flux2

Mirrors/flux2

Fork 0

mirror of synced 2026-06-20 20:10:49 +00:00

Commit Graph

Author	SHA1	Message	Date
Hidde Beydals	96fda4cd56	Reject ssh-signing-reuse early in github and gitea `bootstrap github` and `bootstrap gitea` generate the SSH transport key in-process, so they have no operator-supplied key to reuse for commit signing. Both subcommands already reject `--ssh-signing-reuse-private-key` with a provider-specific "not supported" error, but the check sat after `bootstrapValidate`, which fails first with the generic "--ssh-signing-reuse-private-key requires --private-key-file" message. A user invoking e.g. `flux bootstrap github --ssh-signing-reuse-private-key` is told to set a flag that the subcommand cannot honour anyway, masking the real problem. Move the unsupported-flag rejection to the top of each `RunE` — before the interactive PAT prompt and before `bootstrapValidate` — so the provider-specific error wins. The deeper, now-redundant check is dropped. `TestBootstrapProviderRejectsReuseBeforeValidate` exercises both subcommands with the reuse flag set and no `--private-key-file` to lock in the precedence. Assisted-by: claude/opus-4.7 Signed-off-by: Hidde Beydals <hidde@hhh.computer>	2026-06-19 15:03:54 +02:00
Hidde Beydals	4f45409697	Seed defaultComponents in bootstrap signing tests `resetCmdArgs` in `main_test.go` rebuilds `bootstrapArgs` from `NewBootstrapFlags`, which deliberately omits the cobra-populated `defaultComponents`. In the `e2e` build, `TestMain` runs `flux install …` before any test executes; that call triggers the reset and leaves `bootstrapArgs.defaultComponents` empty for the lifetime of the process. `bootstrapValidate` then trips on its `requiredComponents` pre-check and fails with "component source-controller is required" before it ever reaches the SSH/GPG signing flag validation that this test cares about. Save, seed, and restore `defaultComponents` per subtest so the required-component check passes regardless of whether the test runs under the plain or the `e2e` build tag. Assisted-by: claude/opus-4.7 Signed-off-by: Hidde Beydals <hidde@hhh.computer>	2026-06-19 15:03:46 +02:00
Hidde Beydals	43574215a6	Test bootstrap signing flag validation Covers the validation matrix of the new --gpg-* / --ssh-signing-* surface: mutual exclusion (across GPG/SSH groups and within the SSH group between --ssh-signing-key-file and --ssh-signing-reuse-private- key), alias resolution between --ssh-signing-password and --ssh-signing-passphrase, the dependency checks (--ssh-signing- password requires --ssh-signing-key-file; --ssh-signing-reuse- private-key requires --private-key-file), and pre-flight key-parse failures (malformed PEM, encrypted SSH key without passphrase, GPG ring with wrong passphrase). Test keys are checked in so the test does not depend on local ssh-keygen or gpg invocations at run time. Signed-off-by: Hidde Beydals <hidde@hhh.computer>	2026-06-18 14:40:43 +02:00

Author

SHA1

Message

Date

Hidde Beydals

96fda4cd56

Reject ssh-signing-reuse early in github and gitea

`bootstrap github` and `bootstrap gitea` generate the SSH transport
key in-process, so they have no operator-supplied key to reuse for
commit signing. Both subcommands already reject
`--ssh-signing-reuse-private-key` with a provider-specific
"not supported" error, but the check sat after `bootstrapValidate`,
which fails first with the generic
"--ssh-signing-reuse-private-key requires --private-key-file"
message. A user invoking e.g. `flux bootstrap github
--ssh-signing-reuse-private-key` is told to set a flag that the
subcommand cannot honour anyway, masking the real problem.

Move the unsupported-flag rejection to the top of each `RunE` —
before the interactive PAT prompt and before `bootstrapValidate` —
so the provider-specific error wins. The deeper, now-redundant
check is dropped. `TestBootstrapProviderRejectsReuseBeforeValidate`
exercises both subcommands with the reuse flag set and no
`--private-key-file` to lock in the precedence.

Assisted-by: claude/opus-4.7
Signed-off-by: Hidde Beydals <hidde@hhh.computer>

2026-06-19 15:03:54 +02:00

Hidde Beydals

4f45409697

Seed defaultComponents in bootstrap signing tests

`resetCmdArgs` in `main_test.go` rebuilds `bootstrapArgs` from
`NewBootstrapFlags`, which deliberately omits the cobra-populated
`defaultComponents`. In the `e2e` build, `TestMain` runs `flux install
…` before any test executes; that call triggers the reset and leaves
`bootstrapArgs.defaultComponents` empty for the lifetime of the
process. `bootstrapValidate` then trips on its `requiredComponents`
pre-check and fails with "component source-controller is required"
before it ever reaches the SSH/GPG signing flag validation that this
test cares about.

Save, seed, and restore `defaultComponents` per subtest so the
required-component check passes regardless of whether the test runs
under the plain or the `e2e` build tag.

Assisted-by: claude/opus-4.7
Signed-off-by: Hidde Beydals <hidde@hhh.computer>

2026-06-19 15:03:46 +02:00

Hidde Beydals

43574215a6

Test bootstrap signing flag validation

Covers the validation matrix of the new --gpg-* / --ssh-signing-*
surface: mutual exclusion (across GPG/SSH groups and within the SSH
group between --ssh-signing-key-file and --ssh-signing-reuse-private-
key), alias resolution between --ssh-signing-password and
--ssh-signing-passphrase, the dependency checks (--ssh-signing-
password requires --ssh-signing-key-file; --ssh-signing-reuse-
private-key requires --private-key-file), and pre-flight key-parse
failures (malformed PEM, encrypted SSH key without passphrase, GPG
ring with wrong passphrase). Test keys are checked in so the test
does not depend on local ssh-keygen or gpg invocations at run time.

Signed-off-by: Hidde Beydals <hidde@hhh.computer>

2026-06-18 14:40:43 +02:00

3 Commits