From 8f0cd35d7a42e4eaaa32b71745eb240458b18891 Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Thu, 1 Apr 2021 09:31:55 +0300
Subject: [PATCH] Allow self-signed certs when using go-git

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 cmd/flux/create_source_git.go      | 22 +++++++++++-----------
 docs/cmd/flux_create_source_git.md |  2 +-
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/cmd/flux/create_source_git.go b/cmd/flux/create_source_git.go
index 0a87610f..8f00636c 100644
--- a/cmd/flux/create_source_git.go
+++ b/cmd/flux/create_source_git.go
@@ -122,7 +122,7 @@ func init() {
 	createSourceGitCmd.Flags().Var(&sourceGitArgs.keyECDSACurve, "ssh-ecdsa-curve", sourceGitArgs.keyECDSACurve.Description())
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.secretRef, "secret-ref", "", "the name of an existing secret containing SSH or basic credentials")
 	createSourceGitCmd.Flags().Var(&sourceGitArgs.gitImplementation, "git-implementation", sourceGitArgs.gitImplementation.Description())
-	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates, requires libgit2")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server")
 
 	createSourceCmd.AddCommand(createSourceGitCmd)
@@ -146,16 +146,6 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("url is required")
 	}
 
-	if sourceGitArgs.gitImplementation.String() != sourcev1.LibGit2Implementation && sourceGitArgs.caFile != "" {
-		return fmt.Errorf("specifing a CA file requires --git-implementation=%s", sourcev1.LibGit2Implementation)
-	}
-
-	tmpDir, err := ioutil.TempDir("", name)
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
-
 	u, err := url.Parse(sourceGitArgs.url)
 	if err != nil {
 		return fmt.Errorf("git URL parse failed: %w", err)
@@ -164,6 +154,16 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
 	}
 
+	if sourceGitArgs.caFile != "" && u.Scheme == "ssh" {
+		return fmt.Errorf("specifing a CA file is not supported for Git over SSH")
+	}
+
+	tmpDir, err := ioutil.TempDir("", name)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
 	sourceLabels, err := parseLabels()
 	if err != nil {
 		return err
diff --git a/docs/cmd/flux_create_source_git.md b/docs/cmd/flux_create_source_git.md
index 890f21bc..14cddd5a 100644
--- a/docs/cmd/flux_create_source_git.md
+++ b/docs/cmd/flux_create_source_git.md
@@ -65,7 +65,7 @@ flux create source git [name] [flags]
 
 ```
       --branch string                          git branch (default "master")
-      --ca-file string                         path to TLS CA file used for validating self-signed certificates, requires libgit2
+      --ca-file string                         path to TLS CA file used for validating self-signed certificates
       --git-implementation gitImplementation   the Git implementation to use, available options are: (go-git, libgit2)
   -h, --help                                   help for git
   -p, --password string                        basic authentication password
-- 
GitLab