Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support multiple SSH keys for the same host #1433

Merged
merged 1 commit into from
Oct 17, 2019
Merged

Support multiple SSH keys for the same host #1433

merged 1 commit into from
Oct 17, 2019

Conversation

imjasonh
Copy link
Member

Before this change, if users provided two secrets annotated to target the same host, creds-init would fail to generate the ssh config.

This use case is entirely valid, to allow users to rotate keys for instance.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Release Notes

Allow multiple SSH-auth secrets annotated for the same host

@googlebot googlebot added the cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit label Oct 16, 2019
@tekton-robot tekton-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Oct 16, 2019
@tekton-robot
Copy link
Collaborator

The following is the coverage report on pkg/.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/credentials/gitcreds/ssh.go 87.7% 75.0% -12.7

@ghost
Copy link

ghost commented Oct 16, 2019

/lgtm

@tekton-robot tekton-robot assigned ghost Oct 16, 2019
@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 16, 2019
vdemeester
vdemeester requested changes Oct 17, 2019
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure this is gonna work, see my comment 👼

pkg/credentials/gitcreds/creds_test.go Outdated
@@ -305,8 +307,8 @@ func TestSSHFlagHandlingThrice(t *testing.T) {
HostName github.com
IdentityFile %s
Port 22
Host gitlab.com
HostName gitlab.com
Host github.com
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does having multiple exact same Host works ? I read a bit man ssh_config and I am not sure it's documented (either works or not), but I have a fear it doesn't as it's gonna pick up the first one and if it fails, it will considered it failed.

I think it's possible to pass multiple IdentityFile though, like

Host github.com
    IdentityFile /etc/ssh/my_project_1_github_deploy_key
    IdentityFile /etc/ssh/my_project_2_github_deploy_key

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you're right. Reading https://superuser.com/q/366649 it looks like the correct way to handle this is with multiple differently-named Hosts which each specify the same HostName

I've updated the PR to do this, where each Host includes the secret name to dedupe.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems I was wrong! Thanks e2e tests! :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔

@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 17, 2019
@tekton-robot
Copy link
Collaborator

The following is the coverage report on pkg/.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/credentials/gitcreds/ssh.go 87.7% 75.0% -12.7

@tekton-robot
Copy link
Collaborator

The following is the coverage report on pkg/.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/credentials/gitcreds/ssh.go 87.7% 75.8% -11.9

@vdemeester vdemeester added this to the Pipelines 0.8 🐱 milestone Oct 17, 2019
vdemeester
vdemeester approved these changes Oct 17, 2019
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 17, 2019
@tekton-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 17, 2019
@tekton-robot tekton-robot merged commit 8871979 into tektoncd:master Oct 17, 2019
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdemeester vdemeester vdemeester approved these changes

@dibyom dibyom Awaiting requested review from dibyom

Assignees

@vdemeester vdemeester

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
Pipelines 0.8 🐱
Development

Successfully merging this pull request may close these issues.
4 participants
@imjasonh @tekton-robot @vdemeester @googlebot