Skip to content

Commit cca3cb1

Browse files
johnstcnjohnstcn
authored
feat(provisioner): pass owner git ssh key (#13366)
1 parent b7edf5b commit cca3cb1

File tree

7 files changed

+235
-136
lines changed

7 files changed

+235
-136
lines changed

coderd/provisionerdserver/provisionerdserver.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -467,6 +467,15 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
467467
if err != nil {
468468
return nil, failJob(fmt.Sprintf("get owner: %s", err))
469469
}
470+
var ownerSSHPublicKey, ownerSSHPrivateKey string
471+
if ownerSSHKey, err := s.Database.GetGitSSHKey(ctx, owner.ID); err != nil {
472+
if !xerrors.Is(err, sql.ErrNoRows) {
473+
return nil, failJob(fmt.Sprintf("get owner ssh key: %s", err))
474+
}
475+
} else {
476+
ownerSSHPublicKey = ownerSSHKey.PublicKey
477+
ownerSSHPrivateKey = ownerSSHKey.PrivateKey
478+
}
470479
ownerGroups, err := s.Database.GetGroupsByOrganizationAndUserID(ctx, database.GetGroupsByOrganizationAndUserIDParams{
471480
UserID: owner.ID,
472481
OrganizationID: s.OrganizationID,
@@ -586,6 +595,8 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
586595
TemplateName: template.Name,
587596
TemplateVersion: templateVersion.Name,
588597
WorkspaceOwnerSessionToken: sessionToken,
598+
WorkspaceOwnerSshPublicKey: ownerSSHPublicKey,
599+
WorkspaceOwnerSshPrivateKey: ownerSSHPrivateKey,
589600
},
590601
LogLevel: input.LogLevel,
591602
},

coderd/provisionerdserver/provisionerdserver_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,9 @@ func TestAcquireJob(t *testing.T) {
190190
Name: "group1",
191191
OrganizationID: pd.OrganizationID,
192192
})
193+
sshKey := dbgen.GitSSHKey(t, db, database.GitSSHKey{
194+
UserID: user.ID,
195+
})
193196
err := db.InsertGroupMember(ctx, database.InsertGroupMemberParams{
194197
UserID: user.ID,
195198
GroupID: group1.ID,
@@ -360,6 +363,8 @@ func TestAcquireJob(t *testing.T) {
360363
TemplateName: template.Name,
361364
TemplateVersion: version.Name,
362365
WorkspaceOwnerSessionToken: sessionToken,
366+
WorkspaceOwnerSshPublicKey: sshKey.PublicKey,
367+
WorkspaceOwnerSshPrivateKey: sshKey.PrivateKey,
363368
},
364369
},
365370
})

provisioner/terraform/provision.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,8 @@ func provisionEnv(
202202
"CODER_WORKSPACE_OWNER_NAME="+metadata.GetWorkspaceOwnerName(),
203203
"CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN="+metadata.GetWorkspaceOwnerOidcAccessToken(),
204204
"CODER_WORKSPACE_OWNER_GROUPS="+string(ownerGroups),
205+
"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY="+metadata.GetWorkspaceOwnerSshPublicKey(),
206+
"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY="+metadata.GetWorkspaceOwnerSshPrivateKey(),
205207
"CODER_WORKSPACE_ID="+metadata.GetWorkspaceId(),
206208
"CODER_WORKSPACE_OWNER_ID="+metadata.GetWorkspaceOwnerId(),
207209
"CODER_WORKSPACE_OWNER_SESSION_TOKEN="+metadata.GetWorkspaceOwnerSessionToken(),

provisioner/terraform/provision_test.go

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -572,6 +572,52 @@ func TestProvision(t *testing.T) {
572572
}},
573573
},
574574
},
575+
{
576+
Name: "ssh-key",
577+
Files: map[string]string{
578+
"main.tf": `terraform {
579+
required_providers {
580+
coder = {
581+
source = "coder/coder"
582+
}
583+
}
584+
}
585+
586+
resource "null_resource" "example" {}
587+
data "coder_workspace_owner" "me" {}
588+
resource "coder_metadata" "example" {
589+
resource_id = null_resource.example.id
590+
item {
591+
key = "pubkey"
592+
value = data.coder_workspace_owner.me.ssh_public_key
593+
}
594+
item {
595+
key = "privkey"
596+
value = data.coder_workspace_owner.me.ssh_private_key
597+
}
598+
}
599+
`,
600+
},
601+
Request: &proto.PlanRequest{
602+
Metadata: &proto.Metadata{
603+
WorkspaceOwnerSshPublicKey: "fake public key",
604+
WorkspaceOwnerSshPrivateKey: "fake private key",
605+
},
606+
},
607+
Response: &proto.PlanComplete{
608+
Resources: []*proto.Resource{{
609+
Name: "example",
610+
Type: "null_resource",
611+
Metadata: []*proto.Resource_Metadata{{
612+
Key: "pubkey",
613+
Value: "fake public key",
614+
}, {
615+
Key: "privkey",
616+
Value: "fake private key",
617+
}},
618+
}},
619+
},
620+
},
575621
}
576622

577623
for _, testCase := range testCases {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy