Skip to content

feat(stackable-operator): Support gitsync via SSH #1121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
adwk67 wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat(stackable-operator): Support gitsync via SSH #1121

adwk67 wants to merge 7 commits into from

Conversation

@adwk67
Copy link
Member

@adwk67 adwk67 commented Dec 1, 2025
edited
Loading

Description

Prerequisite for stackabletech/airflow-operator#382.
Tested with stackabletech/airflow-operator#718.
The gitsync test in Nifi was also successfully tested with this PR.

CRD Change

Previously the optional credentialsSecret was used for username & password/token:

...
  clusterConfig:
    dagsGitSync:
      - repo: https://github.com/stackable-airflow/dags
        credentialsSecret: git-credentials
...

It is now possible to also connect via ssh using sshSecret:

  clusterConfig:
    dagsGitSync:
      - repo: ssh://[email protected]/stackable-airflow/dags.git
        sshSecret: git-sync-ssh

i.e. the optional field sshSecret has been added. Either credentialsSecret or sshSecret can be specified, but not both (an exception is thrown if this is detected).

Alternatives considered

  • introduce a complex enum e.g. accessSecret, holding either credentialsSecret or sshSecret, holding either types of secret
  • keep credentialsSecret as-is but use it to hold the kind of secret determined by the scheme (https vs. ssh)

In both cases the change is breaking and/or the naming is unhelpful and the usage is slightly different from what is documented by gitsync itself.

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author

  • Changes are OpenShift compatible
  • CRD changes approved
  • CRD documentation for all fields, following the style guide.
  • Integration tests passed (for non trivial changes)
  • Changes need to be "offline" compatible

Reviewer

  • Code contains useful comments
  • Code contains useful logging statements
  • (Integration-)Test cases added
  • Documentation added or updated. Follows the style guide.
  • Changelog updated
  • Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

  • Feature Tracker has been updated
  • Proper release label has been added

@adwk67 adwk67 linked an issue Dec 1, 2025 that may be closed by this pull request
Feature Request: Airflow to support DAGs Git Sync using SSH Key stackabletech/airflow-operator#382
Open
@adwk67 adwk67 changed the title feat: Gitsync ssh access feat(stackable-operator): Gitsync ssh access Dec 1, 2025
@adwk67 adwk67 marked this pull request as ready for review December 2, 2025 19:21
@adwk67 adwk67 moved this to Development: Waiting for Review in Stackable Engineering Dec 2, 2025
@adwk67 adwk67 self-assigned this Dec 2, 2025
@adwk67 adwk67 mentioned this pull request Dec 2, 2025
Open
20 tasks
sbernauer
sbernauer reviewed Dec 4, 2025
View reviewed changes
@Techassi Techassi changed the title feat(stackable-operator): Gitsync ssh access feat(stackable-operator): Support gitsync via SSH Dec 4, 2025
Techassi
Techassi reviewed Dec 4, 2025
View reviewed changes
crates/stackable-operator/src/crd/git_sync/mod.rs
Comment on lines +70 to +71
/// The referenced Secret must include two fields: `key` and `knownHosts`.
/// This cannot be provided if `credentials_secret` is also provided.
Copy link
Member

@Techassi Techassi Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: Ideally we want this to be a single field instead which is an enum with two variants. This completely prevents the potential misuse by users.

I know this is a breaking change, but we should consider it going forward.

@Techassi Techassi moved this from Development: Waiting for Review to Development: In Review in Stackable Engineering Dec 4, 2025
@adwk67 adwk67 moved this from Development: In Review to Development: In Progress in Stackable Engineering Dec 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Techassi Techassi Techassi left review comments

@sbernauer sbernauer sbernauer left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@adwk67 adwk67

Labels

None yet

Projects

Stackable Engineering
Status: Development: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: Airflow to support DAGs Git Sync using SSH Key

4 participants

@adwk67 @Techassi @sbernauer