From 156aa9862e15641c34af294b43d1cc6a78b39c06 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Mon, 12 Oct 2020 19:51:26 +0100 Subject: [PATCH] Add the ability to specify privateKey contents to AutomationAPI (#5557) Fixes: #5383 --- CHANGELOG.md | 3 +++ sdk/go/x/auto/example_test.go | 18 ++++++++++++++++++ sdk/go/x/auto/git.go | 19 +++++++++++++++---- sdk/go/x/auto/local_workspace.go | 5 +++++ 4 files changed, 41 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9c5b70e0..db6b8fe05 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,6 +40,9 @@ CHANGELOG - [cli] Validate cloudUrl formats before `pulumi login` and throw an error if incorrect format specified [#5550](https://github.com/pulumi/pulumi/pull/5545) + +- [automation api] Add support for passing a private ssh key for git authentication that doesn't rely on a file path + [#5557](https://github.com/pulumi/pulumi/pull/5557) - [cli] Improve user experience when pulumi plugin rm --all finds no plugins to remove. The previous behaviour was an error and should not be so. diff --git a/sdk/go/x/auto/example_test.go b/sdk/go/x/auto/example_test.go index 0d111de29..bcef3c9fe 100644 --- a/sdk/go/x/auto/example_test.go +++ b/sdk/go/x/auto/example_test.go @@ -244,6 +244,24 @@ func ExampleGitRepo_privateKeyPath() { NewStackRemoteSource(ctx, stackName, repo) } +func ExampleGitRepo_privateKey() { + ctx := context.Background() + pName := "go_remote_proj" + stackName := FullyQualifiedStackName("myOrg", pName, "myStack") + + repo := GitRepo{ + URL: "git@github.com:pulumi/test-repo.git", + ProjectPath: "goproj", + Auth: &GitAuth{ + SSHPrivateKey: "", + Password: "PrivateKeyPassword", + }, + } + + // initialize a stack from the git repo, specifying our project override + NewStackRemoteSource(ctx, stackName, repo) +} + func ExampleGitRepo_usernameAndPassword() { ctx := context.Background() pName := "go_remote_proj" diff --git a/sdk/go/x/auto/git.go b/sdk/go/x/auto/git.go index 9e3a53228..357f2c030 100644 --- a/sdk/go/x/auto/git.go +++ b/sdk/go/x/auto/git.go @@ -34,16 +34,27 @@ func setupGitRepo(ctx context.Context, workDir string, repoArgs *GitRepo) (strin authDetails := repoArgs.Auth // Each of the authentication options are mutually exclusive so let's check that only 1 is specified - if (authDetails.SSHPrivateKeyPath != "" && authDetails.PersonalAccessToken != "") || - (authDetails.SSHPrivateKeyPath != "" && authDetails.Username != "") || - (authDetails.PersonalAccessToken != "" && authDetails.Username != "") { + if authDetails.SSHPrivateKeyPath != "" && authDetails.Username != "" || + authDetails.PersonalAccessToken != "" && authDetails.Username != "" || + authDetails.PersonalAccessToken != "" && authDetails.SSHPrivateKeyPath != "" || + authDetails.Username != "" && authDetails.SSHPrivateKey != "" { return "", errors.New("please specify one authentication option of `Personal Access Token`, " + - "`Username\\Password` or `SSH Private Key Path`") + "`Username\\Password`, `SSH Private Key Path` or `SSH Private Key`") } // Firstly we will try to check that an SSH Private Key Path has been specified if authDetails.SSHPrivateKeyPath != "" { publicKeys, err := ssh.NewPublicKeysFromFile("git", repoArgs.Auth.SSHPrivateKeyPath, repoArgs.Auth.Password) + if err != nil { + return "", errors.Wrap(err, "unable to use SSH Private Key Path") + } + + cloneOptions.Auth = publicKeys + } + + // Then we check if the details of a SSH Private Key as passed + if authDetails.SSHPrivateKey != "" { + publicKeys, err := ssh.NewPublicKeys("git", []byte(repoArgs.Auth.SSHPrivateKey), repoArgs.Auth.Password) if err != nil { return "", errors.Wrap(err, "unable to use SSH Private Key") } diff --git a/sdk/go/x/auto/local_workspace.go b/sdk/go/x/auto/local_workspace.go index 953881892..9762a6eec 100644 --- a/sdk/go/x/auto/local_workspace.go +++ b/sdk/go/x/auto/local_workspace.go @@ -633,6 +633,11 @@ type GitAuth struct { // git@github.com:org/repository.git - if the url is not in this format, then an error // `unable to clone repo: invalid auth method` will be returned SSHPrivateKeyPath string + // The (contents) private key for access to the git repo. + // When using `SSHPrivateKey`, the URL of the repository must be in the format + // git@github.com:org/repository.git - if the url is not in this format, then an error + // `unable to clone repo: invalid auth method` will be returned + SSHPrivateKey string // The password that pairs with a username or as part of an SSH Private Key Password string // PersonalAccessToken is a Git personal access token in replacement of your password