chaos/drone-runner-podman
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Expose the authorized keys tmate feature (#18)

Browse Source 
* Expose the authorized keys tmate feature
Described here: https://tmate.io/ in "Access Control"
The variable accepts the file content in raw format (with \n) and dumps it into a file which tmate reads
* Use echo instead of printf
* Add missing quote
* Only setup tmate settings if debug is activated
This commit is contained in:
Julien Duchesne
2021-06-24 04:47:12 -04:00
committed by GitHub
parent 4107a97e12
commit 67ee5cc7d0
6 changed files with 42 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
command/compile.go
View File

@@ -214,6 +214,9 @@ func registerCompile(app *kingpin.Application) {
cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint"). cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint").
StringVar(&c.Tmate.ED25519) StringVar(&c.Tmate.ED25519)
cmd.Flag("tmate-authorized-keys", "tmate authorized keys").
StringVar(&c.Tmate.AuthorizedKeys)
// shared pipeline flags // shared pipeline flags
c.Flags = internal.ParseFlags(cmd) c.Flags = internal.ParseFlags(cmd)
} }

13
command/daemon/config.go
View File

@@ -108,12 +108,13 @@ type Config struct {
} }
Tmate struct { Tmate struct {
Enabled bool `envconfig:"DRONE_TMATE_ENABLED" default:"false"` Enabled bool `envconfig:"DRONE_TMATE_ENABLED" default:"false"`
Image string `envconfig:"DRONE_TMATE_IMAGE" default:"drone/drone-runner-docker:1"` Image string `envconfig:"DRONE_TMATE_IMAGE" default:"drone/drone-runner-docker:1"`
Server string `envconfig:"DRONE_TMATE_HOST"` Server string `envconfig:"DRONE_TMATE_HOST"`
Port string `envconfig:"DRONE_TMATE_PORT"` Port string `envconfig:"DRONE_TMATE_PORT"`
RSA string `envconfig:"DRONE_TMATE_FINGERPRINT_RSA"` RSA string `envconfig:"DRONE_TMATE_FINGERPRINT_RSA"`
ED25519 string `envconfig:"DRONE_TMATE_FINGERPRINT_ED25519"` ED25519 string `envconfig:"DRONE_TMATE_FINGERPRINT_ED25519"`
AuthorizedKeys string `envconfig:"DRONE_TMATE_AUTHORIZED_KEYS"`
} }
} }

13
command/daemon/daemon.go
View File

@@ -142,12 +142,13 @@ func (c *daemonCommand) run(*kingpin.ParseContext) error {
ShmSize: config.Resources.ShmSize, ShmSize: config.Resources.ShmSize,
}, },
Tmate: compiler.Tmate{ Tmate: compiler.Tmate{
Image: config.Tmate.Image, Image: config.Tmate.Image,
Enabled: config.Tmate.Enabled, Enabled: config.Tmate.Enabled,
Server: config.Tmate.Server, Server: config.Tmate.Server,
Port: config.Tmate.Port, Port: config.Tmate.Port,
RSA: config.Tmate.RSA, RSA: config.Tmate.RSA,
ED25519: config.Tmate.ED25519, ED25519: config.Tmate.ED25519,
AuthorizedKeys: config.Tmate.AuthorizedKeys,
}, },
Environ: provider.Combine( Environ: provider.Combine(
provider.Static(config.Runner.Environ), provider.Static(config.Runner.Environ),

3
command/exec.go
View File

@@ -348,6 +348,9 @@ func registerExec(app *kingpin.Application) {
cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint"). cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint").
StringVar(&c.Tmate.ED25519) StringVar(&c.Tmate.ED25519)
cmd.Flag("tmate-authorized-keys", "tmate authorized keys").
StringVar(&c.Tmate.AuthorizedKeys)
cmd.Flag("debug", "enable debug logging"). cmd.Flag("debug", "enable debug logging").
BoolVar(&c.Debug) BoolVar(&c.Debug)

17
engine/compiler/compiler.go
View File

@@ -56,12 +56,13 @@ type Resources struct {
// Tmate defines tmate settings. // Tmate defines tmate settings.
type Tmate struct { type Tmate struct {
Image string Image string
Enabled bool Enabled bool
Server string Server string
Port string Port string
RSA string RSA string
ED25519 string ED25519 string
AuthorizedKeys string
} }
// Compiler compiles the Yaml configuration file to an // Compiler compiles the Yaml configuration file to an
@@ -247,6 +248,10 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti
envs["DRONE_TMATE_PORT"] = c.Tmate.Port envs["DRONE_TMATE_PORT"] = c.Tmate.Port
envs["DRONE_TMATE_FINGERPRINT_RSA"] = c.Tmate.RSA envs["DRONE_TMATE_FINGERPRINT_RSA"] = c.Tmate.RSA
envs["DRONE_TMATE_FINGERPRINT_ED25519"] = c.Tmate.ED25519 envs["DRONE_TMATE_FINGERPRINT_ED25519"] = c.Tmate.ED25519
if c.Tmate.AuthorizedKeys != "" {
envs["DRONE_TMATE_AUTHORIZED_KEYS"] = c.Tmate.AuthorizedKeys
}
} }
// create the .netrc environment variables if not // create the .netrc environment variables if not

18
engine/compiler/shell/shell.go
View File

@@ -63,14 +63,18 @@ remote_debug() {
fi fi
} }
if [ ! -z "${DRONE_TMATE_HOST}" ]; then
echo "set -g tmate-server-host $DRONE_TMATE_HOST" >> $HOME/.tmate.conf
echo "set -g tmate-server-port $DRONE_TMATE_PORT" >> $HOME/.tmate.conf
echo "set -g tmate-server-rsa-fingerprint $DRONE_TMATE_FINGERPRINT_RSA" >> $HOME/.tmate.conf
echo "set -g tmate-server-ed25519-fingerprint $DRONE_TMATE_FINGERPRINT_ED25519" >> $HOME/.tmate.conf
fi
if [ "${DRONE_BUILD_DEBUG}" = "true" ]; then if [ "${DRONE_BUILD_DEBUG}" = "true" ]; then
if [ ! -z "${DRONE_TMATE_HOST}" ]; then
echo "set -g tmate-server-host $DRONE_TMATE_HOST" >> $HOME/.tmate.conf
echo "set -g tmate-server-port $DRONE_TMATE_PORT" >> $HOME/.tmate.conf
echo "set -g tmate-server-rsa-fingerprint $DRONE_TMATE_FINGERPRINT_RSA" >> $HOME/.tmate.conf
echo "set -g tmate-server-ed25519-fingerprint $DRONE_TMATE_FINGERPRINT_ED25519" >> $HOME/.tmate.conf
if [ ! -z "${DRONE_TMATE_AUTHORIZED_KEYS}" ]; then
echo "$DRONE_TMATE_AUTHORIZED_KEYS" > $HOME/.tmate.authorized_keys
echo "set -g tmate-authorized-keys \"$HOME/.tmate.authorized_keys\"" >> $HOME/.tmate.conf
fi
fi
trap remote_debug EXIT trap remote_debug EXIT
fi fi
` `