Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: use api-sidecar-handler to offload sshkey handling and add more types #3662

Merged
merged 7 commits into from
Jul 2, 2024

Conversation

shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Mar 4, 2024

General Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for inclusion in changelog

Database Migrations

  • If your PR contains a database migation, it MUST be the latest in date order alphabetically

The node package sshpk doesn't support all the various key types out there. The aim of this PR is to introduce a sidecar to required services that runs a simple http server that can replace the functionality of the sshpk package.

Each api and webhooks2tasks pod will get this sidecar so that they aren't reliant on a single service for this functionality, and as there is no state it doesn't need to be a single service and fits nicely as a sidecar.

It introduces new APIs to interact with user ssh keys that doesn't require the user to define the type independently. The input is just publicKey which can be the full ssh-ed25519 A....z format public key (including comment). The database table for the type is also converted from enum to string to support any new types, and since the older APIs had enum enforcement, that still applies for anyone that uses the older APIs.

The old APIs remain for now, but have been flagged as deprecated. They will be removed in a future release to give time for tooling and UI to be updated to use the newer APIs.

New mutation examples

Add public key

addUserSSHPublicKey(input: {
  name: "my-users-publickey-example"
  publicKey: "ssh-rsa AAAAB3NzaC1yc2EA<SNIP>LOiWw=="
  user: {
    email: "my-user@example.com"
  }
}) {
  id
}

Update public key

updateUserSSHPublicKey(input: {
  id: 1
  patch: {
    publicKey: "ssh-rsa AAAAB3NzaC1yc2EA<SNIP>LOiWw=="
  }
}) {
  id
}

Delete public key

deleteUserSSHPublicKey(input: {
    id: 1
})

Closing issues

closes #2189
closes #1584
addresses #2384 by deprecating deleteSshKey which takes the name input

@shreddedbacon shreddedbacon force-pushed the sshkey-handler branch 2 times, most recently from 94ab4b1 to 30ae6c7 Compare March 4, 2024 07:13
@tobybellwood tobybellwood added this to the 2.19.0 milestone Mar 13, 2024
@shreddedbacon shreddedbacon force-pushed the sshkey-handler branch 2 times, most recently from a277940 to efa31cc Compare April 2, 2024 23:42
@tobybellwood tobybellwood modified the milestones: 2.19.0, 2.20.0 May 14, 2024
@tobybellwood tobybellwood changed the title feat: use sshkey-handler to allow for more sshkey types feat: use api-sidecar-handler to offload sshkey handling and add more types Jun 13, 2024
@shreddedbacon shreddedbacon force-pushed the sshkey-handler branch 2 times, most recently from 561a13a to 07b4df9 Compare June 25, 2024 01:55
@shreddedbacon shreddedbacon marked this pull request as ready for review June 26, 2024 04:51
Copy link
Member

@tobybellwood tobybellwood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TEsted thoroughly and nits worked out. Good to go

@tobybellwood tobybellwood merged commit 92b55b8 into main Jul 2, 2024
2 checks passed
@tobybellwood tobybellwood deleted the sshkey-handler branch July 4, 2024 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support ECDSA SSH keys and FIDO/U2F key types in Lagoon SSH private key not validated on updateProject
2 participants