-
Notifications
You must be signed in to change notification settings - Fork 897
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SSH support for Embedded Ansible repositories #19108
Conversation
Also note that this does not yet support the ssh |
@remote_name = 'origin' | ||
@base_name = File.basename(@path) | ||
|
||
if @ssh_private_key && !Rugged.features.include?(:ssh) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In our appliance builds I've already talked to @simaishi about getting SSH support for rugged and it's relatively simple. If a local developer doesn't compile rugged with ssh support this gives them a nice message.
FWIW, the command I used to build it locally on a Mac is:
brew install libssh2
PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/opt/openssl/lib/pkgconfig" gem install rugged -v 0.27.7
On Fedora/CentOS, the presence of libssh2 seems to be enough to get it to build properly.
We will have to document this somewhere in the dev setup. Even so, a "normal" installation of rugged will still work for user/pass over http(s)...just ssh won't work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reference to that change in the appliance:
Also, also, known issue...if you change the scm_url (particularly from user/pass to ssh) we need to somehow push that value down to the on-disk-repo itself...another follow-up |
567bb72
to
0f7e1d7
Compare
Leaving the rubocops as they were there before. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, don't have a big problem with the changes and direction of them. Just have a few minor things that should be addressed first.
@remote_name = 'origin' | ||
@base_name = File.basename(@path) | ||
|
||
if @ssh_private_key && !Rugged.features.include?(:ssh) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reference to that change in the appliance:
@certificate_check_cb = options[:certificate_check] | ||
|
||
@remote_name = 'origin' | ||
@base_name = File.basename(@path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BUT WHY DIDN'T YOU ALIGN THESE WITH THE REST!!!1!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's why I put the blank line :) IMO, there first few are "extracting options" and the rest are "other" so they are logically separate groups.
yield options | ||
ensure | ||
if @ssh_private_key_file | ||
@ssh_private_key_file.unlink |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think I have a better way of doing this, but effectively for every action that requires this method, we are going to be creating and deleting the @ssh_private_key_file
, correct? Might be a bit of extra trashing of the file system as a result.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, but only for remote interactions, so it only happens once per invocation. I thought the same as you that it might thrash but I think we can deal with that later if it's really an issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, kinda assumed. I am not going to "resolve this" as I do want it more visible for others in the future, but I think it can stay as is until it becomes a problem.
0f7e1d7
to
ab10b9b
Compare
@NickLaMuro Updated. |
ab10b9b
to
414d473
Compare
pull is a safer method as it does proper locking when multiple processes are involved.
414d473
to
f1c707d
Compare
Updated specs and added some more |
Checked commits Fryguy/manageiq@51faaf4~...f1c707d with ruby 2.4.6, rubocop 0.69.0, haml-lint 0.20.0, and yamllint 1.10.0 lib/git_worktree.rb
spec/lib/git_worktree_spec.rb
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 looks good to me. Kicked the specs for brakeman. Looks like they're still having some network issues.
Add SSH support for Embedded Ansible repositories (cherry picked from commit 727acba)
Ivanchuk backport details:
|
The code here involved a bit of an overhaul of the credentials handling inside GitWorktree, but I think it's a lot cleaner this way. Basically, we wrap credential usage in a with block that creates the key as a Tempfile, does the operation and then deletes the key. For user/pass, we still use the block format, but nothing actually happens.
Note that the only mechanism provided by rugged seems to be SSH keys as files, hence the use of Tempfile. libgit2 seems to have support for SSH key in memory, but it's not exposed via rugged from what I can tell.
I think as a follow up we may want to either a) expose that ssh key in memory cred in rugged, or b) allow for IO objects in addition to filename Strings for the privatekey and publickey options.
@carbonin @NickLaMuro Please review.