Add passphrase input to the add SSH key dialog

[vinokurig]

What does this PR do?

DO NOT MERGE

• Add a new input for passphrase value to the add SSH key dialog:
  
• Propagate the new passphrase value to the ssh key secret.

What issues does this PR fix or reference?

https://issues.redhat.com/browse/CRW-6614

Is it tested? How?

1. Go to User Preferences -> Ssh Keys tab
2. Fill the public and private key inputs, enter some value to the passphrase input.
3. Save the key and get the git-ssh-key secret data.

See: the passphrase field is present in the data map and its value equals to the input.

Release Notes

Docs PR

[che-bot]

Click here to review and test in web IDE:

[akurinnoy]

@vinokurig can you please take a look at why the build failed?

[github-actions]

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1157

kubectl patch command

kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1157", name: che-dashboard}]}}]"

[codecov]

Codecov Report

Attention: Patch coverage is 94.44444% with 4 lines in your changes missing coverage. Please review.

Project coverage is 89.56%. Comparing base (b8be17e) to head (bde4177).
Report is 1 commits behind head on main.

Files	Patch %	Lines
...es/UserPreferences/SshKeys/AddModal/Form/index.tsx	77.77%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1157      +/-   ##
==========================================
- Coverage   89.67%   89.56%   -0.12%     
==========================================
  Files         415      416       +1     
  Lines       42461    42532      +71     
  Branches     2843     2846       +3     
==========================================
+ Hits        38077    38092      +15     
- Misses       4357     4412      +55     
- Partials       27       28       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dmytro-ndp]

@vinokurig : could you. please, confirm, that it should be enough to install Eclipse Che Next with User Dashboard deployed from quay.io/eclipse/che-dashboard:pr-1157 to validate the PR?

Asking, because the message in PR description mentioned devfile/devworkspace-operator#1291, so I am curious if it's needed to have specific devworkspace-operator as well.

[AObuchow]

Asking, because the message in PR description mentioned devfile/devworkspace-operator#1291, so I am curious if it's needed to have specific devworkspace-operator as well.

@dmytro-ndp For a full test flow in Che, I believe you'll need to use the DWO project clone container built from devfile/devworkspace-operator#1291

I've already built this image and pushed it here: quay.io/aobuchow/project-clone:ihor-sshkey-pr

To make DWO use it, you'll need to configure your DWOC as follows:

kind: DevWorkspaceOperatorConfig
config:
  workspace:
+    projectClone:
+      image: quay.io/aobuchow/project-clone:ihor-sshkey-pr

Then create a new workspace for it to use the newly configured project clone container.

This should work with the che-owned DWOC IIRC.

[AObuchow]

@dmytro-ndp sorry, my above comment was wrong. What I described was testing the entire flow of the ssh passphrase feature.

Based on @vinokurig's PR description:

See: the passphrase field is present in the data map and its value equals to the input.

I believe there should be a secret created in the user's namespace regarding the ssh key, and it should contain a passphrase field in it's data. Verifying that does not require a modified version of DWO or the project clone container.

[vinokurig]

@dmytro-ndp

@vinokurig : could you. please, confirm, that it should be enough to install Eclipse Che Next with User Dashboard deployed from quay.io/eclipse/che-dashboard:pr-1157 to validate the PR?

As @AObuchow mentioned in his comment above we do not need the modified DWO image here. In the scope of the pull request it would be enough to verify that the Add SSH key dialog has the Passphrase input and that the ssh-secret created after adding the SSH key has the passphrase data.

[dmytro-ndp]

Thank you for the explanation, @AObuchow , @vinokurig !

I wanted to test whole cycle - starting from setting up git passphrase and ending by cloning the project inside the workspace editor using passphrase.

I can do it in two steps:

1. Check adding SSH key with passphrase in User Dashboard;
2. Check cloning project using SSH key with passphrase after Override the default ssh askpass flow on project clone step devfile/devworkspace-operator#1291 is merged

[dmytro-ndp]

@vinokurig: I faced error Failed to add the SSH key. Unable to add SSH key "git-ssh-key": Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 4 when executed step "3. Save the key and get the git-ssh-key secret data." with SSH key of size 2048:

screencast-bpconcjcammlapcogcnnelfmaeghhagj-2024.08.05-21_47_01.webm

Test environment: OCP 4.16 cluster with Eclipse Che Next. using User Dashboard quay.io/eclipse/che-dashboard:pr-1157 , and DWOC quay.io/devfile/devworkspace-controller:sha-e176ec0

SSH key were created by the command: ssh-keygen -b 2048 -t rsa -N "123qwe"

It would be great if you could take a look.

[vinokurig]

@dmytro-ndp Thank you for reporting the error. I fixed the error in the latest commit. Also I changed the passphrase input type to password so the sensitive data is hidden:

[github-actions]

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1157

kubectl patch command

kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1157", name: che-dashboard}]}}]"

[openshift-ci]

@vinokurig: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/v14-dashboard-happy-path	4420202	link	true	/test v14-dashboard-happy-path

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[dmytro-ndp]

@vinokurig : thanks for the improvement.

I was successfully added ssh key with passphrase to the user preferences in dashboard quay.io/eclipse/che-dashboard@sha256:ac07ba98b10ee8b40eedfa4b8aae51f084a6396a627abdad774de6004b9a89cc = latest version of quay.io/eclipse/che-dashboard:pr-1157 and then created workspace from GitHub repo using this ssh key.

Let.Dev.Spaces.keep.ssh.passphrase.for.git.webm

Well done!

At the same time, I faced an error Git: Warning: Permanently added the ECDSA host key for IP address '140.82.112.3' to the list of known hosts. when tried to push changes to the repo using Source Control view of VS Code Editor.
git-error log:

> git pull --tags origin main
Warning: Permanently added the ECDSA host key for IP address '140.82.112.3' to the list of known hosts.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I had been asked to enter passphrase for key '/etc/ssh/dwo_ssh_key" when tried to push changes using Terminal:

screencast-bpconcjcammlapcogcnnelfmaeghhagj-2024.08.06-14_39_32.webm

It didn't look like an expected behavior, IMHO.
(@AObuchow : cc)

[dmytro-ndp]

@vinokurig : one more notice: Uses Dashboard failed to add SSH key with passphrase containing Cyrillic symbols: Failed to add the SSH key. Unable to add SSH key "git-ssh-key": Invalid character

SSH key were created using the command ssh-keygen -b 2048 -t rsa -N "тест".

[vinokurig]

@dmytro-ndp Thank you for the deep testing and reporting the bugs. Despite that fact that the bugs are not related to the pull request, I think we should fix the bugs before merging the pull request. It is my bad that I did not try some git operations in the scope of the DWO pull request.
@dmytro-ndp Could you please create an issue for the found bugs?

[dmytro-ndp]

@vinokurig , @AObuchow : here is the issue about pushing changes to the git repo: devfile/devworkspace-operator#1295

[ibuziuk]

In this case I propose to postpone this feature and move it to 3.17 / 7.91

[vinokurig]

@dmytro-ndp The SSH flow works for both git UI and terminal commands, could you please validate the pull request again?

[dmytro-ndp]

@vinokurig : fixed version Eclipse Che Next + quay.io/eclipse/che-dashboard@sha256:ac07ba98b10ee8b40eedfa4b8aae51f084a6396a627abdad774de6004b9a89cc worked as expected with ssh key using passphrase:

1. push changes from the terminal in workspace
2. push changes using GitHub Pull extension

Well done!

Screencast:

screencast-bpconcjcammlapcogcnnelfmaeghhagj-2024.09.13-21_39_37.webm

[olexii4]

LGTM

[devstudio-release]

Build 3.17 :: dashboard_3.x/543: Console, Changes, Git Data

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: akurinnoy, dmytro-ndp, ibuziuk, olexii4, vinokurig

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[devstudio-release]

Build 3.17 :: sync-to-downstream_3.x/7703: Console, Changes, Git Data

[devstudio-release]

Build 3.17 :: get-sources-rhpkg-container-build_3.x/7695: Console, Changes, Git Data