From 5dcbd35e4059c4d10d48d81981f74401e9f30da7 Mon Sep 17 00:00:00 2001
From: Yunchi Luo <mightyguava@gmail.com>
Date: Thu, 25 Aug 2022 12:15:51 -0400
Subject: [PATCH] Enable SSH tests

---
 api/krusty/remoteload_test.go                 | 32 +++++++++++++++++--
 .../testdata/repo_read_only_ssh_key.yaml      |  5 +++
 2 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 api/krusty/testdata/repo_read_only_ssh_key.yaml

diff --git a/api/krusty/remoteload_test.go b/api/krusty/remoteload_test.go
index 376e972d71..e28c4365a9 100644
--- a/api/krusty/remoteload_test.go
+++ b/api/krusty/remoteload_test.go
@@ -4,7 +4,10 @@
 package krusty_test
 
 import (
+	"bytes"
+	"encoding/base64"
 	"fmt"
+	"io"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -17,6 +20,7 @@ import (
 	"sigs.k8s.io/kustomize/api/loader"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
+	"sigs.k8s.io/kustomize/kyaml/yaml"
 )
 
 const resourcesField = `resources:
@@ -97,11 +101,36 @@ func runResourceTests(t *testing.T, cases map[string]*remoteResourceCase) {
 			if savedTest.local && !isLocalEnv(req) {
 				t.SkipNow()
 			}
+			configureGitSSHCommand(t)
 			testRemoteResource(req, test)
 		})
 	}
 }
 
+func configureGitSSHCommand(t *testing.T) {
+	t.Helper()
+
+	// This contains a read-only Deploy Key for the kustomize repo.
+	node, err := yaml.ReadFile("testdata/repo_read_only_ssh_key.yaml")
+	require.NoError(t, err)
+	keyB64, err := node.GetString("key")
+	require.NoError(t, err)
+	key, err := base64.StdEncoding.DecodeString(keyB64)
+	require.NoError(t, err)
+
+	// Write the key to a temp file and use it in SSH
+	f, err := os.CreateTemp("", "kustomize_ssh")
+	require.NoError(t, err)
+	_, err = io.Copy(f, bytes.NewReader(key))
+	require.NoError(t, err)
+	cmd := fmt.Sprintf("ssh -i %s", f.Name())
+	const SSHCommandKey = "GIT_SSH_COMMAND"
+	t.Setenv(SSHCommandKey, cmd)
+	t.Cleanup(func() {
+		_ = os.Remove(f.Name())
+	})
+}
+
 func TestRemoteLoad(t *testing.T) {
 	req := require.New(t)
 
@@ -148,17 +177,14 @@ namePrefix: dev-`,
 }
 
 func TestRemoteResourceSsh(t *testing.T) {
-	// TODO: add ssh keys to server to run these tests
 	tests := map[string]*remoteResourceCase{
 		"scp shorthand": {
-			local: true,
 			kustomization: `
 resources:
 - git@github.com:kubernetes-sigs/kustomize//examples/multibases/dev/?ref=v1.0.6`,
 			expected: multibaseDevExampleBuild,
 		},
 		"full ssh, no ending slash": {
-			local: true,
 			kustomization: `
 resources:
 - ssh://git@github.com/kubernetes-sigs/kustomize//examples/multibases/dev?ref=v1.0.6`,
diff --git a/api/krusty/testdata/repo_read_only_ssh_key.yaml b/api/krusty/testdata/repo_read_only_ssh_key.yaml
new file mode 100644
index 0000000000..e5d7076f0a
--- /dev/null
+++ b/api/krusty/testdata/repo_read_only_ssh_key.yaml
@@ -0,0 +1,5 @@
+# This is a base64 encoded SSH private key configured as a GitHub Deploy key,
+# with read-only access to the kustomize repo
+# DO NOT copy this key anywhere else.
+# DO NOT give it additional permissions.
+key: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNBVHRxUEpEUFI3dW5QMHF5YTVYZGhYQ1pJSmVRaDgzNHoyUk9zSm9rTWE2QUFBQUppdGppaE5yWTRvClRRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQVR0cVBKRFBSN3VuUDBxeWE1WGRoWENaSUplUWg4MzR6MlJPc0pva01hNkEKQUFBRUM3KzcvdnRlQW5QdWVBTm5vaEE5b0U2dHBCeHJSWUVubnA5Y1lURnFqOGhCTzJvOGtNOUh1NmMvU3JKcmxkMkZjSgprZ2w1Q0h6ZmpQWkU2d21pUXhyb0FBQUFFbXR1TG5abGNtVjVRR2R0WVdsc0xtTnZiUUVDQXc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K