added support for ssh agent in shell tool, resolves #245

Kraken-CI · Feb 11, 2023 · 8393aa5 · 8393aa5
1 parent ef19e7e
commit 8393aa5
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 1 deletion.
diff --git a/agent/kraken/agent/kraken_shell.py b/agent/kraken/agent/kraken_shell.py
@@ -16,6 +16,7 @@
 import tempfile
 
 from . import utils
+from . import sshkey
 
 
 def run(step, **kwargs):  # pylint: disable=unused-argument
@@ -50,6 +51,16 @@ def run(step, **kwargs):  # pylint: disable=unused-argument
     cwd = step.get('cwd', None)
     timeout = int(step.get('timeout', 60))
 
+    # start ssh-agent if needed
+    if 'ssh-key' in step:
+        # username = step['ssh-key']['username']
+        # url = '%s@%s' % (username, url)
+        key = step['ssh-key']['key']
+        ssh_agent = sshkey.SshAgent()
+        ssh_agent.add_key(key)
+    else:
+        ssh_agent = None
+
     # testing
     ignore_output = True
     if 'testing' in kwargs and kwargs['testing']:
@@ -64,6 +75,8 @@ def run(step, **kwargs):  # pylint: disable=unused-argument
     finally:
         if script:
             os.unlink(fname)
+        if ssh_agent is not None:
+            ssh_agent.shutdown()
 
     if 'testing' in kwargs and kwargs['testing']:
         ret, out = resp

diff --git a/server/kraken/server/initdb.py b/server/kraken/server/initdb.py
@@ -232,7 +232,11 @@ def _prepare_builtin_tools():
                 "shell_exe": {
                     "description": "An alternative path or command to shell executable (e.g.: zsh or /usr/bin/fish).",
                     "type": "string"
-                }
+                },
+                "ssh-key": {
+                    "description": "A name of a secret that holds SSH username and key.",
+                    "type": "string"
+                },
             }
         }
     }, {

diff --git a/server/kraken/server/schema.py b/server/kraken/server/schema.py
@@ -170,6 +170,8 @@ def check_and_correct_stage_schema(branch, stage_name, schema_code, context=None
                     secret = Secret.query.filter_by(project=branch.project, name=value).one_or_none()
                     if secret is None:
                         raise SchemaError("Secret '%s' does not exist" % value)
+                    if secret.kind != consts.SECRET_KIND_SSH_KEY:
+                        raise SchemaError("Type of '%s' secret should be SSH Username & Key" % value)
 
     # TODO: check if git url is valid according to giturlparse
     return schema_code, schema