recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Update preallocated hosts to use Passphrase credentials

Summary: Depends on D7695. This updates preallocated hosts to use Passphrase credentials. Due to the way SSH private key text credentials work (the TempFile disappears before SSH commands can be executed), this only supports file-based private keys at the moment.

Test Plan:
Created a Passphrase credential for a file-based SSH key. Allocated a resource with:

```
bin/drydock create-resource --blueprint 1 --name "My Linux Host" --attributes platform=linux,host=localhost,port=22,path=/var/drydock,credential=2
```

and successfully leased it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4111, T1049

Differential Revision: https://secure.phabricator.com/D7697

James Rhodes 9c6f6043 1f53017f

+27 -20
+3 -4
src/applications/drydock/blueprint/DrydockPreallocatedHostBlueprintImplementation.php
··· 41 41 // we have all the information we need. 42 42 PhutilTypeSpec::checkMap( 43 43 $resource->getAttributesForTypeSpec( 44 - array('platform', 'host', 'port', 'user', 'path')), 44 + array('platform', 'host', 'port', 'credential', 'path')), 45 45 array( 46 46 'platform' => 'string', 47 47 'host' => 'string', 48 48 'port' => 'string', // Value is a string from the command line 49 - 'user' => 'string', 49 + 'credential' => 'string', 50 50 'path' => 'string', 51 51 )); 52 52 $v_platform = $resource->getAttribute('platform'); ··· 103 103 ->setConfiguration(array( 104 104 'host' => $resource->getAttribute('host'), 105 105 'port' => $resource->getAttribute('port'), 106 - 'user' => $resource->getAttribute('user'), 107 - 'ssh-keyfile' => $resource->getAttribute('ssh-keyfile'), 106 + 'credential' => $resource->getAttribute('credential'), 108 107 'platform' => $resource->getAttribute('platform'))); 109 108 } 110 109
+24 -16
src/applications/drydock/interface/command/DrydockSSHCommandInterface.php
··· 22 22 // NOTE: The "-t -t" is for psuedo-tty allocation so we can "sudo" on some 23 23 // systems, but maybe more trouble than it's worth? 24 24 25 - $keyfile = $this->getConfig('ssh-keyfile'); 26 - if (!empty($keyfile)) { 27 - return new ExecFuture( 28 - 'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %s %s@%s -- %s', 29 - $this->getConfig('port'), 30 - $this->getConfig('ssh-keyfile'), 31 - $this->getConfig('user'), 32 - $this->getConfig('host'), 33 - $full_command); 34 - } else { 35 - return new ExecFuture( 36 - 'ssh -t -t -o StrictHostKeyChecking=no -p %s %s@%s -- %s', 37 - $this->getConfig('port'), 38 - $this->getConfig('user'), 39 - $this->getConfig('host'), 40 - $full_command); 25 + $credential = id(new PassphraseCredentialQuery()) 26 + ->setViewer(PhabricatorUser::getOmnipotentUser()) 27 + ->withIDs(array($this->getConfig('credential'))) 28 + ->needSecrets(true) 29 + ->executeOne(); 30 + 31 + // FIXME: We can't use text-based SSH files here because the TempFile goes 32 + // out of scope after this function ends and thus the file gets removed 33 + // before it can be used. 34 + if ($credential->getCredentialType() !== 35 + PassphraseCredentialTypeSSHPrivateKeyFile::CREDENTIAL_TYPE) { 36 + throw new Exception("Only private key file credentials are supported."); 41 37 } 38 + 39 + $ssh_key = PassphraseSSHKey::loadFromPHID( 40 + $credential->getPHID(), 41 + PhabricatorUser::getOmnipotentUser()); 42 + 43 + return new ExecFuture( 44 + 'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %s %s@%s -- %s', 45 + $this->getConfig('port'), 46 + $ssh_key->getKeyfileEnvelope()->openEnvelope(), 47 + $credential->getUsername(), 48 + $this->getConfig('host'), 49 + $full_command); 42 50 } 43 51 44 52 }