fix: log warning when SSH host key verification is disabled

When InsecureIgnoreHostKey is used (either because no SSH credentials
are provided or because known_hosts data is missing from the auth
secret), log an informational message so operators can identify and
remediate insecure configurations.

Author: creydr

internal/git/manager.go

@@ -15,6 +15,7 @@ import (
 	gitssh "github.com/go-git/go-git/v6/plumbing/transport/ssh"
 	"github.com/prometheus/client_golang/prometheus"
 	gossh "golang.org/x/crypto/ssh"
+	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
 const (
@@ -54,7 +55,7 @@ func (m *managerImpl) CloneRepository(ctx context.Context, repoUrl, subPath, ref
 		return nil, fmt.Errorf("failed to create temporary directory: %w", err)
 	}
 
-	clientOpts, tempFile, err := m.getClientOptions(parsedURL.Scheme, auth)
+	clientOpts, tempFile, err := m.getClientOptions(ctx, parsedURL.Scheme, auth)
 	if err != nil {
 		return nil, fmt.Errorf("failed to configure auth: %w", err)
 	}
@@ -89,9 +90,9 @@ func (m *managerImpl) CloneRepository(ctx context.Context, repoUrl, subPath, ref
 	}, nil
 }
 
-func (m *managerImpl) getClientOptions(scheme string, authSecret map[string][]byte) ([]client.Option, string, error) {
+func (m *managerImpl) getClientOptions(ctx context.Context, scheme string, authSecret map[string][]byte) ([]client.Option, string, error) {
 	if scheme == "ssh" {
-		return m.getSSHClientOptions(authSecret)
+		return m.getSSHClientOptions(ctx, authSecret)
 	}
 	opts := m.getHTTPClientOptions(authSecret)
 	return opts, "", nil
@@ -137,9 +138,12 @@ func ensureKnownHostsExists() error {
 	return nil
 }
 
-func (m *managerImpl) getSSHClientOptions(authSecret map[string][]byte) ([]client.Option, string, error) {
+func (m *managerImpl) getSSHClientOptions(ctx context.Context, authSecret map[string][]byte) ([]client.Option, string, error) {
+	logger := log.FromContext(ctx)
+
 	privateKey, hasKey := authSecret["sshPrivateKey"]
 	if !hasKey {
+		logger.Info("SSH host key verification is disabled, no SSH credentials provided in auth secret")
 		return []client.Option{
 			client.WithSSHAuth(&gitssh.Password{
 				User:                  "git",
@@ -153,8 +157,6 @@ func (m *managerImpl) getSSHClientOptions(authSecret map[string][]byte) ([]clien
 	if err != nil {
 		return nil, "", fmt.Errorf("failed to parse SSH private key: %w", err)
 	}
-	auth.HostKeyCallback = gossh.InsecureIgnoreHostKey()
-
 	var tempFilePath string
 	if knownHostsData, ok := authSecret["known_hosts"]; ok {
 		tmpFile, err := os.CreateTemp("", "known_hosts-*")
@@ -168,6 +170,8 @@ func (m *managerImpl) getSSHClientOptions(authSecret map[string][]byte) ([]clien
 				}
 			}
 		}
+	} else {
+		logger.Info("SSH host key verification is disabled, provide known_hosts in auth secret to enable verification")
 	}
 
 	return []client.Option{client.WithSSHAuth(auth)}, tempFilePath, nil

internal/git/manager_test.go

@@ -1,6 +1,7 @@
 package git
 
 import (
+	"context"
 	"testing"
 
 	"github.com/go-git/go-git/v6/plumbing/transport"
@@ -20,7 +21,7 @@ JtdGRlLmNzYgECAw==
 func TestGetClientOptions_HTTPToken(t *testing.T) {
 	m := &managerImpl{}
 	secret := map[string][]byte{"token": []byte("my-token")}
-	opts, tmpFile, err := m.getClientOptions("https", secret)
+	opts, tmpFile, err := m.getClientOptions(context.Background(), "https", secret)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -35,7 +36,7 @@ func TestGetClientOptions_HTTPToken(t *testing.T) {
 func TestGetClientOptions_HTTPUsernamePassword(t *testing.T) {
 	m := &managerImpl{}
 	secret := map[string][]byte{"username": []byte("user"), "password": []byte("pass")}
-	opts, _, err := m.getClientOptions("http", secret)
+	opts, _, err := m.getClientOptions(context.Background(), "http", secret)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -46,7 +47,7 @@ func TestGetClientOptions_HTTPUsernamePassword(t *testing.T) {
 
 func TestGetClientOptions_HTTPEmpty(t *testing.T) {
 	m := &managerImpl{}
-	opts, _, err := m.getClientOptions("https", nil)
+	opts, _, err := m.getClientOptions(context.Background(), "https", nil)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -57,7 +58,7 @@ func TestGetClientOptions_HTTPEmpty(t *testing.T) {
 
 func TestGetClientOptions_SSHNoSecret(t *testing.T) {
 	m := &managerImpl{}
-	opts, _, err := m.getClientOptions(sshScheme, nil)
+	opts, _, err := m.getClientOptions(context.Background(), sshScheme, nil)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -68,7 +69,7 @@ func TestGetClientOptions_SSHNoSecret(t *testing.T) {
 
 func TestGetClientOptions_SSHEmptySecret(t *testing.T) {
 	m := &managerImpl{}
-	opts, _, err := m.getClientOptions(sshScheme, map[string][]byte{})
+	opts, _, err := m.getClientOptions(context.Background(), sshScheme, map[string][]byte{})
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -80,7 +81,7 @@ func TestGetClientOptions_SSHEmptySecret(t *testing.T) {
 func TestGetClientOptions_SSHWithPrivateKey(t *testing.T) {
 	m := &managerImpl{}
 	secret := map[string][]byte{"sshPrivateKey": []byte(testEd25519PrivateKey)}
-	opts, _, err := m.getClientOptions(sshScheme, secret)
+	opts, _, err := m.getClientOptions(context.Background(), sshScheme, secret)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -92,7 +93,7 @@ func TestGetClientOptions_SSHWithPrivateKey(t *testing.T) {
 func TestGetClientOptions_SSHWithInvalidKey(t *testing.T) {
 	m := &managerImpl{}
 	secret := map[string][]byte{"sshPrivateKey": []byte("not-a-valid-key")}
-	_, _, err := m.getClientOptions(sshScheme, secret)
+	_, _, err := m.getClientOptions(context.Background(), sshScheme, secret)
 	if err == nil {
 		t.Fatal("expected error for invalid SSH key, got nil")
 	}