Merge pull request #4754 from fluxcd/ssh-hostkey-algos

Add `--ssh-hostkey-algos` flag to bootstrap command
9 months ago · 2338cc24a6
parent ad1d33262d 7027e823d8
commit 2338cc24a6
2 changed files with 16 additions and 9 deletions
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@ -22,6 +22,7 @@ import (
 	"fmt"
 	"strings"
 	"github.com/fluxcd/pkg/git"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/api/errors"
@ -56,14 +57,15 @@ type bootstrapFlags struct {
 	registryCredential string
 	imagePullSecret    string
-	secretName     string
+	secretName           string
-	tokenAuth      bool
+	tokenAuth            bool
-	keyAlgorithm   flags.PublicKeyAlgorithm
+	keyAlgorithm         flags.PublicKeyAlgorithm
-	keyRSABits     flags.RSAKeyBits
+	keyRSABits           flags.RSAKeyBits
-	keyECDSACurve  flags.ECDSACurve
+	keyECDSACurve        flags.ECDSACurve
-	sshHostname    string
+	sshHostname          string
-	caFile         string
+	caFile               string
-	privateKeyFile string
+	privateKeyFile       string
 	sshHostKeyAlgorithms []string
 	watchAllNamespaces bool
 	networkPolicy      bool
@ -124,6 +126,7 @@ func init() {
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.secretName, "secret-name", rootArgs.defaults.Namespace, "name of the secret the sync credentials can be found in or stored to")
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyAlgorithm, "ssh-key-algorithm", bootstrapArgs.keyAlgorithm.Description())
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyRSABits, "ssh-rsa-bits", bootstrapArgs.keyRSABits.Description())
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.sshHostKeyAlgorithms, "ssh-hostkey-algos", nil, "list of host key algorithms to be used by the CLI for SSH connections")
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyECDSACurve, "ssh-ecdsa-curve", bootstrapArgs.keyECDSACurve.Description())
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.sshHostname, "ssh-hostname", "", "SSH hostname, to be used when the SSH host differs from the HTTPS one")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
@ -192,6 +195,10 @@ func bootstrapValidate() error {
 		return fmt.Errorf("invalid --registry-creds format, expected 'user:password'")
 	}
 	if len(bootstrapArgs.sshHostKeyAlgorithms) > 0 {
 		git.HostKeyAlgos = bootstrapArgs.sshHostKeyAlgorithms
 	}
 	return nil
 }
--- a/cmd/flux/bootstrap_git.go
+++ b/cmd/flux/bootstrap_git.go
@ -66,7 +66,7 @@ command will perform an upgrade if needed.`,
  flux bootstrap git --url=ssh://<SSH-Key-ID>@git-codecommit.<region>.amazonaws.com/v1/repos/<repository> --private-key-file=<path/to/private.key> --password=<SSH-passphrase> --path=clusters/my-cluster
  # Run bootstrap for a Git repository on Azure Devops
-  flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --ssh-key-algorithm=rsa --ssh-rsa-bits=4096 --path=clusters/my-cluster
+  flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --private-key-file=<path/to/rsa-sha2-private.key> --ssh-hostkey-algos=rsa-sha2-512,rsa-sha2-256 --path=clusters/my-cluster
  # Run bootstrap for a Git repository on Oracle VBS
  flux bootstrap git --url=https://repository_url.git --with-bearer-token=true --password=<PAT> --path=clusters/my-cluster