summaryrefslogtreecommitdiff
path: root/lib/chef/knife
diff options
context:
space:
mode:
authorThom May <thom@may.lt>2017-03-06 19:35:44 +0000
committerGitHub <noreply@github.com>2017-03-06 19:35:44 +0000
commit8f146dce498b380bb8e70a22688055adf5f6daae (patch)
tree3ac26c492cc998e8be3f6f57881d2bab4a69b7b8 /lib/chef/knife
parentb4632f4263ee4ddec7f92cdb9e1ee6dee68fc758 (diff)
parent8d8d533642def762cf5fe57ade8460a880e50c40 (diff)
downloadchef-8f146dce498b380bb8e70a22688055adf5f6daae.tar.gz
Merge pull request #5830 from shortdudey123/CHEF-4538_ssh-gateway-identity-auth
CHEF-4538 - add an option for gateway_identity_file that will allow key-based authentication on the gateway.
Diffstat (limited to 'lib/chef/knife')
-rw-r--r--lib/chef/knife/bootstrap.rb6
-rw-r--r--lib/chef/knife/ssh.rb14
2 files changed, 19 insertions, 1 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb
index ee4d9ce7af..f9dca7896a 100644
--- a/lib/chef/knife/bootstrap.rb
+++ b/lib/chef/knife/bootstrap.rb
@@ -67,6 +67,11 @@ class Chef
:description => "The ssh gateway",
:proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key }
+ option :ssh_gateway_identity,
+ :long => "--ssh-gateway-identity SSH_GATEWAY_IDENTITY",
+ :description => "The SSH identity file used for gateway authentication",
+ :proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway_identity] = key }
+
option :forward_agent,
:short => "-A",
:long => "--forward-agent",
@@ -438,6 +443,7 @@ class Chef
ssh.config[:ssh_password] = config[:ssh_password]
ssh.config[:ssh_port] = config[:ssh_port]
ssh.config[:ssh_gateway] = config[:ssh_gateway]
+ ssh.config[:ssh_gateway_identity] = config[:ssh_gateway_identity]
ssh.config[:forward_agent] = config[:forward_agent]
ssh.config[:ssh_identity_file] = config[:ssh_identity_file] || config[:identity_file]
ssh.config[:manual] = true
diff --git a/lib/chef/knife/ssh.rb b/lib/chef/knife/ssh.rb
index e206f72630..d79565991f 100644
--- a/lib/chef/knife/ssh.rb
+++ b/lib/chef/knife/ssh.rb
@@ -92,6 +92,10 @@ class Chef
:description => "The ssh gateway",
:proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key.strip }
+ option :ssh_gateway_identity,
+ :long => "--ssh-gateway-identity SSH_GATEWAY_IDENTITY",
+ :description => "The SSH identity file used for gateway authentication"
+
option :forward_agent,
:short => "-A",
:long => "--forward-agent",
@@ -250,7 +254,10 @@ class Chef
{}.tap do |opts|
# Chef::Config[:knife][:ssh_user] is parsed in #configure_user and written to config[:ssh_user]
opts[:user] = user || config[:ssh_user] || ssh_config[:user]
- if config[:ssh_identity_file]
+ if config[:ssh_gateway_identity]
+ opts[:keys] = File.expand_path(config[:ssh_gateway_identity])
+ opts[:keys_only] = true
+ elsif config[:ssh_identity_file]
opts[:keys] = File.expand_path(config[:ssh_identity_file])
opts[:keys_only] = true
elsif config[:ssh_password]
@@ -546,6 +553,10 @@ class Chef
config[:ssh_identity_file] = get_stripped_unfrozen_value(config[:ssh_identity_file] || config[:identity_file] || Chef::Config[:knife][:ssh_identity_file])
end
+ def configure_ssh_gateway_identity
+ config[:ssh_gateway_identity] = get_stripped_unfrozen_value(config[:ssh_gateway_identity] || Chef::Config[:knife][:ssh_gateway_identity])
+ end
+
def run
@longest = 0
@@ -553,6 +564,7 @@ class Chef
configure_password
@password = config[:ssh_password] if config[:ssh_password]
configure_ssh_identity_file
+ configure_ssh_gateway_identity
configure_gateway
configure_session