Automatic SSH tunneling with Deploy credentials file #99
Conversation
|
Awesome, working for me 👍 |
|
yusef, let's use ssh keys -- using passwords is a very bad idea. |
| const Multihash = require('multihashes') | ||
| const { JQ_PATH } = require('../../metadata/jqStream') | ||
| const childProcess = require('child_process') | ||
| const sshTunnel = require('tunnel-ssh') | ||
| const yaml = require('js-yaml') |
There was a problem hiding this comment.
how did we end up with yaml, just the deploy default?
There was a problem hiding this comment.
yeah, that was mostly just laziness on my part. I'd be happy to change the deploy side to JSON, and possibly change the format so that it matches the options for tunnel-ssh more closely.
There was a problem hiding this comment.
I'd prefer to avoid config format proliferation this early in the process, even if yaml and JSON can technically the equivalent
| ? deployCredsToTunnelConfig(deployCredentialsFile) | ||
| : null | ||
|
|
||
| let sshTunnelPromise = Promise.resolve() |
There was a problem hiding this comment.
would put this in an else block on 119 to make it clearer
| sshTunnelPromise | ||
| .then(() => handler(subcommandOptions)) | ||
| .then(closeTunnel) | ||
| .catch(err => { |
There was a problem hiding this comment.
was going to say that you can just write this as .catch(err => ...).then(closeTunnel) but I guess not if you want to rethrow... I wonder what byzantine reasons exist for finally not making it into the spec
my only nitpick here is the use of Promise.resolve() in what is clearly an error context (e.g. https://github.com/mediachain/aleph/pull/99/files#diff-d697977bdb0d2a7923a62aaffcc24d13R28)
There was a problem hiding this comment.
Yeah, I wasn't happy about that either. I think the right thing to do is have the command handlers just throw on error conditions and have the subcommand helper be responsible for printing errors to the console, cleaning up and exiting the process.
yusefnapora
force-pushed
the
yn-auto-tunnel
branch
from
90c412a
to
75f8bfd
Compare
yusefnapora
force-pushed
the
yn-auto-tunnel
branch
from
75f8bfd
to
6cd9062
Compare
This adds a
--deployCredentialsFileoption that you can point at the file downloaded at the end of the Deploy process. If given, it will create an SSH tunnel for you to the remote machine, using the ip address, username and password from the file. It uses a javascript SSH implementation, so it should work on Windows.To get this to work, I made a
subcommandhelper function that wraps each subcommand handler. If an SSH config is given, it creates the tunnel, runs the handler, then closes the tunnel afterwards. The subcommand handler functions had to be tweaked slightly to return aPromise, which the wrapper waits on before closing the tunnel.I also made the
subcommandhelper create theRestClientinstance, so subcommands can just pull theclientmember out of their options object, instead of grabbingapiUrland creating aRestClient. That may come in handy if we ever add more options to theRestClientconstructor, since we can just update it in one place.example:
For this to be truly great, I'd like to add persistent configuration to
mcclient, so we can store the credentials in e.g.~/.mediachain/mcclient/config.json. Then we wouldn't need to require the--deployCredentialsFileoption for every command. That seems like it belongs in its own PR though.Closes #92