New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
7198: SSH Tunnel: allow using OPENSSH key format #15833
7198: SSH Tunnel: allow using OPENSSH key format #15833
Conversation
/test connector=connectors/destination-postgres
|
/test connector=connectors/destination-postgres
|
/test connector=connectors/destination-postgres
|
…ing_OPENSSH_key_format_2' into feature/7198_SSH_Tunnel_allow_using_OPENSSH_key_format_2 # Conflicts: # docs/understanding-airbyte/basic-normalization.md
/test connector=connectors/destination-postgres |
asking @rodireich to review this together with #15635 and #15529 in order to avoid these PRs breaking each other |
This can be done with BouncyCastle I think. |
@rodireich |
@rodireich can you take a look at the comment from @kimerinn? |
The following code will turn an SSH-Ed25519 private key into java security's KeyPair using Bouncycastle:
|
NOTE
|
NOTE
|
|
||
class SshTunnelTest { | ||
|
||
private static final String SSH_ED25519_PRIVATE_KEY = "-----BEGIN OPENSSH PRIVATE KEY-----\\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this information be placed into a separate file? The gut feeling is that maybe this shouldn't just be openly visible in a test file. There are private keys stored in separate files: https://github.com/airbytehq/airbyte/blob/7aa7a373db6d9072d2642b57dbdb42ef47f92234/tools/integrations-test-ssl/mssql.key
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are all random keys created with ssh-keygen -t rsa
and ssh-keygen -t ed25519
.
No actual secrets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added link do doc
return new KeyPair( | ||
converter.getPublicKey(SubjectPublicKeyInfo.getInstance(keypair.getPublicKeyInfo())), | ||
converter.getPrivateKey(keypair.getPrivateKeyInfo())); | ||
KeyPair getPrivateKeyPair() throws IOException, GeneralSecurityException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason this is no longer private
and if so how come?
Minor nit: not a fan of using kp
as a variable name since it's not abundantly clear what that means. I presume it means keypair
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is required for testing. Reduced visibility to package private, and changed name.
thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some minor comments to address but overall looks good
NOTE
|
/test connector=connectors/destination-postgres
Build PassedTest summary info:
|
NOTE
|
/publish connector=bases/base-normalization if you have connectors that successfully published but failed definition generation, follow step 4 here |
* 7198: SSH Tunnel: allow using OPENSSH key format * 7198: merge * 7198: merge fix * Use apache sshd lib to load private keys for tunnel * Throw an exception in case private key failed to load * Fix failing flow when creating NO_TUNNEL wrapper * bump version numbers * Address review comments. Fix test Co-authored-by: Rodi Reich Zilberman <867491+rodireich@users.noreply.github.com>
* 7198: SSH Tunnel: allow using OPENSSH key format * 7198: merge * 7198: merge fix * Use apache sshd lib to load private keys for tunnel * Throw an exception in case private key failed to load * Fix failing flow when creating NO_TUNNEL wrapper * bump version numbers * Address review comments. Fix test Co-authored-by: Rodi Reich Zilberman <867491+rodireich@users.noreply.github.com>
What
This closes #7198 .
Allows to use nonencrypted OPENSSH keys for SSH tunneling
How
Use sshlib library to deal with OPENSSH keys
github.com/connectbot/sshlib
Recommended reading order
🚨 User Impact 🚨
Are there any breaking changes? What is the end result perceived by the user? If yes, please merge this PR with the 🚨🚨 emoji so changelog authors can further highlight this if needed.
Pre-merge Checklist
Expand the relevant checklist and delete the others.
New Connector
Community member or Airbyter
airbyte_secret
./gradlew :airbyte-integrations:connectors:<name>:integrationTest
.README.md
bootstrap.md
. See description and examplesdocs/integrations/<source or destination>/<name>.md
including changelog. See changelog exampledocs/integrations/README.md
airbyte-integrations/builds.md
Airbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>
command is passing/publish
command described hereUpdating a connector
Community member or Airbyter
airbyte_secret
./gradlew :airbyte-integrations:connectors:<name>:integrationTest
.README.md
bootstrap.md
. See description and examplesdocs/integrations/<source or destination>/<name>.md
including changelog. See changelog exampleAirbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>
command is passing/publish
command described hereConnector Generator
-scaffold
in their name) have been updated with the latest scaffold by running./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplates
then checking in your changesTests
Unit
Put your unit tests output here.
Integration
Put your integration tests output here.
Acceptance
Put your acceptance tests output here.