kitchen-salt icon indicating copy to clipboard operation
kitchen-salt copied to clipboard

Published 20 hours ago verified publisher icon saltstack

Add sshkey option for git based formula dependencies.

Open jzandbergen opened this issue 5 years ago • 9 comments

Hi all,

At our company we have our salt-formula's in private git repo's and need to authenticate with a deploy key before we can access them. This PR adds the possibility to use ssh deploy keys for dependencies.

You can specify a key per repo as follows:

...
suites:
  - name: check31
    provisioner:
      name: salt_solo
      is_file_root: true
      loglevel: debug
      require_chef: false
      ssh_key: ~/.ssh/general-deploy-key
      dependencies:
        - name: baseline
          repo: git
          source: [email protected]:acme/baseline-formula.git
        - name: something
          repo: git
          source: [email protected]:acme/something-formula.git
          ssh_key: ~/.ssh/something-deploy-key
...

The only problem I have for now is that this PR needs git version >= 2.3.0 because it relies on the GIT_SSH_COMMAND environment variable. This ssh version is for example not available on CentOS 7.

I am not a developer by trade so let me know if it needs some polishing.

Thanks for considering.

jzandbergen avatar Feb 24 '20 14:02 jzandbergen

Ai, I've noticed it needs a bit more work to contruct proper commands when mixing https/ssh and authn. Please stay tuned for a update

jzandbergen avatar Feb 25 '20 14:02 jzandbergen

I have added a commit with a verified pgp signature. I do not understand why the GPG is now failing?

jzandbergen avatar Feb 26 '20 08:02 jzandbergen

The other commits aren't signed, that's why. If you rebase you should be fine.

s0undt3ch avatar Apr 03 '20 23:04 s0undt3ch

@s0undt3ch, I see, I'm not sure how to proceed. I'm trying to find out how to rebase but i'm not sure how. Is the following correct?

git remote add upstream https://github.com/saltstack/kitchen-salt.git
git fetch upstream
git checkout task-add-git-ssh-deploykeys
git rebase -S upstream/master
git push --force # yikes?!

jzandbergen avatar Apr 06 '20 07:04 jzandbergen 

git remote add upstream https://github.com/saltstack/kitchen-salt.git
git fetch upstream
git checkout task-add-git-ssh-deploykeys
git rebase -i FETCH_HEAD
git push --force # yikes?! yes, yikes! :)

s0undt3ch avatar Apr 06 '20 07:04 s0undt3ch

So close, yet so far... :)

jzandbergen avatar Apr 06 '20 07:04 jzandbergen

The build fails now on ubuntu because: On ubuntu 16.04

W: The repository 'https://repo.saltstack.com/apt/ubuntu/16.04/amd64//latest xenial Release' does not have a Release file.

       E: Failed to fetch https://repo.saltstack.com/apt/ubuntu/16.04/amd64//latest/dists/xenial/main/binary-amd64/Packages  404  Not Found

And ubuntu 18.04

       [ERROR   ] stderr: E: The repository 'https://repo.saltstack.com/apt/ubuntu/18.04/amd64//latest bionic Release' does not have a Release file.

       [ERROR   ] retcode: 100

       [ERROR   ] An error was encountered while checking the newest available version of package(s): E: The repository 'https://repo.saltstack.com/apt/ubuntu/18.04/amd64//latest bionic Release' does not have a Release file.

jzandbergen avatar Apr 06 '20 11:04 jzandbergen

Sorry, we now have conflicts, could you please resolve them?

s0undt3ch avatar Jun 12 '20 09:06 s0undt3ch

Back to fixing the build.... Command "/usr/bin/python2 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-yFwp2Z/salt/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-G_UBTl-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-yFwp2Z/salt/

jzandbergen avatar Jun 12 '20 12:06 jzandbergen