Add ssh-dest-user ssh param

Alexandru Salajan · Alexandru Salajan · commit a8d79a0cdfb5 · 2025-01-15T15:27:41.000+02:00
diff --git a/src/ops/cli/ssh.py b/src/ops/cli/ssh.py
@@ -92,6 +92,12 @@ def configure(self, parser):
             help='When using Shell Control Box (SCB) and creating a proxy,'
                  'a random port is generated, which will be used in the ssh config '
                  'for all playbook, run and sync operations')
+        parser.add_argument(
+            '--ssh-dest-user',
+            type=str,
+            dest='ssh_dest_user',
+            help='SSH User for the destination host, different from the bastion or SCB user. '
+                 'Useful when LDAP is not working on the destination host.')
 
     def get_help(self):
         return 'SSH or create an SSH tunnel to a server in the cluster'
@@ -260,6 +266,12 @@ def run(self, args, extra_args):
         ssh_config = args.ssh_config or self.ops_config.get(
             'ssh.config') or self.ansible_inventory.get_ssh_config()
 
+        ssh_host_bastion, ssh_host_dest = None, None
+        if args.ssh_dest_user:
+            ssh_host_parts = ssh_host.split('--')
+            ssh_host_bastion = ssh_host_parts[0]
+            ssh_host_dest = ssh_host_parts[1] if len(ssh_host_parts) > 1 else None
+
         scb_ssh_host = None
         if scb_enabled:
             # scb->bastion->host vs scb->bastion
@@ -280,8 +292,14 @@ def run(self, args, extra_args):
         else:
             if scb_enabled:
                 command = f"ssh -F {ssh_config} {ssh_user}@{scb_ssh_host}"
+                if args.ssh_dest_user and ssh_host_dest:
+                    command = (f"ssh -F {ssh_config} -t {ssh_user}@{ssh_host_bastion}@{scb_host} "
+                               f"ssh {args.ssh_dest_user}@{ssh_host_dest}")
             else:
                 command = f"ssh -F {ssh_config} {ssh_host}"
+                if args.ssh_dest_user and ssh_host_dest:
+                    command = (f"ssh -F {ssh_config} -t {ssh_user}@{ssh_host_bastion} "
+                               f"ssh {args.ssh_dest_user}@{ssh_host_dest}")
 
         if args.proxy:
             if scb_enabled:
diff --git a/tests/e2e/test_inventory.py b/tests/e2e/test_inventory.py
@@ -31,7 +31,8 @@ def test_plugin(inventory_opts):
                       "web": [
                         "web1.host",
                         "web2.host"
-                      ]
+                      ],
+                      "backend": ["172.16.0.1--172.16.0.2"]
                     }
                 """
 
diff --git a/tests/e2e/test_ssh.py b/tests/e2e/test_ssh.py
@@ -61,6 +61,12 @@ def test_ssh_scb_user():
     assert re.match(r'ssh -F .+/ssh.config remote_user@bastion.host@scb\.example.com '
                     r'-l remote_user', command['command'])
 
+def test_ssh_scb_user_ssh_dest_user():
+    command = run(current_dir + '/fixture/inventory/clusters/plugin_generator_scb.yaml', 'ssh',
+                  'backend', '--ssh-dest-user', 'ec2-user', '-l', 'remote_user')
+
+    assert re.match(r'ssh -F .+/ssh.config -t remote_user@172.16.0.1@scb\.example.com '
+                    r'ssh ec2-user@172.16.0.2 -l remote_user', command['command'])
 
 def test_ssh_scb_user_noscb():
     command = run(current_dir + '/fixture/inventory/clusters/plugin_generator_scb.yaml', 'ssh',

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,8 @@ def test_plugin(inventory_opts):`
`31`	`31`	`"web": [`
`32`	`32`	`"web1.host",`
`33`	`33`	`"web2.host"`
`34`		`- ]`
	`34`	`+ ],`
	`35`	`+ "backend": ["172.16.0.1--172.16.0.2"]`
`35`	`36`	`}`
`36`	`37`	`"""`
`37`	`38`