support Fingerprint

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

main.go

@@ -65,6 +65,11 @@ func main() {
 			EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS",
 			Value:  &defaultCiphers,
 		},
+		cli.StringFlag{
+			Name:   "fingerprint",
+			Usage:  "fingerprint as unpadded base64 encoded sha256 hash.",
+			EnvVar: "PLUGIN_FINGERPRINT,SSH_FINGERPRINT,FINGERPRINT,INPUT_FINGERPRINT",
+		},
 		cli.StringSliceFlag{
 			Name:     "host,H",
 			Usage:    "connect to host",
@@ -157,6 +162,11 @@ func main() {
 			EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS",
 			Value:  &defaultCiphers,
 		},
+		cli.StringFlag{
+			Name:   "proxy.fingerprint",
+			Usage:  "fingerprint as unpadded base64 encoded sha256 hash.",
+			EnvVar: "PLUGIN_PROXY_FINGERPRINT,SSH_PROXY_FINGERPRINT,PROXY_FINGERPRINT,INPUT_PROXY_FINGERPRINT",
+		},
 		cli.StringSliceFlag{
 			Name:   "envs",
 			Usage:  "pass environment variable to shell script",
@@ -219,6 +229,7 @@ func run(c *cli.Context) error {
 			Username:       c.String("user"),
 			Password:       c.String("password"),
 			Passphrase:     c.String("ssh-passphrase"),
+			Fingerprint:    c.String("fingerprint"),
 			Host:           c.StringSlice("host"),
 			Port:           c.Int("port"),
 			Timeout:        c.Duration("timeout"),
@@ -235,6 +246,7 @@ func run(c *cli.Context) error {
 				User:        c.String("proxy.username"),
 				Password:    c.String("proxy.password"),
 				Passphrase:  c.String("proxy.ssh-passphrase"),
+				Fingerprint: c.String("proxy.fingerprint"),
 				Server:      c.String("proxy.host"),
 				Port:        c.String("proxy.port"),
 				Timeout:     c.Duration("proxy.timeout"),

plugin.go

@@ -30,6 +30,7 @@ type (
 		Password       string
 		Host           []string
 		Port           int
+		Fingerprint    string
 		Timeout        time.Duration
 		CommandTimeout time.Duration
 		Script         []string
@@ -64,6 +65,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 		Passphrase:  p.Config.Passphrase,
 		Timeout:     p.Config.Timeout,
 		Ciphers:     p.Config.Ciphers,
+		Fingerprint: p.Config.Fingerprint,
 		Proxy: easyssh.DefaultConfig{
 			Server:      p.Config.Proxy.Server,
 			User:        p.Config.Proxy.User,
@@ -74,6 +76,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 			Passphrase:  p.Config.Proxy.Passphrase,
 			Timeout:     p.Config.Proxy.Timeout,
 			Ciphers:     p.Config.Proxy.Ciphers,
+			Fingerprint: p.Config.Proxy.Fingerprint,
 		},
 	}
 

plugin_test.go

@@ -384,6 +384,29 @@ func TestCommandOutput(t *testing.T) {
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }
 
+func TestFingerprint(t *testing.T) {
+	var (
+		buffer bytes.Buffer
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Fingerprint: "wrong",
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.NotNil(t, err)
+}
+
 func TestScriptStop(t *testing.T) {
 	var (
 		buffer   bytes.Buffer