[ADD] ssh key text as env variable

[vrenaville]

• Purpose
  We need to use an old rancher, that do not support secrets deploy with CLI, we want to use environment variable instead
• Before
  ssh key was only available with secret or volume
• Before
  ssh key can be define with a secret, volume or env variable

[jnovack]

Please make the changes requested.

Additionally, please add an additional test to validate this configuration.

[jnovack]

Standard _FILE convention for VARIABLE is VARIABLE_FILE. Please use VARIABLE, not ENV_VARIABLE.

Additionally, VARIABLE_FILE is an override for VARIABLE, not VARIABLE being an override for VARIABLE_FILE. Thus, if VARIABLE_FILE exists, it shall override VARIABLE, always.

[jnovack]

See above.

[jnovack]

split into two lines and indent

[vrenaville]

@jnovack

Thanks for your comments !
I have update my pr regarding your returns.
Let me know if it's not the right way

Thanks for your help and work

[jnovack]

Please do not forget to run your test before committing.

[jnovack]

I believe it is the opposite. If SSH_KEY_FILE is specified, SSH_KEY is ignored.

_FILE takes precedence (unless I'm wrong here, in which case show me an app where non _FILE takes precedence over _FILE).

[jnovack]

Your order is backwards here. Since SSH_KEY_FILE overrides SSH_KEY, the logic has to flow differently.

Why set KEY_FILE twice? KEY_FILE is set to SSH_KEY_FILE if and only if it exists, use that logic.

[jnovack]

There should be no reason to have an extra file on disk.

We've already defined /id_rsa as the custom to file to use, (a) why create another, and (b) why use a completely non-standard directory?

[jnovack]

One always overrides the other. You cannot test both in the same container. In fact, you need a third test to test that one does properly override the other.

[vrenaville]

Thanks for you time, I will work on it the week , not a lot a spare time actually

[gurneyalex]

hello @jnovack, I'm a colleague of @vrenaville who's been busy on other topics lately and was not able to follow up on this PR. I'll take over from him as this issue is still important for us (we are migrating away from Rancher but this migration won't be complete for some time, and so we need to patch our way around to keep this tunnel up for one of our customers. I'll update the PR next week. Thanks for you patience.

[gurneyalex]

I just updated that PR, taking your remarks into account.

[vrenaville]

@gurneyalex Thanks for your time and work, It seems LGTM to me

[arsa-dev]

Hi @jnovack, I'm also interested on this feature to be merged, there is anything else to do or where I can help after latest @gurneyalex changes, so this can be merged?

[gurneyalex]

@arsa-dev we lost interest in getting this merged, and I won't be touching the PR anymore. Feel free to fork our code and try to resubmit the PR, maybe you will have success.

[jnovack]

Hi @jnovack, I'm also interested on this feature to be merged, there is anything else to do or where I can help after latest @gurneyalex changes, so this can be merged?

If you'd like to help, the huge thing is the tests are not passing. This does not look close to functional. make docker-test fails, so I cannot merge a PR that actively breaks other user's environments, would not be responsible.

For some reason, there was an rm added which fails, and then a simple test of connection gets connection refused, so something else failed.

target-1          | rm: can't remove '/root/.ssh/target.txt': No such file or directory
remote-1          | rm: can't remove '/root/.ssh/remote.txt': No such file or directory
target-1          | sed: unmatched '/'
remote-1          | sed: unmatched '/'
remote-1          | sed: unmatched '/'
remote-1          | sed: unmatched '/'
target-1          | chpasswd: password for 'root' changed
remote-1          | chpasswd: password for 'root' changed
local-1           | user/repo dirty revision local built 1970-01-01T00:00:00Z
local-with-env-1  | user/repo dirty revision local built 1970-01-01T00:00:00Z
local-with-env-1  | Agent pid 10
local-1           | Agent pid 8
local-1           | Identity added: (stdin) (testing)
local-with-env-1  | Identity added: (stdin) (testing)
local-with-env-1  | [INFO ] Using autossh 1.4g
local-with-env-1  | [INFO ] Tunneling 203.0.113.10:11112  on root@203.0.113.10:22  to 203.0.113.100:22
local-with-env-1  | [INFO ] # autossh -M 0 -N -o StrictHostKeyChecking=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -t -t -R 203.0.113.10:11112:203.0.113.100:22 -p 22 root@203.0.113.10
local-1           | [INFO ] Using autossh 1.4g
local-1           | [INFO ] Tunneling 203.0.113.10:11111  on root@203.0.113.10:22  to 203.0.113.100:22
local-1           | [INFO ] # autossh -M 0 -N -o StrictHostKeyChecking=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -t -t -R 203.0.113.10:11111:203.0.113.100:22 -p 22 root@203.0.113.10
local-1           | ssh: connect to host 203.0.113.10 port 22: Connection refused
local-with-env-1  | ssh: connect to host 203.0.113.10 port 22: Connection refused
remote-1          | ssh-keygen: generating new host keys: RSA ECDSA ED25519
remote-1          | Server listening on 0.0.0.0 port 22.
remote-1          | Server listening on :: port 22.
local-1 exited with code 1

[arsa-dev]

Hi @jnovack, thanks you for your time reviewing again this old PR. Unfortunately I'm currently really busy but having this idea working and released would be great! I'll really try to manage it to free some time and fork this PR, review the reason behind the failing tests and resubmit in a new PR.