Add signing-key flags to create image update
Closes a pre-existing gap where the ImageUpdateAutomation SigningKey
field was reachable only by hand-editing the rendered YAML. The two
new flags --signing-key-secret and --signing-key-type populate the
spec.git.commit.signingKey block directly.
When --signing-key-secret is set without --signing-key-type, the run
function leaves spec.git.commit.signingKey.type empty so the
controller's documented default ('gpg' when type is unset[1]) applies
server-side rather than baking the choice into the rendered YAML.
Validation rejects --signing-key-type without --signing-key-secret
and rejects values outside {gpg, ssh}, using the typed
SigningKeyType constants exported from the image-automation-
controller API so the validator and populator share a single source
of truth.
[1]: https://github.com/fluxcd/image-automation-controller/pull/1035
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This commit is contained in:
Hidde Beydals
@@ -23,6 +23,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
autov1 "github.com/fluxcd/image-automation-controller/api/v1"
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
sourcev1 "github.com/fluxcd/source-controller/api/v1"
|
||||
)
|
||||
|
||||
@@ -75,6 +76,8 @@ type imageUpdateFlags struct {
|
||||
commitTemplate string
|
||||
authorName string
|
||||
authorEmail string
|
||||
signingKeySecret string
|
||||
signingKeyType string
|
||||
}
|
||||
|
||||
var imageUpdateArgs = imageUpdateFlags{}
|
||||
@@ -89,6 +92,8 @@ func init() {
|
||||
flags.StringVar(&imageUpdateArgs.commitTemplate, "commit-template", "", "a template for commit messages")
|
||||
flags.StringVar(&imageUpdateArgs.authorName, "author-name", "", "the name to use for commit author")
|
||||
flags.StringVar(&imageUpdateArgs.authorEmail, "author-email", "", "the email to use for commit author")
|
||||
flags.StringVar(&imageUpdateArgs.signingKeySecret, "signing-key-secret", "", "name of the Secret containing the signing key referenced in spec.git.commit.signingKey")
|
||||
flags.StringVar(&imageUpdateArgs.signingKeyType, "signing-key-type", "", "signing-key format: gpg or ssh (defaults to gpg when --signing-key-secret is set)")
|
||||
|
||||
createImageCmd.AddCommand(createImageUpdateCmd)
|
||||
}
|
||||
@@ -112,6 +117,15 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
|
||||
return fmt.Errorf("the author email is required (--author-email)")
|
||||
}
|
||||
|
||||
if imageUpdateArgs.signingKeyType != "" && imageUpdateArgs.signingKeySecret == "" {
|
||||
return fmt.Errorf("--signing-key-type requires --signing-key-secret")
|
||||
}
|
||||
if imageUpdateArgs.signingKeyType != "" &&
|
||||
imageUpdateArgs.signingKeyType != string(autov1.SigningKeyTypeGPG) &&
|
||||
imageUpdateArgs.signingKeyType != string(autov1.SigningKeyTypeSSH) {
|
||||
return fmt.Errorf("--signing-key-type must be one of: gpg, ssh")
|
||||
}
|
||||
|
||||
labels, err := parseLabels()
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -163,6 +177,13 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
|
||||
}
|
||||
}
|
||||
|
||||
if imageUpdateArgs.signingKeySecret != "" {
|
||||
update.Spec.GitSpec.Commit.SigningKey = &autov1.SigningKey{
|
||||
SecretRef: meta.LocalObjectReference{Name: imageUpdateArgs.signingKeySecret},
|
||||
Type: autov1.SigningKeyType(imageUpdateArgs.signingKeyType),
|
||||
}
|
||||
}
|
||||
|
||||
if createArgs.export {
|
||||
return printExport(exportImageUpdate(&update))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user