Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor/ssh authentication #3590

Merged
merged 1 commit into from
Mar 14, 2024
Merged

Refactor/ssh authentication #3590

merged 1 commit into from
Mar 14, 2024

Conversation

heiytor
Copy link
Contributor

@heiytor heiytor commented Mar 7, 2024
edited

We are introducing a new method for initiating and authenticating requested sessions. This update consolidates the associated pipeline within a New function and auxiliary helpers.

During the authentication process, a session may fail, prompting the client to retry the connection. There are two common scenarios:

  1. Providing an incorrect password.
  2. Failing to authenticate with the public key and attempting authentication with a password subsequently.

To address this, we have implemented a new Memento pattern capable of efficiently saving and recalling session snapshots. This approach mitigates redundant operations, such as repeated GET requests to the agent device. Additionally, it replaces the old metadata package. Instead of storing small pieces that comprise a session, we now have the capability to preserve the entire session. As a result, we are removing this package. Currently, we need to save two states of a session:

  1. When we create it, as calling New for the first time will create a session, subsequent calls must retrieve the already created.
  2. When we register it, attempting to register the same session more than once will result in a 409 error in the API.

To illustrate a practical use of this pattern: Imagine a client that wants to connect to a specified device. It first calls the PublicKeyHandler with a specified context. At this stage, there are no sessions associated with the provided context, and a new one will be created. If it fails, the same client (and consequently the same context) will call the PasswordHandler, which also calls session.New. Since we have already created a session in the previous authentication attempt, instead of repeating all operations, we can safely retrieve the same session again but attempt authentication with a password this time.

To align with these adjustments, the register and authentication processes are now invoked outside of NewAgentConnection, which is now solely responsible for establishing a connection to the agent. This method has been renamed to connectAgent and merged with NewAgentConnectionConfiguration. Additionally, ClientConfigurationAuthenticationPublicKey and ClientConfigurationAuthenticationPassword have been replaced with AuthPublicKey and AuthPassword, respectively, for simplification purposes.

The upcoming steps can utilize the Memento to reuse the session.

Additionally, a new sshconf struct has been introduced. sshconf serves as a global variable responsible for managing all immutable environment variables, enabling convenient access to environment configurations. Since these variables are guaranteed to remain constant, it is deemed safe to declare sshconf as a global variable.

@heiytor heiytor self-assigned this Mar 7, 2024
@heiytor heiytor force-pushed the refactor/ssh-authentication branch from 5307150 to d7443bb Compare March 8, 2024 16:33
@heiytor heiytor force-pushed the refactor/ssh-api-client branch 9 times, most recently from 8648ec4 to cd4bae6 Compare March 8, 2024 17:18
@heiytor heiytor force-pushed the refactor/ssh-authentication branch from d7443bb to 7a74bd1 Compare March 8, 2024 21:22
Base automatically changed from refactor/ssh-api-client to master March 11, 2024 16:57
@heiytor heiytor force-pushed the refactor/ssh-authentication branch 8 times, most recently from ae0e759 to 057be46 Compare March 12, 2024 20:55
@heiytor heiytor marked this pull request as ready for review March 12, 2024 21:07
@heiytor heiytor requested a review from a team as a code owner March 12, 2024 21:07
@heiytor heiytor force-pushed the refactor/ssh-authentication branch 6 times, most recently from df7c368 to 8212481 Compare March 14, 2024 14:15
@heiytor heiytor force-pushed the refactor/ssh-authentication branch from 8212481 to 874e524 Compare March 14, 2024 14:18
@heiytor
refactor(ssh): session creation & authentication
b69404e 
We are introducing a new method for initiating and authenticating
requested sessions. This update consolidates the associated pipeline
within a `New` function and auxiliary helpers.

During the authentication process, a session may fail, prompting the
client to retry the connection. There are two common scenarios:

1. Providing an incorrect password.
2. Failing to authenticate with the public key and attempting
   authentication with a password subsequently.

To address this, we have implemented a new Memento pattern capable of
efficiently saving and recalling session snapshots. This approach
mitigates redundant operations, such as repeated GET requests to the
agent device. Additionally, it replaces the old metadata package.
Instead of storing small pieces that comprise a session, we now have
the capability to preserve the entire session. As a result, we are
removing this package. Currently, we need to save two states of a
session:

1. When we create it, as calling New for the first time will create a
   session, subsequent calls must retrieve the already created.
2. When we register it, attempting to register the same session more
   than once will result in a 409 error in the API.

To illustrate a practical use of this pattern:
Imagine a client that wants to connect to a specified device. It first
calls the `PublicKeyHandler` with a specified context. At this stage,
there are no sessions associated with the provided context, and a new
one will be created. If it fails, the same client (and consequently the
same context) will call the `PasswordHandler`, which also calls
`session.New`. Since we have already created a session in the previous
authentication attempt, instead of repeating all operations, we can
safely retrieve the same session again but attempt authentication with
a password this time.

To align with these adjustments, the register and authentication
processes are now invoked outside of `NewAgentConnection`, which is now
solely responsible for establishing a connection to the agent. This
method has been renamed to `connectAgent` and merged with
`NewAgentConnectionConfiguration`. Additionally,
`ClientConfigurationAuthenticationPublicKey` and
`ClientConfigurationAuthenticationPassword` have been replaced with
`AuthPublicKey` and `AuthPassword`, respectively, for simplification
purposes.

The upcoming steps can utilize the Memento to reuse the session.

Additionally, a new `sshconf` struct has been introduced. `sshconf`
serves as a global variable responsible for managing all immutable
environment variables, enabling convenient access to environment
configurations. Since these variables are guaranteed to remain constant,
it is deemed safe to declare `sshconf` as a global variable.
@heiytor heiytor force-pushed the refactor/ssh-authentication branch from 874e524 to b69404e Compare March 14, 2024 14:25
@gustavosbarreto gustavosbarreto merged commit 2d1a9d1 into master Mar 14, 2024
8 checks passed
@gustavosbarreto gustavosbarreto deleted the refactor/ssh-authentication branch March 14, 2024 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@heiytor heiytor

Labels
area/ssh
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@heiytor @gustavosbarreto