Merge pull request #679 from fluxcd/ssh-hostkey-algos

Add `hostkey_algos` to the `git.ssh` schema
fluxcd · May 2, 2024 · 8c7df3e · 8c7df3e
2 parents 55d4aba + 87c3122
commit 8c7df3e
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 3 deletions.
diff --git a/docs/index.md b/docs/index.md
@@ -163,6 +163,7 @@ Optional:
 
 Optional:
 
+- `hostkey_algos` (List of String) The list of hostkey algorithms to use for ssh connections, arranged from most preferred to the least.
 - `password` (String, Sensitive) Password of the SSH private key.
 - `private_key` (String, Sensitive) Private key used for authenticating to the Git SSH server.
 - `username` (String) Username for Git SSH server.

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -22,6 +22,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/fluxcd/pkg/git"
 	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/path"
@@ -43,9 +44,10 @@ const (
 var EmbeddedManifests string
 
 type Ssh struct {
-	Username   types.String `tfsdk:"username"`
-	Password   types.String `tfsdk:"password"`
-	PrivateKey types.String `tfsdk:"private_key"`
+	Username     types.String `tfsdk:"username"`
+	Password     types.String `tfsdk:"password"`
+	PrivateKey   types.String `tfsdk:"private_key"`
+	HostKeyAlgos types.List   `tfsdk:"hostkey_algos"`
 }
 
 type Http struct {
@@ -264,6 +266,11 @@ func (p *fluxProvider) Schema(ctx context.Context, req provider.SchemaRequest, r
 								Optional:    true,
 								Sensitive:   true,
 							},
+							"hostkey_algos": schema.ListAttribute{
+								ElementType: types.StringType,
+								Description: "The list of hostkey algorithms to use for ssh connections, arranged from most preferred to the least.",
+								Optional:    true,
+							},
 						},
 						Optional: true,
 					},
@@ -374,6 +381,14 @@ func (p *fluxProvider) Configure(ctx context.Context, req provider.ConfigureRequ
 		}
 	}
 
+	if data.Git.Ssh != nil && !data.Git.Ssh.HostKeyAlgos.IsNull() && len(data.Git.Ssh.HostKeyAlgos.Elements()) > 0 {
+		elements := make([]types.String, 0, len(data.Git.Ssh.HostKeyAlgos.Elements()))
+		data.Git.Ssh.HostKeyAlgos.ElementsAs(ctx, &elements, false)
+		for _, algo := range elements {
+			git.HostKeyAlgos = append(git.HostKeyAlgos, algo.ValueString())
+		}
+	}
+
 	prd, err := NewProviderResourceData(ctx, data)
 	if err != nil {
 		resp.Diagnostics.AddError("Could not create provider resource data", err.Error())

diff --git a/internal/provider/resource_bootstrap_git_test.go b/internal/provider/resource_bootstrap_git_test.go
@@ -543,6 +543,7 @@ func bootstrapGitSSH(env environment) string {
         url = "%s"
         ssh = {
           username = "git"
+          hostkey_algos = ["rsa-sha2-512", "rsa-sha2-256"]
           private_key = <<EOF
 %s
 EOF