ssh playaround

docker/scripts/ssh_init.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+echo "Initialize ssh key"
+eval "$(ssh-agent -s)"
+echo "$(whoami)"
+echo "${SSH_PRIVATE_KEY}"
+ssh-add /root/.ssh/terra_id_rsa
+ssh-keyscan -H github.com >> ~/.ssh/known_hosts

src/main/java/bio/terra/cli/app/DockerCommandRunner.java

@@ -4,13 +4,18 @@
 import bio.terra.cli.app.utils.DockerClientWrapper;
 import bio.terra.cli.businessobject.Context;
 import bio.terra.cli.exception.PassthroughException;
+import bio.terra.cli.exception.SystemException;
+import bio.terra.cli.service.ExternalCredentialsManagerService;
+import bio.terra.externalcreds.model.SshKeyPair;
+import bio.terra.externalcreds.model.SshKeyPairType;
 import java.nio.file.Path;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.web.client.HttpStatusCodeException;
 
 /**
  * This class runs client-side tools in a Docker container and manipulates the tools-related
@@ -43,7 +48,7 @@ public class DockerCommandRunner extends CommandRunner {
    */
   protected String wrapCommandInSetupCleanup(List<String> command) {
     // the terra_init script is already copied into the Docker image
-    return "terra_init.sh && " + buildFullCommand(command);
+    return "terra_init.sh && ssh_init.sh && " + buildFullCommand(command);
   }
 
   /**
@@ -74,6 +79,27 @@ protected int runToolCommandImpl(String command, Map<String, String> envVars)
       bindMounts.put(gcloudConfigDirOnContainer, gcloudConfigDir);
     }
 
+    // mount the .ssh directory to the container
+    // e.g. (host) ssh dir $HOME/.ssh -> (container) CONTAINER_HOME_DIR/.ssh
+    Path sshDir = Path.of(System.getProperty("user.home"), ".ssh");
+    Path sshDirOnContainer = Path.of(CONTAINER_HOME_DIR, ".ssh");
+    if (sshDir.toFile().exists() && sshDir.toFile().isDirectory()) {
+      bindMounts.put(sshDirOnContainer, sshDir);
+    }
+    ExternalCredentialsManagerService ecmService = ExternalCredentialsManagerService.fromContext();
+    SshKeyPair sshKeyPair = null;
+    try {
+      sshKeyPair = ecmService.getSshKeyPair(SshKeyPairType.GITHUB);
+    } catch (SystemException e) {
+      if (e.getCause() instanceof HttpStatusCodeException) {
+        logger.warn("No terra ssh key, cannot set up ssh key in the docker container");
+      }
+    }
+    if (sshKeyPair != null) {
+      logger.debug(sshKeyPair.getPrivateKey());
+      envVars.put("SSH_PRIVATE_KEY", sshKeyPair.getPrivateKey());
+    }
+
     // For unit tests, set CLOUDSDK_AUTH_ACCESS_TOKEN. This is how to programmatically authenticate
     // as test user, without SA key file
     // (https://cloud.google.com/sdk/docs/release-notes#cloud_sdk_2).

tools/local-dev.sh

@@ -21,7 +21,7 @@ terra config set image --default
 terra config set app-launch DOCKER_CONTAINER
 echo "Pulling the default Docker image"
 defaultDockerImage=$(terra config get image)
-docker pull "$defaultDockerImage"
+docker pull sha256:fb149df709a05cf9c9fb22ccdb274b0e964cd07d4d61de194032311784bb4b5d
 
 echo "Setting the server to its current value, to pull any changes"
 currentServer=$(terra config get server)