Generate a new SSH key if no keys are present while ssh mount (#14767)

4155919c · Igor Vinokur · GitHub · d3514061 · 4155919c · 4155919c
Unverified Commit 4155919c authored 5 years ago by Igor Vinokur Committed by GitHub 5 years ago
--- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeysProvisioner.java
+++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeysProvisioner.java
@@ -12,6 +12,8 @@
 package org.eclipse.che.workspace.infrastructure.kubernetes.provision;

 import static com.google.common.base.Strings.isNullOrEmpty;
+import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;

 import io.fabric8.kubernetes.api.model.ConfigMap;
 import io.fabric8.kubernetes.api.model.ConfigMapBuilder;
@@ -25,11 +27,13 @@ import io.fabric8.kubernetes.api.model.VolumeBuilder;
 import io.fabric8.kubernetes.api.model.VolumeMount;
 import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
 import java.util.Base64;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import javax.inject.Inject;
 import javax.validation.constraints.NotNull;
+import org.eclipse.che.api.core.ConflictException;
 import org.eclipse.che.api.core.ServerException;
 import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity;
 import org.eclipse.che.api.ssh.server.SshManager;
@@ -95,25 +99,33 @@ public class VcsSshKeysProvisioner implements ConfigurationProvisioner<Kubernete
      throws InfrastructureException {
    TracingTags.WORKSPACE_ID.set(identity::getWorkspaceId);

+    List<SshPairImpl> sshPairs = emptyList();
    try {
-      List<SshPairImpl> sshPairs = sshManager.getPairs(identity.getOwnerId(), "vcs");
-      if (sshPairs.isEmpty()) {
+      sshPairs = sshManager.getPairs(identity.getOwnerId(), "vcs");
+    } catch (ServerException e) {
+      LOG.warn("Unable to get SSH Keys. Cause: {}", e.getMessage());
+      return;
+    }
+    if (sshPairs.isEmpty()) {
+      try {
+        sshPairs =
+            singletonList(
+                sshManager.generatePair(
+                    identity.getOwnerId(), "vcs", "default-" + new Date().getTime()));
+      } catch (ServerException | ConflictException e) {
+        LOG.warn("Unable to generate the initial SSH key. Cause: {}", e.getMessage());
        return;
      }
+    }

-      StringBuilder sshConfigData = new StringBuilder();
-
-      for (SshPair sshPair : sshPairs) {
-        doProvisionSshKey(sshPair, k8sEnv, identity.getWorkspaceId());
-
-        sshConfigData.append(buildConfig(sshPair.getName()));
-      }
-
-      String sshConfigMapName = identity.getWorkspaceId() + SSH_CONFIG_MAP_NAME_SUFFIX;
-      doProvisionSshConfig(sshConfigMapName, sshConfigData.toString(), k8sEnv);
-    } catch (ServerException e) {
-      LOG.warn("Unable get SSH Keys. Cause: %s", e.getMessage(), e);
+    StringBuilder sshConfigData = new StringBuilder();
+    for (SshPair sshPair : sshPairs) {
+      doProvisionSshKey(sshPair, k8sEnv, identity.getWorkspaceId());
+      sshConfigData.append(buildConfig(sshPair.getName()));
    }
+
+    String sshConfigMapName = identity.getWorkspaceId() + SSH_CONFIG_MAP_NAME_SUFFIX;
+    doProvisionSshConfig(sshConfigMapName, sshConfigData.toString(), k8sEnv);
  }

  private void doProvisionSshKey(SshPair sshPair, KubernetesEnvironment k8sEnv, String wsId) {

--- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeySecretProvisionerTest.java
+++ b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeySecretProvisionerTest.java
@@ -11,9 +11,10 @@
 */
 package org.eclipse.che.workspace.infrastructure.kubernetes.provision;

+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
 import static org.mockito.Mockito.when;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNotNull;
@@ -73,13 +74,16 @@ public class VcsSshKeySecretProvisionerTest {
  }

  @Test
-  public void doNotDoAnythingIfNoSshKeys() throws Exception {
+  public void generateSshKeyIfNoSshKeys() throws Exception {
    when(sshManager.getPairs(someUser, "vcs")).thenReturn(Collections.emptyList());
+    when(sshManager.generatePair(eq(someUser), eq("vcs"), anyString()))
+        .thenReturn(
+            new SshPairImpl(
+                someUser, "vcs", "default-" + UUID.randomUUID().toString(), "public", "private"));

    vcsSshKeysProvisioner.provision(k8sEnv, runtimeIdentity);

-    assertTrue(k8sEnv.getSecrets().isEmpty());
-    verifyZeroInteractions(podSpec);
+    assertEquals(k8sEnv.getSecrets().size(), 1);
  }

  @Test