diff --git a/go.mod b/go.mod index e49d56d924..99f68ce0c2 100644 --- a/go.mod +++ b/go.mod @@ -22,6 +22,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/gofrs/flock v0.7.1 github.com/golangci/golangci-lint v1.27.0 + github.com/google/go-github/v31 v31.0.0 github.com/goreleaser/goreleaser v0.136.0 github.com/instrumenta/kubeval v0.0.0-20190918223246-8d013ec9fc56 github.com/justinbarrick/go-k8s-portforward v1.0.3 @@ -48,6 +49,7 @@ require ( github.com/weaveworks/github-release v0.6.3-0.20161024133933-73deea6af1e8 github.com/weaveworks/launcher v0.0.0-20180711153254-f1b2830d4f2d github.com/whilp/git-urls v0.0.0-20160530060445-31bac0d230fa + golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d golang.org/x/sys v0.0.0-20200428200454-593003d681fa // indirect golang.org/x/tools v0.0.0-20200502202811-ed308ab3e770 k8s.io/api v0.16.8 diff --git a/go.sum b/go.sum index 5f362e8adc..371fdb37cc 100644 --- a/go.sum +++ b/go.sum @@ -449,8 +449,12 @@ github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= +github.com/google/go-github/v25 v25.0.1 h1:s405kPD52lKa1MVxiEumod/E6/+0pvQ8Ed/sT65DjKc= +github.com/google/go-github/v25 v25.0.1/go.mod h1:6z5pC69qHtrPJ0sXPsj4BLnd82b+r6sLB7qcBoRZqpw= github.com/google/go-github/v28 v28.1.1 h1:kORf5ekX5qwXO2mGzXXOjMe/g6ap8ahVe0sBEulhSxo= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= +github.com/google/go-github/v31 v31.0.0 h1:JJUxlP9lFK+ziXKimTCprajMApV1ecWD4NB6CCb0plo= +github.com/google/go-github/v31 v31.0.0/go.mod h1:NQPZol8/1sMoWYGN2yaALIBytu17gAWfhbweiEed3pM= github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-replayers/grpcreplay v0.1.0 h1:eNb1y9rZFmY4ax45uEEECSa8fsxGRU+8Bil52ASAwic= diff --git a/pkg/apis/eksctl.io/v1alpha5/assets/schema.json b/pkg/apis/eksctl.io/v1alpha5/assets/schema.json index 26163783fa..45bcd8667c 100755 --- a/pkg/apis/eksctl.io/v1alpha5/assets/schema.json +++ b/pkg/apis/eksctl.io/v1alpha5/assets/schema.json @@ -816,6 +816,9 @@ }, "Operator": { "properties": { + "commitOperatorManifests": { + "type": "boolean" + }, "label": { "type": "string" }, @@ -824,6 +827,9 @@ }, "withHelm": { "type": "boolean" + }, + "readOnly": { + "type": "boolean" } }, "additionalProperties": false, diff --git a/pkg/apis/eksctl.io/v1alpha5/defaults.go b/pkg/apis/eksctl.io/v1alpha5/defaults.go index 78096d1dd6..ed577503f5 100644 --- a/pkg/apis/eksctl.io/v1alpha5/defaults.go +++ b/pkg/apis/eksctl.io/v1alpha5/defaults.go @@ -248,6 +248,10 @@ func SetDefaultGitSettings(c *ClusterConfig) { return } + if c.Git.Operator.CommitOperatorManifests == nil { + c.Git.Operator.CommitOperatorManifests = Enabled() + } + if c.Git.Operator.Label == "" { c.Git.Operator.Label = "flux" } diff --git a/pkg/apis/eksctl.io/v1alpha5/schema.go b/pkg/apis/eksctl.io/v1alpha5/schema.go index 9485c0c7a0..c14d0b04a4 100644 --- a/pkg/apis/eksctl.io/v1alpha5/schema.go +++ b/pkg/apis/eksctl.io/v1alpha5/schema.go @@ -1,6 +1,6 @@ // Code generated by go-bindata. DO NOT EDIT. // sources: -// assets/schema.json (20.535kB) +// assets/schema.json (20.672kB) package v1alpha5 @@ -69,7 +69,7 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } -var _schemaJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\x4d\x6f\xdb\x3c\x12\xbe\xe7\x57\x08\x7e\xf7\xb4\xe8\xdb\xec\x02\xdd\x1e\x72\x73\xec\x34\x35\xda\x24\x46\x5c\x74\x81\x2d\x7a\x18\x51\x63\x99\x0d\x45\x6a\x49\xca\xb1\xbb\xe8\x7f\x5f\xc8\xb2\x62\xc9\x12\x65\x99\xfa\xb0\xb3\xdb\x43\x81\x42\xd6\x90\xcf\x0c\xe7\x9b\xa3\xfc\xe7\xc2\x71\x06\x7f\x51\x64\x81\x01\x0c\xae\x9c\xc1\x42\xeb\xf0\xea\xf2\xf2\x87\x12\xfc\xcf\xe4\xe9\x5b\x21\xfd\x4b\x4f\xc2\x5c\xff\xf9\xb7\x77\x97\xc9\xb3\x3f\x06\x6f\x36\x74\x12\xe7\x31\xd1\x1f\x97\x1e\xce\x29\xa7\x9a\x0a\xae\x2e\x47\x2c\x52\x1a\xe5\x48\xf0\x39\xf5\x93\x17\x33\x3f\x0f\xae\x9c\x78\x4f\xc7\x19\xa4\xef\x31\x11\x79\xff\x04\x4d\x16\x2f\x3f\x39\xce\x20\x94\x22\x44\xa9\x29\xaa\xcc\x53\xc7\x19\x90\x84\xe8\xb3\xf0\x7d\xca\xfd\xdc\x6f\xf6\x8c\xec\xe8\x2b\x19\x7a\x01\x9a\xee\xfe\x42\xfa\x6b\xfb\xbf\x5f\xe9\x6a\x03\xf0\xbc\x0d\x35\xb0\x69\x96\x93\x39\x30\x85\x2f\x2f\xe9\x75\x88\xf1\x76\xc2\xfd\x81\x44\x27\xcb\x6d\x97\x28\x4a\xa7\xc8\xb2\x51\x48\xc8\xc1\x65\xf8\x65\x1d\xee\xfd\xe0\x38\x03\xaa\x31\xd8\x7f\x98\x41\xa2\xb4\xcc\x31\x96\x61\x29\xf7\x1e\x48\x09\xeb\x5e\xf8\x4f\xb4\x28\xc3\xb4\xc4\x7f\x47\x54\xa2\x37\xb8\x72\xbe\xed\x58\x0e\x50\x83\x07\x1a\x52\x4c\xdf\xdf\x1c\x12\xd2\x13\xe5\xde\xbe\x74\xf6\xc4\x90\x63\x1d\x57\x10\x84\x6c\xb3\xca\xb7\xbc\xf0\xf2\x50\x33\xbf\x7d\xbf\x28\x91\xe2\x00\x42\xfa\x15\xa5\xa2\x82\xb7\xb3\x3d\x3e\x29\xa2\xd9\x5b\x2a\x2e\x97\x7f\x07\x16\x2e\xe0\x1f\x87\x31\xbc\x88\xab\x4f\x03\xba\xc3\xdd\xf9\xe4\xe1\x50\x08\x7a\x45\x32\x19\xde\x95\x03\x59\x86\xa4\x57\x20\x5f\xa7\xa3\x72\x20\x5c\x78\x78\x2b\x45\x14\xd6\xb5\xe0\x86\x30\x8d\x40\xef\x53\x20\xc7\x3b\x85\xac\xbe\x01\x07\x1f\xbd\xfb\x73\xe1\xea\x6e\x0f\x4f\x23\xe6\xe6\x20\x7d\xd0\x38\x95\x62\x4e\x59\x6d\x97\xdb\x15\x6b\x1f\x72\x68\x1a\x31\x06\x4b\xa0\x0c\x5c\xca\xa8\x5e\xff\x4b\xf0\xde\xa2\xc9\x9b\x6c\xbc\x2f\xc9\x0e\xda\x90\x5f\xdd\x58\x5f\x0e\x4b\x21\x91\xa8\xd5\x0d\x27\x72\x1d\xea\x12\x57\xde\x0d\xba\x59\x61\xdb\x72\x74\x1a\x74\x54\x38\xac\x4e\x05\x36\x4b\xb6\x2c\x85\xe3\x53\xdd\x0f\x96\x5b\xaa\xfb\xc8\x49\x6e\xb8\x17\x0a\xca\xb5\xaa\x93\x8b\x85\x92\x2e\x41\xe3\x90\x10\x54\x85\x23\x49\x37\x73\x85\x60\x08\x86\xd3\x0c\x23\x97\x51\x72\xec\x02\x9d\x71\x1f\xc7\xce\x1a\x7c\x2b\x94\x4b\x4a\xf0\x51\x30\x1c\x3e\xde\x1f\xc8\x74\x0c\x36\xf6\xb2\xc2\x14\x65\x40\x55\x9c\x32\xa9\x6b\x11\x71\x0f\xe4\xda\x66\xc5\xd4\x51\x0b\xef\x66\x85\x24\x8a\xa5\xd1\x00\x9f\x61\xb5\x96\xb0\x3e\x53\xbd\x78\x98\x8c\x47\x56\x2a\xb3\x15\xdd\x90\x10\x11\xe5\xf5\xd4\x39\x41\x44\xda\x29\xce\x2c\x87\xeb\x8c\xca\x8c\xc9\xf0\x6e\x93\x9d\xd6\x50\x6c\x0e\x01\xda\x1c\x68\x4c\xa7\x42\x20\x56\xc4\x0c\x5c\x64\x85\x73\x0c\x41\x6b\x94\x7c\x5a\x8e\x74\xf3\xca\xdb\xbf\x16\x9e\x55\x06\xe8\x9d\x90\xcd\xa7\x92\x95\xe3\x3e\x50\xe0\x5c\x68\xc8\x57\xfa\x67\x86\xb6\x4b\x25\xda\x53\xf0\x1a\xea\x74\x92\x4a\x2c\x55\xf7\xf2\x23\xd4\x1a\xc8\x62\x2a\x18\x25\xeb\xe1\xe3\xfd\x09\x92\xbe\x2c\x82\xd6\xb4\xc8\x70\xca\x5a\x46\xd8\xa2\xfe\x87\xed\x78\xff\x13\x64\x70\x05\xed\xad\x4a\xe9\x34\xf8\xbf\xed\x3b\x95\x50\x0d\x2b\x97\x47\xa6\x19\x9d\xf1\xb0\x1f\xe5\xca\xbb\x69\x9b\x18\x97\x39\x6e\x89\x7e\xa6\xd8\x38\xdc\x5b\xb3\x8d\x91\xdb\x7d\x2c\x28\x97\xb5\x3a\x6a\xbf\x75\x39\xd5\x83\xfb\xe1\x97\x3a\x7a\x1b\x27\xb8\xcf\x50\xdf\x85\x75\x86\xb7\xbe\xa9\xe1\xb6\x3a\xb3\x51\x05\x12\x2f\x38\xa7\x24\x2e\xd8\x22\xbd\x10\x92\xea\xf5\xb8\x24\x38\x57\x35\x6a\x03\xf4\xe8\x3e\x81\xe3\x0c\x5c\xca\x41\xae\x6f\x38\x11\x5e\xd2\xc5\x1f\xb8\xa0\xf0\xfd\xbb\x5c\xa0\x2c\x8f\x86\xd2\x4a\xad\x95\x06\xf2\x74\x7f\x8c\x21\x76\x77\x78\x91\xcb\xf1\xa8\x72\xb9\x35\x7b\x6c\x5c\xd3\x98\x1b\xa3\xa8\x9f\x85\x7c\x6a\x33\x79\x4e\x2a\xfd\xf6\x78\xef\x14\x77\x67\xda\xf2\x75\x3a\xaa\xa3\x29\xf4\xd0\xed\x4d\xb9\x85\x53\x4f\xda\x35\x23\x48\x14\x7b\x83\xa4\x5b\x6c\xb3\x40\xc1\x06\x9c\xce\x53\xba\xd4\xee\x4a\x01\xe1\x4a\x4b\x18\x4d\xc6\x8f\x27\x48\xf0\xd5\x02\x64\xd2\x7d\x9f\x35\x95\x2b\x44\x5a\x0c\x19\x13\xb1\xcf\x9e\x4c\x97\xef\xad\xfa\x25\x1c\x7a\xea\x50\x66\xa2\x6f\xb9\x7a\x9a\x3b\x8c\xdd\xa3\xda\xed\x5a\xe1\x9d\x92\x3e\x64\x9f\x7a\xd3\xbe\xa3\xd9\xbb\x22\xa9\x97\x0e\x77\x9e\xfc\x86\xed\xb4\x25\x15\x32\x24\x5a\xc8\x53\x77\xfd\xf2\x42\x9e\x6d\x51\x35\x73\x1b\xe5\x3e\xb4\x7b\x7f\xf5\xff\x55\x22\x18\x4e\xae\x96\x99\x24\x1d\xce\xa3\x6c\xe5\x7f\xb4\x29\xda\xfe\xb9\xdc\xd2\x5a\x1d\x45\x89\xa1\xe8\x27\x6e\x3c\xc6\x3b\x95\x1e\x4d\x8c\x0c\xf2\x4a\xd3\x21\x8e\x87\x74\xb7\x52\x2c\xae\x10\x5a\x69\x09\x61\xd1\xdf\x77\x88\xa9\x70\xff\xde\x81\x42\x14\xa6\x18\xce\x24\x92\x41\x40\x3f\x40\x40\x99\x55\xeb\x93\x72\xa5\x81\x93\xcd\xf8\x9a\x0d\xbd\x87\x2a\xe6\x7b\x04\x21\x10\xaa\x8d\x10\x28\xd7\xe8\xa3\x41\x65\x02\xca\x67\xf4\xa7\x71\xfb\x6a\x5a\x58\x59\xd3\x2e\x05\x8b\x02\xb4\x26\x3f\x83\x79\x0d\xa5\x8a\x83\x1a\xd5\x73\x45\xb3\xd9\xc7\xd7\xe8\xde\xb3\x89\x5b\xd2\xb3\xd8\x16\xd6\x25\x63\xa9\xb5\x6a\x90\x73\xce\x31\xb2\xe6\x59\x32\xaa\x57\x7d\xc0\xf9\x61\xbb\x0e\xbc\x20\x6a\x49\x89\x1a\x09\x16\x27\x2a\xf9\x26\xb0\xc1\x0d\xfa\x12\x78\xc4\x20\x2e\x3c\xeb\x7b\xc3\x2c\x91\x85\x5f\x0a\x12\x98\xaf\xb6\x68\x4a\xfb\x46\xe7\xd1\x9a\xe9\x80\xbf\x33\x8c\xa2\xaf\x2e\xf8\xa6\xf4\x6a\x4c\xe3\xd7\xdc\xa8\xbf\xd9\xb8\x9d\xbf\x29\xc5\x50\x09\x77\x2a\x71\x4e\x57\x4d\x18\x3e\xaa\xd1\x7e\x5e\x21\xfb\x95\x04\x9e\x76\xa2\x6c\xae\x8f\xdb\x53\x7b\x6d\x97\xea\xdc\x1a\x5a\x6b\xaf\x39\x67\x05\xe5\x57\x45\x60\xa7\x42\x89\x3b\x9b\xee\x2e\xe0\x69\x62\x1f\xe8\xaa\x87\x50\xd3\x80\xfe\x44\x63\x5c\xab\xd4\xb9\x86\x59\x7d\x42\x6e\xeb\x91\x13\x6a\x5b\xf7\x94\x50\x6f\xe7\x8d\x1b\xb1\xff\x29\x50\x9f\x70\x3d\x19\xdb\xa3\x98\x3c\x4c\x67\xb6\xda\x3d\x15\x9e\x9a\xa2\x8c\x2d\xd1\x6a\x89\x57\x53\x8b\x68\x28\xbb\x36\x38\x43\xa0\x84\x81\x52\x94\x7c\x16\xe0\x5d\x03\x8b\x43\xa8\x8c\x95\xf4\x24\xf1\x4f\xfa\xa8\x37\x0e\xfa\x34\xe3\x6e\x65\x35\x73\xc7\x81\xc8\x54\x73\xf7\xf6\x21\x96\xa1\x3a\xcc\xb5\xed\xb4\x66\x28\x05\x79\xc2\x9e\x2e\xe7\x5e\x30\x5d\x67\xb7\x36\x24\x23\x78\x9d\xb6\x15\x47\x22\x08\x80\x7b\x27\x50\x1c\xb1\x44\x29\xa9\x57\x80\x62\x55\x7d\x25\x77\x80\xe3\x7b\xa3\x8f\xad\xa2\x7e\x8a\x5c\x64\xa8\x6f\x36\x77\xca\xfb\x9f\x6c\x3a\x8d\x5c\x50\x87\x73\x9b\x17\x7b\x6f\xb7\x58\x44\x5e\x97\x6b\xef\x81\x4f\x76\x87\x5e\x40\xf9\x48\xf0\xd8\x8b\xa3\xb1\x18\x3e\x90\xe0\x6a\x4d\x79\x8b\x19\xfd\xeb\x94\x7f\xcd\xaf\x54\x4e\x3f\xeb\xbc\x2b\x41\x37\xf7\x05\x96\x97\xbe\xe9\x2a\x0d\xee\x8d\xb3\x4b\xd8\xa6\x8b\xd9\x35\x5a\xfc\x0e\x66\xe8\x79\x82\x6f\x0e\xa9\xa8\xb7\x3d\xc4\xa7\xfc\xf6\x7d\xa9\xaf\x89\x69\x73\xd7\x2d\x00\x1f\xaf\x23\xca\x3c\x4b\xd7\x01\x91\x16\x33\x02\xcc\x92\x1c\x57\xb1\x83\x01\x56\x11\x42\x2a\xe9\x09\x4a\x9d\xdc\x68\x59\xc2\x0f\xc3\x3b\x2c\xa6\x52\xf5\xb0\xbb\x76\xdf\xe6\xcd\x95\xb1\x6b\x54\xbd\xdf\xdc\x6e\x3f\x60\xee\x84\xfb\xd2\xf6\x53\xc2\xd5\xa3\x79\x96\xb7\xfa\x6c\x8c\x9f\xe1\x9a\xc9\xbb\x34\x8f\x03\x6d\x46\x43\xdf\x36\xdb\xdd\x54\xf5\x1b\xb8\x79\xb2\xde\x23\x44\x5c\xbe\x4a\x6a\x1e\x91\xe0\x51\xe0\x9a\xea\x56\xc1\xc7\x18\x67\x84\xd7\xa0\xb0\x51\x77\x29\x5d\x68\x8a\x92\x20\xd7\xe0\xe3\xd0\x15\x4b\x6c\xbc\xae\x0a\x85\x4e\x4f\x73\x2a\x44\xb1\xc6\xae\xbd\xca\x76\x08\x90\x0a\x3e\xd3\x12\x34\xfa\xa7\x9c\x5a\xcf\xb5\xfc\x6a\xe7\x21\x93\xf1\x09\xd4\x2b\x0e\xb0\xb3\xcd\x3c\xa6\x95\x67\x88\xc9\x3f\x0b\x02\xec\x2c\x1c\x43\x5c\xd8\xd6\x11\x37\x63\xe2\xd9\x8a\xdd\x64\x08\xf2\x13\xae\xa7\xa0\x8d\xbe\xb0\x72\xca\x2f\x5d\xa0\x11\xb1\x6d\x82\xa6\x44\x24\x49\x7e\xe8\x76\xd2\x5b\xe5\xda\xfe\xb9\x3f\x14\xc7\x8c\x8c\x67\xbe\x69\xe1\xd9\xc8\xac\xd1\x8c\x5a\x6c\x1e\x1f\x91\x15\xba\x2a\x7d\x5a\x47\xc9\x9c\xab\xf1\xab\xfd\x8d\x7e\xd8\x30\x2a\x71\x49\x6d\xbf\xc0\x12\x91\x0e\x23\x7d\x94\x45\xb5\x2f\xa5\xc7\xfc\xd8\x9c\x51\x44\x91\xb4\xd2\x22\x57\x02\x37\x67\x4f\x95\x46\x0f\x7a\x71\x82\xb8\x30\x67\xd1\xca\xd6\xc9\x45\xca\x9c\xc3\x57\xd1\x61\x00\xd4\x4a\xba\xdb\xcb\xc1\xd9\xec\xe3\xb1\xae\xb9\x7d\x45\x2a\xfe\x91\x96\x83\x89\xe9\x13\xae\xe3\xaa\x7d\xfb\xa0\xc6\xdf\x2e\x4b\xde\x3f\x01\x8f\x17\xf1\xbf\x5f\x17\xff\x0d\x00\x00\xff\xff\x72\x45\x40\x94\x37\x50\x00\x00") +var _schemaJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\x5f\x6f\xe3\xb8\x11\x7f\xcf\xa7\x10\x7c\x7d\x2a\xf6\x36\x2d\x70\xbd\x87\xbc\x39\x76\x2e\x6b\xec\xc6\x31\xec\xc3\x16\xe8\xe1\x1e\x46\xd4\x58\xe6\x85\x22\x55\x92\x72\xec\x2b\xf6\xbb\x17\xb2\xac\x58\xb2\x44\x59\xa6\xfe\xd8\x69\xf7\x61\x81\x85\xa5\x21\x7f\x33\x9c\xff\x1c\xe5\x3f\x37\x8e\x33\xf8\x8b\x22\x2b\x0c\x60\x70\xe7\x0c\x56\x5a\x87\x77\xb7\xb7\x7f\x28\xc1\x7f\x4c\x7e\xfd\x28\xa4\x7f\xeb\x49\x58\xea\x1f\xff\xf6\xd3\x6d\xf2\xdb\x0f\x83\x0f\x3b\x3a\x89\xcb\x98\xe8\x87\x5b\x0f\x97\x94\x53\x4d\x05\x57\xb7\x23\x16\x29\x8d\x72\x24\xf8\x92\xfa\xc9\x8b\x99\xc7\x83\x3b\x27\xde\xd3\x71\x06\xe9\x7b\x4c\x44\xde\x3f\x41\x93\xd5\xdb\x23\xc7\x19\x84\x52\x84\x28\x35\x45\x95\xf9\xd5\x71\x06\x24\x21\xfa\x22\x7c\x9f\x72\x3f\xf7\xcc\x9e\x91\x03\x7d\x25\x43\x6f\x40\xd3\xdd\xdf\x48\xbf\xed\xff\xf7\x2d\x5d\x6d\x00\x9e\xb7\xa3\x06\x36\xcb\x72\xb2\x04\xa6\xf0\xed\x25\xbd\x0d\x31\xde\x4e\xb8\x7f\x20\xd1\xc9\x72\xfb\x25\x8a\xd2\x29\xb2\x6c\x14\x12\x72\x70\x19\xfe\xba\x0d\x8f\x1e\x38\xce\x80\x6a\x0c\x8e\x7f\xcc\x20\x51\x5a\xe6\x18\xcb\xb0\x94\x7b\x0f\xa4\x84\x6d\x2f\xfc\x27\x5a\x94\x61\x5a\xe2\xbf\x23\x2a\xd1\x1b\xdc\x39\xbf\x1d\x58\x0e\x50\x83\x07\x1a\x52\x4c\xbf\x7f\x38\x25\xa4\x17\xca\xbd\x63\xe9\x1c\x89\x21\xc7\x3a\x6e\x20\x08\xd9\x6e\x95\xdf\xf2\xc2\xcb\x43\xcd\x3c\xfb\xfd\xa6\x44\x8a\x03\x08\xe9\x57\x94\x8a\x0a\xde\xce\xf6\xf8\xa2\x88\x66\x1f\xa9\xb8\x5d\xff\x1d\x58\xb8\x82\x7f\x9c\xc6\xf0\x26\xae\x3e\x0d\xe8\x09\x0f\xe7\x93\x87\x43\x21\xe8\x15\xc9\x64\xf8\x54\x0e\x64\x1d\x92\x5e\x81\x7c\x9d\x8d\xca\x81\x70\xe1\xe1\xa3\x14\x51\x58\xd7\x82\x1b\xc2\x34\x02\x9d\xa6\x40\xce\x77\x0a\x59\x7d\x03\x0e\x3e\x7a\xd3\x6b\xe1\xea\xe9\x08\x4f\x23\xe6\x96\x20\x7d\xd0\x38\x93\x62\x49\x59\x6d\x97\xdb\x15\x6b\xbf\xe4\xd0\x34\x62\x0c\xd6\x40\x19\xb8\x94\x51\xbd\xfd\x97\xe0\xbd\x45\x93\x0f\xd9\x78\x5f\x92\x1d\xb4\x21\xbf\xba\xb1\xbe\x1c\x96\x42\x22\x51\xab\x07\x4e\xe4\x36\xd4\x25\xae\xbc\x1b\x74\x8b\xc2\xb6\xe5\xe8\x34\xe8\xa8\x70\x58\x9d\x0a\x6c\x91\x6c\x59\x0a\xc7\xa7\xba\x1f\x2c\x8f\x54\xf7\x91\x93\x3c\x70\x2f\x14\x94\x6b\x55\x27\x17\x0b\x25\x5d\x83\xc6\x21\x21\xa8\x0a\x47\x92\x6e\xe6\x0a\xc1\x10\x0c\xa7\x19\x46\x2e\xa3\xe4\xdc\x05\x3a\xe3\x3e\x8e\x9d\x35\xf8\x56\x28\xd7\x94\xe0\x5c\x30\x1c\xce\xa7\x27\x32\x1d\x83\x8d\xbd\xad\x30\x43\x19\x50\x15\xa7\x4c\xea\x5e\x44\xdc\x03\xb9\xb5\x59\x31\x75\xd4\xc2\x7b\xd8\x20\x89\x62\x69\x34\xc0\x67\x58\xad\x25\xac\xaf\x54\xaf\x9e\x27\xe3\x91\x95\xca\xec\x45\x37\x24\x44\x44\x79\x3d\x75\x2e\x10\x91\x0e\x8a\xb3\xc8\xe1\xba\xa2\x32\x63\x32\x7c\xda\x65\xa7\x35\x14\x9b\x43\x80\x36\x07\x1a\xd3\xa9\x10\x88\x15\x31\x03\x17\x59\xe1\x1c\x43\xd0\x1a\x25\x9f\x95\x23\xdd\xbd\xf2\xf1\xaf\x85\xdf\x2a\x03\xf4\x41\xc8\xe6\x53\xc9\xca\xf1\x18\x28\x70\x2e\x34\xe4\x2b\xfd\x2b\x43\xdb\xa5\x12\x1d\x29\x78\x0d\x75\xba\x48\x25\x96\xaa\x7b\xf9\x11\x6a\x0d\x64\x35\x13\x8c\x92\xed\x70\x3e\xbd\x40\xd2\x97\x45\xd0\x9a\x16\x19\x4e\x59\xcb\x08\x5b\xd4\xff\xb0\x1d\xef\x7f\x81\x0c\xae\xa0\xbd\x55\x29\x9d\x06\xff\xbb\x7d\xa7\x12\xaa\x61\xe5\xf2\xcc\x34\xa3\x33\x1e\x8e\xa3\x5c\x79\x37\x6d\x17\xe3\x32\xc7\x2d\xd1\xcf\x14\x1b\xa7\x7b\x6b\xb6\x31\x72\xbf\x8f\x05\xe5\xba\x56\x47\xed\xbb\x2e\xa7\x7a\x30\x1d\xfe\x5a\x47\x6f\xe3\x04\xf7\x15\xea\xbb\xb0\xce\xf0\xd6\x37\x35\xdc\x57\x67\x36\xaa\x40\xe2\x05\x97\x94\xc4\x05\x5b\xa4\x57\x42\x52\xbd\x1d\x97\x04\xe7\xaa\x46\x6d\x80\x1e\x3d\x26\x70\x9c\x81\x4b\x39\xc8\xed\x03\x27\xc2\x4b\xba\xf8\x03\x17\x14\xfe\xfc\x53\x2e\x50\x96\x47\x43\x69\xa5\xd6\x4a\x03\x79\x99\x9e\x63\x88\xdd\x1d\x5e\xe4\x72\x3c\xab\x5c\x6e\xcd\x1e\x1b\xd7\x34\xe6\xc6\x28\xea\x57\x21\x5f\xda\x4c\x9e\x93\x4a\xbf\x3d\xde\x3b\xc5\xdd\x99\xb6\x7c\x9d\x8d\xea\x68\x0a\x3d\x75\x7b\x53\x6e\xe1\xd4\x93\x76\xcd\x08\x12\xc5\xde\x20\xe9\x16\xdb\x2c\x50\xb0\x01\xa7\xf3\x94\x2e\xb5\xbb\x52\x40\xb8\xd1\x12\x46\x93\xf1\xfc\x02\x09\xbe\x5a\x81\x4c\xba\xef\x8b\xa6\x72\x85\x48\x8b\x21\x63\x22\xf6\xd9\x93\xd9\xfa\x67\xab\x7e\x09\x87\x9e\x3a\x94\x99\xe8\x5b\xae\x9e\xe6\x0e\x63\xf7\xa8\x0e\xbb\x56\x78\xa7\xa4\x0f\xd9\xa7\xde\xb4\xef\x68\x8e\xae\x48\xea\xa5\xc3\x9d\x27\xbf\x61\x3b\x6d\x49\x85\x0c\x89\x16\xf2\xd2\x5d\xbf\xbc\x90\x17\x7b\x54\xcd\xdc\x46\xb9\x0f\xed\xde\x5f\xfd\x7f\x95\x08\x86\x93\xab\x65\x26\x49\x87\xf3\x2c\x5b\xf9\x1f\x6d\x8a\xb6\x7f\x2e\x8f\xb4\x56\x47\x51\x62\x28\xfa\x89\x1b\xf3\x78\xa7\xd2\xa3\x89\x91\x41\x5e\x69\x3a\xc4\xf1\x9c\xee\x56\x8a\xc5\x15\x42\x2b\x2d\x21\x2c\xfa\xfb\x0e\x31\x15\xee\xdf\x3b\x50\x88\xc2\x14\xc3\x95\x44\x32\x08\xe8\x2f\x10\x50\x66\xd5\xfa\xa4\x5c\x69\xe0\x64\x37\xbe\x66\x43\xef\xa1\x8a\xf9\x1e\x41\x08\x84\x6a\x23\x04\xca\x35\xfa\x68\x50\x99\x80\xf2\x05\xfd\xd3\xb8\x7d\x35\x2d\x6c\xac\x69\xd7\x82\x45\x01\x5a\x93\x5f\xc1\xbc\x86\x52\xc5\x41\x8d\xea\xb9\xa2\xc5\xe2\xd3\x7b\x74\xef\xd9\xc4\x2d\xe9\x59\xec\x0b\xeb\x92\xb1\xd4\x5a\x35\xc8\x35\xe7\x18\x59\xf3\x2c\x19\xd5\xab\x3e\xe0\xfc\xb0\x5d\x07\x5e\x10\xb5\xa4\x44\x8d\x04\x8b\x13\x95\x7c\x13\xd8\xe0\x06\x7d\x09\x3c\x62\x10\x17\x9e\xf5\xbd\x61\x96\xc8\xc2\x2f\x05\x09\xcc\x77\x5b\x34\xa5\x7d\xa3\xeb\x68\xcd\x74\xc0\xdf\x15\x46\xd1\x77\x17\x7c\x53\x7a\x35\xa6\xf1\x6b\x6e\xd4\xdf\x6c\xdc\xc1\xdf\x94\x62\xa8\x84\x3b\x93\xb8\xa4\x9b\x26\x0c\x9f\xd5\x68\xbf\xae\x90\xfd\x4e\x02\x4f\x3b\x51\x36\xd7\xc7\xed\xa9\xbd\x76\x48\x75\x1e\x0d\xad\xb5\xf7\x9c\xb3\x82\xf2\xab\x22\xb0\x53\xa1\xc4\x9d\x4d\x77\x17\xf0\x34\xb1\x0f\x74\xd5\x73\xa8\x69\x40\xff\x44\x63\x5c\xab\xd4\xb9\x86\x59\x7d\x42\x6e\xeb\x91\x13\x6a\x5b\xf7\x94\x50\xef\xe7\x8d\x1b\xb1\xff\x39\x50\x9f\x71\x3b\x19\xdb\xa3\x98\x3c\xcf\x16\xb6\xda\x3d\x13\x9e\x9a\xa1\x8c\x2d\xd1\x6a\x89\x77\x53\x8b\x68\x28\xbb\x36\xb8\x42\xa0\x84\x81\x52\x94\x7c\x11\xe0\xdd\x03\x8b\x43\xa8\x8c\x95\xf4\x22\xf1\x4f\xfa\xa8\x77\x0e\xfa\x32\xe3\x6e\x65\x35\x73\xc7\x81\xc8\x54\x73\xf7\xf6\x21\x96\xa1\x3a\xcc\xb5\xed\xb4\x66\x28\x05\x79\xc1\x9e\x2e\xe7\xde\x30\xdd\x67\xb7\x36\x24\x23\x78\x9f\xb6\x15\x47\x22\x08\x80\x7b\x17\x50\x1c\xb1\x46\x29\xa9\x57\x80\x62\x55\x7d\x25\x77\x80\xe3\xa9\xd1\xc7\x56\x51\xbf\x44\x2e\x32\xd4\x0f\xbb\x3b\xe5\xe3\x4f\x36\x9d\x46\x2e\xa8\xc3\xb9\xcd\x9b\xa3\xb7\x5b\x2c\x22\xef\xcb\xb5\xf7\xc4\x27\xbb\x43\x2f\xa0\x7c\x24\x78\xec\xc5\xd1\x58\x0c\x9f\x48\x70\xb5\xa6\xbc\xc5\x8c\xfe\x7d\xca\xbf\xe6\x57\x2a\x97\x9f\x75\x3e\x94\xa0\xbb\xfb\x02\xcb\x4b\xdf\x74\x95\x06\xf7\xc6\xd9\x25\x6c\xd3\xc5\xec\x1a\x2d\x7e\x07\x33\xf4\x3c\xc1\x77\x87\x54\xd4\xdb\x1e\xe2\x53\x7e\xfb\xbe\xd4\xd7\xc4\xb4\xb9\xeb\x16\x80\x8f\xf7\x11\x65\x9e\xa5\xeb\x80\x48\x8b\x05\x01\x66\x49\x8e\x9b\xd8\xc1\x00\xab\x08\x21\x95\xf4\x04\xa5\x4e\x6e\xb4\x2c\xe1\x87\xe1\x13\x16\x53\xa9\x7a\xd8\x5d\xbb\x6f\xf3\x96\xca\xd8\x35\xaa\xde\x6f\x69\xb7\x1f\x30\x77\xc2\x7d\x69\xfb\x29\xe1\x66\x6e\x9e\xe5\xad\x3e\x1b\xe3\x67\xb8\x66\xf2\x2e\xcd\xe3\x44\x9b\xd1\xd0\xb7\xcd\x76\x37\x55\xfd\x06\x6e\x9e\xac\xf7\x08\x11\x97\xaf\x92\x9a\x47\x24\x78\x14\xb8\xa6\xba\x55\xf0\x31\xc6\x19\xe1\x3d\x28\x6c\xd4\x5d\x4a\x17\x9a\xa1\x24\xc8\x35\xf8\x38\x74\xc5\x1a\x1b\xaf\xab\x42\xa1\xd3\xd3\x9c\x09\x51\xac\xb1\x6b\xaf\xb2\x1f\x02\xa4\x82\x2f\xb4\x04\x8d\xfe\x25\xa7\xd6\x73\x2d\xbf\xda\x79\xc8\x64\x7c\x01\xf5\x8a\x03\xec\x62\x37\x8f\x69\xe5\x19\x62\xf2\x2f\x82\x00\xbb\x0a\xc7\x10\x17\xb6\x75\xc4\xcd\x98\x78\xb5\x62\x37\x19\x82\xfc\x8c\xdb\x19\x68\xa3\x2f\xac\x9c\xf2\x4b\x17\x68\x44\x6c\x9b\xa0\x29\x11\x49\x92\x1f\xba\x9d\xf4\x56\xb9\xb6\x7f\xee\xcf\xc5\x31\x23\xf3\x5f\x8e\x12\x41\x40\x75\x4a\xf1\x04\x9c\x2e\x51\x15\x5b\x65\xb5\xb4\x60\xd7\x0e\xb4\x91\x7f\xa3\x79\xb7\xd8\xd4\x3e\x21\x2b\x74\x68\x6a\x41\x96\x08\xde\x33\x37\xdf\x0a\xf6\x61\xa6\x25\x03\xb7\xc6\x3f\x1f\xb0\x53\x54\x1b\x29\x49\x5c\x53\xdb\x4f\xc1\x44\xa4\xc3\x48\x9f\x65\xda\xed\x4b\x69\x9e\x9f\xdf\x33\x8a\x28\x92\x56\x2a\xe8\x4a\xe0\xe6\x34\xae\xd2\xfb\x80\x5e\x5d\x20\x40\x2d\x59\xb4\xb1\xf5\xb6\x91\x32\x17\x13\x55\x74\x18\x00\xb5\x92\xee\xfe\x96\x72\xb1\xf8\x74\x6e\x8c\x68\x5f\x91\x8a\x7f\x2d\xe6\x64\x86\xfc\x82\xdb\xe1\x7c\x5a\x3f\x35\xde\xbf\x7f\x01\x1e\x6f\xe2\x7f\xdf\x6e\xfe\x1b\x00\x00\xff\xff\xee\xaa\x93\x39\xc0\x50\x00\x00") func schemaJsonBytes() ([]byte, error) { return bindataRead( @@ -85,7 +85,7 @@ func schemaJson() (*asset, error) { } info := bindataFileInfo{name: "schema.json", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xda, 0xeb, 0xc7, 0x9, 0xf6, 0xd7, 0x1c, 0x3a, 0x3a, 0x11, 0x2a, 0xa0, 0x62, 0xde, 0x6a, 0x99, 0x5c, 0xc0, 0x47, 0xf8, 0x47, 0xf7, 0xe, 0x45, 0x43, 0x48, 0x29, 0x95, 0xf8, 0x18, 0x7, 0x59}} + a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x6, 0xe2, 0xb5, 0xfc, 0xf7, 0xca, 0xa2, 0x8a, 0x1c, 0x54, 0x8b, 0x91, 0xa8, 0x75, 0xf0, 0xfd, 0x11, 0x4d, 0x8d, 0x4d, 0xdc, 0xb5, 0xf5, 0xa0, 0x6c, 0x85, 0x84, 0xd0, 0xe3, 0x27, 0x36, 0x15}} return a, nil } diff --git a/pkg/apis/eksctl.io/v1alpha5/types.go b/pkg/apis/eksctl.io/v1alpha5/types.go index 4983a27014..268a4a6d64 100644 --- a/pkg/apis/eksctl.io/v1alpha5/types.go +++ b/pkg/apis/eksctl.io/v1alpha5/types.go @@ -743,12 +743,16 @@ type Repo struct { // Operator groups all configuration options related to the operator used to // keep the cluster and the Git repository in sync. type Operator struct { + // +optional + CommitOperatorManifests *bool `json:"commitOperatorManifests,omitempty"` // Commit and push Flux manifests to the Git Repo on install // +optional Label string `json:"label,omitempty"` // e.g. flux // +optional Namespace string `json:"namespace,omitempty"` // e.g. flux // +optional WithHelm *bool `json:"withHelm,omitempty"` // whether to install the Flux Helm Operator or not + // +optional + ReadOnly bool `json:"readOnly,omitempty"` // Instruct Flux to read-only mode and create the deploy key as read-only } // Profile groups all details on a quickstart profile to enable on the cluster diff --git a/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go b/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go index 6bd1edb0b7..3f0c8380e9 100644 --- a/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go +++ b/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go @@ -1087,6 +1087,11 @@ func (in *NodeGroupSSH) DeepCopy() *NodeGroupSSH { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Operator) DeepCopyInto(out *Operator) { *out = *in + if in.CommitOperatorManifests != nil { + in, out := &in.CommitOperatorManifests, &out.CommitOperatorManifests + *out = new(bool) + **out = **in + } if in.WithHelm != nil { in, out := &in.WithHelm, &out.WithHelm *out = new(bool) diff --git a/pkg/ctl/cmdutils/gitops.go b/pkg/ctl/cmdutils/gitops.go index b52fba94ed..c1f2045c92 100644 --- a/pkg/ctl/cmdutils/gitops.go +++ b/pkg/ctl/cmdutils/gitops.go @@ -23,8 +23,11 @@ const ( gitFluxPath = "git-flux-subdir" gitLabel = "git-label" namespace = "namespace" + readOnly = "read-only" withHelm = "with-helm" + commitOperatorManifests = "commit-operator-manifests" + profileName = "profile-source" profileRevision = "profile-revision" ) @@ -51,6 +54,10 @@ func AddCommonFlagsForFlux(fs *pflag.FlagSet, opts *api.Git) { "Directory within the Git repository where to commit the Flux manifests") fs.StringVar(&opts.Operator.Namespace, namespace, "flux", "Cluster namespace where to install Flux, the Helm Operator and Tiller") + fs.BoolVar(&opts.Operator.ReadOnly, readOnly, false, + "Instruct Flux to read-only mode and create the deploy key as read-only") + opts.Operator.CommitOperatorManifests = fs.Bool(commitOperatorManifests, true, + "Commit and push Flux manifests to the Git Repo on install") opts.Operator.WithHelm = fs.Bool(withHelm, true, "Install the Helm Operator and Tiller") } @@ -65,7 +72,8 @@ func AddCommonFlagsForGit(fs *pflag.FlagSet, repo *api.Repo) { "Username to use as Git committer") fs.StringVar(&repo.Email, gitEmail, "", "Email to use as Git committer") - fs.StringVar(&repo.PrivateSSHKeyPath, gitPrivateSSHKeyPath, "", + fs.StringVar(&repo.PrivateSSHKeyPath, + gitPrivateSSHKeyPath, "", "Optional path to the private SSH key to use with Git, e.g. ~/.ssh/id_rsa") } diff --git a/pkg/ctl/delete/cluster.go b/pkg/ctl/delete/cluster.go index 7cd37afb21..7357875a79 100644 --- a/pkg/ctl/delete/cluster.go +++ b/pkg/ctl/delete/cluster.go @@ -16,6 +16,7 @@ import ( "github.com/weaveworks/eksctl/pkg/cfn/manager" "github.com/weaveworks/eksctl/pkg/ctl/cmdutils" "github.com/weaveworks/eksctl/pkg/elb" + "github.com/weaveworks/eksctl/pkg/gitops/deploykey" iamoidc "github.com/weaveworks/eksctl/pkg/iam/oidc" "github.com/weaveworks/eksctl/pkg/kubernetes" "github.com/weaveworks/eksctl/pkg/printers" @@ -184,6 +185,12 @@ func doDeleteCluster(cmd *cmdutils.Cmd) error { logger.Success("all cluster resources were deleted") } + { + if err := deploykey.Delete(context.Background(), cfg); err != nil { + return err + } + } + return nil } diff --git a/pkg/ctl/enable/repo.go b/pkg/ctl/enable/repo.go index 997b85a45b..3795c16991 100644 --- a/pkg/ctl/enable/repo.go +++ b/pkg/ctl/enable/repo.go @@ -93,6 +93,8 @@ func doEnableRepository(cmd *cmdutils.Cmd) error { logger.Critical("unable to set up gitops repo: %s", err.Error()) return err } + logger.Info(userInstructions) - return err + + return nil } diff --git a/pkg/gitops/deploykey/deploykey.go b/pkg/gitops/deploykey/deploykey.go new file mode 100644 index 0000000000..f80e9195af --- /dev/null +++ b/pkg/gitops/deploykey/deploykey.go @@ -0,0 +1,74 @@ +package deploykey + +import ( + "context" + "os" + + "github.com/kris-nova/logger" + "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5" +) + +type GitProvider interface { + Put(ctx context.Context, fluxSSHKey PublicKey) error + Delete(ctx context.Context) error +} + +func ForCluster(cluster *v1alpha5.ClusterConfig) GitProvider { + var ( + repoURL string + readOnly bool + ) + + if git := cluster.Git; git != nil { + if repo := git.Repo; repo != nil { + repoURL = repo.URL + } + + readOnly = git.Operator.ReadOnly + } + + if repoURL == "" { + return nil + } + + if owner, repo, ok := getGitHubOwnerRepoFromRepoURL(repoURL); !ok { + logger.Info("skipped managing GitHub deploy key for URL %s: Only `git@github.com:OWNER/REPO.git` is accepted for automatic deploy key creation", repoURL) + } else if githubToken := os.Getenv(EnvVarGitHubToken); githubToken == "" { + logger.Info("GITHUB_TOKEN is not set. Please set it so that eksctl is able to create and delete GitHub deploy key from Flux SSH public key") + } else { + return &GitHubProvider{ + cluster: cluster.Metadata, + githubToken: githubToken, + readOnly: readOnly, + owner: owner, + repo: repo, + } + } + + return nil +} + +func Put(ctx context.Context, cluster *v1alpha5.ClusterConfig, fluxSSHKey PublicKey) (bool, error) { + p := ForCluster(cluster) + + if p == nil { + return false, nil + } + + return true, p.Put(ctx, fluxSSHKey) +} + +func Delete(ctx context.Context, cluster *v1alpha5.ClusterConfig) error { + p := ForCluster(cluster) + + if p == nil { + return nil + } + + return p.Delete(ctx) +} + +// PublicKey represents a public SSH key as it is returned by flux +type PublicKey struct { + Key string +} diff --git a/pkg/gitops/deploykey/github.go b/pkg/gitops/deploykey/github.go new file mode 100644 index 0000000000..6a2ac5d36f --- /dev/null +++ b/pkg/gitops/deploykey/github.go @@ -0,0 +1,119 @@ +package deploykey + +import ( + "context" + "fmt" + "regexp" + + "github.com/google/go-github/v31/github" + "github.com/kris-nova/logger" + api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5" + "golang.org/x/oauth2" +) + +const ( + EnvVarGitHubToken = "GITHUB_TOKEN" +) + +type GitHubProvider struct { + cluster *api.ClusterMeta + owner, repo string + readOnly bool + githubToken string +} + +func (p *GitHubProvider) Put(ctx context.Context, fluxSSHKey PublicKey) error { + gh := p.getGitHubAPIClient(ctx) + + logger.Info("creating GitHub deploy key from Flux SSH public key") + + title := p.getDeployKeyTitle() + + key, _, err := gh.Repositories.CreateKey(ctx, p.owner, p.repo, &github.Key{ + Key: &fluxSSHKey.Key, + Title: &title, + ReadOnly: &p.readOnly, + }) + + if err != nil { + return err + } + + logger.Info("%s configured with Flux SSH public key\n%s", *key.Title, fluxSSHKey.Key) + + return nil +} + +func (p *GitHubProvider) Delete(ctx context.Context) error { + gh := p.getGitHubAPIClient(ctx) + + logger.Info("deleting GitHub deploy key") + + title := p.getDeployKeyTitle() + + keys, _, err := gh.Repositories.ListKeys(ctx, p.owner, p.repo, &github.ListOptions{}) + if err != nil { + return err + } + + var keyID int64 + + for _, key := range keys { + if key.GetTitle() == title { + keyID = key.GetID() + + break + } + } + + if keyID == 0 { + logger.Info("skipped deleting GitHub deploy key %q: The key does not exist. Probably you've already deleted it?") + + return nil + } + + if _, err := gh.Repositories.DeleteKey(ctx, p.owner, p.repo, keyID); err != nil { + return err + } + + logger.Info("deleted GitHub deploy key %s", title) + + return nil +} + +func (p *GitHubProvider) getGitHubAPIClient(ctx context.Context) *github.Client { + ts := oauth2.StaticTokenSource( + &oauth2.Token{AccessToken: p.githubToken}, + ) + tc := oauth2.NewClient(ctx, ts) + gh := github.NewClient(tc) + + return gh +} + +func getGitHubOwnerRepoFromRepoURL(repoURL string) (string, string, bool) { + if repoURL == "" { + return "", "", false + } + + sshFull := regexp.MustCompile(`ssh://git@github.com/([^/]+)/([^.]+).git`) + sshShort := regexp.MustCompile(`git@github.com:([^/]+)/([^.]+).git`) + + patterns := []*regexp.Regexp{ + sshFull, + sshShort, + } + + for _, p := range patterns { + m := p.FindStringSubmatch(repoURL) + if len(m) == 3 { + return m[1], m[2], true + } + } + + return "", "", false +} + +func (p *GitHubProvider) getDeployKeyTitle() string { + return fmt.Sprintf("eksctl-flux-%s-%s", p.cluster.Region, p.cluster.Name) +} diff --git a/pkg/gitops/deploykey/github_test.go b/pkg/gitops/deploykey/github_test.go new file mode 100644 index 0000000000..d3d3c49b89 --- /dev/null +++ b/pkg/gitops/deploykey/github_test.go @@ -0,0 +1,53 @@ +package deploykey + +import "testing" + +func TestGetGitHubOwnerRepoFromRepoURL(t *testing.T) { + testcases := []struct { + title string + repoURL, owner, repo string + ok bool + }{ + { + title: "git@github.com", + repoURL: "git@github.com:myorg/configrepo.git", + owner: "myorg", + repo: "configrepo", + ok: true, + }, + { + title: "ssh://git@github.com", + repoURL: "ssh://git@github.com/myorg/configrepo.git", + owner: "myorg", + repo: "configrepo", + ok: true, + }, + { + title: "non-gh url", + repoURL: "git@gitlab.com:gitlab-org/gitlab.git", + owner: "", + repo: "", + ok: false, + }, + } + + for i := range testcases { + tc := testcases[i] + + t.Run(tc.title, func(t *testing.T) { + owner, repo, ok := getGitHubOwnerRepoFromRepoURL(tc.repoURL) + + if owner != tc.owner { + t.Errorf("unexpected owner: want %s, got %s", tc.owner, owner) + } + + if repo != tc.repo { + t.Errorf("unexpected repo: want %s, got %s", tc.repo, repo) + } + + if ok != tc.ok { + t.Errorf("unexpected ok: want %v, got %v", tc.ok, ok) + } + }) + } +} diff --git a/pkg/gitops/flux/installer.go b/pkg/gitops/flux/installer.go index 3060f35ba2..60a36ec658 100644 --- a/pkg/gitops/flux/installer.go +++ b/pkg/gitops/flux/installer.go @@ -9,6 +9,8 @@ import ( "strings" "time" + "github.com/weaveworks/eksctl/pkg/gitops/deploykey" + fluxinstall "github.com/fluxcd/flux/pkg/install" helmopinstall "github.com/fluxcd/helm-operator/pkg/install" "github.com/kris-nova/logger" @@ -32,7 +34,7 @@ const ( // Installer installs Flux type Installer struct { - cluster *api.ClusterMeta + cfg *api.ClusterConfig opts *api.Git timeout time.Duration k8sRestConfig *rest.Config @@ -52,6 +54,7 @@ func NewInstaller(k8sRestConfig *rest.Config, k8sClientSet kubeclient.Interface, PrivateSSHKeyPath: cfg.Git.Repo.PrivateSSHKeyPath, }) fi := &Installer{ + cfg: cfg, opts: cfg.Git, k8sRestConfig: k8sRestConfig, k8sClientSet: k8sClientSet, @@ -128,15 +131,23 @@ func (fi *Installer) Run(ctx context.Context) (string, error) { logger.Info("Flux started successfully") logger.Info("see https://docs.fluxcd.io/projects/flux for details on how to use Flux") - logger.Info("Committing and pushing manifests to %s", fi.opts.Repo.URL) - if err = fi.addFilesToRepo(); err != nil { - return "", err + if api.IsEnabled(fi.opts.Operator.CommitOperatorManifests) { + logger.Info("Committing and pushing manifests to %s", fi.opts.Repo.URL) + if err = fi.addFilesToRepo(); err != nil { + return "", err + } } cleanCloneDir = true logger.Info("Flux will only operate properly once it has write-access to the Git repository") instruction := fmt.Sprintf("please configure %s so that the following Flux SSH public key has write access to it\n%s", fi.opts.Repo.URL, fluxSSHKey.Key) + + ok, err := deploykey.Put(ctx, fi.cfg, deploykey.PublicKey{Key: fluxSSHKey.Key}) + if ok || err != nil { + return "", err + } + return instruction, nil } @@ -276,6 +287,12 @@ func getFluxManifests(opts *api.Git, cs kubeclient.Interface) (map[string][]byte if !fluxNSExists { manifests[fluxNamespaceFileName] = kubernetes.NewNamespaceYAML(opts.Operator.Namespace) } + + additionalFluxArgs := []string{"--sync-garbage-collection"} + if opts.Operator.ReadOnly { + additionalFluxArgs = append(additionalFluxArgs, "--registry-disable-scanning") + } + fluxParameters := fluxinstall.TemplateParameters{ GitURL: opts.Repo.URL, GitBranch: opts.Repo.Branch, @@ -283,10 +300,10 @@ func getFluxManifests(opts *api.Git, cs kubeclient.Interface) (map[string][]byte GitLabel: opts.Operator.Label, GitUser: opts.Repo.User, GitEmail: opts.Repo.Email, - GitReadOnly: false, + GitReadOnly: opts.Operator.ReadOnly, Namespace: opts.Operator.Namespace, ManifestGeneration: true, - AdditionalFluxArgs: []string{"--sync-garbage-collection"}, + AdditionalFluxArgs: additionalFluxArgs, } fluxManifests, err := fluxinstall.FillInTemplates(fluxParameters) if err != nil { diff --git a/pkg/gitops/flux/installer_test.go b/pkg/gitops/flux/installer_test.go index ce59c2a25d..4f4896154f 100644 --- a/pkg/gitops/flux/installer_test.go +++ b/pkg/gitops/flux/installer_test.go @@ -29,7 +29,6 @@ var _ = Describe("Installer", func() { }, } mockInstaller := &Installer{ - cluster: &api.ClusterMeta{Name: "cluster-1", Region: "us-west-2"}, opts: mockOpts, k8sClientSet: fake.NewSimpleClientset(), }