feat: add support for InsecureIgnoreHostKey (#503)

Signed-off-by: Udit107710 <[email protected]>
argoproj-labs · Nov 19, 2021 · b15c3bc · b15c3bc
1 parent 4a1b016
commit b15c3bc
Show file tree

Hide file tree

Showing 9 changed files with 48 additions and 1 deletion.
diff --git a/api/v1alpha1/git.go b/api/v1alpha1/git.go
@@ -15,6 +15,9 @@ type Git struct {
 	// PasswordSecret is the secret selector to the repository password
 	PasswordSecret *corev1.SecretKeySelector `json:"passwordSecret,omitempty" protobuf:"bytes,8,opt,name=passwordSecret"`
 
+	// InsecureIgnoreHostKey is the bool value for ignoring check for host key
+	InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty" protobuf:"bytes,10,opt,name=insecureIgnoreHostKey"`
+
 	// SSHPrivateKeySecret is the secret selector to the repository ssh private key
 	SSHPrivateKeySecret *corev1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty" protobuf:"bytes,9,opt,name=sshPrivateKeySecret"`
 	// +kubebuilder:default=.

diff --git a/config/ci.yaml b/config/ci.yaml
@@ -1231,6 +1231,10 @@ spec:
                           type: array
                         image:
                           type: string
+                        insecureIgnoreHostKey:
+                          description: InsecureIgnoreHostKey is the bool value for
+                            ignoring check for host key
+                          type: boolean
                         passwordSecret:
                           description: PasswordSecret is the secret selector to the
                             repository password
@@ -8406,6 +8410,10 @@ spec:
                     type: array
                   image:
                     type: string
+                  insecureIgnoreHostKey:
+                    description: InsecureIgnoreHostKey is the bool value for ignoring
+                      check for host key
+                    type: boolean
                   passwordSecret:
                     description: PasswordSecret is the secret selector to the repository
                       password

diff --git a/config/crd/bases/dataflow.argoproj.io_pipelines.yaml b/config/crd/bases/dataflow.argoproj.io_pipelines.yaml
@@ -1226,6 +1226,10 @@ spec:
                           type: array
                         image:
                           type: string
+                        insecureIgnoreHostKey:
+                          description: InsecureIgnoreHostKey is the bool value for
+                            ignoring check for host key
+                          type: boolean
                         passwordSecret:
                           description: PasswordSecret is the secret selector to the
                             repository password

diff --git a/config/crd/bases/dataflow.argoproj.io_steps.yaml b/config/crd/bases/dataflow.argoproj.io_steps.yaml
@@ -1177,6 +1177,10 @@ spec:
                     type: array
                   image:
                     type: string
+                  insecureIgnoreHostKey:
+                    description: InsecureIgnoreHostKey is the bool value for ignoring
+                      check for host key
+                    type: boolean
                   passwordSecret:
                     description: PasswordSecret is the secret selector to the repository
                       password

diff --git a/config/default.yaml b/config/default.yaml
@@ -1231,6 +1231,10 @@ spec:
                           type: array
                         image:
                           type: string
+                        insecureIgnoreHostKey:
+                          description: InsecureIgnoreHostKey is the bool value for
+                            ignoring check for host key
+                          type: boolean
                         passwordSecret:
                           description: PasswordSecret is the secret selector to the
                             repository password
@@ -8406,6 +8410,10 @@ spec:
                     type: array
                   image:
                     type: string
+                  insecureIgnoreHostKey:
+                    description: InsecureIgnoreHostKey is the bool value for ignoring
+                      check for host key
+                    type: boolean
                   passwordSecret:
                     description: PasswordSecret is the secret selector to the repository
                       password

diff --git a/config/dev.yaml b/config/dev.yaml
@@ -1231,6 +1231,10 @@ spec:
                           type: array
                         image:
                           type: string
+                        insecureIgnoreHostKey:
+                          description: InsecureIgnoreHostKey is the bool value for
+                            ignoring check for host key
+                          type: boolean
                         passwordSecret:
                           description: PasswordSecret is the secret selector to the
                             repository password
@@ -8406,6 +8410,10 @@ spec:
                     type: array
                   image:
                     type: string
+                  insecureIgnoreHostKey:
+                    description: InsecureIgnoreHostKey is the bool value for ignoring
+                      check for host key
+                    type: boolean
                   passwordSecret:
                     description: PasswordSecret is the secret selector to the repository
                       password

diff --git a/config/quick-start.yaml b/config/quick-start.yaml
@@ -1231,6 +1231,10 @@ spec:
                           type: array
                         image:
                           type: string
+                        insecureIgnoreHostKey:
+                          description: InsecureIgnoreHostKey is the bool value for
+                            ignoring check for host key
+                          type: boolean
                         passwordSecret:
                           description: PasswordSecret is the secret selector to the
                             repository password
@@ -8406,6 +8410,10 @@ spec:
                     type: array
                   image:
                     type: string
+                  insecureIgnoreHostKey:
+                    description: InsecureIgnoreHostKey is the bool value for ignoring
+                      check for host key
+                    type: boolean
                   passwordSecret:
                     description: PasswordSecret is the secret selector to the repository
                       password

diff --git a/go.mod b/go.mod
@@ -36,6 +36,7 @@ require (
 	github.com/uber/jaeger-client-go v2.29.1+incompatible
 	github.com/uber/jaeger-lib v2.4.1+incompatible
 	github.com/weaveworks/promrus v1.2.0
+	golang.org/x/crypto v0.0.0-20210915214749-c084706c2272
 	k8s.io/api v0.20.4
 	k8s.io/apimachinery v0.20.4
 	k8s.io/client-go v0.20.4
@@ -115,7 +116,6 @@ require (
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.16.0 // indirect
-	golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 // indirect
 	golang.org/x/mod v0.5.1-0.20210830214625-1b1db11ec8f4 // indirect
 	golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect

diff --git a/runner/init/init.go b/runner/init/init.go
@@ -16,6 +16,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	ssh2 "golang.org/x/crypto/ssh"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/utils/strings"
@@ -93,6 +94,9 @@ func Exec(ctx context.Context) error {
 				if v, err := ssh.NewPublicKeys("git", sshPrivateKey.Data[k.Key], ""); err != nil {
 					return fmt.Errorf("failed to get create public keys: %w", err)
 				} else {
+					if k := g.InsecureIgnoreHostKey; k {
+						v.HostKeyCallback = ssh2.InsecureIgnoreHostKey()
+					}
 					auth = v
 				}
 			}