feat(docker): Add ssh-client to Docker image to access private modules via ssh #553
Conversation
lchastel
changed the title
lchastel
changed the title
lchastel
changed the title
|
@lchastel Please address GH workflow failure and let's gain approval from @MaxymVlasov and/or @antonbabenko as well |
lchastel
changed the title
There was a problem hiding this comment.
Please add the test for SSH existence to https://github.com/antonbabenko/pre-commit-terraform/blob/master/.github/.container-structure-test-config.yaml
| @@ -73,6 +73,11 @@ commandTests: | |||
| command: "su-exec" | |||
| expectedOutput: ["^Usage: su-exec user-spec command \\[args\\]\\n$"] | |||
|
|
|||
| - name: "ssh" | |||
| command: "ssh" | |||
| expectedOutput: ["^usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]$"] | |||
There was a problem hiding this comment.
Should escape square brackets please.
Also should expectedOutput capture only first line of output or all output lines? @MaxymVlasov
There was a problem hiding this comment.
Escape square brackets done.
There was a problem hiding this comment.
expectedOutput capture the whole output, so, in case it is multiline, I recommend just ending comparison regex with the end of the line, but without $, like here:
I'm fine just to check the string in line which includes the version number (sorry that not mentioned it explicitly in the previous comment)
So for openssh it will be something like:
$ ssh -v localhost
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
...
...
IE, here check should be related just to OpenSSH_8.2p1
There was a problem hiding this comment.
The command is "ssh -V"
On my computer I have :
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
On alpine (base on pre-commit-terraform image), I have
OpenSSH_9.1p1, OpenSSL 3.0.9 30 May 2023
I'm trying with "^OpenSSH_[0-9]+\.[0-9]+.*\n$"
There was a problem hiding this comment.
I'd suggest this as it is less specific "^OpenSSH_[0-9]+\.[0-9]+"
MaxymVlasov
changed the title
MaxymVlasov
changed the title
# [1.82.0](v1.81.2...v1.82.0) (2023-08-15) ### Features * **docker:** Add ssh-client to Docker image to access private modules via ssh ([#553](#553)) ([1d76157](1d76157))
|
This PR is included in version 1.82.0 🎉 |
Put an
xinto the box if that apply:Description of your changes
I have external private module in my terraform code (source="ssh://git@....").
In checkov we need to clone external module.
I'm using private module in git. So git need to use ssh to clone them.
I add the installation of ssh-client in the docker image.
It fixes the issue "error: cannot run ssh: No such file or directory"
How can we test changes
From a low level point of view, start the docker image and try to clone a repository via SSH.
From a high level point of view, create a module accessible in ssh, call it from terraform, enable terraform_checkov in pre-commit.