Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use api-sidecar-handler to offload sshkey handling and add more types #3662

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: use api-sidecar-handler to offload sshkey handling and add more types #3662

wants to merge 3 commits into from
+845 −235

Conversation

shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Mar 4, 2024
edited
Loading

General Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for inclusion in changelog

Database Migrations

  • If your PR contains a database migation, it MUST be the latest in date order alphabetically

The node package sshpk doesn't support all the various key types out there. The aim of this PR is to introduce a sidecar to required services that runs a simple http server that can replace the functionality of the sshpk package.

Each api and webhooks2tasks pod will get this sidecar so that they aren't reliant on a single service for this functionality, and as there is no state it doesn't need to be a single service and fits nicely as a sidecar.

It introduces new APIs to interact with user ssh keys that doesn't require the user to define the type independently. The input is just publicKey which can be the full ssh-ed25519 A....z format public key (including comment). The database table for the type is also converted from enum to string to support any new types, and since the older APIs had enum enforcement, that still applies for anyone that uses the older APIs.

The old APIs remain for now, but have been flagged as deprecated. They will be removed in a future release to give time for tooling and UI to be updated to use the newer APIs.

New mutation examples

Add public key

addUserSSHPublicKey(input: {
  name: "my-users-publickey-example"
  publicKey: "ssh-rsa AAAAB3NzaC1yc2EA<SNIP>LOiWw=="
  user: {
    email: "my-user@example.com"
  }
}) {
  id
}

Update public key

updateUserSSHPublicKey(input: {
  id: 1
  patch: {
    publicKey: "ssh-rsa AAAAB3NzaC1yc2EA<SNIP>LOiWw=="
  }
}) {
  id
}

Delete public key

deleteUserSSHPublicKey(input: {
    id: 1
})

Closing issues

closes #2189
closes #1584
addresses #2384 by deprecating deleteSshKey which takes the name input

@shreddedbacon shreddedbacon force-pushed the sshkey-handler branch 2 times, most recently from 94ab4b1 to 30ae6c7 Compare March 4, 2024 07:13
@tobybellwood tobybellwood added this to the 2.19.0 milestone Mar 13, 2024
@shreddedbacon shreddedbacon force-pushed the sshkey-handler branch 2 times, most recently from a277940 to efa31cc Compare April 2, 2024 23:42
@tobybellwood tobybellwood modified the milestones: 2.19.0, 2.20.0 May 14, 2024
@tobybellwood tobybellwood changed the title feat: use sshkey-handler to allow for more sshkey types feat: use api-sidecar-handler to offload sshkey handling and add more types Jun 13, 2024
@tobybellwood tobybellwood mentioned this pull request Jun 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
chart-update db-migration
Projects
None yet
Milestone
2.20.0
Development

Successfully merging this pull request may close these issues.

Support ECDSA SSH keys and FIDO/U2F key types in Lagoon SSH private key not validated on updateProject
2 participants
@shreddedbacon @tobybellwood