Add secret-ref flag to git source
Add secret-ref flag to Helm source Add secret-ref to bucket source
This commit is contained in:
Ally Parker
@@ -69,6 +69,7 @@ var (
|
||||
sourceBucketSecretKey string
|
||||
sourceBucketRegion string
|
||||
sourceBucketInsecure bool
|
||||
sourceBucketSecretRef string
|
||||
)
|
||||
|
||||
func init() {
|
||||
@@ -79,6 +80,7 @@ func init() {
|
||||
createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key")
|
||||
createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region")
|
||||
createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
|
||||
createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretRef, "secret-ref", "", "the name of an existing secret containing credentials")
|
||||
|
||||
createSourceCmd.AddCommand(createSourceBucketCmd)
|
||||
}
|
||||
@@ -88,7 +90,6 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
||||
return fmt.Errorf("Bucket source name is required")
|
||||
}
|
||||
name := args[0]
|
||||
secretName := fmt.Sprintf("bucket-%s", name)
|
||||
|
||||
if sourceBucketName == "" {
|
||||
return fmt.Errorf("bucket-name is required")
|
||||
@@ -126,6 +127,11 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
||||
},
|
||||
},
|
||||
}
|
||||
if sourceHelmSecretRef != "" {
|
||||
bucket.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: sourceBucketSecretRef,
|
||||
}
|
||||
}
|
||||
|
||||
if export {
|
||||
return exportBucket(*bucket)
|
||||
@@ -141,28 +147,32 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
||||
|
||||
logger.Generatef("generating Bucket source")
|
||||
|
||||
secret := corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: secretName,
|
||||
Namespace: namespace,
|
||||
},
|
||||
StringData: map[string]string{},
|
||||
}
|
||||
if sourceBucketSecretRef == "" {
|
||||
secretName := fmt.Sprintf("bucket-%s", name)
|
||||
|
||||
if sourceBucketAccessKey != "" && sourceBucketSecretKey != "" {
|
||||
secret.StringData["accesskey"] = sourceBucketAccessKey
|
||||
secret.StringData["secretkey"] = sourceBucketSecretKey
|
||||
}
|
||||
secret := corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: secretName,
|
||||
Namespace: namespace,
|
||||
},
|
||||
StringData: map[string]string{},
|
||||
}
|
||||
|
||||
if len(secret.StringData) > 0 {
|
||||
logger.Actionf("applying secret with the bucket credentials")
|
||||
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
|
||||
return err
|
||||
if sourceBucketAccessKey != "" && sourceBucketSecretKey != "" {
|
||||
secret.StringData["accesskey"] = sourceBucketAccessKey
|
||||
secret.StringData["secretkey"] = sourceBucketSecretKey
|
||||
}
|
||||
bucket.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: secretName,
|
||||
|
||||
if len(secret.StringData) > 0 {
|
||||
logger.Actionf("applying secret with the bucket credentials")
|
||||
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
|
||||
return err
|
||||
}
|
||||
bucket.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: secretName,
|
||||
}
|
||||
logger.Successf("authentication configured")
|
||||
}
|
||||
logger.Successf("authentication configured")
|
||||
}
|
||||
|
||||
logger.Actionf("applying Bucket source")
|
||||
|
||||
@@ -87,15 +87,17 @@ For private Git repositories, the basic authentication credentials are stored in
|
||||
}
|
||||
|
||||
var (
|
||||
sourceGitURL string
|
||||
sourceGitBranch string
|
||||
sourceGitTag string
|
||||
sourceGitSemver string
|
||||
sourceGitUsername string
|
||||
sourceGitPassword string
|
||||
sourceGitURL string
|
||||
sourceGitBranch string
|
||||
sourceGitTag string
|
||||
sourceGitSemver string
|
||||
sourceGitUsername string
|
||||
sourceGitPassword string
|
||||
|
||||
sourceGitKeyAlgorithm flags.PublicKeyAlgorithm = "rsa"
|
||||
sourceGitRSABits flags.RSAKeyBits = 2048
|
||||
sourceGitECDSACurve = flags.ECDSACurve{Curve: elliptic.P384()}
|
||||
sourceGitSecretRef string
|
||||
)
|
||||
|
||||
func init() {
|
||||
@@ -108,6 +110,7 @@ func init() {
|
||||
createSourceGitCmd.Flags().Var(&sourceGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description())
|
||||
createSourceGitCmd.Flags().Var(&sourceGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description())
|
||||
createSourceGitCmd.Flags().Var(&sourceGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description())
|
||||
createSourceGitCmd.Flags().StringVarP(&sourceGitSecretRef, "secret-ref", "", "", "the name of an existing secret containing SSH or basic credentials")
|
||||
|
||||
createSourceCmd.AddCommand(createSourceGitCmd)
|
||||
}
|
||||
@@ -162,6 +165,11 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
||||
}
|
||||
|
||||
if export {
|
||||
if sourceGitSecretRef != "" {
|
||||
gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: sourceGitSecretRef,
|
||||
}
|
||||
}
|
||||
return exportGit(gitRepository)
|
||||
}
|
||||
|
||||
@@ -175,7 +183,9 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
||||
|
||||
withAuth := false
|
||||
// TODO(hidde): move all auth prep to separate func?
|
||||
if u.Scheme == "ssh" {
|
||||
if sourceGitSecretRef != "" {
|
||||
withAuth = true
|
||||
} else if u.Scheme == "ssh" {
|
||||
logger.Actionf("generating deploy key pair")
|
||||
pair, err := generateKeyPair(ctx)
|
||||
if err != nil {
|
||||
@@ -240,8 +250,12 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
||||
logger.Generatef("generating GitRepository source")
|
||||
|
||||
if withAuth {
|
||||
secretName := name
|
||||
if sourceGitSecretRef != "" {
|
||||
secretName = sourceGitSecretRef
|
||||
}
|
||||
gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: name,
|
||||
Name: secretName,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -63,12 +63,13 @@ For private Helm repositories, the basic authentication credentials are stored i
|
||||
}
|
||||
|
||||
var (
|
||||
sourceHelmURL string
|
||||
sourceHelmUsername string
|
||||
sourceHelmPassword string
|
||||
sourceHelmCertFile string
|
||||
sourceHelmKeyFile string
|
||||
sourceHelmCAFile string
|
||||
sourceHelmURL string
|
||||
sourceHelmUsername string
|
||||
sourceHelmPassword string
|
||||
sourceHelmCertFile string
|
||||
sourceHelmKeyFile string
|
||||
sourceHelmCAFile string
|
||||
sourceHelmSecretRef string
|
||||
)
|
||||
|
||||
func init() {
|
||||
@@ -78,6 +79,7 @@ func init() {
|
||||
createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
|
||||
createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
|
||||
createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
|
||||
createSourceHelmCmd.Flags().StringVarP(&sourceHelmSecretRef, "secret-ref", "", "", "the name of an existing secret containing TLS or basic auth credentials")
|
||||
|
||||
createSourceCmd.AddCommand(createSourceHelmCmd)
|
||||
}
|
||||
@@ -87,7 +89,6 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
||||
return fmt.Errorf("HelmRepository source name is required")
|
||||
}
|
||||
name := args[0]
|
||||
secretName := fmt.Sprintf("helm-%s", name)
|
||||
|
||||
if sourceHelmURL == "" {
|
||||
return fmt.Errorf("url is required")
|
||||
@@ -122,6 +123,12 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
||||
},
|
||||
}
|
||||
|
||||
if sourceHelmSecretRef != "" {
|
||||
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: sourceHelmSecretRef,
|
||||
}
|
||||
}
|
||||
|
||||
if export {
|
||||
return exportHelmRepository(*helmRepository)
|
||||
}
|
||||
@@ -135,51 +142,54 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
||||
}
|
||||
|
||||
logger.Generatef("generating HelmRepository source")
|
||||
if sourceHelmSecretRef == "" {
|
||||
secretName := fmt.Sprintf("helm-%s", name)
|
||||
|
||||
secret := corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: secretName,
|
||||
Namespace: namespace,
|
||||
},
|
||||
StringData: map[string]string{},
|
||||
}
|
||||
|
||||
if sourceHelmUsername != "" && sourceHelmPassword != "" {
|
||||
secret.StringData["username"] = sourceHelmUsername
|
||||
secret.StringData["password"] = sourceHelmPassword
|
||||
}
|
||||
|
||||
if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
|
||||
cert, err := ioutil.ReadFile(sourceHelmCertFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
|
||||
secret := corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: secretName,
|
||||
Namespace: namespace,
|
||||
},
|
||||
StringData: map[string]string{},
|
||||
}
|
||||
secret.StringData["certFile"] = string(cert)
|
||||
|
||||
key, err := ioutil.ReadFile(sourceHelmKeyFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
|
||||
if sourceHelmUsername != "" && sourceHelmPassword != "" {
|
||||
secret.StringData["username"] = sourceHelmUsername
|
||||
secret.StringData["password"] = sourceHelmPassword
|
||||
}
|
||||
secret.StringData["keyFile"] = string(key)
|
||||
}
|
||||
|
||||
if sourceHelmCAFile != "" {
|
||||
ca, err := ioutil.ReadFile(sourceHelmCAFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
|
||||
}
|
||||
secret.StringData["caFile"] = string(ca)
|
||||
}
|
||||
if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
|
||||
cert, err := ioutil.ReadFile(sourceHelmCertFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
|
||||
}
|
||||
secret.StringData["certFile"] = string(cert)
|
||||
|
||||
if len(secret.StringData) > 0 {
|
||||
logger.Actionf("applying secret with repository credentials")
|
||||
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
|
||||
return err
|
||||
key, err := ioutil.ReadFile(sourceHelmKeyFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
|
||||
}
|
||||
secret.StringData["keyFile"] = string(key)
|
||||
}
|
||||
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: secretName,
|
||||
|
||||
if sourceHelmCAFile != "" {
|
||||
ca, err := ioutil.ReadFile(sourceHelmCAFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
|
||||
}
|
||||
secret.StringData["caFile"] = string(ca)
|
||||
}
|
||||
|
||||
if len(secret.StringData) > 0 {
|
||||
logger.Actionf("applying secret with repository credentials")
|
||||
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
|
||||
return err
|
||||
}
|
||||
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||
Name: secretName,
|
||||
}
|
||||
logger.Successf("authentication configured")
|
||||
}
|
||||
logger.Successf("authentication configured")
|
||||
}
|
||||
|
||||
logger.Actionf("applying HelmRepository source")
|
||||
|
||||
Reference in New Issue
Block a user