Merge pull request #39 from stuartleeks/sl/ssh-auth-sock

stuartleeks · web-flow · commit eb3f862a4301 · 2021-05-06T09:04:45.000+01:00
Enable SSH key forwarding for 'devcontainer exec'
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -10,18 +10,14 @@ ENV DEBIAN_FRONTEND=noninteractive
 
 # Configure apt, install packages and tools
 RUN apt-get update \
-    && apt-get -y install --no-install-recommends apt-utils dialog nano \
+    && apt-get -y install --no-install-recommends apt-utils dialog nano sudo bsdmainutils \
     #
     # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed
     && apt-get -y install git iproute2 procps lsb-release \
     # Install Release Tools
     #
     # --> RPM used by goreleaser
-    && apt install -y rpm \
-    # Clean up
-    && apt-get autoremove -y \
-    && apt-get clean -y \
-    && rm -rf /var/lib/apt/lists/*
+    && apt install -y rpm 
 
 # This Dockerfile adds a non-root user with sudo access. Use the "remoteUser"
 # property in devcontainer.json to use it. On Linux, the container user's GID/UIDs
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -48,7 +48,8 @@
 	
 	// Add the IDs of extensions you want installed when the container is created.
 	"extensions": [
-		"golang.go"
+		"golang.go",
+		"stuartleeks.vscode-go-by-example"
 	]
 
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
diff --git a/README.md b/README.md
@@ -92,7 +92,11 @@ You can use this with Windows Terminal profiles:
 },
 ```
 
-By default, `devcontainer exec` will set the working directory to be the mount path for the dev container. This can be overridden using `--work-dir`.
+
+There are some other benefits of `devcontainer exec` compared to `docker exec`:
+- it sets the working directory to be the mount path for the dev container. This can be overridden using `--work-dir`.
+- it checks whether you have [configured a user in the dev container](https://code.visualstudio.com/docs/remote/containers-advanced#_adding-a-nonroot-user-to-your-dev-container) and uses this user for the `docker exec`.
+- it checks whether you have set up an SSH agent. If you have and VS Code detects it then VS Code will [forward key requests from the container](https://code.visualstudio.com/docs/remote/containers#_using-ssh-keys). In this scenario, `devcontainer exec` configures the exec session to also forward key requests. This enables operations against git remotes secured with SSH keys to succeed.
 
 ### Working with devcontainer templates
 
diff --git a/cmd/devcontainer/devcontainer.go b/cmd/devcontainer/devcontainer.go
@@ -3,16 +3,11 @@ package main
 import (
 	"fmt"
 	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
 	"sort"
-	"strings"
 	"text/tabwriter"
 
 	"github.com/spf13/cobra"
 	"github.com/stuartleeks/devcontainer-cli/internal/pkg/devcontainers"
-	"github.com/stuartleeks/devcontainer-cli/internal/pkg/wsl"
 )
 
 func createListCommand() *cobra.Command {
@@ -103,19 +98,13 @@ func createExecCommand() *cobra.Command {
 				return cmd.Usage()
 			}
 
-			containerID := ""
+			containerIDOrName := ""
 			devcontainerList, err := devcontainers.ListDevcontainers()
 			if err != nil {
 				return err
 			}
 			if argDevcontainerName != "" {
-				devcontainerName := argDevcontainerName
-				for _, devcontainer := range devcontainerList {
-					if devcontainer.ContainerName == devcontainerName || devcontainer.DevcontainerName == devcontainerName {
-						containerID = devcontainer.ContainerID
-						break
-					}
-				}
+				containerIDOrName = argDevcontainerName
 			} else if argPromptForDevcontainer {
 				// prompt user
 				fmt.Println("Specify the devcontainer to use:")
@@ -127,85 +116,16 @@ func createExecCommand() *cobra.Command {
 				if selection < 0 || selection >= len(devcontainerList) {
 					return fmt.Errorf("Invalid option")
 				}
-				containerID = devcontainerList[selection].ContainerID
+				containerIDOrName = devcontainerList[selection].ContainerID
 			} else {
 				devcontainerPath := argDevcontainerPath
-				if devcontainerPath == "" {
-					devcontainerPath = "."
-				}
-				absPath, err := filepath.Abs(devcontainerPath)
-				if err != nil {
-					return fmt.Errorf("Error handling path %q: %s", devcontainerPath, err)
-				}
-
-				windowsPath := absPath
-				if wsl.IsWsl() {
-					var err error
-					windowsPath, err = wsl.ConvertWslPathToWindowsPath(windowsPath)
-					if err != nil {
-						return err
-					}
-				}
-				for _, devcontainer := range devcontainerList {
-					if devcontainer.LocalFolderPath == windowsPath {
-						containerID = devcontainer.ContainerID
-						break
-					}
-				}
-			}
-
-			if containerID == "" {
-				fmt.Println("Failed to find a matching (running) dev container")
-				return cmd.Usage()
-			}
-
-			localPath, err := devcontainers.GetLocalFolderFromDevContainer(containerID)
-			if err != nil {
-				return err
-			}
-
-			mountPath := argWorkDir
-			if mountPath == "" {
-				mountPath, err = devcontainers.GetWorkspaceMountPath(localPath)
+				containerIDOrName, err = devcontainers.GetContainerIDForPath(devcontainerPath)
 				if err != nil {
 					return err
 				}
 			}
 
-			wslPath := localPath
-			if strings.HasPrefix(wslPath, "\\\\wsl$") && wsl.IsWsl() {
-				wslPath, err = wsl.ConvertWindowsPathToWslPath(wslPath)
-				if err != nil {
-					return fmt.Errorf("error converting path: %s", err)
-				}
-			}
-
-			devcontainerJSONPath := path.Join(wslPath, ".devcontainer/devcontainer.json")
-			userName, err := devcontainers.GetDevContainerUserName(devcontainerJSONPath)
-			if err != nil {
-				return err
-			}
-
-			dockerArgs := []string{"exec", "-it", "--workdir", mountPath}
-			if userName != "" {
-				dockerArgs = append(dockerArgs, "--user", userName)
-			}
-			dockerArgs = append(dockerArgs, containerID)
-			dockerArgs = append(dockerArgs, args...)
-
-			dockerCmd := exec.Command("docker", dockerArgs...)
-			dockerCmd.Stdin = os.Stdin
-			dockerCmd.Stdout = os.Stdout
-
-			err = dockerCmd.Start()
-			if err != nil {
-				return fmt.Errorf("Exec: start error: %s", err)
-			}
-			err = dockerCmd.Wait()
-			if err != nil {
-				return fmt.Errorf("Exec: wait error: %s", err)
-			}
-			return nil
+			return devcontainers.ExecInDevContainer(containerIDOrName, argWorkDir, args)
 		},
 		Args:                  cobra.ArbitraryArgs,
 		DisableFlagsInUseLine: true,
diff --git a/internal/pkg/devcontainers/dockerutils.go b/internal/pkg/devcontainers/dockerutils.go
@@ -4,8 +4,13 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"os"
 	"os/exec"
+	"path"
+	"path/filepath"
 	"strings"
+
+	"github.com/stuartleeks/devcontainer-cli/internal/pkg/wsl"
 )
 
 // Devcontainer names are a derived property.
@@ -85,3 +90,148 @@ func GetLocalFolderFromDevContainer(containerIDOrName string) (string, error) {
 
 	return strings.TrimSpace(string(output)), nil
 }
+
+// GetContainerIDForPath returns the ID of the running container that matches the path
+func GetContainerIDForPath(devcontainerPath string) (string, error) {
+	if devcontainerPath == "" {
+		devcontainerPath = "."
+	}
+	absPath, err := filepath.Abs(devcontainerPath)
+	if err != nil {
+		return "", fmt.Errorf("Error handling path %q: %s", devcontainerPath, err)
+	}
+
+	windowsPath := absPath
+	if wsl.IsWsl() {
+		var err error
+		windowsPath, err = wsl.ConvertWslPathToWindowsPath(windowsPath)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	devcontainerList, err := ListDevcontainers()
+	if err != nil {
+		return "", fmt.Errorf("Error getting container list: %s", err)
+	}
+
+	for _, devcontainer := range devcontainerList {
+		if devcontainer.LocalFolderPath == windowsPath {
+			containerID := devcontainer.ContainerID
+			return containerID, nil
+		}
+	}
+	return "", fmt.Errorf("Could not find running container for path %q", devcontainerPath)
+}
+
+func ExecInDevContainer(containerIDOrName string, workDir string, args []string) error {
+
+	containerID := ""
+	devcontainerList, err := ListDevcontainers()
+	if err != nil {
+		return err
+	}
+
+	for _, devcontainer := range devcontainerList {
+		if devcontainer.ContainerName == containerIDOrName ||
+			devcontainer.DevcontainerName == containerIDOrName ||
+			devcontainer.ContainerID == containerIDOrName {
+			containerID = devcontainer.ContainerID
+			break
+		}
+	}
+
+	if containerID == "" {
+		return fmt.Errorf("Failed to find a matching (running) dev container for %q", containerIDOrName)
+	}
+
+	localPath, err := GetLocalFolderFromDevContainer(containerID)
+	if err != nil {
+		return err
+	}
+
+	if workDir == "" {
+		workDir, err = GetWorkspaceMountPath(localPath)
+		if err != nil {
+			return err
+		}
+	}
+
+	wslPath := localPath
+	if strings.HasPrefix(wslPath, "\\\\wsl$") && wsl.IsWsl() {
+		wslPath, err = wsl.ConvertWindowsPathToWslPath(wslPath)
+		if err != nil {
+			return fmt.Errorf("error converting path: %s", err)
+		}
+	}
+
+	devcontainerJSONPath := path.Join(wslPath, ".devcontainer/devcontainer.json")
+	userName, err := GetDevContainerUserName(devcontainerJSONPath)
+	if err != nil {
+		return err
+	}
+
+	sshAuthSockValue, err := getSshAuthSockValue(containerID)
+	if err != nil {
+		// output error and continue without SSH_AUTH_SOCK value
+		sshAuthSockValue = ""
+		fmt.Printf("Warning: Failed to get SSH_AUTH_SOCK value: %s\n", err)
+		fmt.Println("Continuing without setting SSH_AUTH_SOCK...")
+	}
+
+	dockerArgs := []string{"exec", "-it", "--workdir", workDir}
+	if userName != "" {
+		dockerArgs = append(dockerArgs, "--user", userName)
+	}
+	if sshAuthSockValue != "" {
+		dockerArgs = append(dockerArgs, "--env", "SSH_AUTH_SOCK="+sshAuthSockValue)
+	}
+	dockerArgs = append(dockerArgs, containerID)
+	dockerArgs = append(dockerArgs, args...)
+
+	dockerCmd := exec.Command("docker", dockerArgs...)
+	dockerCmd.Stdin = os.Stdin
+	dockerCmd.Stdout = os.Stdout
+
+	err = dockerCmd.Start()
+	if err != nil {
+		return fmt.Errorf("Exec: start error: %s", err)
+	}
+	err = dockerCmd.Wait()
+	if err != nil {
+		return fmt.Errorf("Exec: wait error: %s", err)
+	}
+	return nil
+}
+
+// getSshAuthSockValue returns the value to use for the SSH_AUTH_SOCK env var when exec'ing into the container, or empty string if no value is found
+func getSshAuthSockValue(containerID string) (string, error) {
+
+	// If the host has SSH_AUTH_SOCK set then VS Code spins up forwarding for key requests
+	// inside the dev container to the SSH agent on the host.
+
+	hostSshAuthSockValue := os.Getenv("SSH_AUTH_SOCK")
+	if hostSshAuthSockValue == "" {
+		// Nothing to see, move along
+		return "", nil
+	}
+
+	// Host has SSH_AUTH_SOCK set, so expecting the dev container to have forwarding set up
+	// Find the latest /tmp/vscode-ssh-auth-<...>.sock
+
+	dockerArgs := []string{"exec", containerID, "bash", "-c", "ls -t -d -1 \"${TMPDIR:-/tmp}\"/vscode-ssh-auth-*"}
+
+	dockerCmd := exec.Command("docker", dockerArgs...)
+	buf, err := dockerCmd.CombinedOutput()
+	if err != nil {
+		errMessage := string(buf)
+		return "", fmt.Errorf("Docker exec error: %s (%s)", err, strings.TrimSpace(errMessage))
+	}
+
+	output := string(buf)
+	lines := strings.Split(output, "\n")
+	if len(lines) <= 0 {
+		return "", nil
+	}
+	return strings.TrimSpace(lines[0]), nil
+}

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,8 @@`
`48`	`48`
`49`	`49`	`// Add the IDs of extensions you want installed when the container is created.`
`50`	`50`	`"extensions": [`
`51`		`- "golang.go"`
	`51`	`+ "golang.go",`
	`52`	`+ "stuartleeks.vscode-go-by-example"`
`52`	`53`	`]`
`53`	`54`
`54`	`55`	`// Use 'forwardPorts' to make a list of ports inside the container available locally.`