CHE-5169: Add Git credentials agent (#5285)

Git credentials agent fetches SSH keys and Git username and email from CHE user preferences, and injects to console Git preferences
eclipse-che · Jun 14, 2017 · c5e7a34 · c5e7a34
1 parent 1efb87a
commit c5e7a34
Show file tree

Hide file tree

Showing 8 changed files with 147 additions and 0 deletions.
diff --git a/agents/git-credentials/pom.xml b/agents/git-credentials/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (c) 2012-2017 Codenvy, S.A.
+    All rights reserved. This program and the accompanying materials
+    are made available under the terms of the Eclipse Public License v1.0
+    which accompanies this distribution, and is available at
+    http://www.eclipse.org/legal/epl-v10.html
+
+    Contributors:
+      Codenvy, S.A. - initial API and implementation
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>che-agents-parent</artifactId>
+        <groupId>org.eclipse.che</groupId>
+        <version>5.13.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>git-credentials-agent</artifactId>
+    <name>Git Credentials Agent</name>
+    <dependencies>
+        <dependency>
+            <groupId>com.google.inject</groupId>
+            <artifactId>guice</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.che.core</groupId>
+            <artifactId>che-core-api-agent-shared</artifactId>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/agents/git-credentials/src/main/java/org/eclipse/che/api/agent/GitCredentialsAgent.java b/agents/git-credentials/src/main/java/org/eclipse/che/api/agent/GitCredentialsAgent.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ * Copyright (c) 2012-2017 Codenvy, S.A.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *   Codenvy, S.A. - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.che.api.agent;
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+import org.eclipse.che.api.agent.shared.model.Agent;
+import org.eclipse.che.api.agent.shared.model.impl.BasicAgent;
+
+import java.io.IOException;
+
+/**
+ * Git credentials agent.
+ * Creates sh script that retrieves SSH keys from user preferences for console Git SSH operations.
+ * Injects Git username and email from user preferences to console Git preferences.
+ *
+ * @see Agent
+ *
+ * @author Igor Vinokur
+ */
+@Singleton
+public class GitCredentialsAgent extends BasicAgent {
+    private static final String AGENT_DESCRIPTOR = "org.eclipse.che.git.json";
+    private static final String AGENT_SCRIPT     = "org.eclipse.che.git.script.sh";
+
+    @Inject
+    public GitCredentialsAgent() throws IOException {
+        super(AGENT_DESCRIPTOR, AGENT_SCRIPT);
+    }
+}
diff --git a/agents/git-credentials/src/main/resources/org.eclipse.che.git.json b/agents/git-credentials/src/main/resources/org.eclipse.che.git.json
@@ -0,0 +1,5 @@
+{
+  "id": "org.eclipse.che.git-credentials",
+  "name": "Git-Credentials-Agent",
+  "description": "Agent fetches SSH keys, Git username and email from CHE user preferences, and injects to console Git"
+}
diff --git a/agents/git-credentials/src/main/resources/org.eclipse.che.git.script.sh b/agents/git-credentials/src/main/resources/org.eclipse.che.git.script.sh
@@ -0,0 +1,58 @@
+#
+# Copyright (c) 2012-2017 Codenvy, S.A.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# Contributors:
+#   Codenvy, S.A. - initial API and implementation
+#
+
+SCRIPT_FILE=~/.ssh/git.sh
+
+token=$(if [ "$USER_TOKEN" != "dummy_token" ]; then echo "$USER_TOKEN"; fi)
+che_host=$(cat /etc/hosts | grep che-host | awk '{print $1;}')
+api_url=$(if [ "$CHE_API" != "http://che-host:8080/wsmaster/api" ]; then echo "$CHE_API"; else echo "$che_host:8080/api"; fi)
+
+CURL_INSTALLED=false
+WGET_INSTALLED=false
+command -v curl >/dev/null 2>&1 && CURL_INSTALLED=true
+command -v wget >/dev/null 2>&1 && WGET_INSTALLED=true
+
+# no curl, no wget, install curl
+if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then
+  PACKAGES=${PACKAGES}" curl";
+  CURL_INSTALLED=true
+fi
+
+request=$(if ${CURL_INSTALLED}; then echo 'curl -s'; else echo 'wget -qO-'; fi)
+
+echo 'host=$(echo $(if [ "$1" = "-p" ]; then echo "$3" ; else echo "$1"; fi) | sed -e "s/git@//")' > ${SCRIPT_FILE}
+echo 'token='"$token" >> ${SCRIPT_FILE}
+echo 'api_url='"$api_url" >> ${SCRIPT_FILE}
+echo 'request="'${request}'"' >> ${SCRIPT_FILE}
+# Ssh key request may return key with decoded '=' symbol, so need to replace '\u003d' to '='.
+# TODO remove the replacement after https://github.com/eclipse/che/issues/5253 will be fixed.
+echo 'ssh_key=$(${request} "$api_url/ssh/vcs/find?name=$host$(if [ -n "$token" ]; then echo "&token=$token"; fi)"| grep -Po '\''"privateKey":.*?[^\\\\]",'\''| sed -e "s/\"privateKey\":\"//" | sed -e "s/\\\\\u003d/=/g")' >> ${SCRIPT_FILE}
+echo 'if [ -n "$ssh_key" ]' >> ${SCRIPT_FILE}
+echo 'then' >> ${SCRIPT_FILE}
+echo '    key_file=$(mktemp)' >> ${SCRIPT_FILE}
+echo '    echo "$ssh_key" > "$key_file"' >> ${SCRIPT_FILE}
+echo '    ssh -i "$key_file" "$@"' >> ${SCRIPT_FILE}
+echo '    rm "$key_file"' >> ${SCRIPT_FILE}
+echo 'else' >> ${SCRIPT_FILE}
+echo '    ssh "$@"' >> ${SCRIPT_FILE}
+echo 'fi' >> ${SCRIPT_FILE}
+
+chmod +x ${SCRIPT_FILE}
+
+user_name="$(${request} "$api_url/preferences$(if [ -n "$token" ]; then echo "?token=$token"; fi)" | grep -Po '"git.committer.name":.*?[^\\]",' | sed -e "s/\"git.committer.name\":\"//" | sed -e "s/\",//")"
+user_email="$(${request} "$api_url/preferences$(if [ -n "$token" ]; then echo "?token=$token"; fi)" | grep -Po '"git.committer.email":.*?[^\\]",' | sed -e "s/\"git.committer.email\":\"//" | sed -e "s/\",//")"
+git config --global user.name \""$user_name"\"
+git config --global user.email \""$user_email"\"
+
+if [ -z "$(cat ~/.bashrc | grep GIT_SSH)" ]
+then
+    printf '\n export GIT_SSH='"$SCRIPT_FILE" >> ~/.bashrc
+fi
diff --git a/agents/pom.xml b/agents/pom.xml
@@ -32,6 +32,7 @@
         <module>che-core-api-agent-shared</module>
         <module>che-core-api-agent</module>
         <module>ls-json</module>
+        <module>git-credentials</module>
         <module>ls-php</module>
         <module>ls-python</module>
         <module>ls-typescript</module>

diff --git a/assembly/assembly-wsmaster-war/pom.xml b/assembly/assembly-wsmaster-war/pom.xml
@@ -66,6 +66,10 @@
             <groupId>org.eclipse.che</groupId>
             <artifactId>exec-agent</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.che</groupId>
+            <artifactId>git-credentials-agent</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.eclipse.che</groupId>
             <artifactId>ls-csharp-agent</artifactId>

diff --git a/assembly/assembly-wsmaster-war/src/main/java/org/eclipse/che/api/deploy/WsMasterModule.java b/assembly/assembly-wsmaster-war/src/main/java/org/eclipse/che/api/deploy/WsMasterModule.java
@@ -14,6 +14,7 @@
 import com.google.inject.multibindings.Multibinder;
 import com.google.inject.name.Names;
 
+import org.eclipse.che.api.agent.GitCredentialsAgent;
 import org.eclipse.che.api.agent.LSCSharpAgent;
 import org.eclipse.che.api.agent.LSJsonAgent;
 import org.eclipse.che.api.agent.LSPhpAgent;
@@ -150,6 +151,7 @@ protected void configure() {
         agents.addBinding().to(LSJsonAgent.class);
         agents.addBinding().to(LSCSharpAgent.class);
         agents.addBinding().to(LSTypeScriptAgent.class);
+        agents.addBinding().to(GitCredentialsAgent.class);
 
         Multibinder<AgentLauncher> launchers = Multibinder.newSetBinder(binder(), AgentLauncher.class);
         launchers.addBinding().to(WsAgentLauncher.class);

diff --git a/pom.xml b/pom.xml
@@ -117,6 +117,11 @@
                 <type>tar.gz</type>
                 <classifier>linux_amd64</classifier>
             </dependency>
+            <dependency>
+                <groupId>org.eclipse.che</groupId>
+                <artifactId>git-credentials-agent</artifactId>
+                <version>${che.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.eclipse.che</groupId>
                 <artifactId>ls-csharp-agent</artifactId>