improve authentification to allow private repository + golines

Openlizz · Apr 1, 2022 · f6fe64a · f6fe64a
1 parent 1a5ece5
commit f6fe64a
Show file tree

Hide file tree

Showing 24 changed files with 962 additions and 179 deletions.
diff --git a/cmd/add.go b/cmd/add.go
@@ -16,9 +16,15 @@ limitations under the License.
 package cmd
 
 import (
+	"context"
+	"fmt"
+	"strings"
 	"time"
 
+	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
+	"gitlab.com/openlizz/lizz/internal/config"
+	"gitlab.com/openlizz/lizz/internal/flags"
 	"gitlab.com/openlizz/lizz/internal/repo"
 )
 
@@ -34,18 +40,27 @@ const (
 )
 
 type addFlags struct {
-	originUrl        string
-	originBranch     string
-	clusterRole      bool
-	decryptionSecret string
-	path             string
-	destinationUrl   string
-	fleetUrl         string
-	fleetBranch      string
-	interval         time.Duration
-	username         string
-	password         string
-	silent           bool
+	originUrl          string
+	originBranch       string
+	clusterRole        bool
+	decryptionSecret   string
+	path               string
+	destinationUrl     string
+	destinationPrivate bool
+	fleetUrl           string
+	fleetBranch        string
+	interval           time.Duration
+	sourceSecretName   string
+	username           string
+	password           string
+	tokenAuth          bool
+	keyAlgorithm       flags.PublicKeyAlgorithm
+	keyRSABits         flags.RSAKeyBits
+	keyECDSACurve      flags.ECDSACurve
+	sshHostname        string
+	caFile             string
+	privateKeyFile     string
+	silent             bool
 
 	authorName  string
 	authorEmail string
@@ -60,11 +75,20 @@ func init() {
 	addCmd.Flags().StringVar(&addArgs.decryptionSecret, "decryptionSecret", "sops-age", "name of the secret containing the AGE secret key")
 	addCmd.Flags().StringVar(&addArgs.path, "path", "./default", "path to kustomization in the application repository")
 	addCmd.Flags().StringVar(&addArgs.destinationUrl, "destinationUrl", "", "Git repository URL where to push the application repository")
+	addCmd.Flags().BoolVar(&addArgs.destinationPrivate, "destinationPrivate", true, "true if the destination repository is private and needs credentials")
 	addCmd.Flags().StringVar(&addArgs.fleetUrl, "fleetUrl", "", "Git repository URL of the fleet repository")
 	addCmd.Flags().StringVar(&addArgs.fleetBranch, "fleetBranch", "main", "Git branch of the fleet repository")
 	addCmd.Flags().DurationVar(&addArgs.interval, "interval", time.Minute, "sync interval")
+	addCmd.Flags().StringVar(&addArgs.sourceSecretName, "sourceSecretName", "sourcesecret", "Name of the source secret containing the credentials for the desctionation repository")
 	addCmd.Flags().StringVarP(&addArgs.username, "username", "u", "git", "basic authentication username")
 	addCmd.Flags().StringVarP(&addArgs.password, "password", "p", "", "basic authentication password")
+	addCmd.Flags().StringVar(&addArgs.privateKeyFile, "private-key-file", "", "path to a private key file used for authenticating to the Git SSH server")
+	addCmd.Flags().BoolVar(&addArgs.tokenAuth, "token-auth", false, "when enabled, the personal access token will be used instead of SSH deploy key")
+	addCmd.Flags().Var(&addArgs.keyAlgorithm, "ssh-key-algorithm", addArgs.keyAlgorithm.Description())
+	addCmd.Flags().Var(&addArgs.keyRSABits, "ssh-rsa-bits", addArgs.keyRSABits.Description())
+	addCmd.Flags().Var(&addArgs.keyECDSACurve, "ssh-ecdsa-curve", addArgs.keyECDSACurve.Description())
+	addCmd.Flags().StringVar(&addArgs.sshHostname, "ssh-hostname", "", "SSH hostname, to be used when the SSH host differs from the HTTPS one")
+	addCmd.Flags().StringVar(&addArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
 	addCmd.Flags().BoolVarP(&addArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
 
 	addCmd.Flags().StringVar(&addArgs.authorName, "author-name", "Lizz", "author name for Git commits")
@@ -74,8 +98,17 @@ func init() {
 }
 
 func addCmdRun(cmd *cobra.Command, args []string) error {
+	fmt.Println("destinationPrivate: ", addArgs.destinationPrivate)
+
 	logger.Actionf("Clone application repo.")
-	applicationRepo, err := repo.CloneApplicationRepo(addArgs.originUrl, addArgs.originBranch, addArgs.username, addArgs.password, rootArgs.timeout)
+	applicationRepo, err := repo.CloneApplicationRepo(
+		addArgs.originUrl,
+		addArgs.originBranch,
+		addArgs.username,
+		addArgs.password,
+		addArgs.privateKeyFile,
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}
@@ -84,7 +117,14 @@ func addCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	logger.Actionf("Clone cluster repo.")
-	clusterRepo, err := repo.CloneClusterRepo(addArgs.fleetUrl, addArgs.fleetBranch, addArgs.username, addArgs.password, rootArgs.timeout)
+	clusterRepo, err := repo.CloneClusterRepo(
+		addArgs.fleetUrl,
+		addArgs.fleetBranch,
+		addArgs.username,
+		addArgs.password,
+		"",
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}
@@ -97,7 +137,11 @@ func addCmdRun(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	applicationRepo.Config().Repository = addArgs.originUrl
+	originUrl, err := config.UniversalURL(addArgs.originUrl)
+	if err != nil {
+		return err
+	}
+	applicationRepo.Config().Repository = originUrl
 	applicationRepo.Config().Sha = head
 	logger.Actionf("Check that the application can be installed.")
 	err = applicationRepo.Config().Check()
@@ -115,19 +159,72 @@ func addCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	logger.Actionf("Commit and push application repo.")
-	err = applicationRepo.CommitPush(addArgs.authorName, addArgs.authorEmail, "[add application] Create application repository for "+applicationRepo.Config().Name, addArgs.destinationUrl, rootArgs.timeout)
+	err = applicationRepo.CommitPush(
+		addArgs.authorName,
+		addArgs.authorEmail,
+		"[add application] Create application repository for "+applicationRepo.Config().Name,
+		addArgs.destinationUrl,
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("Add application to the cluster repo.")
-	err = clusterRepo.AddApplication(addArgs.destinationUrl, applicationRepo.Config(), addArgs.clusterRole, addArgs.destinationUrl, addArgs.decryptionSecret, addArgs.path)
+	publicKey, err := clusterRepo.AddApplication(
+		addArgs.destinationUrl,
+		addArgs.destinationPrivate,
+		applicationRepo.Config(),
+		addArgs.clusterRole,
+		addArgs.destinationUrl,
+		addArgs.decryptionSecret,
+		addArgs.path,
+		addArgs.sourceSecretName,
+		addArgs.username,
+		addArgs.password,
+		addArgs.tokenAuth,
+		addArgs.caFile,
+		addArgs.keyAlgorithm,
+		addArgs.keyRSABits,
+		addArgs.keyECDSACurve,
+		addArgs.sshHostname,
+		addArgs.privateKeyFile,
+	)
 	if err != nil {
 		return err
 	}
+	if addArgs.destinationPrivate == true {
+		ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+		defer cancel()
+		err = promptPublicKey(ctx, publicKey)
+		if err != nil {
+			return err
+		}
+	}
 	logger.Actionf("Commit and push cluster repo.")
-	err = clusterRepo.CommitPush(addArgs.authorName, addArgs.authorEmail, "[add application] Add "+applicationRepo.Config().Name+" to the cluster", "", rootArgs.timeout)
+	err = clusterRepo.CommitPush(
+		addArgs.authorName,
+		addArgs.authorEmail,
+		"[add application] Add "+applicationRepo.Config().Name+" to the cluster",
+		"",
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}
 	return nil
 }
+
+func promptPublicKey(ctx context.Context, publicKey string) error {
+	logger.Successf("public key: %s", strings.TrimSpace(publicKey))
+	if !addArgs.silent {
+		prompt := promptui.Prompt{
+			Label:     "Please give the key access to your repository",
+			IsConfirm: true,
+		}
+		_, err := prompt.Run()
+		if err != nil {
+			return fmt.Errorf("aborting")
+		}
+	}
+	return nil
+}
diff --git a/cmd/init.go b/cmd/init.go
@@ -19,6 +19,7 @@ import (
 	"time"
 
 	"github.com/spf13/cobra"
+	"gitlab.com/openlizz/lizz/internal/config"
 	"gitlab.com/openlizz/lizz/internal/repo"
 )
 
@@ -36,6 +37,7 @@ type initFlags struct {
 	interval       time.Duration
 	username       string
 	password       string
+	privateKeyFile string
 	silent         bool
 
 	authorName  string
@@ -46,30 +48,55 @@ var initArgs initFlags
 
 func init() {
 	initCmd.Flags().StringVar(&initArgs.originUrl, "originUrl", "", "Git repository URL")
-	initCmd.Flags().StringVar(&initArgs.originBranch, "originBranch", "main", "Git branch of the repository")
+	initCmd.Flags().
+		StringVar(&initArgs.originBranch, "originBranch", "main", "Git branch of the repository")
 	initCmd.Flags().StringVar(&initArgs.destinationUrl, "destinationUrl", "", "Git repository URL")
 	initCmd.Flags().DurationVar(&initArgs.interval, "interval", time.Minute, "sync interval")
-	initCmd.Flags().StringVarP(&initArgs.username, "username", "u", "git", "basic authentication username")
-	initCmd.Flags().StringVarP(&initArgs.password, "password", "p", "", "basic authentication password")
-	initCmd.Flags().BoolVarP(&initArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
+	initCmd.Flags().
+		StringVarP(&initArgs.username, "username", "u", "git", "basic authentication username")
+	initCmd.Flags().
+		StringVarP(&initArgs.password, "password", "p", "", "basic authentication password")
+	initCmd.Flags().
+		StringVar(&initArgs.privateKeyFile, "private-key-file", "", "path to a private key file used for authenticating to the Git SSH server")
+	initCmd.Flags().
+		BoolVarP(&initArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
 
-	initCmd.Flags().StringVar(&initArgs.authorName, "author-name", "Lizz", "author name for Git commits")
-	initCmd.Flags().StringVar(&initArgs.authorEmail, "author-email", "", "author email for Git commits")
+	initCmd.Flags().
+		StringVar(&initArgs.authorName, "author-name", "Lizz", "author name for Git commits")
+	initCmd.Flags().
+		StringVar(&initArgs.authorEmail, "author-email", "", "author email for Git commits")
 
 	rootCmd.AddCommand(initCmd)
 }
 
 func initCmdRun(cmd *cobra.Command, args []string) error {
-	clusterRepo, err := repo.CloneClusterRepo(initArgs.originUrl, initArgs.originBranch, initArgs.username, initArgs.password, rootArgs.timeout)
+	clusterRepo, err := repo.CloneClusterRepo(
+		initArgs.originUrl,
+		initArgs.originBranch,
+		initArgs.username,
+		initArgs.password,
+		initArgs.privateKeyFile,
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}
 	head, err := clusterRepo.Git().Head()
 	if err != nil {
 		return err
 	}
-	clusterRepo.NewClusterConfig(initArgs.originUrl, head)
-	clusterRepo.CommitPush(initArgs.authorName, initArgs.authorEmail, "Initialize cluster repository", initArgs.destinationUrl, rootArgs.timeout)
+	originUrl, err := config.UniversalURL(initArgs.originUrl)
+	if err != nil {
+		return err
+	}
+	clusterRepo.NewClusterConfig(originUrl, head)
+	clusterRepo.CommitPush(
+		initArgs.authorName,
+		initArgs.authorEmail,
+		"Initialize cluster repository",
+		initArgs.destinationUrl,
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/remove.go b/cmd/remove.go
@@ -31,16 +31,12 @@ var removeCmd = &cobra.Command{
 
 type removeFlags struct {
 	applicationName string
-	originUrl       string
-	originBranch    string
-	clusterRole     bool
-	path            string
-	destinationUrl  string
 	fleetUrl        string
 	fleetBranch     string
 	interval        time.Duration
 	username        string
 	password        string
+	privateKeyFile  string
 	silent          bool
 
 	authorName  string
@@ -50,37 +46,59 @@ type removeFlags struct {
 var removeArgs removeFlags
 
 func init() {
-	removeCmd.Flags().StringVar(&removeArgs.applicationName, "applicationName", "", "Name of the application to remove")
-	removeCmd.Flags().StringVar(&removeArgs.fleetUrl, "fleetUrl", "", "Git repository URL of the fleet repository")
-	removeCmd.Flags().StringVar(&removeArgs.fleetBranch, "fleetBranch", "main", "Git branch of the fleet repository")
+	removeCmd.Flags().
+		StringVar(&removeArgs.applicationName, "applicationName", "", "Name of the application to remove")
+	removeCmd.Flags().
+		StringVar(&removeArgs.fleetUrl, "fleetUrl", "", "Git repository URL of the fleet repository")
+	removeCmd.Flags().
+		StringVar(&removeArgs.fleetBranch, "fleetBranch", "main", "Git branch of the fleet repository")
 	removeCmd.Flags().DurationVar(&removeArgs.interval, "interval", time.Minute, "sync interval")
-	removeCmd.Flags().StringVarP(&removeArgs.username, "username", "u", "git", "basic authentication username")
-	removeCmd.Flags().StringVarP(&removeArgs.password, "password", "p", "", "basic authentication password")
-	removeCmd.Flags().BoolVarP(&removeArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
+	removeCmd.Flags().
+		StringVarP(&removeArgs.username, "username", "u", "git", "basic authentication username")
+	removeCmd.Flags().
+		StringVarP(&removeArgs.password, "password", "p", "", "basic authentication password")
+	removeCmd.Flags().
+		StringVar(&removeArgs.privateKeyFile, "private-key-file", "", "path to a private key file used for authenticating to the Git SSH server")
+	removeCmd.Flags().
+		BoolVarP(&removeArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
 
-	removeCmd.Flags().StringVar(&removeArgs.authorName, "author-name", "Lizz", "author name for Git commits")
-	removeCmd.Flags().StringVar(&removeArgs.authorEmail, "author-email", "", "author email for Git commits")
+	removeCmd.Flags().
+		StringVar(&removeArgs.authorName, "author-name", "Lizz", "author name for Git commits")
+	removeCmd.Flags().
+		StringVar(&removeArgs.authorEmail, "author-email", "", "author email for Git commits")
 
 	rootCmd.AddCommand(removeCmd)
 }
 
 func removeCmdRun(cmd *cobra.Command, args []string) error {
-	clusterRepo, err := repo.CloneClusterRepo(addArgs.fleetUrl, addArgs.fleetBranch, addArgs.username, addArgs.password, rootArgs.timeout)
+	clusterRepo, err := repo.CloneClusterRepo(
+		removeArgs.fleetUrl,
+		removeArgs.fleetBranch,
+		removeArgs.username,
+		removeArgs.password,
+		removeArgs.privateKeyFile,
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}
 	err = clusterRepo.OpenClusterConfig()
 	if err != nil {
 		return err
 	}
-	err = clusterRepo.RemoveApplication(clusterRepo.Config().Repository, removeArgs.applicationName)
+	err = clusterRepo.RemoveApplication(removeArgs.applicationName)
 	if err != nil {
 		return err
 	}
-	err = clusterRepo.CommitPush(addArgs.authorName, addArgs.authorEmail, "[remove application] Remove "+removeArgs.applicationName+" from the cluster", "", rootArgs.timeout)
+	err = clusterRepo.CommitPush(
+		removeArgs.authorName,
+		removeArgs.authorEmail,
+		"[remove application] Remove "+removeArgs.applicationName+" from the cluster",
+		"",
+		rootArgs.timeout,
+	)
 	if err != nil {
 		return err
 	}
 	return nil
-	return nil
 }
diff --git a/cmd/root.go b/cmd/root.go
@@ -53,7 +53,9 @@ func Execute() {
 }
 
 func init() {
-	rootCmd.PersistentFlags().DurationVar(&rootArgs.timeout, "timeout", 5*time.Minute, "timeout for this operation")
-	rootCmd.PersistentFlags().BoolVar(&rootArgs.verbose, "verbose", false, "print generated objects")
+	rootCmd.PersistentFlags().
+		DurationVar(&rootArgs.timeout, "timeout", 5*time.Minute, "timeout for this operation")
+	rootCmd.PersistentFlags().
+		BoolVar(&rootArgs.verbose, "verbose", false, "print generated objects")
 	rootCmd.SetOut(os.Stdout)
 }