bufio's reader.ReadString includes any CRLF characters and we don't
want these in the resulting token because this leads to errors in the
authentication like this:
```
✗ failed to get Git repository
"https://github.com/kingdon-ci/jenkins-infra": Get
"https://api.github.com/repos/kingdon-ci/jenkins-infra": net/http:
invalid header field value "Bearer gho_NNNNNsecrettokenMMMMM\n" for
key Authorization
```
Signed-off-by: Max Jonas Werner <mail@makk.es>
This change adds functionality to both, `bootstrap github` and
`bootstrap gitlab` to prompt the user for the personal access tokens
if those can't be derived from the shell environment. Echoing is
turned off for better privacy.
Instead of having to interactively type the token or manually paste it
from the clipboard, users can also pipe it to Flux which comes in
handy e.g. when executing Flux remotely over an SSH connection:
```
$ echo 'asdf' | flux bootstrap github
```
Otherwise, Flux will prompt the user:
```
$ flux bootstrap github
Please type your GitHub personal access token:
```
closes#2011
Signed-off-by: Max Jonas Werner <mail@makk.es>
Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub https://github.blog/2021-09-01-improving-git-protocol-security-github/.
Given this we are switching the default from RSA to ECDSA for `git`, `github` and `gitlab` variants of `flux bootstrap`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Use `app.kubernetes.io/part-of: flux` label instead of `app.kubernetes.io/instance` to select the in-cluster objects used in flux version, check, logs and uninstall commands.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
While fixing an unrelated issue, I noticed:
✗ GitRepository reconciliation failed: ''PGP public keys secret error: expected pointer, but got nil
the single quote should surround the readyCond.Message
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
The `flux tree kustomization` command prints the resources reconciled by the given Kustomization.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This fixes the case where you create a HelmRelease with `--export` and
the `install: {}` field being there, adding no value to the manifest.
Signed-off-by: Max Jonas Werner <mail@makk.es>
When a user provided the `--ca-file` flag to the `bootstrap` command,
the given CA file wasn't taken into account for cloning the repository
locally. It was just passed along to the CR that is created so Flux
can make use of it when cloning the repository in-cluster.
However, users may not want to add a custom CA to their local host's
trust chain and may expect the `--ca-file` flag to be respected also
for cloning the repository locally. This is what this commit
accomplishes.
closes#1775
Signed-off-by: Max Jonas Werner <mail@makk.es>
The create source tests are more interesting than the existing tests as they
create objects then wit for the flux source reconciler to complete. The tests
simulate this with a background goroutine that waits for an object to be
created then uses a test specific function to update it.
The tests set a timeout so that if there is a failure they timeout somewhat
quickly rather than hanging for a longer period of time.
Signed-off-by: Allen Porter <allen@thebends.org>
Somtochi Onyekwere
Jack Evans
Stefan Prodan
Max Jonas Werner
Kingdon Barrett
Hidde Beydals
Kazuki Suda
Fynn Späker
Allen Porter
Daniel Petró
Tomas Tulka