Fix checking out branches/tags on private repos with SSH

amisevsk · amisevsk · commit cd666341060d · 2022-12-20T21:02:15.000-05:00
Introduce dependency on github.com/kevinburke/ssh_config (MIT license)
in order to parse workspace SSH config and resolve which key should be
used when listing branches/tags on a remote repository.

Currently, only one IdentityFile per host is supported, compared to Git
which by default tries additional keys if connection fails.

Signed-off-by: Angel Misevski &lt;amisevsk@redhat.com&gt;
diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/google/go-cmp v0.5.9
 	github.com/google/gofuzz v1.2.0
 	github.com/google/uuid v1.1.2
+	github.com/kevinburke/ssh_config v1.2.0
 	github.com/onsi/ginkgo/v2 v2.0.0
 	github.com/onsi/gomega v1.17.0
 	github.com/openshift/api v0.0.0-20200205133042-34f0ec8dab87
diff --git a/project-clone/internal/global.go b/project-clone/internal/global.go
@@ -26,17 +26,18 @@ import (
 	gittransport "github.com/go-git/go-git/v5/plumbing/transport"
 	githttp "github.com/go-git/go-git/v5/plumbing/transport/http"
 	gitssh "github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	"github.com/kevinburke/ssh_config"
 )
 
 const (
 	credentialsMountPath = "/.git-credentials/credentials"
+	sshConfigMountPath   = "/etc/ssh/ssh_config"
 )
 
 var (
 	ProjectsRoot     string
 	CloneTmpDir      string
 	tokenAuthMethod  map[string]*githttp.BasicAuth
-	sshAuthMethod    *gitssh.PublicKeys
 	credentialsRegex = regexp.MustCompile(`https://(.+):(.+)@(.+)`)
 )
 
@@ -67,8 +68,22 @@ func GetAuthForHost(repoURLStr string) (gittransport.AuthMethod, error) {
 	}
 	switch endpoint.Protocol {
 	case "ssh":
-		// TODO
-		return nil, fmt.Errorf("SSH support not yet implemented")
+		identityFiles := ssh_config.GetAll(endpoint.Host, "IdentityFile")
+		if len(identityFiles) == 0 {
+			log.Printf("No SSH key found for host %s", endpoint.Host)
+		} else if len(identityFiles) > 1 {
+			// Probably should try all keys, one by one, in the future
+			log.Printf("Warning: multiple SSH keys found for host %s. Using first match.", endpoint.Host)
+		}
+		user := ssh_config.Get(endpoint.Host, "User")
+		if user == "" {
+			user = "git"
+		}
+		pubkeys, err := gitssh.NewPublicKeysFromFile(user, identityFiles[0], "")
+		if err != nil {
+			return nil, fmt.Errorf("failed to set up SSH: %w", err)
+		}
+		return pubkeys, nil
 	case "http", "https":
 		authMethod, ok := tokenAuthMethod[endpoint.Host]
 		if !ok {
