authenticate using ssh agent by kyriakosoikonomakos · Pull Request #424 · libgit2/pygit2

kyriakosoikonomakos · 2014-09-10T13:55:36Z

Introduce the ability for pygit2 to use the SSH agent for authentication.

Example use:
import pygit2
x = pygit2.credentials.SSHKeyFromAgent('git')
r = pygit2.clone_repository('ssh://git@github.com/some-org/some-repo', '/tmp/something', credentials=x)

carlosmn · 2014-09-10T14:21:10Z

Neat, but the naming doesn't match the ssh keypair constructor we already have. The class for the full ssh keypair is Keypair, and this is about getting that from the agent, so this should either be KeypairFromAgent or Keypair should change.

Have you considered having a static method in Keypair to act as a constructor, so we can use it like Keypair.from_agent('git') since this is about working with a Keypair as well?

kyriakosoikonomakos · 2014-09-11T16:06:30Z

@carlosmn does that look better?

carlosmn · 2014-09-11T16:29:44Z

Yeah. Though you took both of my suggestions when I meant them as alternatives. Having simply KeypairFromAgent without Keypair.from_agent() is fine.

What I was thinking a an alternative to that was having Keypair.from_agent() (as @staticmethod) return a new Keypair with None keys so the if check happens on the key fields rather than on the type.

But having the KeypairFromAgent is maybe clearer in its usage, so having just that without from_agent() would work better.

kyriakosoikonomakos · 2014-09-15T14:32:04Z

@carlosmn Done.

carlosmn · 2014-09-15T16:35:10Z

One of these lies is redundant. If we're going to rely on the superclass' constructor, then there's no need for us to store the username explicitly.

ashb · 2014-09-15T17:16:44Z

@carlosmn Thanks

I've removed that redundant line and rebased everything down to one commit (my personal preference since the overall change is small. If we want it back the commit pre-force push was 4b9fe1c)

jbiel · 2014-09-24T23:18:25Z

Thanks for this patch!

ashb · 2014-09-25T16:06:17Z

@carlosmn Anything outstanding to get this merged or do is it just a matter of you having the cycles to take a look (I know that feeling)?

carlosmn · 2014-09-25T18:35:44Z

I'd rather see this choose based on the values returned from .credential_tuple rather than based on inheritance. It's not too big a deal, but the idea behind these is that each instance tells us about what it's doing, rather than rely on the type.

We thought about this and weren't sure which way to go. The only thing useful we could detect is tuple[1:] are all None. We went with this way as this is what the Ruby libgit2 bindings do.

Happy to change this to trigger off pubkey & privkey being None instead if you'd prefer.

Yeah, that's how I'd go. This is designed so you can use your own classes which get the data from wherever you need (disc, the user, a database, whatever), and there's no need for them to hang off of these classes, all they need to do is have this attribute with the data we need.

So something like this diff then?

@@ -455,9 +456,13 @@ def get_credentials(fn, url, username, allowed): elif cred_type == C.GIT_CREDTYPE_SSH_KEY: name, pubkey, privkey, passphrase = creds.credential_tuple - err = C.git_cred_ssh_key_new(ccred, to_bytes(name), to_bytes(pubkey), - to_bytes(privkey), to_bytes(passphrase)) - + if pubkey is None and privkey is None: + err = C.git_cred_ssh_key_from_agent(ccred, to_bytes(name)) + else: + err = C.git_cred_ssh_key_new(ccred, to_bytes(name), + to_bytes(pubkey), to_bytes(privkey), + to_bytes(passphrase)) else: raise TypeError("unsupported credential type")

Yeah, that should work just fine.

I've made this change now.

carlosmn · 2014-10-07T12:15:13Z

Great, 👍

jdavid · 2014-10-08T16:23:31Z

If it is good for @carlosmn it is good for me, could you merge @carlosmn ?

authenticate using ssh agent

vtemian mentioned this pull request Sep 15, 2014

Implement credentials for repository presslabs/gitfs#80

Closed

3 tasks

carlosmn reviewed Sep 15, 2014
View reviewed changes

authenticate using ssh agent

3e87ada

ashb force-pushed the ssh-agent branch from 4b9fe1c to 3e87ada Compare September 15, 2014 17:15

carlosmn reviewed Sep 25, 2014
View reviewed changes

Use ssh_agent when pub+priv key are None, not based on the class

9aa39aa

carlosmn added a commit that referenced this pull request Oct 10, 2014

Merge pull request #424 from kyriakosoikonomakos/ssh-agent

fa20589

authenticate using ssh agent

carlosmn merged commit fa20589 into libgit2:master Oct 10, 2014

KINFOO mentioned this pull request Dec 2, 2014

Unable to push #456

Closed

inmantaci mentioned this pull request Sep 12, 2016

Add libgit auth options to commands inmanta/inmanta-core#86

Closed

The-Loeki mentioned this pull request Mar 14, 2017

RFE: PyGit2 backend should also support SSH Agent Authentication saltstack/salt#40008

Closed

Uh oh!

Conversation

kyriakosoikonomakos commented Sep 10, 2014

Uh oh!

carlosmn commented Sep 10, 2014

Uh oh!

kyriakosoikonomakos commented Sep 11, 2014

Uh oh!

carlosmn commented Sep 11, 2014

Uh oh!

kyriakosoikonomakos commented Sep 15, 2014

Uh oh!

carlosmn Sep 15, 2014

Choose a reason for hiding this comment

Uh oh!

ashb commented Sep 15, 2014

Uh oh!

jbiel commented Sep 24, 2014

Uh oh!

ashb commented Sep 25, 2014

Uh oh!

carlosmn Sep 25, 2014

Choose a reason for hiding this comment

Uh oh!

ashb Sep 26, 2014

Choose a reason for hiding this comment

Uh oh!

carlosmn Oct 6, 2014

Choose a reason for hiding this comment

Uh oh!

ashb Oct 6, 2014

Choose a reason for hiding this comment

Uh oh!

carlosmn Oct 7, 2014

Choose a reason for hiding this comment

Uh oh!

ashb Oct 7, 2014

Choose a reason for hiding this comment

Uh oh!

carlosmn commented Oct 7, 2014

Uh oh!

jdavid commented Oct 8, 2014

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants