From 7027e823d850aa2078ef75c9674f363f27f23470 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Wed, 1 May 2024 12:57:41 +0300 Subject: [PATCH] Add `--ssh-hostkey-algos` flag to bootstrap command Allow configuring the list of host key algorithms to use for SSH connections initialized by the CLI during bootstrap. Signed-off-by: Stefan Prodan --- cmd/flux/bootstrap.go | 23 +++++++++++++++-------- cmd/flux/bootstrap_git.go | 2 +- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/cmd/flux/bootstrap.go b/cmd/flux/bootstrap.go index 5f375fee79..d23540e993 100644 --- a/cmd/flux/bootstrap.go +++ b/cmd/flux/bootstrap.go @@ -22,6 +22,7 @@ import ( "fmt" "strings" + "github.com/fluxcd/pkg/git" "github.com/manifoldco/promptui" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/api/errors" @@ -56,14 +57,15 @@ type bootstrapFlags struct { registryCredential string imagePullSecret string - secretName string - tokenAuth bool - keyAlgorithm flags.PublicKeyAlgorithm - keyRSABits flags.RSAKeyBits - keyECDSACurve flags.ECDSACurve - sshHostname string - caFile string - privateKeyFile string + secretName string + tokenAuth bool + keyAlgorithm flags.PublicKeyAlgorithm + keyRSABits flags.RSAKeyBits + keyECDSACurve flags.ECDSACurve + sshHostname string + caFile string + privateKeyFile string + sshHostKeyAlgorithms []string watchAllNamespaces bool networkPolicy bool @@ -124,6 +126,7 @@ func init() { bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.secretName, "secret-name", rootArgs.defaults.Namespace, "name of the secret the sync credentials can be found in or stored to") bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyAlgorithm, "ssh-key-algorithm", bootstrapArgs.keyAlgorithm.Description()) bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyRSABits, "ssh-rsa-bits", bootstrapArgs.keyRSABits.Description()) + bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.sshHostKeyAlgorithms, "ssh-hostkey-algos", nil, "list of host key algorithms to be used by the CLI for SSH connections") bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyECDSACurve, "ssh-ecdsa-curve", bootstrapArgs.keyECDSACurve.Description()) bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.sshHostname, "ssh-hostname", "", "SSH hostname, to be used when the SSH host differs from the HTTPS one") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates") @@ -192,6 +195,10 @@ func bootstrapValidate() error { return fmt.Errorf("invalid --registry-creds format, expected 'user:password'") } + if len(bootstrapArgs.sshHostKeyAlgorithms) > 0 { + git.HostKeyAlgos = bootstrapArgs.sshHostKeyAlgorithms + } + return nil } diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go index 328fb35d98..6686dcc1cc 100644 --- a/cmd/flux/bootstrap_git.go +++ b/cmd/flux/bootstrap_git.go @@ -66,7 +66,7 @@ command will perform an upgrade if needed.`, flux bootstrap git --url=ssh://@git-codecommit..amazonaws.com/v1/repos/ --private-key-file= --password= --path=clusters/my-cluster # Run bootstrap for a Git repository on Azure Devops - flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/// --ssh-key-algorithm=rsa --ssh-rsa-bits=4096 --path=clusters/my-cluster + flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/// --private-key-file= --ssh-hostkey-algos=rsa-sha2-512,rsa-sha2-256 --path=clusters/my-cluster # Run bootstrap for a Git repository on Oracle VBS flux bootstrap git --url=https://repository_url.git --with-bearer-token=true --password= --path=clusters/my-cluster