Map ecdsa/ed25519 args to create secret

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-10-29 07:19:07 +08:00 · 2021-01-08 10:36:48 +02:00
parent d1357dff1f
commit febedaad8f
4 changed files with 73 additions and 70 deletions
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@ -239,7 +239,7 @@ func shouldCreateDeployKey(ctx context.Context, kubeClient client.Client, namesp
 }
 func generateDeployKey(ctx context.Context, kubeClient client.Client, url *url.URL, namespace string) (string, error) {
-	pair, err := generateKeyPair(ctx)
+	pair, err := generateKeyPair(ctx, sourceGitKeyAlgorithm, sourceGitRSABits, sourceGitECDSACurve)
 	if err != nil {
 		return "", err
 	}
--- a/cmd/flux/create_secret.go
+++ b/cmd/flux/create_secret.go
@ -17,11 +17,15 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 )
@ -35,6 +39,32 @@ func init() {
 	createCmd.AddCommand(createSecretCmd)
 }
 func upsertSecret(ctx context.Context, kubeClient client.Client, secret corev1.Secret) error {
 	namespacedName := types.NamespacedName{
 		Namespace: secret.GetNamespace(),
 		Name:      secret.GetName(),
 	}
 	var existing corev1.Secret
 	err := kubeClient.Get(ctx, namespacedName, &existing)
 	if err != nil {
 		if errors.IsNotFound(err) {
 			if err := kubeClient.Create(ctx, &secret); err != nil {
 				return err
 			} else {
 				return nil
 			}
 		}
 		return err
 	}
 	existing.StringData = secret.StringData
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
 	}
 	return nil
 }
 func exportSecret(secret corev1.Secret) error {
 	secret.TypeMeta = metav1.TypeMeta{
 		APIVersion: "v1",
--- a/cmd/flux/create_secret_git.go
+++ b/cmd/flux/create_secret_git.go
@ -21,6 +21,7 @@ import (
 	"crypto/elliptic"
 	"fmt"
 	"net/url"
 	"time"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@ -28,6 +29,7 @@ import (
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/ssh"
 )
 var createSecretGitCmd = &cobra.Command{
@ -82,9 +84,9 @@ func init() {
 	createSecretGitCmd.Flags().StringVar(&secretGitURL, "url", "", "git address, e.g. ssh://git@host/org/repository")
 	createSecretGitCmd.Flags().StringVarP(&secretGitUsername, "username", "u", "", "basic authentication username")
 	createSecretGitCmd.Flags().StringVarP(&secretGitPassword, "password", "p", "", "basic authentication password")
-	createSecretGitCmd.Flags().Var(&secretGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description())
+	createSecretGitCmd.Flags().Var(&secretGitKeyAlgorithm, "ssh-key-algorithm", secretGitKeyAlgorithm.Description())
-	createSecretGitCmd.Flags().Var(&secretGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description())
+	createSecretGitCmd.Flags().Var(&secretGitRSABits, "ssh-rsa-bits", secretGitRSABits.Description())
-	createSecretGitCmd.Flags().Var(&secretGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description())
+	createSecretGitCmd.Flags().Var(&secretGitECDSACurve, "ssh-ecdsa-curve", secretGitECDSACurve.Description())
 	createSecretCmd.AddCommand(createSecretGitCmd)
 }
@ -122,7 +124,7 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 	switch u.Scheme {
 	case "ssh":
-		pair, err := generateKeyPair(ctx)
+		pair, err := generateKeyPair(ctx, secretGitKeyAlgorithm, secretGitRSABits, secretGitECDSACurve)
 		if err != nil {
 			return err
 		}
@ -171,3 +173,34 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 	return nil
 }
 func generateKeyPair(ctx context.Context, alg flags.PublicKeyAlgorithm, rsa flags.RSAKeyBits, ecdsa flags.ECDSACurve) (*ssh.KeyPair, error) {
 	var keyGen ssh.KeyPairGenerator
 	switch algorithm := alg.String(); algorithm {
 	case "rsa":
 		keyGen = ssh.NewRSAGenerator(int(rsa))
 	case "ecdsa":
 		keyGen = ssh.NewECDSAGenerator(ecdsa.Curve)
 	case "ed25519":
 		keyGen = ssh.NewEd25519Generator()
 	default:
 		return nil, fmt.Errorf("unsupported public key algorithm: %s", algorithm)
 	}
 	pair, err := keyGen.Generate()
 	if err != nil {
 		return nil, fmt.Errorf("key pair generation failed, error: %w", err)
 	}
 	return pair, nil
 }
 func scanHostKey(ctx context.Context, url *url.URL) ([]byte, error) {
 	host := url.Host
 	if url.Port() == "" {
 		host = host + ":22"
 	}
 	hostKey, err := ssh.ScanHostKey(host, 30*time.Second)
 	if err != nil {
 		return nil, fmt.Errorf("SSH key scan for host %s failed, error: %w", host, err)
 	}
 	return hostKey, nil
 }
--- a/cmd/flux/create_source_git.go
+++ b/cmd/flux/create_source_git.go
@ -23,13 +23,7 @@ import (
 	"io/ioutil"
 	"net/url"
 	"os"
 	"time"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@ -40,7 +34,10 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"github.com/fluxcd/pkg/ssh"
+	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 var createSourceGitCmd = &cobra.Command{
@ -195,7 +192,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		withAuth = true
 	} else if u.Scheme == "ssh" {
 		logger.Generatef("generating deploy key pair")
-		pair, err := generateKeyPair(ctx)
+		pair, err := generateKeyPair(ctx, sourceGitKeyAlgorithm, sourceGitRSABits, sourceGitECDSACurve)
 		if err != nil {
 			return err
 		}
@ -288,63 +285,6 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	return nil
 }
 func generateKeyPair(ctx context.Context) (*ssh.KeyPair, error) {
 	var keyGen ssh.KeyPairGenerator
 	switch algorithm := sourceGitKeyAlgorithm.String(); algorithm {
 	case "rsa":
 		keyGen = ssh.NewRSAGenerator(int(sourceGitRSABits))
 	case "ecdsa":
 		keyGen = ssh.NewECDSAGenerator(sourceGitECDSACurve.Curve)
 	case "ed25519":
 		keyGen = ssh.NewEd25519Generator()
 	default:
 		return nil, fmt.Errorf("unsupported public key algorithm: %s", algorithm)
 	}
 	pair, err := keyGen.Generate()
 	if err != nil {
 		return nil, fmt.Errorf("key pair generation failed, error: %w", err)
 	}
 	return pair, nil
 }
 func scanHostKey(ctx context.Context, url *url.URL) ([]byte, error) {
 	host := url.Host
 	if url.Port() == "" {
 		host = host + ":22"
 	}
 	hostKey, err := ssh.ScanHostKey(host, 30*time.Second)
 	if err != nil {
 		return nil, fmt.Errorf("SSH key scan for host %s failed, error: %w", host, err)
 	}
 	return hostKey, nil
 }
 func upsertSecret(ctx context.Context, kubeClient client.Client, secret corev1.Secret) error {
 	namespacedName := types.NamespacedName{
 		Namespace: secret.GetNamespace(),
 		Name:      secret.GetName(),
 	}
 	var existing corev1.Secret
 	err := kubeClient.Get(ctx, namespacedName, &existing)
 	if err != nil {
 		if errors.IsNotFound(err) {
 			if err := kubeClient.Create(ctx, &secret); err != nil {
 				return err
 			} else {
 				return nil
 			}
 		}
 		return err
 	}
 	existing.StringData = secret.StringData
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
 	}
 	return nil
 }
 func upsertGitRepository(ctx context.Context, kubeClient client.Client,
 	gitRepository *sourcev1.GitRepository) (types.NamespacedName, error) {
 	namespacedName := types.NamespacedName{