Skip to content

Commit

Permalink
WIP: changing ssh flags from string to *string
Browse files Browse the repository at this point in the history
  • Loading branch information
martina-if committed Mar 28, 2019
1 parent 35f8bc3 commit cfa4f8a
Show file tree
Hide file tree
Showing 8 changed files with 31 additions and 28 deletions.
6 changes: 3 additions & 3 deletions pkg/apis/eksctl.io/v1alpha4/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@ func SetNodeGroupDefaults(_ int, ng *NodeGroup) error {
}

// Enable SSH when a key is provided
if ng.SSH.PublicKeyPath != "" && ng.SSH.PublicKeyPath != DefaultNodeSSHPublicKeyPath {
if ng.SSH.PublicKeyPath != nil {
ng.SSH.Allow = true
}

if ng.SSH.Allow && ng.SSH.PublicKeyPath == "" {
ng.SSH.PublicKeyPath = DefaultNodeSSHPublicKeyPath
if ng.SSH.Allow && ng.SSH.PublicKeyPath == nil {
ng.SSH.PublicKeyPath = &DefaultNodeSSHPublicKeyPath
}

if ng.VolumeSize > 0 {
Expand Down
10 changes: 5 additions & 5 deletions pkg/apis/eksctl.io/v1alpha4/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,9 +97,6 @@ const (
// NodeImageResolverAuto represents auto AMI resolver (see ami package)
NodeImageResolverAuto = "auto"

// DefaultNodeSSHPublicKeyPath is the default path to SSH public key
DefaultNodeSSHPublicKeyPath = "~/.ssh/id_rsa.pub"

// ClusterNameTag defines the tag of the clsuter name
ClusterNameTag = "eksctl.cluster.k8s.io/v1alpha1/cluster-name"

Expand All @@ -118,6 +115,9 @@ const (
var (
// DefaultWaitTimeout defines the default wait timeout
DefaultWaitTimeout = 25 * time.Minute

// DefaultNodeSSHPublicKeyPath is the default path to SSH public key
DefaultNodeSSHPublicKeyPath = "~/.ssh/id_rsa.pub"
)

// NewBoolTrue return pointer to true value
Expand Down Expand Up @@ -436,10 +436,10 @@ type (
// +optional
Allow bool `json:"allow"`
// +optional
PublicKeyPath string `json:"publicKeyPath,omitempty"`
PublicKeyPath *string `json:"publicKeyPath,omitempty"`
// +optional
PublicKey []byte `json:"publicKey,omitempty"` // TODO: right now it's kind of read-only, but one may wish to use key body in a config file so we will need recognise that
// +optional
PublicKeyName string `json:"publicKeyName,omitempty"`
PublicKeyName *string `json:"publicKeyName,omitempty"`
}
)
2 changes: 1 addition & 1 deletion pkg/cfn/builder/api_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -608,7 +608,7 @@ var _ = Describe("CloudFormation template builder API", func() {
})
})

Context("NodeGroup{PrivateNetworking=true Allow=true}", func() {
Context("NodeGroup{PrivateNetworking=true SSH.Allow=true}", func() {
cfg, ng := newClusterConfigAndNodegroup(true)

ng.SSH.Allow = true
Expand Down
2 changes: 1 addition & 1 deletion pkg/cfn/builder/nodegroup.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ func (n *NodeGroupResourceSet) addResourcesForNodeGroup() error {
UserData: n.userData,
}
if n.spec.SSH.Allow {
lc.KeyName = gfn.NewString(n.spec.SSH.PublicKeyName)
lc.KeyName = gfn.NewString(*n.spec.SSH.PublicKeyName)
}
if n.spec.PrivateNetworking {
lc.AssociatePublicIpAddress = gfn.False()
Expand Down
4 changes: 2 additions & 2 deletions pkg/ctl/cmdutils/configfile.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ func NewCreateClusterLoader(provider *api.ProviderConfig, spec *api.ClusterConfi
}

return ngFilter.CheckEachNodeGroup(l.spec.NodeGroups, func(i int, ng *api.NodeGroup) error {
if ng.SSH.Allow && ng.SSH.PublicKeyPath == "" {
if ng.SSH.Allow && ng.SSH.PublicKeyPath == nil {
return fmt.Errorf("--ssh-public-key must be non-empty string")
}

Expand Down Expand Up @@ -243,7 +243,7 @@ func NewCreateNodeGroupLoader(provider *api.ProviderConfig, spec *api.ClusterCon
}

return ngFilter.CheckEachNodeGroup(spec.NodeGroups, func(i int, ng *api.NodeGroup) error {
if ng.SSH.Allow && ng.SSH.PublicKeyPath == "" {
if ng.SSH.Allow && ng.SSH.PublicKeyPath == nil {
return fmt.Errorf("--ssh-public-key must be non-empty string")
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/ctl/cmdutils/nodegroup_flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func AddCommonCreateNodeGroupFlags(cmd *cobra.Command, fs *pflag.FlagSet, p *api
fs.IntVar(&ng.MaxPodsPerNode, "max-pods-per-node", 0, "maximum number of pods per node (set automatically if unspecified)")

fs.BoolVar(&ng.SSH.Allow, "ssh-access", false, "control SSH access for nodes")
fs.StringVar(&ng.SSH.PublicKeyPath, "ssh-public-key", api.DefaultNodeSSHPublicKeyPath, "SSH public key to use for nodes (import from local path, or use existing EC2 key pair)")
fs.StringVar(ng.SSH.PublicKeyPath, "ssh-public-key", api.DefaultNodeSSHPublicKeyPath, "SSH public key to use for nodes (import from local path, or use existing EC2 key pair)")

fs.StringVar(&ng.AMI, "node-ami", ami.ResolverStatic, "Advanced use cases only. If 'static' is supplied (default) then eksctl will use static AMIs; if 'auto' is supplied then eksctl will automatically set the AMI based on version/region/instance type; if any other value is supplied it will override the AMI to use for the nodes. Use with extreme care.")
fs.StringVar(&ng.AMIFamily, "node-ami-family", api.DefaultNodeImageFamily, "Advanced use cases only. If 'AmazonLinux2' is supplied (default), then eksctl will use the official AWS EKS AMIs (Amazon Linux 2); if 'Ubuntu1804' is supplied, then eksctl will use the official Canonical EKS AMIs (Ubuntu 18.04).")
Expand Down
28 changes: 15 additions & 13 deletions pkg/eks/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,13 @@ func (c *ClusterProvider) getKeyPair(name string) (*ec2.KeyPairInfo, error) {
}

func (c *ClusterProvider) tryExistingSSHPublicKeyFromPath(ng *api.NodeGroup) error {
logger.Info("SSH public key file %q does not exist; will assume existing EC2 key pair", ng.SSH.PublicKeyPath)
existing, err := c.getKeyPair(ng.SSH.PublicKeyPath)
logger.Info("SSH public key file %q does not exist; will assume existing EC2 key pair", *ng.SSH.PublicKeyPath)
existing, err := c.getKeyPair(*ng.SSH.PublicKeyPath)
if err != nil {
return err
}
ng.SSH.PublicKeyName = *existing.KeyName
logger.Info("found EC2 key pair %q", ng.SSH.PublicKeyName)
ng.SSH.PublicKeyName = existing.KeyName
logger.Info("found EC2 key pair %q", *ng.SSH.PublicKeyName)
return nil
}

Expand All @@ -60,15 +60,16 @@ func (c *ClusterProvider) importSSHPublicKeyIfNeeded(clusterName string, ng *api
if err != nil {
return err
}
ng.SSH.PublicKeyName = c.getKeyPairName(clusterName, ng, &fingerprint)
existing, err := c.getKeyPair(ng.SSH.PublicKeyName)
keyName := c.getKeyPairName(clusterName, ng, &fingerprint)
ng.SSH.PublicKeyName = &keyName
existing, err := c.getKeyPair(*ng.SSH.PublicKeyName)
if err != nil {
if strings.HasPrefix(err.Error(), "cannot find EC2 key pair") {
input := &ec2.ImportKeyPairInput{
KeyName: &ng.SSH.PublicKeyName,
KeyName: ng.SSH.PublicKeyName,
PublicKeyMaterial: ng.SSH.PublicKey,
}
logger.Info("importing SSH public key %q as %q", ng.SSH.PublicKeyPath, ng.SSH.PublicKeyName)
logger.Info("importing SSH public key %q as %q", *ng.SSH.PublicKeyPath, *ng.SSH.PublicKeyName)
if _, err = c.Provider.EC2().ImportKeyPair(input); err != nil {
return errors.Wrap(err, "importing SSH public key")
}
Expand All @@ -77,9 +78,9 @@ func (c *ClusterProvider) importSSHPublicKeyIfNeeded(clusterName string, ng *api
return errors.Wrap(err, "checking existing key pair")
}
if *existing.KeyFingerprint != fingerprint {
return fmt.Errorf("SSH public key %s already exists, but fingerprints don't match (exected: %q, got: %q)", ng.SSH.PublicKeyName, fingerprint, *existing.KeyFingerprint)
return fmt.Errorf("SSH public key %s already exists, but fingerprints don't match (exected: %q, got: %q)", *ng.SSH.PublicKeyName, fingerprint, *existing.KeyFingerprint)
}
logger.Debug("SSH public key %s already exists", ng.SSH.PublicKeyName)
logger.Debug("SSH public key %s already exists", *ng.SSH.PublicKeyName)
return nil
}

Expand All @@ -89,14 +90,15 @@ func (c *ClusterProvider) LoadSSHPublicKey(clusterName string, ng *api.NodeGroup
// TODO: https://github.com/weaveworks/eksctl/issues/144
return nil
}
ng.SSH.PublicKeyPath = utils.ExpandPath(ng.SSH.PublicKeyPath)
sshPublicKey, err := ioutil.ReadFile(ng.SSH.PublicKeyPath)
keyPath := utils.ExpandPath(*ng.SSH.PublicKeyPath)
ng.SSH.PublicKeyPath = &keyPath
sshPublicKey, err := ioutil.ReadFile(*ng.SSH.PublicKeyPath)
if err != nil {
if os.IsNotExist(err) {
// if file not found – try to use existing EC2 key pair
return c.tryExistingSSHPublicKeyFromPath(ng)
}
return errors.Wrap(err, fmt.Sprintf("reading SSH public key file %q", ng.SSH.PublicKeyPath))
return errors.Wrap(err, fmt.Sprintf("reading SSH public key file %q", *ng.SSH.PublicKeyPath))
}
// on successful read – import it
ng.SSH.PublicKey = sshPublicKey
Expand Down
5 changes: 3 additions & 2 deletions pkg/utils/kubeconfig/kubeconfig_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ var _ = Describe("Kubeconfig", func() {
contextName: {AuthInfo: "test-user", Cluster: "test-cluster", Namespace: "test-ns"}},
CurrentContext: contextName,
}
var exampleSSHKeyPath = "~/.ssh/id_rsa.pub"

BeforeEach(func() {
configFile, _ = ioutil.TempFile("", "")
Expand Down Expand Up @@ -146,9 +147,9 @@ var _ = Describe("Kubeconfig", func() {
PrivateNetworking: false,
SSH: eksctlapi.SSHConfig{
Allow: false,
PublicKeyPath: "~/.ssh/id_rsa.pub",
PublicKeyPath: &exampleSSHKeyPath,
PublicKey: []uint8(nil),
PublicKeyName: "",
PublicKeyName: nil,
},
DesiredCapacity: nil,
MinSize: nil,
Expand Down

0 comments on commit cfa4f8a

Please sign in to comment.