Add user selection to ssh key deployment (#926)

* Add user selection to ssh key deployment

* Update public/api-docs/openapi/ssh-keys.yaml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix migration

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: saeedvaziry

app/Actions/SshKey/DeleteKeyFromServer.php

@@ -14,10 +14,13 @@ class DeleteKeyFromServer
      */
     public function delete(Server $server, SshKey $sshKey): void
     {
+        $pivot = $server->sshKeys()->where('ssh_keys.id', $sshKey->id)->first();
+        $user = $pivot?->pivot->user ?? $server->getSshUser();
+
         $sshKey->servers()->updateExistingPivot($server->id, [
             'status' => SshKeyStatus::DELETING,
         ]);
-        $server->os()->deleteSSHKey($sshKey->public_key);
+        $server->os()->deleteSSHKey($sshKey->public_key, $user);
         $server->sshKeys()->detach($sshKey);
     }
 }

app/Actions/SshKey/DeployKeyToServer.php

@@ -6,20 +6,52 @@
 use App\Exceptions\SSHError;
 use App\Models\Server;
 use App\Models\SshKey;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\Rule;
 
 class DeployKeyToServer
 {
     /**
+     * @param  array<string, mixed>  $input
+     *
      * @throws SSHError
      */
-    public function deploy(Server $server, SshKey $sshKey): void
+    public function deploy(Server $server, SshKey $sshKey, array $input = []): void
     {
+        // Set default user for backward compatibility
+        if (! isset($input['user'])) {
+            $input['user'] = $server->getSshUser();
+        }
+
+        $this->validate($server, $input);
+
+        $user = $input['user'];
+
         $server->sshKeys()->attach($sshKey, [
             'status' => SshKeyStatus::ADDING,
+            'user' => $user,
         ]);
-        $server->os()->deploySSHKey($sshKey->public_key);
+        $server->os()->deploySSHKey($sshKey->public_key, $user);
         $sshKey->servers()->updateExistingPivot($server->id, [
             'status' => SshKeyStatus::ADDED,
+            'user' => $user,
         ]);
     }
+
+    private function validate(Server $server, array $input): void
+    {
+        if (empty($input) || ! isset($input['user'])) {
+            return;
+        }
+
+        $rules = [
+            'user' => [
+                'required',
+                'string',
+                Rule::in($server->getSshUsers()),
+            ],
+        ];
+
+        Validator::make($input, $rules)->validate();
+    }
 }

app/Http/Controllers/API/ServerSSHKeyController.php

@@ -63,7 +63,7 @@ public function create(Request $request, Project $project, Server $server): SshK
             $sshKey = app(CreateSshKey::class)->create($user, $request->all());
         }
 
-        app(DeployKeyToServer::class)->deploy($server, $sshKey);
+        app(DeployKeyToServer::class)->deploy($server, $sshKey, $request->input());
 
         return new SshKeyResource($sshKey);
     }

app/Http/Controllers/ServerSshKeyController.php

@@ -50,7 +50,7 @@ public function store(Request $request, Server $server): RedirectResponse
             ]);
         }
 
-        app(DeployKeyToServer::class)->deploy($server, $sshKey);
+        app(DeployKeyToServer::class)->deploy($server, $sshKey, $request->input());
 
         return back()->with('success', 'SSH key deployed.');
     }

app/Http/Resources/SshKeyResource.php

@@ -18,6 +18,9 @@ public function toArray(Request $request): array
             'id' => $this->id,
             'user' => new UserResource($this->whenLoaded('user')),
             'name' => $this->name,
+            'deployment_user' => $this->whenPivotLoaded('server_ssh_keys', function () {
+                return $this->pivot->user ?? null;
+            }),
             'created_at' => $this->created_at,
             'updated_at' => $this->updated_at,
         ];

app/Models/Server.php

@@ -286,7 +286,7 @@ public function metrics(): HasMany
     public function sshKeys(): BelongsToMany
     {
         return $this->belongsToMany(SshKey::class, 'server_ssh_keys')
-            ->withPivot('status')
+            ->withPivot('status', 'user')
             ->withTimestamps();
     }
 

app/Models/SshKey.php

@@ -47,7 +47,7 @@ public function user(): BelongsTo
     public function servers(): BelongsToMany
     {
         return $this->belongsToMany(Server::class, 'server_ssh_keys')
-            ->withPivot('status')
+            ->withPivot('status', 'user')
             ->withTimestamps();
     }
 

app/SSH/OS/OS.php

@@ -114,9 +114,9 @@ public function getPublicKey(string $user): string
     /**
      * @throws SSHError
      */
-    public function deploySSHKey(string $key): void
+    public function deploySSHKey(string $key, string $user): void
     {
-        $this->server->ssh()->exec(
+        $this->server->ssh($user)->exec(
             view('ssh.os.deploy-ssh-key', [
                 'key' => $key,
             ]),
@@ -127,12 +127,11 @@ public function deploySSHKey(string $key): void
     /**
      * @throws SSHError
      */
-    public function deleteSSHKey(string $key): void
+    public function deleteSSHKey(string $key, string $user): void
     {
-        $this->server->ssh()->exec(
+        $this->server->ssh($user)->exec(
             view('ssh.os.delete-ssh-key', [
                 'key' => $key,
-                'user' => $this->server->getSshUser(),
             ]),
             'delete-ssh-key'
         );

database/migrations/2025_11_13_185811_add_user_to_server_ssh_keys_table.php

@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('server_ssh_keys', function (Blueprint $table): void {
+            $table->string('user')->nullable()->default(config('core.ssh_user'))->after('status');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('server_ssh_keys', function (Blueprint $table): void {
+            $table->dropColumn('user');
+        });
+    }
+};

public/api-docs/openapi/schemas/SshKey.yaml

@@ -3,18 +3,14 @@ properties:
   id:
     type: integer
     example: 1
-  project_id:
-    type: integer
-    example: 1
   name:
     type: string
     example: 'My SSH Key'
-  public_key:
-    type: string
-    example: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC...'
-  fingerprint:
+  deployment_user:
     type: string
-    example: 'SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+    nullable: true
+    description: Server user the key is deployed to
+    example: 'vito'
   created_at:
     type: string
     format: date-time