HGKeeper

grim/convey

Finish up the ssh-agent support. Fixes #88

2017-05-02, Gary Kramlich

d4945adeea3b

Parents 8467e23c44f2
Children d5308b3397a8

Finish up the ssh-agent support. Fixes #88

6 files changed, 76 insertions(+), 18 deletions(-)

+1 -0

ChangeLog

+25 -2

README.md

+13 -5

config/convey.go

+11 -0

examples/ssh-identities.yml

+9 -11

main.go

+17 -0

ssh/agent.go

~~--- a/ChangeLog Tue May 02 02:13:31 2017 -0500~~

+++ b/ChangeLog Tue May 02 21:31:02 2017 -0500

@@ -1,4 +1,5 @@

0.6.0:

+ * Added support for ssh-identities in the config file. (fixed #88)

* Add an example showing a traditional CI build. (fixed #90)

* Made meta-plan edge's dashed and bolded to make them more obvious. (fixed #85)

* Fixed a bug where always edges weren't being rendered in the graphviz

~~--- a/README.md Tue May 02 02:13:31 2017 -0500~~

+++ b/README.md Tue May 02 21:31:02 2017 -0500

@@ -85,6 +85,10 @@

This example shows how to use the script attribute of a run task.

+## ssh-identities.yml

+This example shows how you can specify an ssh identity to automatically turn on ssh-agent forwarding.

## traditional.yml

This example shows your traditional clone, test, build, deploy, and report for a project.

@@ -93,7 +97,7 @@

# Configuration

~~-Configuration is done via a file named `convey.yaml`. This file defines the tasks as well as the plans. There are five top level-items: default-plan, environment, meta-plans, plans, and tasks.~~

+Configuration is done via a file named `convey.yaml`. This file defines the tasks as well as the plans. There are few top level-items: default-plan, environment, meta-plans, plans, ssh-identities, and tasks.

`default-plan` is the name of the plan that should be ran by default.

@@ -430,7 +434,7 @@

----

~~-### Meta Plan~~

+## Meta Plan

Meta plans contain a single attribute which is the list of `plans` to run.

@@ -442,6 +446,25 @@

----

+## SSH Identities

+You can specify a list of SSH key fingerprints that are required for your run. This is done by using the `ssh-identities` attribute which is a list of SSH key fingerprints with an option checksum prefix. You can also specify `*` to allow any key that's been added to the `ssh-agent`.

+`ssh-identities` are also supported in your override file. However, any `ssh-identities` specified in your `convey.yml` will be overridden by the values in the override file; they will not be merged.

+### Examples

+ ssh-identities:

+ - ivZaDYamb5xdguIUUVT7DXvXwvE9JLsOkOkR3XAfzeI

+ - SHA256:Efrocgd+rvwjDAnHt2jZAcwDqeka0s8Vv7N3m08cVnA

+When using `*` you have to quote it because `*` treated specially in `yaml`.

+ ssh-identities:

+ - '*'

+----

# Config Loaders

Convey supports multiple different types of configs that it can load. Currently supported loaders are convey and bitbucket.\

~~--- a/config/convey.go Tue May 02 02:13:31 2017 -0500~~

+++ b/config/convey.go Tue May 02 21:31:02 2017 -0500

@@ -37,7 +37,8 @@

}

type conveyOverride struct {

~~- Environment []string `yaml:"environment"`~~

+ Environment []string `yaml:"environment"`

+ SSHIdentities []string `yaml:"ssh-identities"`

}

type ConveyLoader struct {

@@ -81,10 +82,11 @@

// create the real config

realConfig := &Config{

~~- Environment: config.Environment,~~

~~- Plans: config.Plans,~~

~~- MetaPlans: config.MetaPlans,~~

~~- Tasks: realTasks,~~

+ Environment: config.Environment,

+ Plans: config.Plans,

+ MetaPlans: config.MetaPlans,

+ SSHIdentities: config.SSHIdentities,

+ Tasks: realTasks,

}

return realConfig, nil

@@ -99,6 +101,12 @@

}

config.Environment = environment.Merge(config.Environment, overrideData.Environment)

+ // if there are ssh-identities in the override they need to replace the

+ // ones in the normal config file.

+ if len(overrideData.SSHIdentities) > 0 {

+ config.SSHIdentities = overrideData.SSHIdentities

+ }

}

func (c *ConveyLoader) Filenames() []string {

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/examples/ssh-identities.yml Tue May 02 21:31:02 2017 -0500

@@ -0,0 +1,11 @@

+ssh-identities:

+ - '*'

+tasks:

+ dump-env:

+ image: convey/env

+plans:

+ default:

+ stages:

+ - name: dump-env

+ tasks:

+ - dump-env

~~--- a/main.go Tue May 02 02:13:31 2017 -0500~~

+++ b/main.go Tue May 02 21:31:02 2017 -0500

@@ -114,27 +114,25 @@

// values from the command line

defEnv := environment.Initialize()

+ // if the user specified the shortcut, add * to the list of acceptable keys

if *sshAgent {

*sshIdentities = append(*sshIdentities, "*")

}

~~- if len(*sshIdentities) > 0 {~~

~~- haveKeys, err := ssh.KeysAvailable(*sshIdentities)~~

~~- if err != nil {~~

~~- fmt.Printf("error talking to ssh-agent: %s\n", err)~~

~~- os.Exit(1)~~

~~- }~~

+ // now merge in the keys from the config

+ *sshIdentities = append(*sshIdentities, cfg.SSHIdentities...)

~~- if !haveKeys {~~

~~- fmt.Printf("no keys available in ssh-agent\n")~~

~~- os.Exit(1)~~

~~- }~~

+ // now check if we have any keys and make sure one of them is usable

+ enableSSHAgent, err := ssh.ShouldEnable(*sshIdentities)

+ if err != nil {

+ fmt.Printf("%s\n", err)

+ os.Exit(1)

}

opts := &options.Options{

KeepWorkspace: *keep,

ForceSequential: *forceSequential,

~~- EnableSSHAgent: *sshAgent,~~

+ EnableSSHAgent: enableSSHAgent,

TaskTimeout: *taskTimeout,

Environment: environment.Merge(defEnv, *env),

~~--- a/ssh/agent.go Tue May 02 02:13:31 2017 -0500~~

+++ b/ssh/agent.go Tue May 02 21:31:02 2017 -0500

@@ -86,3 +86,20 @@

return false, err

}

+func ShouldEnable(identities []string) (bool, error) {

+ if len(identities) <= 0 {

+ return false, nil

+ }

+ haveKeys, err := KeysAvailable(identities)

+ if err != nil {

+ return false, fmt.Errorf("error talking to ssh-agent: %s", err)

+ }

+ if !haveKeys {

+ return false, fmt.Errorf("no keys available in ssh-agent")

+ }

+ return true, nil