Support directly designating a gitSSHKey instead of File for launcher (…

…#5258) * Generate v0.49.x docs Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * add --git-ssh-key-env Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * update docs: add '--git-ssh-key-env' Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * add '\n' at the end of ssh key Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Directly use data instead of env Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Clarify the flag description Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * fix error message: 'and' -> 'or' Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> --------- Signed-off-by: t-kikuc <tkikuchi07f@gmail.com>
pipe-cd · Oct 7, 2024 · f017312 · f017312
1 parent d1f3d7e
commit f017312
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/docs/content/en/docs-dev/user-guide/managing-piped/runtime-options.md b/docs/content/en/docs-dev/user-guide/managing-piped/runtime-options.md
@@ -62,7 +62,8 @@ Flags:
       --git-branch string                     Branch of git repository to for Piped config.
       --git-piped-config-file string          Relative path within git repository to locate Piped config file.
       --git-repo-url string                   The remote URL of git repository to fetch Piped config.
-      --git-ssh-key-file string               The path to SSH private key to fetch private git repository.
+      --git-ssh-key-data string               Base64 encoded value of SSH private key to fetch Piped config from the private git repository.
+      --git-ssh-key-file string               The path to SSH private key to fetch Piped config from private git repository.
       --grace-period duration                 How long to wait for graceful shutdown. (default 30s)
   -h, --help                                  help for launcher
       --home-dir string                       The working directory of Launcher.

diff --git a/pkg/app/launcher/cmd/launcher/launcher.go b/pkg/app/launcher/cmd/launcher/launcher.go
@@ -73,6 +73,7 @@ type launcher struct {
 	gitBranch                      string
 	gitPipedConfigFile             string
 	gitSSHKeyFile                  string
+	gitSSHKeyData                  string
 	insecure                       bool
 	certFile                       string
 	homeDir                        string
@@ -119,7 +120,8 @@ func NewCommand() *cobra.Command {
 	cmd.Flags().StringVar(&l.gitRepoURL, "git-repo-url", l.gitRepoURL, "The remote URL of git repository to fetch Piped config.")
 	cmd.Flags().StringVar(&l.gitBranch, "git-branch", l.gitBranch, "Branch of git repository to for Piped config.")
 	cmd.Flags().StringVar(&l.gitPipedConfigFile, "git-piped-config-file", l.gitPipedConfigFile, "Relative path within git repository to locate Piped config file.")
-	cmd.Flags().StringVar(&l.gitSSHKeyFile, "git-ssh-key-file", l.gitSSHKeyFile, "The path to SSH private key to fetch private git repository.")
+	cmd.Flags().StringVar(&l.gitSSHKeyFile, "git-ssh-key-file", l.gitSSHKeyFile, "The path to SSH private key to fetch Piped config from the private git repository.")
+	cmd.Flags().StringVar(&l.gitSSHKeyData, "git-ssh-key-data", l.gitSSHKeyData, "The base64 encoded value of SSH private key to fetch Piped config from the private git repository.")
 
 	cmd.Flags().BoolVar(&l.insecure, "insecure", l.insecure, "Whether disabling transport security while connecting to control-plane.")
 	cmd.Flags().StringVar(&l.certFile, "cert-file", l.certFile, "The path to the TLS certificate file.")
@@ -146,6 +148,7 @@ func NewCommand() *cobra.Command {
 		"git-branch":                          {},
 		"git-piped-config-file":               {},
 		"git-ssh-key-file":                    {},
+		"git-ssh-key-data":                    {},
 		"home-dir":                            {},
 		"default-version":                     {},
 		"launcher-admin-port":                 {},
@@ -181,6 +184,9 @@ func (l *launcher) validateFlags() error {
 		if l.gitPipedConfigFile == "" {
 			return fmt.Errorf("git-piped-config-path must be set to load config from a git repository")
 		}
+		if l.gitSSHKeyFile != "" && l.gitSSHKeyData != "" {
+			return fmt.Errorf("only one of git-ssh-key-file or git-ssh-key-data can be set")
+		}
 	}
 	return nil
 }
@@ -227,6 +233,23 @@ func (l *launcher) run(ctx context.Context, input cli.Input) error {
 		if l.gitSSHKeyFile != "" {
 			options = append(options, git.WithGitEnv(fmt.Sprintf("GIT_SSH_COMMAND=ssh -i %s -o StrictHostKeyChecking=no -F /dev/null", l.gitSSHKeyFile)))
 		}
+		if l.gitSSHKeyData != "" {
+			decodedKey, err := base64.StdEncoding.DecodeString(l.gitSSHKeyData)
+			if err != nil {
+				return fmt.Errorf("failed to decode SSH key data, (%w)", err)
+			}
+			tmpKeyFile, err := os.CreateTemp("", "git-ssh-key-data")
+			if err != nil {
+				return fmt.Errorf("failed to create a temp file for SSH key data (%w)", err)
+			}
+			if _, err = tmpKeyFile.Write(decodedKey); err != nil {
+				return fmt.Errorf("failed to write SSH key data to a temp file  (%w)", err)
+			}
+
+			options = append(options, git.WithGitEnv(fmt.Sprintf("GIT_SSH_COMMAND=ssh -i %s -o StrictHostKeyChecking=no -F /dev/null", tmpKeyFile.Name())))
+			defer os.Remove(tmpKeyFile.Name())
+		}
+
 		gc, err := git.NewClient(options...)
 		if err != nil {
 			input.Logger.Error("failed to initialize git client", zap.Error(err))