Expose the authorized keys tmate feature (#18)

* Expose the authorized keys tmate feature Described here: https://tmate.io/ in "Access Control" The variable accepts the file content in raw format (with \n) and dumps it into a file which tmate reads * Use echo instead of printf * Add missing quote * Only setup tmate settings if debug is activated
2021-06-24 04:47:12 -04:00
parent 4107a97e12
commit 67ee5cc7d0
6 changed files with 42 additions and 25 deletions
--- a/engine/compiler/compiler.go
+++ b/engine/compiler/compiler.go
@@ -56,12 +56,13 @@ type Resources struct {

 // Tmate defines tmate settings.
 type Tmate struct {
-	Image   string
-	Enabled bool
-	Server  string
-	Port    string
-	RSA     string
-	ED25519 string
+	Image          string
+	Enabled        bool
+	Server         string
+	Port           string
+	RSA            string
+	ED25519        string
+	AuthorizedKeys string
 }

 // Compiler compiles the Yaml configuration file to an
@@ -247,6 +248,10 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti
 		envs["DRONE_TMATE_PORT"] = c.Tmate.Port
 		envs["DRONE_TMATE_FINGERPRINT_RSA"] = c.Tmate.RSA
 		envs["DRONE_TMATE_FINGERPRINT_ED25519"] = c.Tmate.ED25519
+
+		if c.Tmate.AuthorizedKeys != "" {
+			envs["DRONE_TMATE_AUTHORIZED_KEYS"] = c.Tmate.AuthorizedKeys
+		}
 	}

 	// create the .netrc environment variables if not
--- a/engine/compiler/shell/shell.go
+++ b/engine/compiler/shell/shell.go
@@ -63,14 +63,18 @@ remote_debug() {
 	fi
 }

-if [ ! -z "${DRONE_TMATE_HOST}" ]; then
-	echo "set -g tmate-server-host $DRONE_TMATE_HOST" >> $HOME/.tmate.conf
-	echo "set -g tmate-server-port $DRONE_TMATE_PORT" >> $HOME/.tmate.conf
-	echo "set -g tmate-server-rsa-fingerprint $DRONE_TMATE_FINGERPRINT_RSA" >> $HOME/.tmate.conf
-	echo "set -g tmate-server-ed25519-fingerprint $DRONE_TMATE_FINGERPRINT_ED25519" >> $HOME/.tmate.conf
-fi
-
 if [ "${DRONE_BUILD_DEBUG}" = "true" ]; then
+	if [ ! -z "${DRONE_TMATE_HOST}" ]; then
+		echo "set -g tmate-server-host $DRONE_TMATE_HOST" >> $HOME/.tmate.conf
+		echo "set -g tmate-server-port $DRONE_TMATE_PORT" >> $HOME/.tmate.conf
+		echo "set -g tmate-server-rsa-fingerprint $DRONE_TMATE_FINGERPRINT_RSA" >> $HOME/.tmate.conf
+		echo "set -g tmate-server-ed25519-fingerprint $DRONE_TMATE_FINGERPRINT_ED25519" >> $HOME/.tmate.conf
+
+		if [ ! -z "${DRONE_TMATE_AUTHORIZED_KEYS}" ]; then
+			echo "$DRONE_TMATE_AUTHORIZED_KEYS" > $HOME/.tmate.authorized_keys
+			echo "set -g tmate-authorized-keys \"$HOME/.tmate.authorized_keys\"" >> $HOME/.tmate.conf
+		fi
+	fi
 	trap remote_debug EXIT
 fi
 `