Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use git binary for fetch to make ssh easier #492

Merged
merged 1 commit into from
Jul 15, 2021
Merged

Use git binary for fetch to make ssh easier #492

merged 1 commit into from
Jul 15, 2021

Conversation

amisevsk
Copy link
Collaborator

What does this PR do?

Make changes necessary to make basic SSH support work in the project clone container (basically, just use git binary for all operations involving remote repos.

Currently, project-clone expects ssh keys to be stored in /.ssh, since no $HOME directory is configured for that container. To ensure compatibility with other editors, we should refine how users/homedirs are defined to make sure the same secret can be used for all workspace containers.

What issues does this PR fix or reference?

Closes #400

Is it tested? How?

Can be tested using the image quay.io/amisevsk/project-clone:ssh (change RELATED_IMAGE_project_clone on the controller deployment).

To manually test usage with a private repo, create a new ssh key (without passkey) and upload the pubkey to GitHub. Then, create a k8s secret in your namespace:

cat > /tmp/gitconfig <<EOF
host *
  IdentityFile /.ssh/id_rsa
  StrictHostKeyChecking = no
EOF

kubectl create secret generic git-ssh-key \
  --from-file=id_rsa=/path/to/private-key \
  --from-file=id_rsa.pub=/path/to/public-key \
  --from-file=config=/tmp/gitconfig

kubectl patch secret git-ssh-key --type merge -p \
  '{"metadata": {
     "labels": {
        "controller.devfile.io/mount-to-devworkspace": "true"
      }, 
      "annotations": {
        "controller.devfile.io/mount-path": "/.ssh/"
      }
    }
  }'

Once this is done, you should be able to create DevWorkspaces that use private repos.

PR Checklist

  • E2E tests pass (when PR is ready, comment /test v7-devworkspaces-operator-e2e, v7-devworkspace-happy-path to trigger)
    • v7-devworkspaces-operator-e2e: DevWorkspace e2e test
    • v7-devworkspace-happy-path: DevWorkspace e2e test

@openshift-ci openshift-ci bot requested a review from JPinkney July 15, 2021 04:46
@amisevsk amisevsk mentioned this pull request Jul 15, 2021
Merged
3 tasks
sleshchenko
sleshchenko approved these changes Jul 15, 2021
View reviewed changes
Copy link
Member

@sleshchenko sleshchenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

During testing I noticed that the following message happens twice, on cloning and fetching

Failed to add the host to the list of known hosts (/.ssh/known_hosts).

But it's not really related to this PR changes.
I think ssh config just needs to be fixed to specify writable known_host

@openshift-ci openshift-ci bot added the lgtm label Jul 15, 2021
@amisevsk @sleshchenko
Use git binary for fetch to make ssh easier
d2f9a89 
Use the regular git binary for fetch (and all operations that involve
remote repos) to make automatically picking up SSH keys easier.
Otherwise, it's required to set up ssh-agent in go-git for only the
fetching remotes step.

Signed-off-by: Angel Misevski <amisevsk@redhat.com>
@openshift-ci openshift-ci bot removed the lgtm label Jul 15, 2021
@sleshchenko
Copy link
Member

/test v7-devworkspaces-operator-e2e, v7-devworkspace-happy-path

@sleshchenko
Copy link
Member

rebased against main branch to fix required PR checks

@openshift-ci openshift-ci bot added the lgtm label Jul 15, 2021
@openshift-ci
Copy link

openshift-ci bot commented Jul 15, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amisevsk, JPinkney, sleshchenko

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [JPinkney,amisevsk,sleshchenko]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@amisevsk amisevsk merged commit a82f702 into devfile:main Jul 15, 2021
@amisevsk amisevsk deleted the project-clone-ssh branch July 15, 2021 21:06
@sleshchenko sleshchenko mentioned this pull request Sep 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sleshchenko sleshchenko sleshchenko approved these changes

@JPinkney JPinkney JPinkney approved these changes

Assignees

@sleshchenko sleshchenko

@JPinkney JPinkney

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Project clone init container should respect sshkeys and gittokens
3 participants
@amisevsk @sleshchenko @JPinkney