diff --git a/docs/2-the-zarf-cli/100-cli-commands/zarf_init.md b/docs/2-the-zarf-cli/100-cli-commands/zarf_init.md index f39f894ce6..6b353aecdd 100644 --- a/docs/2-the-zarf-cli/100-cli-commands/zarf_init.md +++ b/docs/2-the-zarf-cli/100-cli-commands/zarf_init.md @@ -62,6 +62,7 @@ $ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNA --git-push-username string Username to access to the git server Zarf is configured to use. User must be able to create repositories via 'git push' (default "zarf-git-user") --git-url string External git server url to use for this Zarf cluster -h, --help help for init + -k, --key string Path to public key file for validating signed packages --nodeport int Nodeport to access a registry internal to the k8s cluster. Between [30000-32767] --registry-pull-password string Password for the pull-only user to access the registry --registry-pull-username string Username for pull-only access to the registry diff --git a/src/cmd/initialize.go b/src/cmd/initialize.go index 84e93fa7bf..192fb961e0 100644 --- a/src/cmd/initialize.go +++ b/src/cmd/initialize.go @@ -220,5 +220,7 @@ func init() { initCmd.Flags().DurationVar(&pkgConfig.DeployOpts.Timeout, "timeout", v.GetDuration(common.VPkgDeployTimeout), lang.CmdPackageDeployFlagTimeout) + initCmd.Flags().StringVarP(&pkgConfig.PkgOpts.PublicKeyPath, "key", "k", v.GetString(common.VPkgPublicKey), lang.CmdPackageFlagFlagPublicKey) + initCmd.Flags().SortFlags = true } diff --git a/src/test/e2e/35_custom_init_package_test.go b/src/test/e2e/35_custom_init_package_test.go new file mode 100644 index 0000000000..aae69e30e9 --- /dev/null +++ b/src/test/e2e/35_custom_init_package_test.go @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package test provides e2e tests for Zarf. +package test + +import ( + "fmt" + "path/filepath" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestCustomInit(t *testing.T) { + t.Log("E2E: Custom Init Package") + e2e.SetupWithCluster(t) + buildPath := filepath.Join("src", "test", "packages", "35-custom-init-package") + pkgName := fmt.Sprintf("zarf-init-%s-%s.tar.zst", e2e.Arch, e2e.GetZarfVersion(t)) + privateKeyFlag := "--signing-key=src/test/packages/zarf-test.prv-key" + publicKeyFlag := "--key=src/test/packages/zarf-test.pub" + + stdOut, stdErr, err := e2e.Zarf("package", "create", buildPath, privateKeyFlag, "--confirm") + require.NoError(t, err, stdOut, stdErr) + defer e2e.CleanFiles(pkgName) + + /* Test operations during package inspect */ + // Test that we can inspect the yaml of the package without the private key + stdOut, stdErr, err = e2e.Zarf("package", "inspect", pkgName) + require.NoError(t, err, stdOut, stdErr) + + // Test that we don't get an error when we remember to provide the public key + stdOut, stdErr, err = e2e.Zarf("package", "inspect", pkgName, publicKeyFlag) + require.NoError(t, err, stdOut, stdErr) + require.Contains(t, stdErr, "Verified OK") + + /* Test operations during package deploy */ + // Test that we get an error when trying to deploy a package without providing the public key + stdOut, stdErr, err = e2e.Zarf("init", "--confirm") + require.Error(t, err, stdOut, stdErr) + require.Contains(t, stdErr, "unable to load the package: package is signed but no key was provided - add a key with the --key flag or use the --insecure flag and run the command again") + + /* Test operations during package deploy */ + // Test that we can deploy the package with the public key + stdOut, stdErr, err = e2e.Zarf("init", "--confirm", publicKeyFlag) + require.NoError(t, err, stdOut, stdErr) +} diff --git a/src/test/packages/35-custom-init-package/zarf.yaml b/src/test/packages/35-custom-init-package/zarf.yaml new file mode 100644 index 0000000000..71da260571 --- /dev/null +++ b/src/test/packages/35-custom-init-package/zarf.yaml @@ -0,0 +1,8 @@ +kind: ZarfInitConfig +metadata: + name: init + description: Used to establish a new Zarf cluster + +components: + - name: nothing +