diff --git a/docker/scripts/ssh_init.sh b/docker/scripts/ssh_init.sh new file mode 100755 index 000000000..dfe471f89 --- /dev/null +++ b/docker/scripts/ssh_init.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +echo "Initialize ssh key" +eval "$(ssh-agent -s)" +echo "$(whoami)" +echo "${SSH_PRIVATE_KEY}" +ssh-add /root/.ssh/terra_id_rsa +ssh-keyscan -H github.com >> ~/.ssh/known_hosts \ No newline at end of file diff --git a/src/main/java/bio/terra/cli/app/DockerCommandRunner.java b/src/main/java/bio/terra/cli/app/DockerCommandRunner.java index e544d26bc..d44f365fa 100644 --- a/src/main/java/bio/terra/cli/app/DockerCommandRunner.java +++ b/src/main/java/bio/terra/cli/app/DockerCommandRunner.java @@ -4,6 +4,10 @@ import bio.terra.cli.app.utils.DockerClientWrapper; import bio.terra.cli.businessobject.Context; import bio.terra.cli.exception.PassthroughException; +import bio.terra.cli.exception.SystemException; +import bio.terra.cli.service.ExternalCredentialsManagerService; +import bio.terra.externalcreds.model.SshKeyPair; +import bio.terra.externalcreds.model.SshKeyPairType; import java.nio.file.Path; import java.util.HashMap; import java.util.List; @@ -11,6 +15,7 @@ import java.util.Optional; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.web.client.HttpStatusCodeException; /** * This class runs client-side tools in a Docker container and manipulates the tools-related @@ -43,7 +48,7 @@ public class DockerCommandRunner extends CommandRunner { */ protected String wrapCommandInSetupCleanup(List command) { // the terra_init script is already copied into the Docker image - return "terra_init.sh && " + buildFullCommand(command); + return "terra_init.sh && ssh_init.sh && " + buildFullCommand(command); } /** @@ -74,6 +79,27 @@ protected int runToolCommandImpl(String command, Map envVars) bindMounts.put(gcloudConfigDirOnContainer, gcloudConfigDir); } + // mount the .ssh directory to the container + // e.g. (host) ssh dir $HOME/.ssh -> (container) CONTAINER_HOME_DIR/.ssh + Path sshDir = Path.of(System.getProperty("user.home"), ".ssh"); + Path sshDirOnContainer = Path.of(CONTAINER_HOME_DIR, ".ssh"); + if (sshDir.toFile().exists() && sshDir.toFile().isDirectory()) { + bindMounts.put(sshDirOnContainer, sshDir); + } + ExternalCredentialsManagerService ecmService = ExternalCredentialsManagerService.fromContext(); + SshKeyPair sshKeyPair = null; + try { + sshKeyPair = ecmService.getSshKeyPair(SshKeyPairType.GITHUB); + } catch (SystemException e) { + if (e.getCause() instanceof HttpStatusCodeException) { + logger.warn("No terra ssh key, cannot set up ssh key in the docker container"); + } + } + if (sshKeyPair != null) { + logger.debug(sshKeyPair.getPrivateKey()); + envVars.put("SSH_PRIVATE_KEY", sshKeyPair.getPrivateKey()); + } + // For unit tests, set CLOUDSDK_AUTH_ACCESS_TOKEN. This is how to programmatically authenticate // as test user, without SA key file // (https://cloud.google.com/sdk/docs/release-notes#cloud_sdk_2). diff --git a/tools/local-dev.sh b/tools/local-dev.sh index fb9a06fb5..3cd52d0c3 100755 --- a/tools/local-dev.sh +++ b/tools/local-dev.sh @@ -21,7 +21,7 @@ terra config set image --default terra config set app-launch DOCKER_CONTAINER echo "Pulling the default Docker image" defaultDockerImage=$(terra config get image) -docker pull "$defaultDockerImage" +docker pull sha256:fb149df709a05cf9c9fb22ccdb274b0e964cd07d4d61de194032311784bb4b5d echo "Setting the server to its current value, to pull any changes" currentServer=$(terra config get server)