compatible(integration_test_charm.yaml): Grant full SSH access on Azu…

…re runners (#200) Grant Data Platform team members full SSH access on Azure runners (for debugging) Uses SSH keys associated with GitHub accounts
canonical · Jun 25, 2024 · cd382c2 · cd382c2
1 parent 2e008de
commit cd382c2
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 0 deletions.
diff --git a/.github/workflows/integration_test_charm.yaml b/.github/workflows/integration_test_charm.yaml
@@ -247,6 +247,13 @@ jobs:
         run: redact-secrets
         env:
           SECRETS: ${{ secrets.integration-test }}
+      - name: (Data Platform hosted) Add Data Platform team's SSH keys
+        # Data Platform hosted
+        # `inputs.architecture == 'arm64' && matrix.groups.runner == null` means Data Platform hosted (default runner)
+        if: ${{ matrix.groups.data_platform_hosted || (inputs.architecture == 'arm64' && matrix.groups.runner == null) }}
+        run: add-ssh-keys
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Parse cloud input
         timeout-minutes: 1
         id: parse-cloud

diff --git a/python/cli/data_platform_workflows_cli/add_ssh_keys.py b/python/cli/data_platform_workflows_cli/add_ssh_keys.py
@@ -0,0 +1,31 @@
+import importlib.resources
+import os
+import pathlib
+
+import requests
+
+from . import static
+
+
+def main():
+    # TODO: use GitHub API to get list of users in `canonical/data-platform` team instead of
+    # hard-coding (waiting for approval from IS on token request)
+    # https://docs.github.com/en/rest/teams/members?apiVersion=2022-11-28#list-team-members
+    user_file = importlib.resources.files(static) / "data_platform_usernames"
+    users = user_file.read_text(encoding="utf-8").strip().split("\n")
+    keys = []
+    for user in users:
+        response = requests.get(
+            f"https://api.github.com/users/{user}/keys",
+            headers={
+                "Accept": "application/vnd.github+json",
+                "X-GitHub-Api-Version": "2022-11-28",
+                "Authorization": f'Bearer {os.environ["GH_TOKEN"]}',
+            },
+        )
+        response.raise_for_status()
+        for key in response.json():
+            keys.append(key["key"])
+    authorized_keys = pathlib.Path("~/.ssh/authorized_keys").expanduser()
+    with authorized_keys.open("a", encoding="utf-8") as file:
+        file.writelines(f"{key}\n" for key in keys)
diff --git a/python/cli/data_platform_workflows_cli/static/data_platform_usernames b/python/cli/data_platform_workflows_cli/static/data_platform_usernames
@@ -0,0 +1,21 @@
+delgod
+paulomach
+taurus-forever
+welpaolo
+grobbie
+juditnovak
+dragomirp
+deusebio
+Batalex
+a-velasco
+theoctober19th
+marceloneppel
+phvalguima
+MiaAltieri
+lucasgameiroborges
+Mehdi-Bendriss
+marcoppenheimer
+zmraul
+shayancanonical
+reneradoi
+carlcsaposs-canonical
diff --git a/python/cli/pyproject.toml b/python/cli/pyproject.toml
@@ -20,6 +20,7 @@ update-bundle = "data_platform_workflows_cli.update_bundle:main"
 parse-snap-version = "data_platform_workflows_cli.parse_snap_version:main"
 convert-logsink-to-debug-log = "data_platform_workflows_cli.convert_logsink_to_debug_log:main"
 allure-add-default-for-missing-results = "data_platform_workflows_cli.allure_add_default_for_missing_results:main"
+add-ssh-keys = "data_platform_workflows_cli.add_ssh_keys:main"
 
 [tool.poetry.dependencies]
 python = "^3.10"