Merge pull request #2042 from fluxcd/ecdsa-default

Set ECDSA as the default algorithm for `flux create source git`

cmd/flux/bootstrap.go

@@ -140,7 +140,7 @@ func NewBootstrapFlags() bootstrapFlags {
 	return bootstrapFlags{
 		logLevel:           flags.LogLevel(rootArgs.defaults.LogLevel),
 		requiredComponents: []string{"source-controller", "kustomize-controller"},
-		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:         2048,
 		keyECDSACurve:      flags.ECDSACurve{Curve: elliptic.P384()},
 	}

cmd/flux/bootstrap_github.go

@@ -111,11 +111,7 @@ func init() {
 func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	ghToken := os.Getenv(ghTokenEnvVar)
 	if ghToken == "" {
-		var err error
+		return fmt.Errorf("%s environment variable not found", ghTokenEnvVar)
-		ghToken, err = readPasswordFromStdin("Please enter your GitHub personal access token (PAT): ")
-		if err != nil {
-			return fmt.Errorf("could not read token: %w", err)
-		}
 	}
 
 	if err := bootstrapValidate(); err != nil {

cmd/flux/bootstrap_gitlab.go

@@ -108,11 +108,7 @@ func init() {
 func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	glToken := os.Getenv(glTokenEnvVar)
 	if glToken == "" {
-		var err error
+		return fmt.Errorf("%s environment variable not found", glTokenEnvVar)
-		glToken, err = readPasswordFromStdin("Please enter your GitLab personal access token (PAT): ")
-		if err != nil {
-			return fmt.Errorf("could not read token: %w", err)
-		}
 	}
 
 	if projectNameIsValid, err := regexp.MatchString(gitlabProjectRegex, gitlabArgs.repository); err != nil || !projectNameIsValid {

cmd/flux/create_secret_git.go

@@ -105,7 +105,7 @@ func init() {
 
 func NewSecretGitFlags() secretGitFlags {
 	return secretGitFlags{
-		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		rsaBits:      2048,
 		ecdsaCurve:   flags.ECDSACurve{Curve: elliptic.P384()},
 	}

cmd/flux/create_source_git.go

@@ -143,7 +143,7 @@ func init() {
 
 func newSourceGitFlags() sourceGitFlags {
 	return sourceGitFlags{
-		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:    2048,
 		keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()},
 	}

cmd/flux/main.go

@@ -17,15 +17,12 @@ limitations under the License.
 package main
 
 import (
-	"bufio"
-	"fmt"
 	"log"
 	"os"
 	"path/filepath"
 	"time"
 
 	"github.com/spf13/cobra"
-	"golang.org/x/term"
 	corev1 "k8s.io/api/core/v1"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
@@ -170,22 +167,3 @@ func homeDir() string {
 	}
 	return os.Getenv("USERPROFILE") // windows
 }
-
-func readPasswordFromStdin(prompt string) (string, error) {
-	var out string
-	var err error
-	fmt.Fprint(os.Stdout, prompt)
-	stdinFD := int(os.Stdin.Fd())
-	if term.IsTerminal(stdinFD) {
-		var inBytes []byte
-		inBytes, err = term.ReadPassword(int(os.Stdin.Fd()))
-		out = string(inBytes)
-	} else {
-		out, err = bufio.NewReader(os.Stdin).ReadString('\n')
-	}
-	if err != nil {
-		return "", fmt.Errorf("could not read from stdin: %w", err)
-	}
-	fmt.Println()
-	return out, nil
-}

go.mod

@@ -29,7 +29,6 @@ require (
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
 	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
-	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d
 	k8s.io/api v0.22.2
 	k8s.io/apiextensions-apiserver v0.22.2
 	k8s.io/apimachinery v0.22.2