Merge pull request #350 from allymparker/source-git-secret-ref
Add secret-ref flag to create source git
This commit is contained in:
Stefan Prodan
@@ -69,6 +69,7 @@ var (
|
|||||||
sourceBucketSecretKey string
|
sourceBucketSecretKey string
|
||||||
sourceBucketRegion string
|
sourceBucketRegion string
|
||||||
sourceBucketInsecure bool
|
sourceBucketInsecure bool
|
||||||
|
sourceBucketSecretRef string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@@ -79,6 +80,7 @@ func init() {
|
|||||||
createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key")
|
createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key")
|
||||||
createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region")
|
createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region")
|
||||||
createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
|
createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
|
||||||
|
createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretRef, "secret-ref", "", "the name of an existing secret containing credentials")
|
||||||
|
|
||||||
createSourceCmd.AddCommand(createSourceBucketCmd)
|
createSourceCmd.AddCommand(createSourceBucketCmd)
|
||||||
}
|
}
|
||||||
@@ -88,7 +90,6 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
return fmt.Errorf("Bucket source name is required")
|
return fmt.Errorf("Bucket source name is required")
|
||||||
}
|
}
|
||||||
name := args[0]
|
name := args[0]
|
||||||
secretName := fmt.Sprintf("bucket-%s", name)
|
|
||||||
|
|
||||||
if sourceBucketName == "" {
|
if sourceBucketName == "" {
|
||||||
return fmt.Errorf("bucket-name is required")
|
return fmt.Errorf("bucket-name is required")
|
||||||
@@ -126,6 +127,11 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
if sourceHelmSecretRef != "" {
|
||||||
|
bucket.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||||
|
Name: sourceBucketSecretRef,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if export {
|
if export {
|
||||||
return exportBucket(*bucket)
|
return exportBucket(*bucket)
|
||||||
@@ -141,6 +147,9 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
|
|
||||||
logger.Generatef("generating Bucket source")
|
logger.Generatef("generating Bucket source")
|
||||||
|
|
||||||
|
if sourceBucketSecretRef == "" {
|
||||||
|
secretName := fmt.Sprintf("bucket-%s", name)
|
||||||
|
|
||||||
secret := corev1.Secret{
|
secret := corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: secretName,
|
Name: secretName,
|
||||||
@@ -164,6 +173,7 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
}
|
}
|
||||||
logger.Successf("authentication configured")
|
logger.Successf("authentication configured")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
logger.Actionf("applying Bucket source")
|
logger.Actionf("applying Bucket source")
|
||||||
namespacedName, err := upsertBucket(ctx, kubeClient, bucket)
|
namespacedName, err := upsertBucket(ctx, kubeClient, bucket)
|
||||||
|
|||||||
@@ -93,9 +93,11 @@ var (
|
|||||||
sourceGitSemver string
|
sourceGitSemver string
|
||||||
sourceGitUsername string
|
sourceGitUsername string
|
||||||
sourceGitPassword string
|
sourceGitPassword string
|
||||||
|
|
||||||
sourceGitKeyAlgorithm flags.PublicKeyAlgorithm = "rsa"
|
sourceGitKeyAlgorithm flags.PublicKeyAlgorithm = "rsa"
|
||||||
sourceGitRSABits flags.RSAKeyBits = 2048
|
sourceGitRSABits flags.RSAKeyBits = 2048
|
||||||
sourceGitECDSACurve = flags.ECDSACurve{Curve: elliptic.P384()}
|
sourceGitECDSACurve = flags.ECDSACurve{Curve: elliptic.P384()}
|
||||||
|
sourceGitSecretRef string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@@ -108,6 +110,7 @@ func init() {
|
|||||||
createSourceGitCmd.Flags().Var(&sourceGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description())
|
createSourceGitCmd.Flags().Var(&sourceGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description())
|
||||||
createSourceGitCmd.Flags().Var(&sourceGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description())
|
createSourceGitCmd.Flags().Var(&sourceGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description())
|
||||||
createSourceGitCmd.Flags().Var(&sourceGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description())
|
createSourceGitCmd.Flags().Var(&sourceGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description())
|
||||||
|
createSourceGitCmd.Flags().StringVarP(&sourceGitSecretRef, "secret-ref", "", "", "the name of an existing secret containing SSH or basic credentials")
|
||||||
|
|
||||||
createSourceCmd.AddCommand(createSourceGitCmd)
|
createSourceCmd.AddCommand(createSourceGitCmd)
|
||||||
}
|
}
|
||||||
@@ -162,6 +165,11 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if export {
|
if export {
|
||||||
|
if sourceGitSecretRef != "" {
|
||||||
|
gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||||
|
Name: sourceGitSecretRef,
|
||||||
|
}
|
||||||
|
}
|
||||||
return exportGit(gitRepository)
|
return exportGit(gitRepository)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -175,7 +183,9 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
|
|
||||||
withAuth := false
|
withAuth := false
|
||||||
// TODO(hidde): move all auth prep to separate func?
|
// TODO(hidde): move all auth prep to separate func?
|
||||||
if u.Scheme == "ssh" {
|
if sourceGitSecretRef != "" {
|
||||||
|
withAuth = true
|
||||||
|
} else if u.Scheme == "ssh" {
|
||||||
logger.Actionf("generating deploy key pair")
|
logger.Actionf("generating deploy key pair")
|
||||||
pair, err := generateKeyPair(ctx)
|
pair, err := generateKeyPair(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -240,8 +250,12 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
logger.Generatef("generating GitRepository source")
|
logger.Generatef("generating GitRepository source")
|
||||||
|
|
||||||
if withAuth {
|
if withAuth {
|
||||||
|
secretName := name
|
||||||
|
if sourceGitSecretRef != "" {
|
||||||
|
secretName = sourceGitSecretRef
|
||||||
|
}
|
||||||
gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||||
Name: name,
|
Name: secretName,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -69,6 +69,7 @@ var (
|
|||||||
sourceHelmCertFile string
|
sourceHelmCertFile string
|
||||||
sourceHelmKeyFile string
|
sourceHelmKeyFile string
|
||||||
sourceHelmCAFile string
|
sourceHelmCAFile string
|
||||||
|
sourceHelmSecretRef string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@@ -78,6 +79,7 @@ func init() {
|
|||||||
createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
|
createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
|
||||||
createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
|
createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
|
||||||
createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
|
createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
|
||||||
|
createSourceHelmCmd.Flags().StringVarP(&sourceHelmSecretRef, "secret-ref", "", "", "the name of an existing secret containing TLS or basic auth credentials")
|
||||||
|
|
||||||
createSourceCmd.AddCommand(createSourceHelmCmd)
|
createSourceCmd.AddCommand(createSourceHelmCmd)
|
||||||
}
|
}
|
||||||
@@ -87,7 +89,6 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
return fmt.Errorf("HelmRepository source name is required")
|
return fmt.Errorf("HelmRepository source name is required")
|
||||||
}
|
}
|
||||||
name := args[0]
|
name := args[0]
|
||||||
secretName := fmt.Sprintf("helm-%s", name)
|
|
||||||
|
|
||||||
if sourceHelmURL == "" {
|
if sourceHelmURL == "" {
|
||||||
return fmt.Errorf("url is required")
|
return fmt.Errorf("url is required")
|
||||||
@@ -122,6 +123,12 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if sourceHelmSecretRef != "" {
|
||||||
|
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
|
||||||
|
Name: sourceHelmSecretRef,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if export {
|
if export {
|
||||||
return exportHelmRepository(*helmRepository)
|
return exportHelmRepository(*helmRepository)
|
||||||
}
|
}
|
||||||
@@ -135,6 +142,8 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
logger.Generatef("generating HelmRepository source")
|
logger.Generatef("generating HelmRepository source")
|
||||||
|
if sourceHelmSecretRef == "" {
|
||||||
|
secretName := fmt.Sprintf("helm-%s", name)
|
||||||
|
|
||||||
secret := corev1.Secret{
|
secret := corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
@@ -181,6 +190,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
}
|
}
|
||||||
logger.Successf("authentication configured")
|
logger.Successf("authentication configured")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
logger.Actionf("applying HelmRepository source")
|
logger.Actionf("applying HelmRepository source")
|
||||||
namespacedName, err := upsertHelmRepository(ctx, kubeClient, helmRepository)
|
namespacedName, err := upsertHelmRepository(ctx, kubeClient, helmRepository)
|
||||||
|
|||||||
@@ -45,6 +45,7 @@ gotk create source bucket [name] [flags]
|
|||||||
--provider sourceBucketProvider the S3 compatible storage provider name, available options are: (generic, aws) (default generic)
|
--provider sourceBucketProvider the S3 compatible storage provider name, available options are: (generic, aws) (default generic)
|
||||||
--region string the bucket region
|
--region string the bucket region
|
||||||
--secret-key string the bucket secret key
|
--secret-key string the bucket secret key
|
||||||
|
--secret-ref string the name of an existing secret containing credentials
|
||||||
```
|
```
|
||||||
|
|
||||||
### Options inherited from parent commands
|
### Options inherited from parent commands
|
||||||
|
|||||||
@@ -58,6 +58,7 @@ gotk create source git [name] [flags]
|
|||||||
--branch string git branch (default "master")
|
--branch string git branch (default "master")
|
||||||
-h, --help help for git
|
-h, --help help for git
|
||||||
-p, --password string basic authentication password
|
-p, --password string basic authentication password
|
||||||
|
--secret-ref string the name of an existing secret containing SSH or basic credentials
|
||||||
--ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384)
|
--ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384)
|
||||||
--ssh-key-algorithm publicKeyAlgorithm SSH public key algorithm (rsa, ecdsa, ed25519) (default rsa)
|
--ssh-key-algorithm publicKeyAlgorithm SSH public key algorithm (rsa, ecdsa, ed25519) (default rsa)
|
||||||
--ssh-rsa-bits rsaKeyBits SSH RSA public key bit size (multiplies of 8) (default 2048)
|
--ssh-rsa-bits rsaKeyBits SSH RSA public key bit size (multiplies of 8) (default 2048)
|
||||||
|
|||||||
@@ -43,6 +43,7 @@ gotk create source helm [name] [flags]
|
|||||||
-h, --help help for helm
|
-h, --help help for helm
|
||||||
--key-file string TLS authentication key file path
|
--key-file string TLS authentication key file path
|
||||||
-p, --password string basic authentication password
|
-p, --password string basic authentication password
|
||||||
|
--secret-ref string the name of an existing secret containing TLS or basic auth credentials
|
||||||
--url string Helm repository address
|
--url string Helm repository address
|
||||||
-u, --username string basic authentication username
|
-u, --username string basic authentication username
|
||||||
```
|
```
|
||||||
|
|||||||
Reference in New Issue
Block a user