*: set sshhostkey and skip check on remote source

This commit is contained in:
Simone Gotti 2019-05-07 15:59:08 +02:00
parent 4d19ce1633
commit 4154be3370
6 changed files with 79 additions and 42 deletions

View File

@ -40,6 +40,8 @@ type remoteSourceCreateOptions struct {
apiURL string apiURL string
oauth2ClientID string oauth2ClientID string
oauth2ClientSecret string oauth2ClientSecret string
sshHostKey string
skipSSHHostKeyCheck bool
} }
var remoteSourceCreateOpts remoteSourceCreateOptions var remoteSourceCreateOpts remoteSourceCreateOptions
@ -53,6 +55,8 @@ func init() {
flags.StringVar(&remoteSourceCreateOpts.apiURL, "api-url", "", "remotesource api url") flags.StringVar(&remoteSourceCreateOpts.apiURL, "api-url", "", "remotesource api url")
flags.StringVar(&remoteSourceCreateOpts.oauth2ClientID, "clientid", "", "remotesource oauth2 client id") flags.StringVar(&remoteSourceCreateOpts.oauth2ClientID, "clientid", "", "remotesource oauth2 client id")
flags.StringVar(&remoteSourceCreateOpts.oauth2ClientSecret, "secret", "", "remotesource oauth2 secret") flags.StringVar(&remoteSourceCreateOpts.oauth2ClientSecret, "secret", "", "remotesource oauth2 secret")
flags.StringVar(&remoteSourceCreateOpts.sshHostKey, "ssh-host-key", "", "remotesource ssh public host key")
flags.BoolVarP(&remoteSourceCreateOpts.skipSSHHostKeyCheck, "skip-ssh-host-key-check", "s", false, "skip ssh host key check")
cmdRemoteSourceCreate.MarkFlagRequired("name") cmdRemoteSourceCreate.MarkFlagRequired("name")
cmdRemoteSourceCreate.MarkFlagRequired("type") cmdRemoteSourceCreate.MarkFlagRequired("type")
@ -72,6 +76,8 @@ func remoteSourceCreate(cmd *cobra.Command, args []string) error {
APIURL: remoteSourceCreateOpts.apiURL, APIURL: remoteSourceCreateOpts.apiURL,
Oauth2ClientID: remoteSourceCreateOpts.oauth2ClientID, Oauth2ClientID: remoteSourceCreateOpts.oauth2ClientID,
Oauth2ClientSecret: remoteSourceCreateOpts.oauth2ClientSecret, Oauth2ClientSecret: remoteSourceCreateOpts.oauth2ClientSecret,
SSHHostKey: remoteSourceCreateOpts.sshHostKey,
SkipSSHHostKeyCheck: remoteSourceCreateOpts.skipSSHHostKeyCheck,
} }
log.Infof("creating remotesource") log.Infof("creating remotesource")

View File

@ -62,6 +62,13 @@ mkdir ~/.ssh
chmod 700 ~/.ssh chmod 700 ~/.ssh
touch ~/.ssh/id_rsa touch ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
touch ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
# Add public ssh host key
if [ -n "$AGOLA_SSHHOSTKEY" ]; then
echo "$AGOLA_SSHHOSTKEY" >> ~/.ssh/known_hosts
fi
# Add repository deploy key # Add repository deploy key
(cat <<EOF > ~/.ssh/id_rsa (cat <<EOF > ~/.ssh/id_rsa
@ -69,17 +76,20 @@ $AGOLA_SSHPRIVKEY
EOF EOF
) )
STRICT_HOST_KEY_CHECKING="yes"
if [ -n "$AGOLA_SKIPSSHHOSTKEYCHECK" ]; then if [ -n "$AGOLA_SKIPSSHHOSTKEYCHECK" ]; then
# Disable git host key verification # Disable git host key verification
(cat <<EOF > ~/.ssh/config STRICT_HOST_KEY_CHECKING="no"
fi
(cat <<EOF > ~/.ssh/config
Host $AGOLA_GIT_HOST Host $AGOLA_GIT_HOST
HostName $AGOLA_GIT_HOST HostName $AGOLA_GIT_HOST
Port $AGOLA_GIT_PORT Port $AGOLA_GIT_PORT
StrictHostKeyChecking no StrictHostKeyChecking ${STRICT_HOST_KEY_CHECKING}
UserKnownHostsFile /dev/null
EOF EOF
) )
fi
git clone $AGOLA_REPOSITORY_URL . git clone $AGOLA_REPOSITORY_URL .
git fetch origin $AGOLA_GIT_REF git fetch origin $AGOLA_GIT_REF

View File

@ -52,6 +52,8 @@ type CreateRemoteSourceRequest struct {
AuthType string AuthType string
Oauth2ClientID string Oauth2ClientID string
Oauth2ClientSecret string Oauth2ClientSecret string
SSHHostKey string
SkipSSHHostKeyCheck bool
} }
func (h *ActionHandler) CreateRemoteSource(ctx context.Context, req *CreateRemoteSourceRequest) (*types.RemoteSource, error) { func (h *ActionHandler) CreateRemoteSource(ctx context.Context, req *CreateRemoteSourceRequest) (*types.RemoteSource, error) {
@ -97,6 +99,8 @@ func (h *ActionHandler) CreateRemoteSource(ctx context.Context, req *CreateRemot
APIURL: req.APIURL, APIURL: req.APIURL,
Oauth2ClientID: req.Oauth2ClientID, Oauth2ClientID: req.Oauth2ClientID,
Oauth2ClientSecret: req.Oauth2ClientSecret, Oauth2ClientSecret: req.Oauth2ClientSecret,
SSHHostKey: req.SSHHostKey,
SkipSSHHostKeyCheck: req.SkipSSHHostKeyCheck,
} }
h.log.Infof("creating remotesource") h.log.Infof("creating remotesource")

View File

@ -35,6 +35,8 @@ type CreateRemoteSourceRequest struct {
AuthType string `json:"auth_type"` AuthType string `json:"auth_type"`
Oauth2ClientID string `json:"oauth_2_client_id"` Oauth2ClientID string `json:"oauth_2_client_id"`
Oauth2ClientSecret string `json:"oauth_2_client_secret"` Oauth2ClientSecret string `json:"oauth_2_client_secret"`
SSHHostKey string `json:"ssh_host_key"`
SkipSSHHostKeyCheck bool `json:"skip_ssh_host_key_check"`
} }
type CreateRemoteSourceHandler struct { type CreateRemoteSourceHandler struct {
@ -63,6 +65,8 @@ func (h *CreateRemoteSourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
AuthType: req.AuthType, AuthType: req.AuthType,
Oauth2ClientID: req.Oauth2ClientID, Oauth2ClientID: req.Oauth2ClientID,
Oauth2ClientSecret: req.Oauth2ClientSecret, Oauth2ClientSecret: req.Oauth2ClientSecret,
SSHHostKey: req.SSHHostKey,
SkipSSHHostKeyCheck: req.SkipSSHHostKeyCheck,
} }
rs, err := h.ah.CreateRemoteSource(ctx, creq) rs, err := h.ah.CreateRemoteSource(ctx, creq)
if httpError(w, err) { if httpError(w, err) {

View File

@ -115,6 +115,7 @@ func (h *webhooksHandler) handleWebhook(r *http.Request) (int, string, error) {
var webhookData *types.WebhookData var webhookData *types.WebhookData
var sshPrivKey string var sshPrivKey string
var cloneURL string var cloneURL string
var sshHostKey string
var skipSSHHostKeyCheck bool var skipSSHHostKeyCheck bool
var runType types.RunType var runType types.RunType
variables := map[string]string{} variables := map[string]string{}
@ -147,7 +148,12 @@ func (h *webhooksHandler) handleWebhook(r *http.Request) (int, string, error) {
} }
sshPrivKey = project.SSHPrivateKey sshPrivKey = project.SSHPrivateKey
sshHostKey = rs.SSHHostKey
// use remotesource skipSSHHostKeyCheck config and override with project config if set to true there
skipSSHHostKeyCheck = rs.SkipSSHHostKeyCheck
if project.SkipSSHHostKeyCheck {
skipSSHHostKeyCheck = project.SkipSSHHostKeyCheck skipSSHHostKeyCheck = project.SkipSSHHostKeyCheck
}
runType = types.RunTypeProject runType = types.RunTypeProject
webhookData, err = gitSource.ParseWebhook(r) webhookData, err = gitSource.ParseWebhook(r)
if err != nil { if err != nil {
@ -258,6 +264,9 @@ func (h *webhooksHandler) handleWebhook(r *http.Request) (int, string, error) {
"AGOLA_GIT_COMMITSHA": webhookData.CommitSHA, "AGOLA_GIT_COMMITSHA": webhookData.CommitSHA,
} }
if sshHostKey != "" {
env["AGOLA_SSHHOSTKEY"] = sshHostKey
}
if skipSSHHostKeyCheck { if skipSSHHostKeyCheck {
env["AGOLA_SKIPSSHHOSTKEYCHECK"] = "1" env["AGOLA_SKIPSSHHOSTKEYCHECK"] = "1"
} }

View File

@ -155,6 +155,10 @@ type RemoteSource struct {
// Oauth2 data // Oauth2 data
Oauth2ClientID string `json:"client_id,omitempty"` Oauth2ClientID string `json:"client_id,omitempty"`
Oauth2ClientSecret string `json:"client_secret,omitempty"` Oauth2ClientSecret string `json:"client_secret,omitempty"`
SSHHostKey string `json:"ssh_host_key,omitempty"` // Public ssh host key of the remote source
SkipSSHHostKeyCheck bool `json:"skip_ssh_host_key_check,omitempty"`
} }
func SourceSupportedAuthTypes(rsType RemoteSourceType) []RemoteSourceAuthType { func SourceSupportedAuthTypes(rsType RemoteSourceType) []RemoteSourceAuthType {