promise-type-git has no way to deal with authentication

[craigcomstock]

I wanted to promise some git repos in my homedir. I use a local git server for private things:

  git:                                                                                                                          
    "dotfiles"                                                                                                                  
      repository => "craig@192.168.1.1:/git/dotfiles",                                                                          
      destination => "/home/craig",                  
      version => "osx2"; 

I get

   error: Failed fetch: Command '['git', 'fetch', 'origin']' returned non-zero exit status 128.
   error: b'Permission denied, please try again.\r\nPermission denied, please try again.\r\nConnection closed by 192.168.1.1 port 22\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.'

If I could run this policy non-priv as the 'craig' user and I had already added the key to my ssh-agent I would expect cfengine to be able to "do things" with git and that remote. I will try this and see if it works.

I don't expect a default "root-run" agent to be able to do much except in the case where no auth is needed for the git URL.

[craigcomstock]

A way to deal with authentication is .gitconfig and .git-credentials but this also requires a change to the python for this promise type to set the HOME environment variable during cf-agent runs since this is missing from the execution environment.

Something like this should work in /root on linux machines:

[credential]
    helper = store

and then .git-credentials with an example of providing username/password which you can manage with cf-secret.

https://<url-encoded-username>:<password>@gitlab.com

I am not 100% sure on the details of url encoding but I do know that + which was in my gitlab token had to be mapped to %2b.

[craigcomstock]

#107