diff --git a/cmd/flux/bootstrap_bitbucket_server.go b/cmd/flux/bootstrap_bitbucket_server.go index c26515f62c..3490ffbeb2 100644 --- a/cmd/flux/bootstrap_bitbucket_server.go +++ b/cmd/flux/bootstrap_bitbucket_server.go @@ -226,7 +226,7 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error { secretOpts.Username = bServerArgs.username } secretOpts.Password = bitbucketToken - secretOpts.CAFile = caBundle + secretOpts.CACrt = caBundle } else { keypair, err := sourcesecret.LoadKeyPairFromPath(bootstrapArgs.privateKeyFile, gitArgs.password) if err != nil { diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go index 6686dcc1cc..494e1fd32d 100644 --- a/cmd/flux/bootstrap_git.go +++ b/cmd/flux/bootstrap_git.go @@ -243,7 +243,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error { secretOpts.Password = gitArgs.password } - secretOpts.CAFile = caBundle + secretOpts.CACrt = caBundle // Remove port of the given host when not syncing over HTTP/S to not assume port for protocol // This _might_ be overwritten later on by e.g. --ssh-hostname diff --git a/cmd/flux/bootstrap_gitea.go b/cmd/flux/bootstrap_gitea.go index 48b18b0ed7..c6db27f810 100644 --- a/cmd/flux/bootstrap_gitea.go +++ b/cmd/flux/bootstrap_gitea.go @@ -210,7 +210,7 @@ func bootstrapGiteaCmdRun(cmd *cobra.Command, args []string) error { if bootstrapArgs.tokenAuth { secretOpts.Username = "git" secretOpts.Password = gtToken - secretOpts.CAFile = caBundle + secretOpts.CACrt = caBundle } else { secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm) secretOpts.RSAKeyBits = int(bootstrapArgs.keyRSABits) diff --git a/cmd/flux/bootstrap_github.go b/cmd/flux/bootstrap_github.go index a82fb1ce4a..9c5ca2a2d1 100644 --- a/cmd/flux/bootstrap_github.go +++ b/cmd/flux/bootstrap_github.go @@ -217,7 +217,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error { if bootstrapArgs.tokenAuth { secretOpts.Username = "git" secretOpts.Password = ghToken - secretOpts.CAFile = caBundle + secretOpts.CACrt = caBundle } else { secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm) secretOpts.RSAKeyBits = int(bootstrapArgs.keyRSABits) diff --git a/cmd/flux/bootstrap_gitlab.go b/cmd/flux/bootstrap_gitlab.go index 11919e2d3e..896bd39259 100644 --- a/cmd/flux/bootstrap_gitlab.go +++ b/cmd/flux/bootstrap_gitlab.go @@ -257,10 +257,10 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error { if bootstrapArgs.tokenAuth { secretOpts.Username = "git" secretOpts.Password = glToken - secretOpts.CAFile = caBundle + secretOpts.CACrt = caBundle } else if gitlabArgs.deployTokenAuth { // the actual deploy token will be reconciled later - secretOpts.CAFile = caBundle + secretOpts.CACrt = caBundle } else { keypair, err := sourcesecret.LoadKeyPairFromPath(bootstrapArgs.privateKeyFile, gitArgs.password) if err != nil { diff --git a/cmd/flux/create_secret_git.go b/cmd/flux/create_secret_git.go index 9865cbc988..3ad88a3781 100644 --- a/cmd/flux/create_secret_git.go +++ b/cmd/flux/create_secret_git.go @@ -87,7 +87,6 @@ type secretGitFlags struct { keyAlgorithm flags.PublicKeyAlgorithm rsaBits flags.RSAKeyBits ecdsaCurve flags.ECDSACurve - caFile string caCrtFile string privateKeyFile string bearerToken string @@ -102,8 +101,7 @@ func init() { createSecretGitCmd.Flags().Var(&secretGitArgs.keyAlgorithm, "ssh-key-algorithm", secretGitArgs.keyAlgorithm.Description()) createSecretGitCmd.Flags().Var(&secretGitArgs.rsaBits, "ssh-rsa-bits", secretGitArgs.rsaBits.Description()) createSecretGitCmd.Flags().Var(&secretGitArgs.ecdsaCurve, "ssh-ecdsa-curve", secretGitArgs.ecdsaCurve.Description()) - createSecretGitCmd.Flags().StringVar(&secretGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates") - createSecretGitCmd.Flags().StringVar(&secretGitArgs.caCrtFile, "ca-crt-file", "", "path to TLS CA certificate file used for validating self-signed certificates; takes precedence over --ca-file") + createSecretGitCmd.Flags().StringVar(&secretGitArgs.caCrtFile, "ca-crt-file", "", "path to TLS CA certificate file used for validating self-signed certificates") createSecretGitCmd.Flags().StringVar(&secretGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server") createSecretGitCmd.Flags().StringVar(&secretGitArgs.bearerToken, "bearer-token", "", "bearer authentication token") @@ -169,11 +167,6 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error { if err != nil { return fmt.Errorf("unable to read TLS CA file: %w", err) } - } else if secretGitArgs.caFile != "" { - opts.CAFile, err = os.ReadFile(secretGitArgs.caFile) - if err != nil { - return fmt.Errorf("unable to read TLS CA file: %w", err) - } } default: return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme) diff --git a/cmd/flux/create_secret_helm.go b/cmd/flux/create_secret_helm.go index 2a809366d1..5421e2c34c 100644 --- a/cmd/flux/create_secret_helm.go +++ b/cmd/flux/create_secret_helm.go @@ -58,12 +58,9 @@ func init() { flags := createSecretHelmCmd.Flags() flags.StringVarP(&secretHelmArgs.username, "username", "u", "", "basic authentication username") flags.StringVarP(&secretHelmArgs.password, "password", "p", "", "basic authentication password") - - initSecretDeprecatedTLSFlags(flags, &secretHelmArgs.secretTLSFlags) - deprecationMsg := "please use the command `flux create secret tls` to generate TLS secrets" - flags.MarkDeprecated("cert-file", deprecationMsg) - flags.MarkDeprecated("key-file", deprecationMsg) - flags.MarkDeprecated("ca-file", deprecationMsg) + flags.StringVar(&secretHelmArgs.tlsCrtFile, "tls-crt-file", "", "TLS authentication cert file path") + flags.StringVar(&secretHelmArgs.tlsKeyFile, "tls-key-file", "", "TLS authentication key file path") + flags.StringVar(&secretHelmArgs.caCrtFile, "ca-crt-file", "", "TLS authentication CA file path") createSecretCmd.AddCommand(createSecretHelmCmd) } @@ -77,20 +74,20 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error { } caBundle := []byte{} - if secretHelmArgs.caFile != "" { + if secretHelmArgs.caCrtFile != "" { var err error - caBundle, err = os.ReadFile(secretHelmArgs.caFile) + caBundle, err = os.ReadFile(secretHelmArgs.caCrtFile) if err != nil { return fmt.Errorf("unable to read TLS CA file: %w", err) } } var certFile, keyFile []byte - if secretHelmArgs.certFile != "" && secretHelmArgs.keyFile != "" { - if certFile, err = os.ReadFile(secretHelmArgs.certFile); err != nil { + if secretHelmArgs.tlsCrtFile != "" && secretHelmArgs.tlsKeyFile != "" { + if certFile, err = os.ReadFile(secretHelmArgs.tlsCrtFile); err != nil { return fmt.Errorf("failed to read cert file: %w", err) } - if keyFile, err = os.ReadFile(secretHelmArgs.keyFile); err != nil { + if keyFile, err = os.ReadFile(secretHelmArgs.tlsKeyFile); err != nil { return fmt.Errorf("failed to read key file: %w", err) } } @@ -101,9 +98,9 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error { Labels: labels, Username: secretHelmArgs.username, Password: secretHelmArgs.password, - CAFile: caBundle, - CertFile: certFile, - KeyFile: keyFile, + CACrt: caBundle, + TLSCrt: certFile, + TLSKey: keyFile, } secret, err := sourcesecret.Generate(opts) if err != nil { diff --git a/cmd/flux/create_secret_tls.go b/cmd/flux/create_secret_tls.go index 82f36743dd..9f6d73a9d5 100644 --- a/cmd/flux/create_secret_tls.go +++ b/cmd/flux/create_secret_tls.go @@ -22,7 +22,6 @@ import ( "os" "github.com/spf13/cobra" - "github.com/spf13/pflag" corev1 "k8s.io/api/core/v1" "sigs.k8s.io/yaml" @@ -33,8 +32,8 @@ import ( var createSecretTLSCmd = &cobra.Command{ Use: "tls [name]", Short: "Create or update a Kubernetes secret with TLS certificates", - Long: withPreviewNote(`The create secret tls command generates a Kubernetes secret with certificates for use with TLS.`), - Example: ` # Create a TLS secret on disk and encrypt it with Mozilla SOPS. + Long: `The create secret tls command generates a Kubernetes secret with certificates for use with TLS.`, + Example: ` # Create a TLS secret on disk and encrypt it with SOPS. # Files are expected to be PEM-encoded. flux create secret tls certs \ --namespace=my-namespace \ @@ -49,9 +48,6 @@ var createSecretTLSCmd = &cobra.Command{ } type secretTLSFlags struct { - certFile string - keyFile string - caFile string caCrtFile string tlsKeyFile string tlsCrtFile string @@ -59,26 +55,10 @@ type secretTLSFlags struct { var secretTLSArgs secretTLSFlags -func initSecretDeprecatedTLSFlags(flags *pflag.FlagSet, args *secretTLSFlags) { - flags.StringVar(&args.certFile, "cert-file", "", "TLS authentication cert file path") - flags.StringVar(&args.keyFile, "key-file", "", "TLS authentication key file path") - flags.StringVar(&args.caFile, "ca-file", "", "TLS authentication CA file path") -} - -func initSecretTLSFlags(flags *pflag.FlagSet, args *secretTLSFlags) { - flags.StringVar(&args.tlsCrtFile, "tls-crt-file", "", "TLS authentication cert file path") - flags.StringVar(&args.tlsKeyFile, "tls-key-file", "", "TLS authentication key file path") - flags.StringVar(&args.caCrtFile, "ca-crt-file", "", "TLS authentication CA file path") -} - func init() { - flags := createSecretTLSCmd.Flags() - initSecretDeprecatedTLSFlags(flags, &secretTLSArgs) - initSecretTLSFlags(flags, &secretTLSArgs) - - flags.MarkDeprecated("cert-file", "please use --tls-crt-file instead") - flags.MarkDeprecated("key-file", "please use --tls-key-file instead") - flags.MarkDeprecated("ca-file", "please use --ca-crt-file instead") + createSecretTLSCmd.Flags().StringVar(&secretTLSArgs.tlsCrtFile, "tls-crt-file", "", "TLS authentication cert file path") + createSecretTLSCmd.Flags().StringVar(&secretTLSArgs.tlsKeyFile, "tls-key-file", "", "TLS authentication key file path") + createSecretTLSCmd.Flags().StringVar(&secretTLSArgs.caCrtFile, "ca-crt-file", "", "TLS authentication CA file path") createSecretCmd.AddCommand(createSecretTLSCmd) } @@ -102,11 +82,6 @@ func createSecretTLSCmdRun(cmd *cobra.Command, args []string) error { if err != nil { return fmt.Errorf("unable to read TLS CA file: %w", err) } - } else if secretTLSArgs.caFile != "" { - opts.CAFile, err = os.ReadFile(secretTLSArgs.caFile) - if err != nil { - return fmt.Errorf("unable to read TLS CA file: %w", err) - } } if secretTLSArgs.tlsCrtFile != "" && secretTLSArgs.tlsKeyFile != "" { @@ -116,13 +91,6 @@ func createSecretTLSCmdRun(cmd *cobra.Command, args []string) error { if opts.TLSKey, err = os.ReadFile(secretTLSArgs.tlsKeyFile); err != nil { return fmt.Errorf("failed to read key file: %w", err) } - } else if secretTLSArgs.certFile != "" && secretTLSArgs.keyFile != "" { - if opts.CertFile, err = os.ReadFile(secretTLSArgs.certFile); err != nil { - return fmt.Errorf("failed to read cert file: %w", err) - } - if opts.KeyFile, err = os.ReadFile(secretTLSArgs.keyFile); err != nil { - return fmt.Errorf("failed to read key file: %w", err) - } } secret, err := sourcesecret.Generate(opts) diff --git a/cmd/flux/create_secret_tls_test.go b/cmd/flux/create_secret_tls_test.go index 226ed8e3c3..99c7aee148 100644 --- a/cmd/flux/create_secret_tls_test.go +++ b/cmd/flux/create_secret_tls_test.go @@ -18,10 +18,6 @@ func TestCreateTlsSecret(t *testing.T) { args: "create secret tls certs --namespace=my-namespace --tls-crt-file=./testdata/create_secret/tls/test-cert.pem --tls-key-file=./testdata/create_secret/tls/test-key.pem --ca-crt-file=./testdata/create_secret/tls/test-ca.pem --export", assert: assertGoldenFile("testdata/create_secret/tls/secret-tls.yaml"), }, - { - args: "create secret tls certs --namespace=my-namespace --cert-file=./testdata/create_secret/tls/test-cert.pem --key-file=./testdata/create_secret/tls/test-key.pem --ca-file=./testdata/create_secret/tls/test-ca.pem --export", - assert: assertGoldenFile("testdata/create_secret/tls/deprecated-secret-tls.yaml"), - }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/cmd/flux/create_source_git.go b/cmd/flux/create_source_git.go index 2f7d5cb780..b8a4787a42 100644 --- a/cmd/flux/create_source_git.go +++ b/cmd/flux/create_source_git.go @@ -293,7 +293,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error { if err != nil { return fmt.Errorf("unable to read TLS CA file: %w", err) } - secretOpts.CAFile = caBundle + secretOpts.CACrt = caBundle } secretOpts.Username = sourceGitArgs.username secretOpts.Password = sourceGitArgs.password diff --git a/cmd/flux/create_source_helm.go b/cmd/flux/create_source_helm.go index d299c43b01..f25c3dfa36 100644 --- a/cmd/flux/create_source_helm.go +++ b/cmd/flux/create_source_helm.go @@ -197,9 +197,9 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error { Namespace: *kubeconfigArgs.Namespace, Username: sourceHelmArgs.username, Password: sourceHelmArgs.password, - CAFile: caBundle, - CertFile: certFile, - KeyFile: keyFile, + CACrt: caBundle, + TLSCrt: certFile, + TLSKey: keyFile, ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile, } secret, err := sourcesecret.Generate(secretOpts) diff --git a/cmd/flux/testdata/create_secret/tls/deprecated-secret-tls.yaml b/cmd/flux/testdata/create_secret/tls/deprecated-secret-tls.yaml deleted file mode 100644 index 04e01d63ba..0000000000 --- a/cmd/flux/testdata/create_secret/tls/deprecated-secret-tls.yaml +++ /dev/null @@ -1,107 +0,0 @@ -Flag --cert-file has been deprecated, please use --tls-crt-file instead -Flag --key-file has been deprecated, please use --tls-key-file instead -Flag --ca-file has been deprecated, please use --ca-crt-file instead ---- -apiVersion: v1 -kind: Secret -metadata: - name: certs - namespace: my-namespace -stringData: - caFile: | - -----BEGIN CERTIFICATE----- - MIIBhzCCAS2gAwIBAgIUdsAtiX3gN0uk7ddxASWYE/tdv0wwCgYIKoZIzj0EAwIw - GTEXMBUGA1UEAxMOZXhhbXBsZS5jb20gQ0EwHhcNMjAwNDE3MDgxODAwWhcNMjUw - NDE2MDgxODAwWjAZMRcwFQYDVQQDEw5leGFtcGxlLmNvbSBDQTBZMBMGByqGSM49 - AgEGCCqGSM49AwEHA0IABK7h/5D8bV93MmEdhu02JsS6ugB8s6PzRl3PV4xs3Sbr - RNkkM59+x3b0iWx/i76qPYpNLoiVUVXQmA9Y+4DbMxijUzBRMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQGyUiU1QEZiMAqjsnIYTwZ - 4yp5wzAPBgNVHREECDAGhwR/AAABMAoGCCqGSM49BAMCA0gAMEUCIQDzdtvKdE8O - 1+WRTZ9MuSiFYcrEz7Zne7VXouDEKqKEigIgM4WlbDeuNCKbqhqj+xZV0pa3rweb - OD8EjjCMY69RMO0= - -----END CERTIFICATE----- - certFile: | - -----BEGIN CERTIFICATE----- - MIIFazCCA1OgAwIBAgIUT84jeO/ncOrqI+FY05Fzbg8Ed7MwDQYJKoZIhvcNAQEL - BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM - GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA4MDgxNDQyMzVaFw0yMjA4 - MDgxNDQyMzVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw - HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB - AQUAA4ICDwAwggIKAoICAQDn/rPsZ74oypiwCzLlx57zplTiCi/WLSF+MmLGuTvM - EQnV+OND2zFgvDIV/vFs3brkd6rLVI4NcdgSj4YKULCMwwOl45hQPdCTEPJvUhCm - M+FuQ0czmEEJSjZtdLFz1B7QB/JemNnbfigxM9mlg58AlBhVJqn8q64wd/kC/W/K - JTLJuBiVf12ZiPoPfO4WSxAqD3opZ8gdbmK0KYQAhKjEto6ZrYGisfwU1gt3l8M7 - sCJSpEkOkpuQgJ8D+xzJS36VXBJQMMP9nAPps+x/rGFplsPMsXEFFiwvR1+FJZwz - lg2sJ91bLGZQ7vn74MfsGrxpiJwllRThJyT7C9V0sjb5trT2lEqZlP2dRSJYt7aJ - 1crEcdGSl6RIKgxSV6Hk8dh/ZaTjrTwaKxVkPo2IeEXy5xrR7DyonOQ6Yes0KOCm - JB5yHkFlIVEnLm/HZXEtm3bPHsFgTZuInyBCOMXpUESuVZIw8YK+Vd6AExGPPwZ4 - n5I/sCDxWII9owIj3LeLzdUG6JoroahhGmo8rgpbJpPnS+VgryQ/raUQjqDzDCuE - 9vKXKBlSUqK6H9A+NMc0mme7M8/GX7T7ewFGUB/xsdrcO4yXjqHnAe0yLf8epDjC - hh76bYqwwinVrmfcNcRxFVJZW2z0gGdgkOkOLaVVb9ggPV2SNAHbN4A+St/iRYR5 - awIDAQABo1MwUTAdBgNVHQ4EFgQUzMaCqVM30EZFfTeNUIJ5fNPAhaQwHwYDVR0j - BBgwFoAUzMaCqVM30EZFfTeNUIJ5fNPAhaQwDwYDVR0TAQH/BAUwAwEB/zANBgkq - hkiG9w0BAQsFAAOCAgEAVmk1rXtVkYR1Vs2Va/xrUaGXlFznhPU/Fft44kiEkkLp - mLVelWyAqvXYioqssZwuZnTjGz0DQPqzJjqwuGy4CHwPLmhCtfHplrbWo8a0ivYC - cL20KfZsG941siUh7LGBjTsq6mWBf2ytlFmg/fg93SgmqcEUAUcdps0JpZD8lgWB - ZMstfr6E3jaEus3OsvDD6hJNYZ5clJ5+ynLoWZ99A9JC0U46hmIZpRjbdSvasKpD - XrXTdpzyL/Do3znXE/yfoHv4//Rj2CpPHJLYRCIzvuf1mo1fWd53FjHvrbUvaHFz - CGuZROd4dC4Rx5nZw2ogIYvJ8m6HpIDkL3pBNSQJtIsvAYEQcotJoa5D/e9fu2Wr - +og37oCY4OXzViEBQvyxKD4cajNco1fgGKEaFROADwr3JceGI7Anq5W+xdUvAGNM - QuGeCueqNyrJ0CbQ1zEhwgpk/VYfB0u9m0bjMellRlKMdojby+FDCJtAJesx9no4 - SQXyx+aNHhj3qReysjGNwZvBk1IHL04HAT+ogNiYhTl1J/YON4MB5UN6Y2PxP6uG - KvJGPigx4fAwfR/d78o5ngwoH9m+8FUg8+qllJ8XgIbl/VXKTk3G4ceOm4eBmrel - DwWuBhELSjtXWPWhMlkiebgejDbAear53Lia2Cc43zx/KuhMHBTlKY/vY4F2YiI= - -----END CERTIFICATE----- - keyFile: | - -----BEGIN PRIVATE KEY----- - MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDn/rPsZ74oypiw - CzLlx57zplTiCi/WLSF+MmLGuTvMEQnV+OND2zFgvDIV/vFs3brkd6rLVI4NcdgS - j4YKULCMwwOl45hQPdCTEPJvUhCmM+FuQ0czmEEJSjZtdLFz1B7QB/JemNnbfigx - M9mlg58AlBhVJqn8q64wd/kC/W/KJTLJuBiVf12ZiPoPfO4WSxAqD3opZ8gdbmK0 - KYQAhKjEto6ZrYGisfwU1gt3l8M7sCJSpEkOkpuQgJ8D+xzJS36VXBJQMMP9nAPp - s+x/rGFplsPMsXEFFiwvR1+FJZwzlg2sJ91bLGZQ7vn74MfsGrxpiJwllRThJyT7 - C9V0sjb5trT2lEqZlP2dRSJYt7aJ1crEcdGSl6RIKgxSV6Hk8dh/ZaTjrTwaKxVk - Po2IeEXy5xrR7DyonOQ6Yes0KOCmJB5yHkFlIVEnLm/HZXEtm3bPHsFgTZuInyBC - OMXpUESuVZIw8YK+Vd6AExGPPwZ4n5I/sCDxWII9owIj3LeLzdUG6JoroahhGmo8 - rgpbJpPnS+VgryQ/raUQjqDzDCuE9vKXKBlSUqK6H9A+NMc0mme7M8/GX7T7ewFG - UB/xsdrcO4yXjqHnAe0yLf8epDjChh76bYqwwinVrmfcNcRxFVJZW2z0gGdgkOkO - LaVVb9ggPV2SNAHbN4A+St/iRYR5awIDAQABAoICAQCTxuixQ/wbW8IbEWcgeyHD - LkaPndGO6jyVeF73GvL+MDRFuj558NvpNLfqzvTWVf9AnQGMd5Xs9oGegRHu7Csp - 3ucp+moBYv7DT14+jtXQKOgGJpDqSqfS1RUKb/TBRXNDLGy02UScziWoAdE33zmf - UraVNwW8z1crxKA3yVw2Na++UqhGQlVLAbfXucqnJLVtNWKpkVQlezUgcfmFovsm - Iut+9MjI6/sZAqdXTLKuCKo0XjWzNKwnRecE0CYsCwzc80MvFYEiwQi1C0kwoouC - iOi8MKM/jDok+5/a3nQ7X+/ho5sbApNCJpfSXAK9YOJ3ju93+RjNuvORfp4/sW3W - OGXw6X30Ym7WS/7oYuwEILyqdyNOvKU7a+17d/W/YA60NOdA4iJI3aTfYFMD3l14 - Da+D/wkTlEN3Ye7GN21A9AsZwWWiT9G5FOxWWVv7nTPG+Ix5ewehQWt/3DxhSizR - inMBizL5xpwx9LRWHnXX277lChYmPFAAMXINl1hnX6s0EY9pSDHN0IddibJkNKBD - m1CN37rqxoXQz4zoAyJGfQVkakqe16ayqI9yuQwO6AUkZcD5DYQdz9QYOTnYrQc6 - 6haC3D0Fmqg1s4v+6gpxZA/qTri0gVl/v/NN4Mk2/qWtK33imOedgD+5LXhZdBgJ - Mqn53AErG/AT622jvSb5UQKCAQEA/DTGLh0Ct97PCm+c+PxRFyieaHNJLWENKyxp - HoWGHfp2Bvt2Vphoi7GpRCM/yta4vCZgZmeWTQ0yBg6iPVPRA6Ho5hqh9OkUYVoh - prL3JsIU20jTutYjo2aefO4qXnJfkkXxNO2FElUHDTwtWdlGJQKvlUJwTv6xO19v - bQQkhZSpri6gIpi5Nkm2SGEtDofRJ+F6ThbQibEatL6DR00dh39MYQz+tZP5olzn - kX5bHEBWB7gy+YxTGF8FdlCSQTBBtNSKsAv3Cxj4qEHm+fu09vnH6fOZKenT2nXD - 5QE/RpgQzLV1TumCjqLzqwp7bbzH+4mjsXpF3KHBZwnhMnDIRwKCAQEA63wYzjBy - no0GBBz0hOWrOwQ/AjUHfi47o3Xvl4RBjZclM171HKH7oMCnQvVKTNq8jvakCZjc - UI6i+H4R6aokiFS2xGbC2H3ZlSMFNwhb2xUs/C4Nr7JSOWZBtDy5QBspUsp26f7m - 9VNVRzCmnxWV9be/1TxHDzDhslNlL5TMejbMorWnrtNG41KWwGtwvv2gApr3894j - eJNOh0WGfsMkXUM6+4v4WcCGrdV8Cr6Nvu96ZZe2PWu2dANtAfnxqogXXCoFE6r1 - vie7hFSfJ2QR/vEbanED4pYGTtGYP1oseScx0u0hLhGLGccVBUNZlRbox4rIOELI - v9MLuiOL4YX7vQKCAQAGzMl3HtMe8AP3DRFXaT4qeK7ktA8KCS7YtibTatg14LXj - 9E25gfx3n7+nlae3qVhrwkEhIbPcuflaTnSzYJonFet4oMkzGEGzakG0A+lEA0Ga - s/j5daKaWj71sVo1F7JZ+EbLnYfT+bTp93BllsUcZFkllhf/GUDgD++qKc1uSJbW - mm044ZNE0nH2u6ACX0kVYS/yAQ14WO0WaHiTqJGeQKFnkHkhni7B4O1hb923AkkP - hjjhn5Xx90Xnbb6zwUBURtLCcmAjzXWO29AFd3Lmoc9xEF9V0PckUb6JYyI4ngr9 - 6fqSuRsLC3u0ZeD0EX322zwtodVWYIodZBfNS1srAoIBAQCjTUPGeUKDQTjS0WGg - Z8T/AErRtQSlNFqXWMn2QPlUv2RE460HVi2xpOhZPtFvyqDIY7IOFbtzAfdya7rw - V9VN1bGJMdodV+jzy31qVJmerGit2SIUnYz30TnvS80L78oQZ+dfDi4MIuYYoFxs - JgQAipS1wz9kAXoCuGKLRJ0og6gVjfPjARE/w55XgiqFyEyWgfFBZOMkUsM6e7Rx - Y9Jr+puEpeRsGV9MXafPq6WQq3It0a/HmFLG0TlfDX3RzN6mQ12R7hTM8bDQa/6S - yorQSVPB1O3kzDVDo4X5KQd+XPfoVhmUYQYdsjmZlMMi6Og0uMFwgp/Epw6S3uO6 - WbfhAoIBAQCOp4iIc87GyxWL8u6HrJaqmFlqkfou0hI+y9h6FfzsBYU6y3+gRYdF - wr2S9EUAb80kEQ1v0pt9417NOGc1pmYjKCZmDZ7qeGCGk2PR0U59+xJetXBWWhbq - 5JxcwdRYoHyrmC/LINxzzqYOQbQevbW0zcEskeKfJsOtj9WJt6U9B1YZbE8pu2QV - xjvb+YekD2R+n/umV6eiaGfDau+EWudYVTqY0mR7y9hTiFR/KnqSsy2BUjljpacS - XBQO4ig7vY8+1+L3w2xpTN95/rXAvB4BbO/DLea9ArikePoSJ+bVTj0YwrKBghep - kOvbvVANrpsunlSAcpXm1qkV+G+xPnyJ - -----END PRIVATE KEY----- diff --git a/go.mod b/go.mod index 867ba32c69..530968c8bd 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,6 @@ require ( github.com/onsi/gomega v1.34.1 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 github.com/spf13/cobra v1.8.1 - github.com/spf13/pflag v1.0.5 github.com/theckman/yacspin v0.13.12 golang.org/x/crypto v0.27.0 golang.org/x/term v0.24.0 @@ -203,6 +202,7 @@ require ( github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.3.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/vbatts/tar-split v0.11.3 // indirect github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect diff --git a/pkg/bootstrap/bootstrap_plain_git.go b/pkg/bootstrap/bootstrap_plain_git.go index 78af0c8851..8cb5682eeb 100644 --- a/pkg/bootstrap/bootstrap_plain_git.go +++ b/pkg/bootstrap/bootstrap_plain_git.go @@ -229,7 +229,7 @@ func (b *PlainGitBootstrapper) ReconcileSourceSecret(ctx context.Context, option } // Return early if exists and no custom config is passed - if ok && options.Keypair == nil && len(options.CAFile) == 0 && len(options.Username+options.Password) == 0 { + if ok && options.Keypair == nil && len(options.CACrt) == 0 && len(options.Username+options.Password) == 0 { b.logger.Successf("source secret up to date") return nil } diff --git a/pkg/manifestgen/sourcesecret/options.go b/pkg/manifestgen/sourcesecret/options.go index 214a111467..6bf4e3cc40 100644 --- a/pkg/manifestgen/sourcesecret/options.go +++ b/pkg/manifestgen/sourcesecret/options.go @@ -75,16 +75,6 @@ type Options struct { VerificationCrts []VerificationCrt TrustPolicy []byte Address string - - // Deprecated: Replaced by CACrt, but kept for backwards compatibility - // with deprecated TLS flags. - CAFile []byte - // Deprecated: Replaced by TLSCrt, but kept for backwards compatibility - // with deprecated TLS flags. - CertFile []byte - // Deprecated: Replaced by TLSKey, but kept for backwards compatibility - // with deprecated TLS flags. - KeyFile []byte } type VerificationCrt struct { @@ -100,9 +90,6 @@ func MakeDefaultOptions() Options { PrivateKeyAlgorithm: RSAPrivateKeyAlgorithm, Username: "", Password: "", - CAFile: []byte{}, - CertFile: []byte{}, - KeyFile: []byte{}, ManifestFile: "secret.yaml", BearerToken: "", } diff --git a/pkg/manifestgen/sourcesecret/sourcesecret.go b/pkg/manifestgen/sourcesecret/sourcesecret.go index d33ed9be17..8b680c3d9d 100644 --- a/pkg/manifestgen/sourcesecret/sourcesecret.go +++ b/pkg/manifestgen/sourcesecret/sourcesecret.go @@ -162,17 +162,12 @@ func buildSecret(keypair *ssh.KeyPair, hostKey, dockerCfg []byte, options Option if len(options.CACrt) != 0 { secret.StringData[CACrtSecretKey] = string(options.CACrt) - } else if len(options.CAFile) != 0 { - secret.StringData[CAFileSecretKey] = string(options.CAFile) } if len(options.TLSCrt) != 0 && len(options.TLSKey) != 0 { secret.Type = corev1.SecretTypeTLS secret.StringData[TLSCrtSecretKey] = string(options.TLSCrt) secret.StringData[TLSKeySecretKey] = string(options.TLSKey) - } else if len(options.CertFile) != 0 && len(options.KeyFile) != 0 { - secret.StringData[CertFileSecretKey] = string(options.CertFile) - secret.StringData[KeyFileSecretKey] = string(options.KeyFile) } if keypair != nil && len(hostKey) != 0 {