mirror of
https://github.com/fluxcd/flux2.git
synced 2026-02-21 15:11:47 +00:00
Add various custom flags
This commit is contained in:
Hidde Beydals
parent
2dfe88b82d
commit
3a8151bcc0
2 changed files with 113 additions and 12 deletions
|
|
@ -2,12 +2,10 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/elliptic"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
|
||||||
|
|
||||||
sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
|
sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
|
||||||
"github.com/manifoldco/promptui"
|
"github.com/manifoldco/promptui"
|
||||||
|
|
@ -65,8 +63,9 @@ var (
|
||||||
sourceGitSemver string
|
sourceGitSemver string
|
||||||
sourceGitUsername string
|
sourceGitUsername string
|
||||||
sourceGitPassword string
|
sourceGitPassword string
|
||||||
sourceGitKeyAlgorithm string
|
sourceGitKeyAlgorithm PublicKeyAlgorithm
|
||||||
sourceGitRSABits int
|
sourceGitRSABits RSAKeyBits
|
||||||
|
sourceGitECDSACurve ECDSACurve
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -76,8 +75,9 @@ func init() {
|
||||||
createSourceGitCmd.Flags().StringVar(&sourceGitSemver, "tag-semver", "", "git tag semver range")
|
createSourceGitCmd.Flags().StringVar(&sourceGitSemver, "tag-semver", "", "git tag semver range")
|
||||||
createSourceGitCmd.Flags().StringVarP(&sourceGitUsername, "username", "u", "", "basic authentication username")
|
createSourceGitCmd.Flags().StringVarP(&sourceGitUsername, "username", "u", "", "basic authentication username")
|
||||||
createSourceGitCmd.Flags().StringVarP(&sourceGitPassword, "password", "p", "", "basic authentication password")
|
createSourceGitCmd.Flags().StringVarP(&sourceGitPassword, "password", "p", "", "basic authentication password")
|
||||||
createSourceGitCmd.Flags().StringVarP(&sourceGitKeyAlgorithm, "ssh-algorithm", "", "rsa", "SSH public key algorithm")
|
createSourceGitCmd.Flags().Var(&sourceGitKeyAlgorithm, "ssh-algorithm", "SSH public key algorithm")
|
||||||
createSourceGitCmd.Flags().IntVarP(&sourceGitRSABits, "ssh-rsa-bits", "", 2048, "SSH RSA public key bit size")
|
createSourceGitCmd.Flags().Var(&sourceGitRSABits, "ssh-rsa-bits", "SSH RSA public key bit size")
|
||||||
|
createSourceGitCmd.Flags().Var(&sourceGitECDSACurve, "ssh-ecdsa-curve", "SSH ECDSA public key curve")
|
||||||
|
|
||||||
createSourceCmd.AddCommand(createSourceGitCmd)
|
createSourceCmd.AddCommand(createSourceGitCmd)
|
||||||
}
|
}
|
||||||
|
|
@ -109,12 +109,11 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
||||||
withAuth := false
|
withAuth := false
|
||||||
if u.Scheme == "ssh" {
|
if u.Scheme == "ssh" {
|
||||||
var keyGen ssh.KeyPairGenerator
|
var keyGen ssh.KeyPairGenerator
|
||||||
switch strings.ToLower(sourceGitKeyAlgorithm) {
|
switch sourceGitKeyAlgorithm.String() {
|
||||||
case "rsa":
|
case "rsa":
|
||||||
keyGen = ssh.NewRSAGenerator(sourceGitRSABits)
|
keyGen = ssh.NewRSAGenerator(int(sourceGitRSABits))
|
||||||
case "ecdsa":
|
case "ecdsa":
|
||||||
// TODO(hidde): make curve configurable by flag
|
keyGen = ssh.NewECDSAGenerator(sourceGitECDSACurve.Curve)
|
||||||
keyGen = ssh.NewECDSAGenerator(elliptic.P521())
|
|
||||||
}
|
}
|
||||||
host := u.Host
|
host := u.Host
|
||||||
if u.Port() == "" {
|
if u.Port() == "" {
|
||||||
|
|
@ -230,15 +229,16 @@ func generateSSH(ctx context.Context, generator ssh.KeyPairGenerator, name, host
|
||||||
}
|
}
|
||||||
|
|
||||||
logAction("collecting SSH server public key for generated public key algorithm")
|
logAction("collecting SSH server public key for generated public key algorithm")
|
||||||
serverKey, err := ssh.ScanHostKey(host, user, kp)
|
hostKey, err := ssh.ScanHostKey(host, user, kp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
logSuccess("collected public key from SSH server")
|
logSuccess("collected public key from SSH server")
|
||||||
|
fmt.Printf("%s", hostKey)
|
||||||
|
|
||||||
logAction("saving keys")
|
logAction("saving keys")
|
||||||
files := fmt.Sprintf("--from-literal=identity=\"%s\" --from-literal=identity.pub=\"%s\" --from-literal=known_hosts=\"%s\"",
|
files := fmt.Sprintf("--from-literal=identity=\"%s\" --from-literal=identity.pub=\"%s\" --from-literal=known_hosts=\"%s\"",
|
||||||
kp.PublicKey, kp.PrivateKey, serverKey)
|
kp.PublicKey, kp.PrivateKey, hostKey)
|
||||||
secret := fmt.Sprintf("kubectl -n %s create secret generic %s %s --dry-run=client -oyaml | kubectl apply -f-",
|
secret := fmt.Sprintf("kubectl -n %s create secret generic %s %s --dry-run=client -oyaml | kubectl apply -f-",
|
||||||
namespace, name, files)
|
namespace, name, files)
|
||||||
if _, err := utils.execCommand(ctx, ModeOS, secret); err != nil {
|
if _, err := utils.execCommand(ctx, ModeOS, secret); err != nil {
|
||||||
|
|
|
||||||
101
cmd/tk/flags.go
Normal file
101
cmd/tk/flags.go
Normal file
|
|
@ -0,0 +1,101 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/elliptic"
|
||||||
|
"fmt"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
var supportedPublicKeyAlgorithms = []string{"rsa", "ecdsa"}
|
||||||
|
|
||||||
|
type PublicKeyAlgorithm string
|
||||||
|
|
||||||
|
func (a *PublicKeyAlgorithm) String() string {
|
||||||
|
return string(*a)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *PublicKeyAlgorithm) Set(str string) error {
|
||||||
|
if strings.TrimSpace(str) == "" {
|
||||||
|
*a = PublicKeyAlgorithm(supportedPublicKeyAlgorithms[0])
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
for _, v := range supportedPublicKeyAlgorithms {
|
||||||
|
if str == v {
|
||||||
|
*a = PublicKeyAlgorithm(str)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fmt.Errorf(
|
||||||
|
"unsupported public key algorithm '%s', must be one of: %s",
|
||||||
|
str,
|
||||||
|
strings.Join(supportedPublicKeyAlgorithms, ", "),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *PublicKeyAlgorithm) Type() string {
|
||||||
|
return "publicKeyAlgorithm"
|
||||||
|
}
|
||||||
|
|
||||||
|
var defaultRSAKeyBits = 2048
|
||||||
|
|
||||||
|
type RSAKeyBits int
|
||||||
|
|
||||||
|
func (b *RSAKeyBits) String() string {
|
||||||
|
return strconv.Itoa(int(*b))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *RSAKeyBits) Set(str string) error {
|
||||||
|
if strings.TrimSpace(str) == "" {
|
||||||
|
*b = RSAKeyBits(defaultRSAKeyBits)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
bits, err := strconv.Atoi(str)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if bits%8 != 0 {
|
||||||
|
return fmt.Errorf("RSA key bit size should be a multiples of 8")
|
||||||
|
}
|
||||||
|
*b = RSAKeyBits(bits)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *RSAKeyBits) Type() string {
|
||||||
|
return "rsaKeyBits"
|
||||||
|
}
|
||||||
|
|
||||||
|
type ECDSACurve struct {
|
||||||
|
elliptic.Curve
|
||||||
|
}
|
||||||
|
|
||||||
|
var supportedECDSACurves = map[string]elliptic.Curve{
|
||||||
|
"P-256": elliptic.P256(),
|
||||||
|
"P-384": elliptic.P384(),
|
||||||
|
"P-521": elliptic.P521(),
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ECDSACurve) String() string {
|
||||||
|
if c == nil || c.Curve == nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return c.Curve.Params().Name
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ECDSACurve) Set(str string) error {
|
||||||
|
if strings.TrimSpace(str) == "" {
|
||||||
|
*c = ECDSACurve{supportedECDSACurves["P-384"]}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
for k, v := range supportedECDSACurves {
|
||||||
|
if k == str {
|
||||||
|
*c = ECDSACurve{v}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fmt.Errorf("unsupported curve '%s', should be one of: P-256, P-384, P-521", str)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ECDSACurve) Type() string {
|
||||||
|
return "ecdsaCurve"
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue