diff options
author | brettcave <brett@cave.za.net> | 2014-06-26 04:35:04 +0200 |
---|---|---|
committer | Grant Ridder <shortdudey123@gmail.com> | 2017-02-21 14:03:43 -0800 |
commit | 1c0d4f3e05c3adb88bef0a2302dcca90e885181d (patch) | |
tree | 003c5d53147476cea52fd8788f6941964a210347 | |
parent | 8f318ae3a874f0708cbde3855096d110bb75e5bb (diff) | |
download | chef-1c0d4f3e05c3adb88bef0a2302dcca90e885181d.tar.gz |
CHEF-4538 - add an option for gateway_identity_file that will allow key-based authentication on the gateway.
CHEF-4538 - rename option to be consistent with knife-ec2 option.
CHEF-4538 - added parameter to config. Added config merge from parameter for ssh. Added ssh test for gateway identity.
CHEF-4538 - bootstrap parameter for gateway identity
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 1 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap.rb | 6 | ||||
-rw-r--r-- | lib/chef/knife/ssh.rb | 10 | ||||
-rw-r--r-- | spec/functional/knife/ssh_spec.rb | 29 | ||||
-rw-r--r-- | spec/unit/knife/bootstrap_spec.rb | 5 |
5 files changed, 50 insertions, 1 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 4f2516331d..884b07764f 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -714,6 +714,7 @@ module ChefConfig default :ssh_user, nil default :ssh_attribute, nil default :ssh_gateway, nil + default :ssh_gateway_identity, nil default :bootstrap_version, nil default :bootstrap_proxy, nil default :bootstrap_template, nil diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index ee4d9ce7af..f9dca7896a 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -67,6 +67,11 @@ class Chef :description => "The ssh gateway", :proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key } + option :ssh_gateway_identity, + :long => "--ssh-gateway-identity SSH_GATEWAY_IDENTITY", + :description => "The SSH identity file used for gateway authentication", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway_identity] = key } + option :forward_agent, :short => "-A", :long => "--forward-agent", @@ -438,6 +443,7 @@ class Chef ssh.config[:ssh_password] = config[:ssh_password] ssh.config[:ssh_port] = config[:ssh_port] ssh.config[:ssh_gateway] = config[:ssh_gateway] + ssh.config[:ssh_gateway_identity] = config[:ssh_gateway_identity] ssh.config[:forward_agent] = config[:forward_agent] ssh.config[:ssh_identity_file] = config[:ssh_identity_file] || config[:identity_file] ssh.config[:manual] = true diff --git a/lib/chef/knife/ssh.rb b/lib/chef/knife/ssh.rb index e206f72630..825160756f 100644 --- a/lib/chef/knife/ssh.rb +++ b/lib/chef/knife/ssh.rb @@ -92,6 +92,11 @@ class Chef :description => "The ssh gateway", :proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key.strip } + option :ssh_gateway_identity, + :long => "--ssh-gateway-identity SSH_GATEWAY_IDENTITY", + :description => "The SSH identity file used for gateway authentication", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway_identity] = key.strip } + option :forward_agent, :short => "-A", :long => "--forward-agent", @@ -250,7 +255,10 @@ class Chef {}.tap do |opts| # Chef::Config[:knife][:ssh_user] is parsed in #configure_user and written to config[:ssh_user] opts[:user] = user || config[:ssh_user] || ssh_config[:user] - if config[:ssh_identity_file] + if config[:ssh_gateway_identity] + opts[:keys] = File.expand_path(config[:ssh_gateway_identity]) + opts[:keys_only] = true + elsif config[:ssh_identity_file] opts[:keys] = File.expand_path(config[:ssh_identity_file]) opts[:keys_only] = true elsif config[:ssh_password] diff --git a/spec/functional/knife/ssh_spec.rb b/spec/functional/knife/ssh_spec.rb index aea7585bb2..911ef14a72 100644 --- a/spec/functional/knife/ssh_spec.rb +++ b/spec/functional/knife/ssh_spec.rb @@ -246,6 +246,35 @@ describe Chef::Knife::Ssh do end end + context "when knife[:ssh_gateway_identity] is set" do + before do + setup_knife(['*:*','uptime']) + Chef::Config[:knife][:ssh_gateway] = "user@ec2.public_hostname" + Chef::Config[:knife][:ssh_gateway_identity] = "~/.ssh/aws-gateway.rsa" + end + + it "uses the ssh_gateway_identity file" do + expect(@knife.session).to receive(:via).with("ec2.public_hostname", "user",{:keys=>"~/.ssh/aws-gateway.rsa"}) + @knife.run + expect(@knife.config[:ssh_gateway_identity]).to eq("~/.ssh/aws-gateway.rsa") + end + end + + context "when -ssh-gateway-identity is provided and knife[:ssh_gateway] is set" do + before do + setup_knife(['--ssh-gateway-identity','~/.ssh/aws-gateway.rsa','*:*','uptime']) + Chef::Config[:knife][:ssh_gateway] = "user@ec2.public_hostname" + Chef::Config[:knife][:ssh_gateway_identity] = nil + end + + it "uses the ssh_gateway_identity file" do + expect(@knife.session).to receive(:via).with("ec2.public_hostname", "user",{:keys=>"~/.ssh/aws-gateway.rsa"}) + @knife.run + expect(@knife.config[:ssh_gateway_identity]).to eq("~/.ssh/aws-gateway.rsa") + end + end + + context "when the gateway requires a password" do before do setup_knife(["-G user@ec2.public_hostname", "*:*", "uptime"]) diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index 9f944b82d9..003dd61875 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -649,6 +649,7 @@ describe Chef::Knife::Bootstrap do Chef::Config[:knife][:forward_agent] = true Chef::Config[:knife][:ssh_identity_file] = "~/.ssh/you.rsa" Chef::Config[:knife][:ssh_gateway] = "towel.blinkenlights.nl" + Chef::Config[:knife][:ssh_gateway_identity] = "~/.ssh/gateway.rsa" Chef::Config[:knife][:host_key_verify] = true allow(knife).to receive(:render_template).and_return("") knife.config = {} @@ -676,6 +677,10 @@ describe Chef::Knife::Bootstrap do expect(knife_ssh.config[:ssh_gateway]).to eq("towel.blinkenlights.nl") end + it "configures the ssh gateway identity" do + expect(knife_ssh.config[:ssh_gateway_identity]).to eq('~/.ssh/gateway.rsa') + end + it "configures the host key verify mode" do expect(knife_ssh.config[:host_key_verify]).to eq(true) end |