refactor: separate SSH key setup commands for better error handling

josecelano · josecelano · commit 14fc0b416f44 · 2025-09-24T13:15:40.000+01:00
Split the single complex shell command in SshKeySetupAction::execute into
four focused private methods:

- create_ssh_directory: handles 'mkdir -p ~/.ssh'
- add_public_key_to_authorized_keys: adds public key to authorized_keys file
- set_ssh_directory_permissions: handles 'chmod 700' on SSH directory
- set_authorized_keys_permissions: handles 'chmod 600' on authorized_keys file

This provides better error granularity, making it easier to identify which
specific operation fails during SSH key setup. Each command now executes
individually with its own error handling.
diff --git a/src/e2e/containers/actions/ssh_key_setup.rs b/src/e2e/containers/actions/ssh_key_setup.rs
@@ -100,29 +100,82 @@ impl SshKeySetupAction {
         let user_ssh_dir = format!("/home/{ssh_user}/.ssh");
         let authorized_keys_path = format!("{user_ssh_dir}/authorized_keys");
 
-        // Execute the command to setup SSH keys
+        // Execute each command separately for better error handling
+        Self::create_ssh_directory(container, &user_ssh_dir)?;
+        Self::add_public_key_to_authorized_keys(
+            container,
+            &public_key_content,
+            &authorized_keys_path,
+        )?;
+        Self::set_ssh_directory_permissions(container, &user_ssh_dir)?;
+        Self::set_authorized_keys_permissions(container, &authorized_keys_path)?;
+
+        info!(
+            ssh_user = ssh_user,
+            authorized_keys = authorized_keys_path,
+            "SSH key authentication configured"
+        );
+
+        Ok(())
+    }
+
+    /// Create the SSH directory for the user
+    fn create_ssh_directory<T: ContainerExecutor>(container: &T, user_ssh_dir: &str) -> Result<()> {
+        let command = ExecCommand::new(["sh", "-c", &format!("mkdir -p {user_ssh_dir}")]);
+
+        container
+            .exec(command)
+            .map_err(|source| SshKeySetupError::SshKeySetupFailed { source })?;
+
+        Ok(())
+    }
+
+    /// Add the public key to the `authorized_keys` file
+    fn add_public_key_to_authorized_keys<T: ContainerExecutor>(
+        container: &T,
+        public_key_content: &str,
+        authorized_keys_path: &str,
+    ) -> Result<()> {
         let command = ExecCommand::new([
             "sh",
             "-c",
             &format!(
-                "mkdir -p {} && echo '{}' >> {} && chmod 700 {} && chmod 600 {}",
-                user_ssh_dir,
+                "echo '{}' >> {authorized_keys_path}",
                 public_key_content.trim(),
-                authorized_keys_path,
-                user_ssh_dir,
-                authorized_keys_path
             ),
         ]);
 
         container
             .exec(command)
             .map_err(|source| SshKeySetupError::SshKeySetupFailed { source })?;
 
-        info!(
-            ssh_user = ssh_user,
-            authorized_keys = authorized_keys_path,
-            "SSH key authentication configured"
-        );
+        Ok(())
+    }
+
+    /// Set permissions on the SSH directory (700)
+    fn set_ssh_directory_permissions<T: ContainerExecutor>(
+        container: &T,
+        user_ssh_dir: &str,
+    ) -> Result<()> {
+        let command = ExecCommand::new(["sh", "-c", &format!("chmod 700 {user_ssh_dir}")]);
+
+        container
+            .exec(command)
+            .map_err(|source| SshKeySetupError::SshKeySetupFailed { source })?;
+
+        Ok(())
+    }
+
+    /// Set permissions on the `authorized_keys` file (600)
+    fn set_authorized_keys_permissions<T: ContainerExecutor>(
+        container: &T,
+        authorized_keys_path: &str,
+    ) -> Result<()> {
+        let command = ExecCommand::new(["sh", "-c", &format!("chmod 600 {authorized_keys_path}")]);
+
+        container
+            .exec(command)
+            .map_err(|source| SshKeySetupError::SshKeySetupFailed { source })?;
 
         Ok(())
     }
