Skip to content

refactor(ec2): enforce ssh key inside global storage. #5814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Oct 23, 2024
Merged

refactor(ec2): enforce ssh key inside global storage. #5814

merged 18 commits into from
Oct 23, 2024

Conversation

@Hweinstock
Copy link
Contributor

@Hweinstock Hweinstock commented Oct 18, 2024

Problem

Followup from #5642 (comment)

There is a case where we could be overwriting keys/files in the .ssh/ directory if not careful.

Solution

Don't allows keys to generated in a directory we do not control, and therefore avoid possibility of overwriting user ssh keys.

License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Hweinstock Hweinstock changed the title refactor(ec2): enforce key inside global storage. refactor(ec2): enforce ssh key inside global storage. Oct 18, 2024
@Hweinstock Hweinstock marked this pull request as ready for review October 18, 2024 20:40
@Hweinstock Hweinstock requested a review from a team as a code owner October 18, 2024 20:40
justinmk3
justinmk3 reviewed Oct 18, 2024
View reviewed changes
justinmk3
justinmk3 reviewed Oct 18, 2024
View reviewed changes
nkomonen-amazon
nkomonen-amazon reviewed Oct 19, 2024
View reviewed changes
packages/core/src/test/awsService/ec2/model.test.ts Outdated
}
const mockKeys = await SshKeyPair.getSshKeyPair('fakeDir', 30000)
await client.sendSshKeyToInstance(testSelection, mockKeys, 'test-user')
const temporaryDirectory = path.join(globals.context.globalStorageUri.fsPath, 'ModelTests')
Copy link
Contributor

@nkomonen-amazon nkomonen-amazon Oct 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In tests, globalStorageUri is stubbed with a temp dir in globalSetup.test.ts, so you may be able to use the default value

But there is a chance that it is only cleared on the "after" instead of "afterEach", and may cause issues in tests:

aws-toolkit-vscode/packages/core/src/test/globalSetup.test.ts

Line 77 in 17e951c

await testUtil.deleteTestTempDirs()

So maybe you could add:

await fs.delete(globals.context.globalStorageUri.fsPath, { recursive: true, force: true })

around here:

aws-toolkit-vscode/packages/core/src/test/globalSetup.test.ts

Line 105 in 17e951c

await globals.globalState.clear()

which I think we should have been doing in the first place

Copy link
Contributor Author

@Hweinstock Hweinstock Oct 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I move the temp keys into the globalStorage itself, then is there any reason I need this to clear on afterEach? I would think deleting the temp dir on after should be sufficient.

Copy link
Contributor

@nkomonen-amazon nkomonen-amazon Oct 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we do not clear globalStorageUri after each test we'll probably have a collision somewhere later.

Lets say you had a test that created an ssh key, then the following test assumed that since it is a new test the globalStorage will not have a key by default. The initial test state bled over in to the next and left some unexpected artifacts

Copy link
Contributor Author

@Hweinstock Hweinstock Oct 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. Was there any reason we didn't want to do this before? Is it expensive/slow to delete all its contents for every test?

Copy link
Contributor

@justinmk3 justinmk3 Oct 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We haven't used it much in tests before, so it was just an oversight.

justinmk3
justinmk3 reviewed Oct 22, 2024
View reviewed changes
packages/core/src/test/globalSetup.test.ts
await globals.globalState.clear()

await testUtil.closeAllEditors()
await fs.delete(globals.context.globalStorageUri.fsPath, { recursive: true, force: true })
Copy link
Contributor

@justinmk3 justinmk3 Oct 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be fine even for local development, because mochaGlobalSetup does:

fakeContext.globalStorageUri = (await testUtil.createTestWorkspaceFolder('globalStoragePath')).uri

@Hweinstock Hweinstock merged commit 1017632 into aws:master Oct 23, 2024
23 of 24 checks passed
@Hweinstock Hweinstock deleted the ec2/safeKey branch October 23, 2024 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@nkomonen-amazon nkomonen-amazon nkomonen-amazon left review comments

@justinmk3 justinmk3 justinmk3 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hweinstock @justinmk3 @nkomonen-amazon