diff --git a/cmd/flux/bootstrap.go b/cmd/flux/bootstrap.go
index ddfc2ff289ee65c8777f9d92a39dff5d0ec65545..0bf38de62e7e6feffb1820cecc9124350f0a7ab0 100644
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@@ -239,7 +239,7 @@ func shouldCreateDeployKey(ctx context.Context, kubeClient client.Client, namesp
}
func generateDeployKey(ctx context.Context, kubeClient client.Client, url *url.URL, namespace string) (string, error) {
- pair, err := generateKeyPair(ctx)
+ pair, err := generateKeyPair(ctx, sourceGitKeyAlgorithm, sourceGitRSABits, sourceGitECDSACurve)
if err != nil {
return "", err
}
diff --git a/cmd/flux/create_secret.go b/cmd/flux/create_secret.go
index 703c971a10444d000c9884621a6da25372f900b0..e091652e5c0e62a02430cc69c7b77802b7d8e2db 100644
--- a/cmd/flux/create_secret.go
+++ b/cmd/flux/create_secret.go
@@ -17,11 +17,15 @@ limitations under the License.
package main
import (
+ "context"
"fmt"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
+ "sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/yaml"
)
@@ -35,6 +39,32 @@ func init() {
createCmd.AddCommand(createSecretCmd)
}
+func upsertSecret(ctx context.Context, kubeClient client.Client, secret corev1.Secret) error {
+ namespacedName := types.NamespacedName{
+ Namespace: secret.GetNamespace(),
+ Name: secret.GetName(),
+ }
+
+ var existing corev1.Secret
+ err := kubeClient.Get(ctx, namespacedName, &existing)
+ if err != nil {
+ if errors.IsNotFound(err) {
+ if err := kubeClient.Create(ctx, &secret); err != nil {
+ return err
+ } else {
+ return nil
+ }
+ }
+ return err
+ }
+
+ existing.StringData = secret.StringData
+ if err := kubeClient.Update(ctx, &existing); err != nil {
+ return err
+ }
+ return nil
+}
+
func exportSecret(secret corev1.Secret) error {
secret.TypeMeta = metav1.TypeMeta{
APIVersion: "v1",
diff --git a/cmd/flux/create_secret_git.go b/cmd/flux/create_secret_git.go
index 31d2a2efb4a5cb1ea3d3185c402718f10658419b..65ebc9ad09d6126e9354669390d77e063445d159 100644
--- a/cmd/flux/create_secret_git.go
+++ b/cmd/flux/create_secret_git.go
@@ -21,6 +21,7 @@ import (
"crypto/elliptic"
"fmt"
"net/url"
+ "time"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
@@ -28,6 +29,7 @@ import (
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
+ "github.com/fluxcd/pkg/ssh"
)
var createSecretGitCmd = &cobra.Command{
@@ -82,9 +84,9 @@ func init() {
createSecretGitCmd.Flags().StringVar(&secretGitURL, "url", "", "git address, e.g. ssh://git@host/org/repository")
createSecretGitCmd.Flags().StringVarP(&secretGitUsername, "username", "u", "", "basic authentication username")
createSecretGitCmd.Flags().StringVarP(&secretGitPassword, "password", "p", "", "basic authentication password")
- createSecretGitCmd.Flags().Var(&secretGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description())
- createSecretGitCmd.Flags().Var(&secretGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description())
- createSecretGitCmd.Flags().Var(&secretGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description())
+ createSecretGitCmd.Flags().Var(&secretGitKeyAlgorithm, "ssh-key-algorithm", secretGitKeyAlgorithm.Description())
+ createSecretGitCmd.Flags().Var(&secretGitRSABits, "ssh-rsa-bits", secretGitRSABits.Description())
+ createSecretGitCmd.Flags().Var(&secretGitECDSACurve, "ssh-ecdsa-curve", secretGitECDSACurve.Description())
createSecretCmd.AddCommand(createSecretGitCmd)
}
@@ -122,7 +124,7 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
switch u.Scheme {
case "ssh":
- pair, err := generateKeyPair(ctx)
+ pair, err := generateKeyPair(ctx, secretGitKeyAlgorithm, secretGitRSABits, secretGitECDSACurve)
if err != nil {
return err
}
@@ -171,3 +173,34 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
return nil
}
+
+func generateKeyPair(ctx context.Context, alg flags.PublicKeyAlgorithm, rsa flags.RSAKeyBits, ecdsa flags.ECDSACurve) (*ssh.KeyPair, error) {
+ var keyGen ssh.KeyPairGenerator
+ switch algorithm := alg.String(); algorithm {
+ case "rsa":
+ keyGen = ssh.NewRSAGenerator(int(rsa))
+ case "ecdsa":
+ keyGen = ssh.NewECDSAGenerator(ecdsa.Curve)
+ case "ed25519":
+ keyGen = ssh.NewEd25519Generator()
+ default:
+ return nil, fmt.Errorf("unsupported public key algorithm: %s", algorithm)
+ }
+ pair, err := keyGen.Generate()
+ if err != nil {
+ return nil, fmt.Errorf("key pair generation failed, error: %w", err)
+ }
+ return pair, nil
+}
+
+func scanHostKey(ctx context.Context, url *url.URL) ([]byte, error) {
+ host := url.Host
+ if url.Port() == "" {
+ host = host + ":22"
+ }
+ hostKey, err := ssh.ScanHostKey(host, 30*time.Second)
+ if err != nil {
+ return nil, fmt.Errorf("SSH key scan for host %s failed, error: %w", host, err)
+ }
+ return hostKey, nil
+}
diff --git a/cmd/flux/create_source_git.go b/cmd/flux/create_source_git.go
index dd435a5273edd5384604a662ff9977e8c62d713c..8c8c4a8f65883ee8f12b0f642d947eb51c983457 100644
--- a/cmd/flux/create_source_git.go
+++ b/cmd/flux/create_source_git.go
@@ -23,13 +23,7 @@ import (
"io/ioutil"
"net/url"
"os"
- "time"
- "github.com/fluxcd/flux2/internal/flags"
- "github.com/fluxcd/flux2/internal/utils"
- "github.com/fluxcd/pkg/apis/meta"
-
- sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
"github.com/manifoldco/promptui"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
@@ -40,7 +34,10 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"sigs.k8s.io/controller-runtime/pkg/client"
- "github.com/fluxcd/pkg/ssh"
+ "github.com/fluxcd/flux2/internal/flags"
+ "github.com/fluxcd/flux2/internal/utils"
+ "github.com/fluxcd/pkg/apis/meta"
+ sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
)
var createSourceGitCmd = &cobra.Command{
@@ -195,7 +192,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
withAuth = true
} else if u.Scheme == "ssh" {
logger.Generatef("generating deploy key pair")
- pair, err := generateKeyPair(ctx)
+ pair, err := generateKeyPair(ctx, sourceGitKeyAlgorithm, sourceGitRSABits, sourceGitECDSACurve)
if err != nil {
return err
}
@@ -288,63 +285,6 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
return nil
}
-func generateKeyPair(ctx context.Context) (*ssh.KeyPair, error) {
- var keyGen ssh.KeyPairGenerator
- switch algorithm := sourceGitKeyAlgorithm.String(); algorithm {
- case "rsa":
- keyGen = ssh.NewRSAGenerator(int(sourceGitRSABits))
- case "ecdsa":
- keyGen = ssh.NewECDSAGenerator(sourceGitECDSACurve.Curve)
- case "ed25519":
- keyGen = ssh.NewEd25519Generator()
- default:
- return nil, fmt.Errorf("unsupported public key algorithm: %s", algorithm)
- }
- pair, err := keyGen.Generate()
- if err != nil {
- return nil, fmt.Errorf("key pair generation failed, error: %w", err)
- }
- return pair, nil
-}
-
-func scanHostKey(ctx context.Context, url *url.URL) ([]byte, error) {
- host := url.Host
- if url.Port() == "" {
- host = host + ":22"
- }
- hostKey, err := ssh.ScanHostKey(host, 30*time.Second)
- if err != nil {
- return nil, fmt.Errorf("SSH key scan for host %s failed, error: %w", host, err)
- }
- return hostKey, nil
-}
-
-func upsertSecret(ctx context.Context, kubeClient client.Client, secret corev1.Secret) error {
- namespacedName := types.NamespacedName{
- Namespace: secret.GetNamespace(),
- Name: secret.GetName(),
- }
-
- var existing corev1.Secret
- err := kubeClient.Get(ctx, namespacedName, &existing)
- if err != nil {
- if errors.IsNotFound(err) {
- if err := kubeClient.Create(ctx, &secret); err != nil {
- return err
- } else {
- return nil
- }
- }
- return err
- }
-
- existing.StringData = secret.StringData
- if err := kubeClient.Update(ctx, &existing); err != nil {
- return err
- }
- return nil
-}
-
func upsertGitRepository(ctx context.Context, kubeClient client.Client,
gitRepository *sourcev1.GitRepository) (types.NamespacedName, error) {
namespacedName := types.NamespacedName{