fixing issues with the usage of the private key for argocd

.goreleaser.yaml

@@ -7,10 +7,15 @@ builds:
     goarch:
       - amd64
       - arm64
+universal_binaries:
+  - id: frigg
+    ids:
+      - build1
+      - build2
 brews:
   - name: frigg
     homepage: "https://github.com/PatrickLaabs/frigg"
-    tap:
+    repository:
       owner: PatrickLaabs
       name: frigg
     commit_author:

README.md

@@ -55,6 +55,13 @@ Get the binary using go:
 ```
 go install github.com/PatrickLaabs/frigg@latest
 ```
+
+```
+curl -L -o frigg https://github.com/PatrickLaabs/frigg/releases/download/0.4.0/frigg_0.4.0_darwin_arm64.tar.gz
+chmod +x frigg
+./frigg version
+```
+
 or download the binary at the releasepage:\
 [Frigg - Github Release Page](https://github.com/PatrickLaabs/frigg/releases)
 

cmd/frigg/version/version.go

@@ -54,7 +54,7 @@ func DisplayVersion() string {
 }
 
 // versionCore is the core portion of the frigg CLI version per Semantic Versioning 2.0.0
-const versionCore = "0.1.0"
+const versionCore = "0.4.0"
 
 // versionPreRelease is the base pre-release portion of the kind CLI version per
 // Semantic Versioning 2.0.0

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.4
+	golang.org/x/crypto v0.18.0
 	gopkg.in/yaml.v3 v3.0.1
 	sigs.k8s.io/yaml v1.4.0
 )
@@ -43,7 +44,6 @@ require (
 	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/net v0.20.0 // indirect
 	golang.org/x/sys v0.16.0 // indirect

pkg/common/sshkey/sshkey.go

@@ -1,9 +1,13 @@
 package sshkey
 
 import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
 	"github.com/fatih/color"
+	"golang.org/x/crypto/ssh"
 	"os"
-	"os/exec"
 )
 
 func KeypairGen() {
@@ -15,30 +19,93 @@ func KeypairGen() {
 		return
 	}
 	friggDir := homedir + "/" + friggDirName
-	sshKeypairName := "frigg-sshkeypair_gen"
-	keypairSavePath := friggDir + "/" + sshKeypairName
+	sshpubliykeyName := "frigg-sshkeypair_gen.pub"
+	sshprivatekeyName := "frigg-sshkeypair_gen"
 
-	// ssh-keygen -t rsa -C "frigg ssh keypar" -N "" -f frigg-sshkeypair
-	cmd := exec.Command("ssh-keygen", "-t", "rsa",
-		"-C", `frigg ssh keypar`, "-N", `""`, "-f", keypairSavePath,
-	)
+	savePublicFileTo := friggDir + "/" + sshpubliykeyName
+	savePrivateFileTo := friggDir + "/" + sshprivatekeyName
+	bitSize := 4096
 
-	//Capture the output of the command
-	output, err := cmd.CombinedOutput()
+	privateKey, err := generatePrivateKey(bitSize)
 	if err != nil {
-		println(color.RedString("error creating ssh keypair: %v\n", err))
-		println(color.YellowString(string(output)))
-		return
+		println(color.RedString("error on private key generating: %v\n", err))
 	}
 
-	keyvalue, err := os.ReadFile(keypairSavePath)
+	publicKeyBytes, err := generatePublicKey(&privateKey.PublicKey)
 	if err != nil {
-		println(color.RedString("error reading ssh key file: %v\n", err))
+		println(color.RedString("error on public key generating: %v\n", err))
 	}
 
-	err = os.WriteFile(keypairSavePath, keyvalue, 0775)
+	privateKeyBytes := encodePrivateKeyToPEM(privateKey)
+
+	err = writeKeyToFile(privateKeyBytes, savePrivateFileTo)
 	if err != nil {
-		println(color.RedString("Error on writing ssh key pairs: %v\n", err))
-		return
+		println(color.RedString("error on writing private key: %v\n", err))
+	}
+
+	err = writeKeyToFile(publicKeyBytes, savePublicFileTo)
+	if err != nil {
+		println(color.RedString("error on writing public key: %v\n", err))
+	}
+}
+
+// generatePrivateKey creates a RSA Private Key of specified byte size
+func generatePrivateKey(bitSize int) (*rsa.PrivateKey, error) {
+	// Private Key generation
+	privateKey, err := rsa.GenerateKey(rand.Reader, bitSize)
+	if err != nil {
+		return nil, err
+	}
+
+	// Validate Private Key
+	err = privateKey.Validate()
+	if err != nil {
+		return nil, err
 	}
+
+	println(color.YellowString("Private Key generated"))
+	return privateKey, nil
+}
+
+// encodePrivateKeyToPEM encodes Private Key from RSA to PEM format
+func encodePrivateKeyToPEM(privateKey *rsa.PrivateKey) []byte {
+	// Get ASN.1 DER format
+	privDER := x509.MarshalPKCS1PrivateKey(privateKey)
+
+	// pem.Block
+	privBlock := pem.Block{
+		Type:    "RSA PRIVATE KEY",
+		Headers: nil,
+		Bytes:   privDER,
+	}
+
+	// Private key in PEM format
+	privatePEM := pem.EncodeToMemory(&privBlock)
+
+	return privatePEM
+}
+
+// generatePublicKey take a rsa.PublicKey and return bytes suitable for writing to .pub file
+// returns in the format "ssh-rsa ..."
+func generatePublicKey(privatekey *rsa.PublicKey) ([]byte, error) {
+	publicRsaKey, err := ssh.NewPublicKey(privatekey)
+	if err != nil {
+		return nil, err
+	}
+
+	pubKeyBytes := ssh.MarshalAuthorizedKey(publicRsaKey)
+
+	println(color.YellowString("Public key generated"))
+	return pubKeyBytes, nil
+}
+
+// writePemToFile writes keys to a file
+func writeKeyToFile(keyBytes []byte, saveFileTo string) error {
+	err := os.WriteFile(saveFileTo, keyBytes, 0600)
+	if err != nil {
+		return err
+	}
+
+	println(color.YellowString("Key saved to: %v\n", saveFileTo))
+	return nil
 }

templates/helmchartproxies/mgmt-argocd_ssh.yaml

@@ -33,10 +33,11 @@ spec:
           github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
       credentialTemplates:
         ssh-creds-mgmt:
+          url: PLACEHOLDER
           sshPrivateKey: |
             SSHREPLACEMENT
       repositories:
-        ssh-creds-mgmt:
+        private-repo-mgmt:
           url: PLACEHOLDER
       secret:
         argocdServerAdminPassword: "$2a$10$UfHxzEstRBKFAiTH0ZlI8u95SOaRBcXDCxBTBxfmOz14FHC6Vv3de"