientOptionFunc{}
 	if c.BaseURL != "" {
 		options = append(options, gitlab.WithBaseURL(c.BaseURL))
@@ -64,10 +74,27 @@ func NewClient(c Config) *gitlab.Client {
 		}
 		options = append(options, gitlab.WithHTTPClient(httpclient))
 	}
-	cl, err := gitlab.NewClient(c.Token, options...)
+
+	switch c.AuthMethod {
+	case v1beta1.BasicAuth:
+		ba := &BasicAuth{}
+		if err = json.Unmarshal([]byte(c.Token), ba); err != nil {
+			panic(err)
+		}
+		cl, err = gitlab.NewBasicAuthClient(ba.Username, ba.Password, gitlab.WithBaseURL(c.BaseURL))
+	case v1beta1.JobToken:
+		cl, err = gitlab.NewJobClient(c.Token, options...)
+	case v1beta1.OAuthToken:
+		cl, err = gitlab.NewOAuthClient(c.Token, options...)
+	case v1beta1.PersonalAccessToken:
+		cl, err = gitlab.NewClient(c.Token, options...)
+	default:
+		cl, err = gitlab.NewClient(c.Token, options...)
+	}
 	if err != nil {
 		panic(err)
 	}
+
 	return cl
 }