Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #350 from allymparker/source-git-secret-ref

Browse Source 
Add secret-ref flag to create source git
pull/358/head
Stefan Prodan 4 years ago committed by GitHub
parent 4eaf72fa3e 2d67ea5f7f
commit 55b8544d32
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 114 additions and 77 deletions
Show Stats Download Patch File Download Diff File

48
cmd/gotk/create_source_bucket.go
Unescape Escape View File

@ -69,6 +69,7 @@ var (
sourceBucketSecretKey string sourceBucketSecretKey string
sourceBucketRegion string sourceBucketRegion string
sourceBucketInsecure bool sourceBucketInsecure bool
sourceBucketSecretRef string
) )
func init() { func init() {
@ -79,6 +80,7 @@ func init() {
createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key") createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key")
createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region") createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region")
createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint") createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretRef, "secret-ref", "", "the name of an existing secret containing credentials")
createSourceCmd.AddCommand(createSourceBucketCmd) createSourceCmd.AddCommand(createSourceBucketCmd)
} }
@ -88,7 +90,6 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
return fmt.Errorf("Bucket source name is required") return fmt.Errorf("Bucket source name is required")
} }
name := args[0] name := args[0]
secretName := fmt.Sprintf("bucket-%s", name)
if sourceBucketName == "" { if sourceBucketName == "" {
return fmt.Errorf("bucket-name is required") return fmt.Errorf("bucket-name is required")
@ -126,6 +127,11 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
}, },
}, },
} }
if sourceHelmSecretRef != "" {
bucket.Spec.SecretRef = &corev1.LocalObjectReference{
Name: sourceBucketSecretRef,
}
}
if export { if export {
return exportBucket(*bucket) return exportBucket(*bucket)
@ -141,28 +147,32 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
logger.Generatef("generating Bucket source") logger.Generatef("generating Bucket source")
secret := corev1.Secret{ if sourceBucketSecretRef == "" {
ObjectMeta: metav1.ObjectMeta{ secretName := fmt.Sprintf("bucket-%s", name)
Name: secretName,
Namespace: namespace,
},
StringData: map[string]string{},
}
if sourceBucketAccessKey != "" && sourceBucketSecretKey != "" { secret := corev1.Secret{
secret.StringData["accesskey"] = sourceBucketAccessKey ObjectMeta: metav1.ObjectMeta{
secret.StringData["secretkey"] = sourceBucketSecretKey Name: secretName,
} Namespace: namespace,
},
StringData: map[string]string{},
}
if len(secret.StringData) > 0 { if sourceBucketAccessKey != "" && sourceBucketSecretKey != "" {
logger.Actionf("applying secret with the bucket credentials") secret.StringData["accesskey"] = sourceBucketAccessKey
if err := upsertSecret(ctx, kubeClient, secret); err != nil { secret.StringData["secretkey"] = sourceBucketSecretKey
return err
} }
bucket.Spec.SecretRef = &corev1.LocalObjectReference{
Name: secretName, if len(secret.StringData) > 0 {
logger.Actionf("applying secret with the bucket credentials")
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
return err
}
bucket.Spec.SecretRef = &corev1.LocalObjectReference{
Name: secretName,
}
logger.Successf("authentication configured")
} }
logger.Successf("authentication configured")
} }
logger.Actionf("applying Bucket source") logger.Actionf("applying Bucket source")

30
cmd/gotk/create_source_git.go
Unescape Escape View File

@ -87,15 +87,17 @@ For private Git repositories, the basic authentication credentials are stored in
} }
var ( var (
sourceGitURL string sourceGitURL string
sourceGitBranch string sourceGitBranch string
sourceGitTag string sourceGitTag string
sourceGitSemver string sourceGitSemver string
sourceGitUsername string sourceGitUsername string
sourceGitPassword string sourceGitPassword string
sourceGitKeyAlgorithm flags.PublicKeyAlgorithm = "rsa" sourceGitKeyAlgorithm flags.PublicKeyAlgorithm = "rsa"
sourceGitRSABits flags.RSAKeyBits = 2048 sourceGitRSABits flags.RSAKeyBits = 2048
sourceGitECDSACurve = flags.ECDSACurve{Curve: elliptic.P384()} sourceGitECDSACurve = flags.ECDSACurve{Curve: elliptic.P384()}
sourceGitSecretRef string
) )
func init() { func init() {
@ -108,6 +110,7 @@ func init() {
createSourceGitCmd.Flags().Var(&sourceGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description()) createSourceGitCmd.Flags().Var(&sourceGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description())
createSourceGitCmd.Flags().Var(&sourceGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description()) createSourceGitCmd.Flags().Var(&sourceGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description())
createSourceGitCmd.Flags().Var(&sourceGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description()) createSourceGitCmd.Flags().Var(&sourceGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description())
createSourceGitCmd.Flags().StringVarP(&sourceGitSecretRef, "secret-ref", "", "", "the name of an existing secret containing SSH or basic credentials")
createSourceCmd.AddCommand(createSourceGitCmd) createSourceCmd.AddCommand(createSourceGitCmd)
} }
@ -162,6 +165,11 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
} }
if export { if export {
if sourceGitSecretRef != "" {
gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
Name: sourceGitSecretRef,
}
}
return exportGit(gitRepository) return exportGit(gitRepository)
} }
@ -175,7 +183,9 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
withAuth := false withAuth := false
// TODO(hidde): move all auth prep to separate func? // TODO(hidde): move all auth prep to separate func?
if u.Scheme == "ssh" { if sourceGitSecretRef != "" {
withAuth = true
} else if u.Scheme == "ssh" {
logger.Actionf("generating deploy key pair") logger.Actionf("generating deploy key pair")
pair, err := generateKeyPair(ctx) pair, err := generateKeyPair(ctx)
if err != nil { if err != nil {
@ -240,8 +250,12 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
logger.Generatef("generating GitRepository source") logger.Generatef("generating GitRepository source")
if withAuth { if withAuth {
secretName := name
if sourceGitSecretRef != "" {
secretName = sourceGitSecretRef
}
gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{ gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
Name: name, Name: secretName,
} }
} }

96
cmd/gotk/create_source_helm.go
Unescape Escape View File

@ -63,12 +63,13 @@ For private Helm repositories, the basic authentication credentials are stored i
} }
var ( var (
sourceHelmURL string sourceHelmURL string
sourceHelmUsername string sourceHelmUsername string
sourceHelmPassword string sourceHelmPassword string
sourceHelmCertFile string sourceHelmCertFile string
sourceHelmKeyFile string sourceHelmKeyFile string
sourceHelmCAFile string sourceHelmCAFile string
sourceHelmSecretRef string
) )
func init() { func init() {
@ -78,6 +79,7 @@ func init() {
createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path") createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path") createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path") createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
createSourceHelmCmd.Flags().StringVarP(&sourceHelmSecretRef, "secret-ref", "", "", "the name of an existing secret containing TLS or basic auth credentials")
createSourceCmd.AddCommand(createSourceHelmCmd) createSourceCmd.AddCommand(createSourceHelmCmd)
} }
@ -87,7 +89,6 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
return fmt.Errorf("HelmRepository source name is required") return fmt.Errorf("HelmRepository source name is required")
} }
name := args[0] name := args[0]
secretName := fmt.Sprintf("helm-%s", name)
if sourceHelmURL == "" { if sourceHelmURL == "" {
return fmt.Errorf("url is required") return fmt.Errorf("url is required")
@ -122,6 +123,12 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
}, },
} }
if sourceHelmSecretRef != "" {
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
Name: sourceHelmSecretRef,
}
}
if export { if export {
return exportHelmRepository(*helmRepository) return exportHelmRepository(*helmRepository)
} }
@ -135,51 +142,54 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
} }
logger.Generatef("generating HelmRepository source") logger.Generatef("generating HelmRepository source")
if sourceHelmSecretRef == "" {
secretName := fmt.Sprintf("helm-%s", name)
secret := corev1.Secret{ secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: secretName, Name: secretName,
Namespace: namespace, Namespace: namespace,
}, },
StringData: map[string]string{}, StringData: map[string]string{},
}
if sourceHelmUsername != "" && sourceHelmPassword != "" {
secret.StringData["username"] = sourceHelmUsername
secret.StringData["password"] = sourceHelmPassword
}
if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
cert, err := ioutil.ReadFile(sourceHelmCertFile)
if err != nil {
return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
} }
secret.StringData["certFile"] = string(cert)
key, err := ioutil.ReadFile(sourceHelmKeyFile) if sourceHelmUsername != "" && sourceHelmPassword != "" {
if err != nil { secret.StringData["username"] = sourceHelmUsername
return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err) secret.StringData["password"] = sourceHelmPassword
} }
secret.StringData["keyFile"] = string(key)
}
if sourceHelmCAFile != "" { if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
ca, err := ioutil.ReadFile(sourceHelmCAFile) cert, err := ioutil.ReadFile(sourceHelmCertFile)
if err != nil { if err != nil {
return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err) return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
}
secret.StringData["certFile"] = string(cert)
key, err := ioutil.ReadFile(sourceHelmKeyFile)
if err != nil {
return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
}
secret.StringData["keyFile"] = string(key)
} }
secret.StringData["caFile"] = string(ca)
}
if len(secret.StringData) > 0 { if sourceHelmCAFile != "" {
logger.Actionf("applying secret with repository credentials") ca, err := ioutil.ReadFile(sourceHelmCAFile)
if err := upsertSecret(ctx, kubeClient, secret); err != nil { if err != nil {
return err return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
}
secret.StringData["caFile"] = string(ca)
} }
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
Name: secretName, if len(secret.StringData) > 0 {
logger.Actionf("applying secret with repository credentials")
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
return err
}
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
Name: secretName,
}
logger.Successf("authentication configured")
} }
logger.Successf("authentication configured")
} }
logger.Actionf("applying HelmRepository source") logger.Actionf("applying HelmRepository source")

1
docs/cmd/gotk_create_source_bucket.md
Unescape Escape View File

@ -45,6 +45,7 @@ gotk create source bucket [name] [flags]
--provider sourceBucketProvider the S3 compatible storage provider name, available options are: (generic, aws) (default generic) --provider sourceBucketProvider the S3 compatible storage provider name, available options are: (generic, aws) (default generic)
--region string the bucket region --region string the bucket region
--secret-key string the bucket secret key --secret-key string the bucket secret key
--secret-ref string the name of an existing secret containing credentials
``` ```
### Options inherited from parent commands ### Options inherited from parent commands

1
docs/cmd/gotk_create_source_git.md
Unescape Escape View File

@ -58,6 +58,7 @@ gotk create source git [name] [flags]
--branch string git branch (default "master") --branch string git branch (default "master")
-h, --help help for git -h, --help help for git
-p, --password string basic authentication password -p, --password string basic authentication password
--secret-ref string the name of an existing secret containing SSH or basic credentials
--ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384) --ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384)
--ssh-key-algorithm publicKeyAlgorithm SSH public key algorithm (rsa, ecdsa, ed25519) (default rsa) --ssh-key-algorithm publicKeyAlgorithm SSH public key algorithm (rsa, ecdsa, ed25519) (default rsa)
--ssh-rsa-bits rsaKeyBits SSH RSA public key bit size (multiplies of 8) (default 2048) --ssh-rsa-bits rsaKeyBits SSH RSA public key bit size (multiplies of 8) (default 2048)

15
docs/cmd/gotk_create_source_helm.md
Unescape Escape View File

@ -38,13 +38,14 @@ gotk create source helm [name] [flags]
### Options ### Options
``` ```
--ca-file string TLS authentication CA file path --ca-file string TLS authentication CA file path
--cert-file string TLS authentication cert file path --cert-file string TLS authentication cert file path
-h, --help help for helm -h, --help help for helm
--key-file string TLS authentication key file path --key-file string TLS authentication key file path
-p, --password string basic authentication password -p, --password string basic authentication password
--url string Helm repository address --secret-ref string the name of an existing secret containing TLS or basic auth credentials
-u, --username string basic authentication username --url string Helm repository address
-u, --username string basic authentication username
``` ```
### Options inherited from parent commands ### Options inherited from parent commands

Write Preview
Loading…
Cancel
Save