[CLOUD-131559] sync with master (Cloud-Foundations#18)

* add flavour, version command, fix version source (Cloud-Foundations#229) - make makefile single source of truth for version - trigger the flow in the tests * minor tests enhancements (Cloud-Foundations#232) * Docker cleanup (Cloud-Foundations#233) * Removed unnecessary `start.sh` * Updated Dockerfile to newer OS * Cleaned up Dockerfile dirty hack for RSA keys Co-authored-by: Espinoza, Erik <[email protected]> * enable to specify agent connection to insert cert to (Cloud-Foundations#231) * enable to specify agent connection to insert cert to * add api * bump version --------- Co-authored-by: Dušan Klinec <[email protected]> --------- Co-authored-by: Dušan Klinec <[email protected]> Co-authored-by: cviecco <[email protected]> Co-authored-by: Erik Espinoza <[email protected]> Co-authored-by: Espinoza, Erik <[email protected]>
ph4r05 · Jun 4, 2024 · 8db5290 · 8db5290
1 parent d644497
commit 8db5290
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 49 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,63 +1,43 @@
 #################
 # Build Step
 #################
-
-FROM golang:latest as build
+FROM golang:bookworm as build
 
 # Setup work env
 RUN mkdir -p /app/ /tmp/gocode/src/github.com/Cloud-Foundations/keymaster
 ADD . /tmp/gocode/src/github.com/Cloud-Foundations/keymaster
 WORKDIR /tmp/gocode/src/github.com/Cloud-Foundations/keymaster
 
-
 # Required envs for GO
 ENV GOPATH=/tmp/gocode
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Update and confirm deps
 RUN apt-get update && apt-get -y dist-upgrade && apt-get -y install build-essential
 
-# Install deps
-RUN make get-deps
-
-## Dirty Hack - Remove when https://github.com/golang/go/issues/37278 is closed
-# Compatibility with OpenSSH 8.2 and above
-WORKDIR /tmp/gocode/src/golang.org/x/crypto/
-RUN git config user.email "[email protected]"
-RUN git config user.name "Your Name"
-RUN git pull --no-edit https://go.googlesource.com/crypto refs/changes/37/220037/3
-WORKDIR /tmp/gocode/src/github.com/Cloud-Foundations/keymaster
-## Dirty Hack End
-
 # Build and copy final result
 RUN make
+RUN strip /tmp/gocode/bin/keymaster*
 
 #################
 # Run Step
 #################
-
-FROM debian:buster as run
+FROM debian:bookworm as run
 
 # Copy binary from build container
 COPY --from=build /tmp/gocode/bin/keymasterd /app/keymasterd
 COPY --from=build /tmp/gocode/bin/keymaster-unlocker /app/keymaster-unlocker
 COPY --from=build /tmp/gocode/src/github.com/Cloud-Foundations/keymaster/cmd/keymasterd/customization_data /usr/share/keymasterd/customization_data
 COPY --from=build /tmp/gocode/src/github.com/Cloud-Foundations/keymaster/cmd/keymasterd/static_files /usr/share/keymasterd/static_files
 
-# Copy docker specific scripts from build container
-COPY --from=build /tmp/gocode/src/github.com/Cloud-Foundations/keymaster/misc/docker/start.sh /app/docker/
-
 # Perform update and clear cache
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update
 RUN apt-get -y --no-install-recommends install procps apache2-utils ca-certificates dumb-init
 RUN apt-get -y dist-upgrade && rm -rf /var/cache/apt/*
 
-
-# Install init
-
 # Expose web and LDAP ports
 EXPOSE 80 443 6920
 
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
-CMD ["/bin/sh", "/app/docker/start.sh"]
+CMD ["/app/keymasterd", "-config", "/etc/keymaster/config.yml", "-alsoLogToStderr"]
diff --git a/Makefile b/Makefile
@@ -10,7 +10,7 @@ endif
 BINARY=keymaster
 
 # These are the values we want to pass for Version and BuildTime
-VERSION?=1.15.13
+VERSION?=1.15.14
 DEFAULT_HOST?=
 VERSION_FLAVOUR?=
 EXTRA_LDFLAGS?=

diff --git a/lib/client/sshagent/agent.go b/lib/client/sshagent/agent.go
@@ -50,12 +50,13 @@ func deleteDuplicateEntries(comment string, agentClient agent.ExtendedAgent, log
 	return deletedCount, nil
 }
 
-func upsertCertIntoAgent(
+func upsertCertIntoAgentConnection(
 	certText []byte,
 	privateKey interface{},
 	comment string,
 	lifeTimeSecs uint32,
 	confirmBeforeUse bool,
+	conn net.Conn,
 	logger log.DebugLogger) error {
 	pubKey, _, _, _, err := ssh.ParseAuthorizedKey(certText)
 	if err != nil {
@@ -72,23 +73,32 @@ func upsertCertIntoAgent(
 		Comment:          comment,
 		ConfirmBeforeUse: confirmBeforeUse,
 	}
-	return withAddedKeyUpsertCertIntoAgent(keyToAdd, logger)
+	return withAddedKeyUpsertCertIntoAgentConnection(keyToAdd, conn, logger)
 }
 
-func withAddedKeyUpsertCertIntoAgent(certToAdd agent.AddedKey, logger log.DebugLogger) error {
-	if certToAdd.Certificate == nil {
-		return fmt.Errorf("Needs a certificate to be added")
-	}
-
+func upsertCertIntoAgent(
+	certText []byte,
+	privateKey interface{},
+	comment string,
+	lifeTimeSecs uint32,
+	confirmBeforeUse bool,
+	logger log.DebugLogger) error {
 	conn, err := connectToDefaultSSHAgentLocation()
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
+	return upsertCertIntoAgentConnection(certText, privateKey, comment, lifeTimeSecs, confirmBeforeUse, conn, logger)
+}
+
+func withAddedKeyUpsertCertIntoAgentConnection(certToAdd agent.AddedKey, conn net.Conn, logger log.DebugLogger) error {
+	if certToAdd.Certificate == nil {
+		return fmt.Errorf("Needs a certificate to be added")
+	}
 	agentClient := agent.NewClient(conn)
 
 	//delete certs in agent with the same comment
-	_, err = deleteDuplicateEntries(certToAdd.Comment, agentClient, logger)
+	_, err := deleteDuplicateEntries(certToAdd.Comment, agentClient, logger)
 	if err != nil {
 		logger.Printf("failed during deletion err=%s", err)
 		return err
@@ -102,3 +112,12 @@ func withAddedKeyUpsertCertIntoAgent(certToAdd agent.AddedKey, logger log.DebugL
 
 	return agentClient.Add(certToAdd)
 }
+
+func withAddedKeyUpsertCertIntoAgent(certToAdd agent.AddedKey, logger log.DebugLogger) error {
+	conn, err := connectToDefaultSSHAgentLocation()
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+	return withAddedKeyUpsertCertIntoAgentConnection(certToAdd, conn, logger)
+}
diff --git a/lib/client/sshagent/api.go b/lib/client/sshagent/api.go
@@ -2,6 +2,7 @@ package sshagent
 
 import (
 	"golang.org/x/crypto/ssh/agent"
+	"net"
 
 	"github.com/Cloud-Foundations/golib/pkg/log"
 )
@@ -15,6 +16,21 @@ func UpsertCertIntoAgent(
 	return upsertCertIntoAgent(certText, privateKey, comment, lifeTimeSecs, false, logger)
 }
 
+func UpsertCertIntoAgentConnection(
+	certText []byte,
+	privateKey interface{},
+	comment string,
+	lifeTimeSecs uint32,
+	confirmBeforeUse bool,
+	conn net.Conn,
+	logger log.DebugLogger) error {
+	return upsertCertIntoAgentConnection(certText, privateKey, comment, lifeTimeSecs, confirmBeforeUse, conn, logger)
+}
+
 func WithAddedKeyUpsertCertIntoAgent(certToAdd agent.AddedKey, logger log.DebugLogger) error {
 	return withAddedKeyUpsertCertIntoAgent(certToAdd, logger)
 }
+
+func WithAddedKeyUpsertCertIntoAgentConnection(certToAdd agent.AddedKey, conn net.Conn, logger log.DebugLogger) error {
+	return withAddedKeyUpsertCertIntoAgentConnection(certToAdd, conn, logger)
+}
diff --git a/misc/docker/docker-compose.yml b/misc/docker/docker-compose.yml
@@ -1,7 +1,5 @@
 # See ../../docs/docker for more info. This will not work without bootstrapping
 
-version: "2"
-
 services:
   keymaster:
     image: "local/keymaster"

diff --git a/misc/docker/start.sh b/misc/docker/start.sh