cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon lando

Ensure cert and ssh dir defensively

Open michaellopez opened this issue 3 years ago • 8 comments

Here is a PR for #134 @reynoldsalec

When a user sets home: '' in ~/.lando/config.yml Lando creates an empty .ssh folder in the working directory. This PR helps avoid this.

Fixes #134

michaellopez avatar Mar 10 '22 09:03 michaellopez

👷 Deploy request for lando-cli pending review. Visit the deploys page to approve it

🔨 Explore the source changes: 35dcea0504781ba9d3f0f3158a7a1fb60e5340f9

netlify[bot] avatar Mar 10 '22 09:03 netlify[bot]

Two things that would be great to round out this PR @michaellopez:

  • Update to CHANGELOG.txt
  • Create a Leia test to verify

I think it wouldn't be too tough to create the test; if you look at https://github.com/lando/cli/tree/53eaddc11ce44fe3b38708f4ac3d5275b2c931c4/examples/landofile-custom you'll see an example of testing custom config.yml. LMK if you want more guidance on that, the Leia docs are also probably a good resource: https://github.com/lando/leia

reynoldsalec avatar Mar 10 '22 16:03 reynoldsalec

@reynoldsalec OK. I've updated the changelog and added a Leia test (locally, not pushed yet). However, I'm unable to figure out how I'm suppose to TDD this. I wrote the test, ran generate:tests and then npx mocha --timeout 900000 test/my-newly-added-test.js. It fails like it should. Now I edit the code to fix the bug but now I don't know how to go about running the test with the updated code, to verify the test passes. Any help is appreciated. Thanks

michaellopez avatar Mar 11 '22 11:03 michaellopez

Honestly @michaellopez I typically just run through the commands manually (without a test runner) on my local to verify and then deploy them to the PR branch to see if GitHub Actions succeeds.

Make sure you've added your test to https://github.com/lando/cli/blob/e2d7bf9c294e338b2ecd25650663e7ecb049268c/.github/workflows/pr-core-tests.yml#L17 it should run on GitHub.

reynoldsalec avatar Mar 14 '22 17:03 reynoldsalec

@michaellopez @reynoldsalec this seems like it should be the expected behavior if you change home in this way. I'm curious to know why home is being modified in this way.

pirog avatar Apr 08 '22 14:04 pirog

@pirog as I mentioned in #134 I want to avoid having my home directory (mostly all my SSH keys) injected into containers that I necessarily don't trust 100 % and haven't audited. I'm open for suggestions that accomplish this in others ways, but as far as I can tell, there is none. I can suggest adding support for home: false instead of empty string. Would that feel a bit more aligned with your expectations?

I'm still interested in getting this across the finish line. I just have a bit of trouble finding the time right now. Any pointers are appreciated

michaellopez avatar Apr 08 '22 17:04 michaellopez

Not sure Lando will work as expected if you disable home completely. i think its used for other things beyond mounting.

If we want to just disable the mounting then we should have a separate config setting that toggles just that piece. That said, im also not sure what the consequences of doing that would be but im guessing it will break lando in other ways.

Improving the configurability of mounting and improving security in general are priorities for the next major version of Lando but realistically i dont think you'd see these things for at least months.

pirog avatar Apr 08 '22 18:04 pirog

@pirog thanks for the info. So what you're saying is that something like this won't be merge, correct? Just to get my expectations aligned.

michaellopez avatar Apr 08 '22 18:04 michaellopez