Skip to content

Commit 9461503

Browse files
stangstang
committed
update README.md
1 parent 06e6e15 commit 9461503

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

README.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,45 @@
11
# git-remote-https+iap
22

33
An open source [`git-remote-helper`](https://git-scm.com/docs/git-remote-helpers) that handles authentication for [GCP Identity Aware Proxy](https://cloud.google.com/iap).
4+
5+
## Getting Started
6+
7+
### Installing
8+
9+
- Download pre-compiled binaries from [`our release page`](https://github.com/stang/ci-sandbox/releases/).
10+
- Install `git-remote-https+iap` binary onto the system `$PATH`
11+
- Run `GIT_IAP_VERBOSE=1 git-remote-https+iap install`
12+
13+
### Configuring
14+
15+
- [Generate OAuth credentials FOR THE HELPER](https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app)[1]
16+
- Configure the IAP protected repositories:
17+
18+
```
19+
git-remote-https+iap configure \
20+
--repoURL=https://git.domain.acme/demo/hello-world.git \
21+
--helperID=xxx \
22+
--helperSecret=yyy \
23+
--clientID=zzz
24+
```
25+
26+
**Notes**:
27+
* In the example above, `xxx` and `yyy` are the OAuth credentials FOR THE HELPER, that needs to be created as instructed [here](https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app). `zzz` is the OAuth client ID that has been created when your Identity Aware Proxy instance has been created.
28+
* All repositories served on the same domain (`git.domain.acme`) would share the same configuration
29+
30+
31+
[1]: This needs to be done only once per _organisation_. While [these credentials are not treated as secret](https://developers.google.com/identity/protocols/oauth2#installed) and can be shared within your organisation, [it seem forbidden to publish them in any open source project](https://stackoverflow.com/questions/27585412/can-i-really-not-ship-open-source-with-client-id).
32+
33+
### Usage
34+
35+
Once your domain has been configured, you should be able to use `git` as you would normally do, without thinking about the IAP layer.
36+
37+
```
38+
$ git clone https://git.domain.acme/demo/hello-world.git
39+
```
40+
41+
> If you are using [`git-lfs`](https://git-lfs.github.com/), the minimal version requirement is [`>= v2.9.0`](https://github.com/git-lfs/git-lfs/releases/), which introduced support of HTTP cookies.
42+
43+
### Troubleshoot
44+
45+
If needed, you can set the `GIT_IAP_VERBOSE=1` environment variable in order to increase the verbosity of the logs.

0 commit comments

Comments
 (0)