Merge branch 'fluxcd:main' into main

docs/index.md

@@ -131,7 +131,7 @@ Optional:
 - `branch` (String) Branch in repository to reconcile from. Defaults to `main`.
 - `commit_message_appendix` (String) String to add to the commit messages.
 - `gpg_key_id` (String) Key id for selecting a particular key.
-- `gpg_key_ring` (String) GPG key ring for signing commits.
+- `gpg_key_ring` (String) Path to the GPG key ring for signing commits.
 - `gpg_passphrase` (String, Sensitive) Passphrase for decrypting GPG private key.
 - `http` (Attributes) (see [below for nested schema](#nestedatt--git--http))
 - `ssh` (Attributes) (see [below for nested schema](#nestedatt--git--ssh))

examples/github-ssh-gpg/flux.tf

@@ -0,0 +1,24 @@
+provider "flux" {
+ kubernetes = {
+ host = kind_cluster.this.endpoint
+ client_certificate = kind_cluster.this.client_certificate
+ client_key = kind_cluster.this.client_key
+ cluster_ca_certificate = kind_cluster.this.cluster_ca_certificate
+ }
+ git = {
+ url = "ssh://[email protected]/${var.github_org}/${var.github_repository}.git"
+ ssh = {
+ username = "git"
+ private_key = tls_private_key.flux.private_key_pem
+ }
+ gpg_key_ring = var.flux_gpg_key_ring
+ gpg_key_id = var.flux_gpg_key_id
+ gpg_passphrase = var.flux_gpg_passphrase
+ }
+}
+
+resource "flux_bootstrap_git" "this" {
+ depends_on = [github_repository_deploy_key.this]
+
+ path = "clusters/my-cluster"
+}

examples/github-ssh-gpg/github.tf

@@ -0,0 +1,16 @@
+provider "github" {
+ owner = var.github_org
+ token = var.github_token
+}
+
+resource "tls_private_key" "flux" {
+ algorithm = "ECDSA"
+ ecdsa_curve = "P256"
+}
+
+resource "github_repository_deploy_key" "this" {
+ title = "Flux"
+ repository = var.github_repository
+ key = tls_private_key.flux.public_key_openssh
+ read_only = "false"
+}

examples/github-ssh-gpg/kind.tf

@@ -0,0 +1,5 @@
+provider "kind" {}
+
+resource "kind_cluster" "this" {
+ name = "flux-e2e"
+}

examples/github-ssh-gpg/main.tf

@@ -0,0 +1,17 @@
+terraform {
+ required_version = ">=1.1.5"
+
+ required_providers {
+ flux = {
+ source = "fluxcd/flux"
+ }
+ kind = {
+ source = "tehcyx/kind"
+ version = ">=0.0.16"
+ }
+ github = {
+ source = "integrations/github"
+ version = ">=5.18.0"
+ }
+ }
+}

examples/github-ssh-gpg/variables.tf

@@ -0,0 +1,32 @@
+variable "flux_gpg_key_id" {
+ type = string
+ description = "The ID of the GPG key to use for signing commits when bootstraping FluxCD."
+}
+
+variable "flux_gpg_key_ring" {
+ type = string
+ description = "The path to the exported GPG key ring."
+}
+
+variable "flux_gpg_passphrase" {
+ sensitive = true
+ type = string
+ description = "The passphrase of the GPG key."
+ default = ""
+}
+
+variable "github_token" {
+ sensitive = true
+ type = string
+ description = "The GitHub token to use for authenticating with the GitHub API."
+}
+
+variable "github_org" {
+ type = string
+ description = "The name of the GitHub organization/username for the repository."
+}
+
+variable "github_repository" {
+ type = string
+ description = "The name of the GitHub repository to create the FluxCD manifests in."
+}

internal/provider/provider.go

@@ -229,7 +229,7 @@ func (p *fluxProvider) Schema(ctx context.Context, req provider.SchemaRequest, r
  Optional: true,
  },
  "gpg_key_ring": schema.StringAttribute{
- Description: "GPG key ring for signing commits.",
+ Description: "Path to the GPG key ring for signing commits.",
  Optional: true,
  },
  "gpg_passphrase": schema.StringAttribute{

internal/provider/provider_resource_data.go

@@ -187,7 +187,7 @@ func (prd *providerResourceData) GetEntityList() (openpgp.EntityList, error) {
  var entityList openpgp.EntityList
  if prd.git.GpgKeyRing.ValueString() != "" {
  var err error
- entityList, err = openpgp.ReadKeyRing(strings.NewReader(prd.git.GpgKeyRing.ValueString()))
+ entityList, err = bootstrap.LoadEntityListFromPath(prd.git.GpgKeyRing.ValueString())
  if err != nil {
  return nil, fmt.Errorf("Failed to read GPG key ring: %w", err)
  }