Merge pull request #506 from hazelops/IZE-667-ssh-bastion-test-is-not…

…-valid-need-another-key IZE-667 added another ssh key for tunnel test
hazelops · Oct 27, 2022 · f9a8020 · f9a8020
2 parents f4b4ba6 + e24ef5f
commit f9a8020
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 5 deletions.
diff --git a/.github/workflows/run.e2e-tests.yml b/.github/workflows/run.e2e-tests.yml
@@ -98,9 +98,9 @@ jobs:
       - name: Run Tests
         run: |
           go test -v --timeout 0 --tags="e2e ecs_apps" ./test-e2e
-        continue-on-error: true
 
       - name: Cleanup Infra
+        if: ${{ always() }}
         run: |
           cd "${{ env.IZE_EXAMPLES_PATH }}"
           ize down --auto-approve
@@ -157,14 +157,20 @@ jobs:
         run: ize gen aws-profile
 
       - name: Generate Test SSH Key
-        run: ssh-keygen -q -f ~/.ssh/id_rsa
+        run: |
+          ssh-keygen -q -f ~/.ssh/id_rsa -t rsa -N ''
+          ssh-keygen -q -f ~/.ssh/id_rsa_tunnel_test -t rsa -N ''
+          chmod 600 /home/runner/.ssh/id_rsa_tunnel_test
+          chmod 600 /home/runner/.ssh/id_rsa_tunnel_test.pub
+          cat /home/runner/.ssh/id_rsa_tunnel_test.pub
+          ls -ld /home/runner/.ssh/*
 
       - name: Run Tests
         run: |
           go test -v --timeout 0 --tags="e2e bastion_tunnel" ./test-e2e
-        continue-on-error: true
 
       - name: Cleanup Infra
+        if: ${{ always() }}
         run: |
           cd "${{ env.IZE_EXAMPLES_PATH }}"
           ize down --auto-approve

diff --git a/internal/commands/tunnel_down.go b/internal/commands/tunnel_down.go
@@ -71,6 +71,11 @@ func (o *TunnelDownOptions) Run() error {
 	c := exec.Command(
 		"ssh", "-S", "bastion.sock", "-O", "exit", "",
 	)
+
+	if o.Config.LogLevel == "debug" {
+		c.Args = append(c.Args, "-vvv")
+	}
+
 	out := &bytes.Buffer{}
 	c.Stdout = out
 	c.Stderr = out

diff --git a/internal/commands/tunnel_up.go b/internal/commands/tunnel_up.go
@@ -171,12 +171,15 @@ func (o *TunnelUpOptions) Validate() error {
 
 func (o *TunnelUpOptions) Run() error {
 	logrus.Debugf("public key path: %s", o.PublicKeyFile)
+	logrus.Debugf("private key path: %s", o.PrivateKeyFile)
 
 	pk, err := getPublicKey(o.PublicKeyFile)
 	if err != nil {
 		return fmt.Errorf("can't get public key: %s", err)
 	}
 
+	logrus.Debugf("public key:\n%s", pk)
+
 	if o.Metadata {
 		err = sendSSHPublicKey(o.BastionHostID, pk, o.Config.Session)
 		if err != nil {
@@ -202,6 +205,7 @@ func (o *TunnelUpOptions) Run() error {
 
 func (o *TunnelUpOptions) upTunnel() (string, error) {
 	sshConfigPath := fmt.Sprintf("%s/ssh.config", o.Config.EnvDir)
+	logrus.Debugf("ssh config path: %s", sshConfigPath)
 
 	if err := setAWSCredentials(o.Config.Session); err != nil {
 		return "", fmt.Errorf("can't run tunnel: %w", err)
@@ -250,6 +254,11 @@ func (o *TunnelUpOptions) getSSHCommandArgs(sshConfigPath string) []string {
 	if _, err := os.Stat(o.PrivateKeyFile); !os.IsNotExist(err) {
 		args = append(args, "-i", o.PrivateKeyFile)
 	}
+
+	if o.Config.LogLevel == "debug" {
+		args = append(args, "-vvv")
+	}
+
 	return args
 }
 
@@ -273,6 +282,8 @@ func getTerraformOutput(wr *SSMWrapper, env string) (terraformOutput, error) {
 		return terraformOutput{}, fmt.Errorf("can't get terraform output: %w", err)
 	}
 
+	logrus.Debugf("decoded terrafrom output: \n%s", value)
+
 	var output terraformOutput
 
 	err = json.Unmarshal(value, &output)
@@ -311,9 +322,11 @@ func sendSSHPublicKeyLegacy(bastionID string, key string, sess *session.Session)
 	// This command is executed in the bastion host and it checks if our public key is present. If it's not it uploads it to _authorized_keys file.
 	command := fmt.Sprintf(
 		`grep -qR "%s" /home/ubuntu/.ssh/authorized_keys || echo "%s" >> /home/ubuntu/.ssh/authorized_keys`,
-		key, key,
+		strings.TrimSpace(key), strings.TrimSpace(key),
 	)
 
+	logrus.Debugf("send command: \n%s", command)
+
 	_, err := ssm.New(sess).SendCommand(&ssm.SendCommandInput{
 		InstanceIds:  []*string{&bastionID},
 		DocumentName: aws.String("AWS-RunShellScript"),

diff --git a/test-e2e/bastion_tunnel_test.go b/test-e2e/bastion_tunnel_test.go
@@ -5,6 +5,7 @@ package test
 
 import (
 	"io/fs"
+	"os"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -68,7 +69,12 @@ func TestIzeTunnelUp(t *testing.T) {
 
 	ize := NewBinary(t, izeBinary, examplesRootDir)
 
-	stdout, stderr, err := ize.RunRaw("tunnel", "up")
+	home, err := os.UserHomeDir()
+	if err != nil {
+		t.Errorf("error: %s", err)
+	}
+
+	stdout, stderr, err := ize.RunRaw("tunnel", "up", "--ssh-public-key", filepath.Join(home, ".ssh", "id_rsa_tunnel_test.pub"), "--ssh-private-key", filepath.Join(home, ".ssh", "id_rsa_tunnel_test"))
 
 	if err != nil {
 		t.Errorf("error: %s", err)