Merge pull request #617 from luxas/ssh_knownhosts

Use the new knownhosts package in fluxcd/toolkit
weaveworks · Jun 11, 2020 · 924712a · 924712a
2 parents c89b151 + f983355
commit 924712a
Show file tree

Hide file tree

Showing 103 changed files with 2,746 additions and 676 deletions.
diff --git a/cmd/ignited/cmd/gitops.go b/cmd/ignited/cmd/gitops.go
@@ -6,24 +6,28 @@ import (
 	"time"
 
 	"github.com/lithammer/dedent"
+	homedir "github.com/mitchellh/go-homedir"
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/weaveworks/ignite/pkg/gitops"
 	"github.com/weaveworks/ignite/pkg/util"
 	"github.com/weaveworks/libgitops/pkg/gitdir"
 )
 
+const defaultKnownHostsPath = "~/.ssh/known_hosts"
+
 type gitOpsFlags struct {
 	branch   string
 	interval time.Duration
 	timeout  time.Duration
 
 	identityFile string
+	hostsFile    string
 	username     string
 	password     string
 
-	paths     []string
-	hostsFile string
+	paths []string
 }
 
 // NewCmdGitOps runs the GitOps functionality of Ignite
@@ -34,11 +38,11 @@ func NewCmdGitOps(out io.Writer) *cobra.Command {
 		timeout:  1 * time.Minute,
 
 		identityFile: "",
+		hostsFile:    defaultKnownHostsPath,
 		username:     "",
 		password:     "",
 
 		//paths:        []string{},
-		//hostsFile:    "~/.ssh/known_hosts",
 	}
 	cmd := &cobra.Command{
 		Use:   "gitops <repo-url>",
@@ -61,9 +65,24 @@ func NewCmdGitOps(out io.Writer) *cobra.Command {
 			}
 			if f.identityFile != "" {
 				var err error
+				// support ~ prefixes in the path
+				f.identityFile, err = homedir.Expand(f.identityFile)
+				log.Tracef("Parsed identity file path: %s", f.identityFile)
+				util.GenericCheckErr(err)
+
 				opts.IdentityFileContent, err = ioutil.ReadFile(f.identityFile)
 				util.GenericCheckErr(err)
 			}
+			if f.hostsFile != "" {
+				var err error
+				// support ~ prefixes in the path
+				f.hostsFile, err = homedir.Expand(f.hostsFile)
+				log.Tracef("Parsed_known hosts file path: %s", f.hostsFile)
+				util.GenericCheckErr(err)
+
+				opts.KnownHostsFileContent, err = ioutil.ReadFile(f.hostsFile)
+				util.GenericCheckErr(err)
+			}
 			if f.username != "" {
 				opts.Username = &f.username
 			}
@@ -85,15 +104,10 @@ func addGitOpsFlags(fs *pflag.FlagSet, f *gitOpsFlags) {
 	fs.DurationVar(&f.timeout, "timeout", f.timeout, "Git operation (clone, push, pull) timeout")
 
 	fs.StringVar(&f.identityFile, "identity-file", f.identityFile, "What SSH identity file to use for pushing")
+	fs.StringVar(&f.hostsFile, "hosts-file", f.hostsFile, "What known_hosts file to use for remote verification")
 	fs.StringVar(&f.username, "https-username", f.username, "What username to use when authenticating with Git over HTTPS")
 	fs.StringVar(&f.password, "https-password", f.password, "What password/access token to use when authenticating with Git over HTTPS")
 
 	// TODO: We need to add path prefix support to the WatchStorage to support this
 	// fs.StringSliceVarP(&f.paths, "paths", "p", f.paths, "What subdirectories to care about. Default the whole repository")
-
-	// TODO: When https://github.com/fluxcd/toolkit/issues/2 is fixed and the
-	// https://github.com/fluxcd/source-controller/tree/master/internal/crypto/ssh/knownhosts package
-	// can be vendored, we'll add support for reading a hosts file. In the meantime, the
-	// SSH_KNOWN_HOSTS variable can be used.
-	// fs.StringVar(&f.hostsFile, "hosts-file", f.hostsFile, "What hosts file to use")
 }
diff --git a/docs/cli/ignited/ignited_gitops.md b/docs/cli/ignited/ignited_gitops.md
@@ -23,6 +23,7 @@ ignited gitops <repo-url> [flags]
 ```
   -b, --branch string           What branch to sync (default "master")
   -h, --help                    help for gitops
+      --hosts-file string       What known_hosts file to use for remote verification (default "~/.ssh/known_hosts")
       --https-password string   What password/access token to use when authenticating with Git over HTTPS
       --https-username string   What username to use when authenticating with Git over HTTPS
       --identity-file string    What SSH identity file to use for pushing

diff --git a/go.mod b/go.mod
@@ -9,10 +9,7 @@ replace (
 )
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
-	github.com/Microsoft/hcsshim v0.8.7 // indirect
 	github.com/alessio/shellescape v1.2.2
-	github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 // indirect
 	github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee
 	github.com/containerd/cgroups v0.0.0-20200407151229-7fc7a507c04c // indirect
 	github.com/containerd/console v1.0.0
@@ -25,44 +22,38 @@ require (
 	github.com/containernetworking/plugins v0.8.5
 	github.com/containers/image v3.0.2+incompatible
 	github.com/coreos/go-iptables v0.4.5
-	github.com/docker/distribution v2.7.1+incompatible // indirect
 	github.com/docker/docker v1.4.2-0.20200203170920-46ec8731fbce
 	github.com/docker/go-connections v0.4.0
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/firecracker-microvm/firecracker-go-sdk v0.21.1-0.20200312220944-e6eaff81c885
 	github.com/freddierice/go-losetup v0.0.0-20170407175016-fc9adea44124
-	github.com/go-openapi/spec v0.19.7
+	github.com/go-openapi/spec v0.19.8
 	github.com/gogo/googleapis v1.3.2 // indirect
-	github.com/googleapis/gnostic v0.3.1 // indirect
 	github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e
 	github.com/gorilla/mux v1.7.4 // indirect
 	github.com/krolaw/dhcp4 v0.0.0-20190909130307-a50d88189771
 	github.com/lithammer/dedent v1.1.0
 	github.com/miekg/dns v1.1.29
-	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0
 	github.com/nightlyone/lockfile v1.0.0
-	github.com/onsi/gomega v1.8.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0-rc1
 	github.com/opencontainers/image-spec v1.0.1
-	github.com/opencontainers/runc v0.1.1 // indirect
 	github.com/opencontainers/runtime-spec v1.0.2
 	github.com/otiai10/copy v1.1.1
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/sftp v1.11.0
 	github.com/prometheus/client_golang v1.5.1
-	github.com/sirupsen/logrus v1.5.0
-	github.com/spf13/cobra v0.0.7
+	github.com/sirupsen/logrus v1.6.0
+	github.com/spf13/cobra v1.0.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.5.1
 	github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect
 	github.com/vishvananda/netlink v1.1.0
-	github.com/weaveworks/libgitops v0.0.0-20200609112803-ee6851c3359a
-	go.etcd.io/bbolt v1.3.3 // indirect
+	github.com/weaveworks/libgitops v0.0.0-20200611103311-2c871bbbbf0c
 	golang.org/x/crypto v0.0.0-20200406173513-056763e48d71
-	golang.org/x/sys v0.0.0-20200409092240-59c9f1ba88fa
-	google.golang.org/grpc v1.27.0 // indirect
+	golang.org/x/sys v0.0.0-20200610111108-226ff32320da
 	gotest.tools v2.2.0+incompatible
-	k8s.io/apimachinery v0.18.1
+	k8s.io/apimachinery v0.18.3
 	k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9
 	sigs.k8s.io/yaml v1.2.0
 )