Merge pull request #3176 from semaphoreui/fix_key_installer_for_runner

fix(runner): key installer

Author: fiftin

.gitignore

@@ -7,10 +7,14 @@ web/public/html/**/*.*
 web/public/fonts/*.*
 web/.nyc_output
 api/public/**/*
+/server.json
 /config.json
 /config.runner.json
 /config.runner.token
 /config.runner.key
+/runner.json
+/runner.token
+/runner.key
 /.dredd/config.json
 /database.boltdb
 /database.sqlite

cli/cmd/runner.go

@@ -1,10 +1,16 @@
 package cmd
 
 import (
+	"github.com/semaphoreui/semaphore/pkg/ssh"
+	"github.com/semaphoreui/semaphore/services/runners"
 	"github.com/spf13/cobra"
 	"os"
 )
 
+func createRunnerJobPool() *runners.JobPool {
+	return runners.NewJobPool(&ssh.KeyInstaller{})
+}
+
 func init() {
 	rootCmd.AddCommand(runnerCmd)
 }

cli/cmd/runner_register.go

@@ -5,7 +5,6 @@ import (
 	"os"
 	"strings"
 
-	"github.com/semaphoreui/semaphore/services/runners"
 	"github.com/semaphoreui/semaphore/util"
 	"github.com/spf13/cobra"
 )
@@ -36,7 +35,7 @@ func registerRunner() {
 		util.Config.Runner.RegistrationToken = strings.TrimSpace(string(tokenBytes))
 	}
 
-	taskPool := runners.JobPool{}
+	taskPool := createRunnerJobPool()
 
 	err := taskPool.Register(configFile)
 

cli/cmd/runner_setup.go

@@ -3,7 +3,6 @@ package cmd
 import (
 	"fmt"
 	"github.com/semaphoreui/semaphore/cli/setup"
-	"github.com/semaphoreui/semaphore/services/runners"
 	"github.com/semaphoreui/semaphore/util"
 	"github.com/spf13/cobra"
 )
@@ -33,7 +32,7 @@ func doRunnerSetup() int {
 	}
 
 	if util.Config.Runner.RegistrationToken != "" {
-		taskPool := runners.JobPool{}
+		taskPool := createRunnerJobPool()
 		err := taskPool.Register(&resultConfigPath)
 		if err != nil {
 			panic(err)

cli/cmd/runner_start.go

@@ -1,7 +1,6 @@
 package cmd
 
 import (
-	"github.com/semaphoreui/semaphore/services/runners"
 	"github.com/semaphoreui/semaphore/util"
 	"github.com/spf13/cobra"
 )
@@ -13,7 +12,7 @@ func init() {
 func runRunner() {
 	util.ConfigInit(persistentFlags.configPath, persistentFlags.noConfig)
 
-	taskPool := runners.JobPool{}
+	taskPool := createRunnerJobPool()
 
 	taskPool.Run()
 }

cli/cmd/runner_unregister.go

@@ -1,7 +1,6 @@
 package cmd
 
 import (
-	"github.com/semaphoreui/semaphore/services/runners"
 	"github.com/semaphoreui/semaphore/util"
 	"github.com/spf13/cobra"
 )
@@ -13,7 +12,7 @@ func init() {
 func unregisterRunner() {
 	util.ConfigInit(persistentFlags.configPath, persistentFlags.noConfig)
 
-	taskPool := runners.JobPool{}
+	taskPool := createRunnerJobPool()
 	err := taskPool.Unregister()
 	if err != nil {
 		panic(err)

db/AccessKey.go

@@ -2,11 +2,10 @@ package db
 
 import (
 	"fmt"
-	"github.com/semaphoreui/semaphore/pkg/random"
-	"github.com/semaphoreui/semaphore/pkg/ssh"
-	"github.com/semaphoreui/semaphore/pkg/task_logger"
-	"github.com/semaphoreui/semaphore/util"
-	"path"
+	//"github.com/semaphoreui/semaphore/pkg/ssh"
+	//"github.com/semaphoreui/semaphore/pkg/random"
+	//"github.com/semaphoreui/semaphore/pkg/ssh"
+	//"path"
 )
 
 type AccessKeyType string
@@ -80,62 +79,6 @@ const (
 	AccessKeyRoleGit
 )
 
-type AccessKeyInstallation struct {
-	SSHAgent *ssh.Agent
-	Login    string
-	Password string
-	Script   string
-}
-
-func (key *AccessKeyInstallation) GetGitEnv() (env []string) {
-	env = make([]string, 0)
-
-	env = append(env, fmt.Sprintln("GIT_TERMINAL_PROMPT=0"))
-	if key.SSHAgent != nil {
-		env = append(env, fmt.Sprintf("SSH_AUTH_SOCK=%s", key.SSHAgent.SocketFile))
-		sshCmd := "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
-		if util.Config.SshConfigPath != "" {
-			sshCmd += " -F " + util.Config.SshConfigPath
-		}
-		env = append(env, fmt.Sprintf("GIT_SSH_COMMAND=%s", sshCmd))
-	}
-
-	return env
-}
-
-func (key *AccessKeyInstallation) Destroy() error {
-	if key.SSHAgent != nil {
-		return key.SSHAgent.Close()
-	}
-	return nil
-}
-
-func (key *AccessKey) startSSHAgent(logger task_logger.Logger) (ssh.Agent, error) {
-
-	socketFilename := fmt.Sprintf("ssh-agent-%d-%s.sock", key.ID, random.String(10))
-
-	var socketFile string
-
-	if key.ProjectID == nil {
-		socketFile = path.Join(util.Config.TmpPath, socketFilename)
-	} else {
-		socketFile = path.Join(util.Config.GetProjectTmpDir(*key.ProjectID), socketFilename)
-	}
-
-	sshAgent := ssh.Agent{
-		Logger: logger,
-		Keys: []ssh.AgentKey{
-			{
-				Key:        []byte(key.SshKey.PrivateKey),
-				Passphrase: []byte(key.SshKey.Passphrase),
-			},
-		},
-		SocketFile: socketFile,
-	}
-
-	return sshAgent, sshAgent.Listen()
-}
-
 func (key *AccessKey) Validate(validateSecretFields bool) error {
 	if key.Name == "" {
 		return fmt.Errorf("name can not be empty")

db_lib/AccessKeyInstaller.go

@@ -2,9 +2,10 @@ package db_lib
 
 import (
 	"github.com/semaphoreui/semaphore/db"
+	"github.com/semaphoreui/semaphore/pkg/ssh"
 	"github.com/semaphoreui/semaphore/pkg/task_logger"
 )
 
 type AccessKeyInstaller interface {
-	Install(key db.AccessKey, usage db.AccessKeyRole, logger task_logger.Logger) (installation db.AccessKeyInstallation, err error)
+	Install(key db.AccessKey, usage db.AccessKeyRole, logger task_logger.Logger) (installation ssh.AccessKeyInstallation, err error)
 }

db_lib/CmdGitClient.go

@@ -2,6 +2,7 @@ package db_lib
 
 import (
 	"fmt"
+	"github.com/semaphoreui/semaphore/pkg/ssh"
 	"os/exec"
 	"strings"
 
@@ -16,7 +17,7 @@ type CmdGitClient struct {
 func (c CmdGitClient) makeCmd(
 	r GitRepository,
 	targetDir GitRepositoryDirType,
-	installation db.AccessKeyInstallation,
+	installation ssh.AccessKeyInstallation,
 	args ...string,
 ) *exec.Cmd {
 	cmd := exec.Command("git") //nolint: gas

pkg/ssh/agent.go

@@ -2,8 +2,12 @@ package ssh
 
 import (
 	"fmt"
+	"github.com/semaphoreui/semaphore/db"
+	"github.com/semaphoreui/semaphore/pkg/random"
+	"github.com/semaphoreui/semaphore/util"
 	"io"
 	"net"
+	"path"
 
 	"github.com/semaphoreui/semaphore/pkg/task_logger"
 	"golang.org/x/crypto/ssh"
@@ -95,6 +99,110 @@ func (a *Agent) Listen() error {
 }
 
 func (a *Agent) Close() error {
-	close(a.done)
+	if a.done != nil {
+		close(a.done)
+	}
 	return a.listener.Close()
 }
+
+func StartSSHAgent(key db.AccessKey, logger task_logger.Logger) (Agent, error) {
+
+	socketFilename := fmt.Sprintf("ssh-agent-%d-%s.sock", key.ID, random.String(10))
+
+	var socketFile string
+
+	if key.ProjectID == nil {
+		socketFile = path.Join(util.Config.TmpPath, socketFilename)
+	} else {
+		socketFile = path.Join(util.Config.GetProjectTmpDir(*key.ProjectID), socketFilename)
+	}
+
+	sshAgent := Agent{
+		Logger: logger,
+		Keys: []AgentKey{
+			{
+				Key:        []byte(key.SshKey.PrivateKey),
+				Passphrase: []byte(key.SshKey.Passphrase),
+			},
+		},
+		SocketFile: socketFile,
+	}
+
+	return sshAgent, sshAgent.Listen()
+}
+
+type AccessKeyInstallation struct {
+	SSHAgent *Agent
+	Login    string
+	Password string
+	Script   string
+}
+
+func (key *AccessKeyInstallation) GetGitEnv() (env []string) {
+	env = make([]string, 0)
+
+	env = append(env, fmt.Sprintln("GIT_TERMINAL_PROMPT=0"))
+	if key.SSHAgent != nil {
+		env = append(env, fmt.Sprintf("SSH_AUTH_SOCK=%s", key.SSHAgent.SocketFile))
+		sshCmd := "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+		if util.Config.SshConfigPath != "" {
+			sshCmd += " -F " + util.Config.SshConfigPath
+		}
+		env = append(env, fmt.Sprintf("GIT_SSH_COMMAND=%s", sshCmd))
+	}
+
+	return env
+}
+
+func (key *AccessKeyInstallation) Destroy() error {
+	if key.SSHAgent != nil {
+		return key.SSHAgent.Close()
+	}
+	return nil
+}
+
+type KeyInstaller struct{}
+
+func (KeyInstaller) Install(key db.AccessKey, usage db.AccessKeyRole, logger task_logger.Logger) (installation AccessKeyInstallation, err error) {
+
+	switch usage {
+	case db.AccessKeyRoleGit:
+		switch key.Type {
+		case db.AccessKeySSH:
+			var agent Agent
+			agent, err = StartSSHAgent(key, logger)
+			installation.SSHAgent = &agent
+			installation.Login = key.SshKey.Login
+		}
+	case db.AccessKeyRoleAnsiblePasswordVault:
+		switch key.Type {
+		case db.AccessKeyLoginPassword:
+			installation.Password = key.LoginPassword.Password
+		default:
+			err = fmt.Errorf("access key type not supported for ansible password vault")
+		}
+	case db.AccessKeyRoleAnsibleBecomeUser:
+		if key.Type != db.AccessKeyLoginPassword {
+			err = fmt.Errorf("access key type not supported for ansible become user")
+		}
+		installation.Login = key.LoginPassword.Login
+		installation.Password = key.LoginPassword.Password
+	case db.AccessKeyRoleAnsibleUser:
+		switch key.Type {
+		case db.AccessKeySSH:
+			var agent Agent
+			agent, err = StartSSHAgent(key, logger)
+			installation.SSHAgent = &agent
+			installation.Login = key.SshKey.Login
+		case db.AccessKeyLoginPassword:
+			installation.Login = key.LoginPassword.Login
+			installation.Password = key.LoginPassword.Password
+		case db.AccessKeyNone:
+			// No SSH agent or password needed for ansible user with no access key.
+		default:
+			err = fmt.Errorf("access key type not supported for ansible user")
+		}
+	}
+
+	return
+}