aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Baines <mail@cbaines.net>2018-06-23 09:57:03 +0100
committerChristopher Baines <mail@cbaines.net>2018-06-23 12:58:05 +0100
commit837e1ecec9798381f78b838947f8028403cb0bef (patch)
tree984e25f96a490a3cbd1b20d6f50903aa6dacfd1d
parent0736fd5ab32eeb57de52fb6d581d16c2824b2fc2 (diff)
downloadgovuk-mini-environment-admin-837e1ecec9798381f78b838947f8028403cb0bef.tar
govuk-mini-environment-admin-837e1ecec9798381f78b838947f8028403cb0bef.tar.gz
Handle SSH keys via the database
This makes it more explicit, and works around Terraform being unpredictable when dealing with SSH agents.
-rw-r--r--app/controllers/backends/terraform_aws_controller.rb4
-rw-r--r--app/models/backends/terraform_aws.rb8
-rw-r--r--app/views/backends/terraform_aws/new.html.erb38
-rw-r--r--app/views/backends/terraform_aws/show.html.erb40
-rw-r--r--db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb6
-rw-r--r--db/structure.sql7
-rw-r--r--terraform/aws/backend/main.tf19
-rw-r--r--terraform/aws/mini_environment/main.tf14
8 files changed, 118 insertions, 18 deletions
diff --git a/app/controllers/backends/terraform_aws_controller.rb b/app/controllers/backends/terraform_aws_controller.rb
index 6e8ed55..bffac9d 100644
--- a/app/controllers/backends/terraform_aws_controller.rb
+++ b/app/controllers/backends/terraform_aws_controller.rb
@@ -67,7 +67,9 @@ class Backends::TerraformAwsController < ApplicationController
:vpc_id,
:route_53_zone_id,
:aws_access_key_id,
- :aws_secret_access_key
+ :aws_secret_access_key,
+ :ssh_public_key,
+ :ssh_private_key
)
end
diff --git a/app/models/backends/terraform_aws.rb b/app/models/backends/terraform_aws.rb
index 1f16188..026f1e4 100644
--- a/app/models/backends/terraform_aws.rb
+++ b/app/models/backends/terraform_aws.rb
@@ -32,6 +32,8 @@
# domain :string
# route_53_zone_id :string not null
# vpc_id :string not null
+# ssh_public_key :string
+# ssh_private_key :string
#
require 'ruby_terraform'
@@ -164,7 +166,7 @@ class Backends::TerraformAws < ApplicationRecord
aws_access_key: aws_access_key_id,
aws_secret_key: aws_secret_access_key,
aws_region: aws_region,
- ssh_public_key: ssh_public_key,
+ ssh_private_key: ssh_private_key,
aws_route_53_zone_id: route_53_zone_id
}
end
@@ -188,10 +190,6 @@ class Backends::TerraformAws < ApplicationRecord
"backend/terraform_aws/#{id}"
end
- def ssh_public_key
- File.open("#{ENV['HOME']}/.ssh/id_rsa.pub", &:readline)
- end
-
def guix_public_key
"(entry #{File.read("/etc/guix/signing-key.pub")} (tag (guix import)))"
end
diff --git a/app/views/backends/terraform_aws/new.html.erb b/app/views/backends/terraform_aws/new.html.erb
index bcbf3b4..790e5eb 100644
--- a/app/views/backends/terraform_aws/new.html.erb
+++ b/app/views/backends/terraform_aws/new.html.erb
@@ -145,6 +145,44 @@ License along with the GOV.UK Mini Environment Admin. If not, see
</div>
<div class="form-group form-group-lg">
+ <%= f.label(
+ :ssh_public_key,
+ 'SSH Key, public part',
+ class: 'col-sm-4 control-label'
+ ) %>
+ <div class="col-sm-8">
+ <%= f.text_area(
+ :ssh_public_key,
+ class: 'form-control',
+ placeholder: 'The public part of the SSH key to use'
+ ) %>
+ <span class="help-block">
+ <p>
+ </p>
+ </span>
+ </div>
+ </div>
+
+ <div class="form-group form-group-lg">
+ <%= f.label(
+ :ssh_private_key,
+ 'SSH Key, private part',
+ class: 'col-sm-4 control-label'
+ ) %>
+ <div class="col-sm-8">
+ <%= f.text_area(
+ :ssh_private_key,
+ class: 'form-control',
+ placeholder: 'The private part of the SSH key to use'
+ ) %>
+ <span class="help-block">
+ <p>
+ </p>
+ </span>
+ </div>
+ </div>
+
+ <div class="form-group form-group-lg">
<div class="col-sm-offset-4 col-sm-8">
<%= f.submit "Create", class: 'btn btn-lg btn-success' %>
</div>
diff --git a/app/views/backends/terraform_aws/show.html.erb b/app/views/backends/terraform_aws/show.html.erb
index 81ce150..3a1b329 100644
--- a/app/views/backends/terraform_aws/show.html.erb
+++ b/app/views/backends/terraform_aws/show.html.erb
@@ -156,6 +156,46 @@ License along with the GOV.UK Mini Environment Admin. If not, see
</div>
<div class="form-group form-group-lg">
+ <%= f.label(
+ :ssh_public_key,
+ 'SSH Key, public part',
+ class: 'col-sm-4 control-label'
+ ) %>
+ <div class="col-sm-8">
+ <%= f.text_area(
+ :ssh_public_key,
+ class: 'form-control',
+ placeholder: 'The public part of the SSH key to use',
+ readonly: true
+ ) %>
+ <span class="help-block">
+ <p>
+ </p>
+ </span>
+ </div>
+ </div>
+
+ <div class="form-group form-group-lg">
+ <%= f.label(
+ :ssh_private_key,
+ 'SSH Key, private part',
+ class: 'col-sm-4 control-label'
+ ) %>
+ <div class="col-sm-8">
+ <%= text_area_tag(
+ :ssh_private_key,
+ 'Secret key hidden',
+ class: 'form-control',
+ disabled: true
+ ) %>
+ <span class="help-block">
+ <p>
+ </p>
+ </span>
+ </div>
+ </div>
+
+ <div class="form-group form-group-lg">
<div class="col-sm-offset-2 col-sm-10">
<%= f.submit "Save", class: 'btn btn-lg btn-success' %>
</div>
diff --git a/db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb b/db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb
new file mode 100644
index 0000000..2a93530
--- /dev/null
+++ b/db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb
@@ -0,0 +1,6 @@
+class AddSshKeyFieldsToTerraformAwsBackends < ActiveRecord::Migration[5.1]
+ def change
+ add_column :terraform_aws_backends, :ssh_public_key, :string
+ add_column :terraform_aws_backends, :ssh_private_key, :string
+ end
+end
diff --git a/db/structure.sql b/db/structure.sql
index 342e36c..f766762 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -432,7 +432,9 @@ CREATE TABLE public.terraform_aws_backends (
updated_at timestamp without time zone NOT NULL,
domain character varying,
route_53_zone_id character varying NOT NULL,
- vpc_id character varying NOT NULL
+ vpc_id character varying NOT NULL,
+ ssh_public_key character varying,
+ ssh_private_key character varying
);
@@ -874,6 +876,7 @@ INSERT INTO "schema_migrations" (version) VALUES
('20180601182655'),
('20180603120426'),
('20180621065525'),
-('20180621220505');
+('20180621220505'),
+('20180623083735');
diff --git a/terraform/aws/backend/main.tf b/terraform/aws/backend/main.tf
index 57e9348..346ab0d 100644
--- a/terraform/aws/backend/main.tf
+++ b/terraform/aws/backend/main.tf
@@ -26,6 +26,10 @@ variable "ssh_public_key" {
type = "string"
}
+variable "ssh_private_key" {
+ type = "string"
+}
+
variable "guix_substitute_servers" {
type = "map"
default = {
@@ -237,8 +241,9 @@ resource "aws_spot_instance_request" "main" {
destination = "/home/ubuntu/guix-daemon.service"
connection {
- type = "ssh"
- user = "ubuntu"
+ type = "ssh"
+ user = "ubuntu"
+ private_key = "${var.ssh_private_key}"
}
}
@@ -247,8 +252,9 @@ resource "aws_spot_instance_request" "main" {
destination = "/home/ubuntu/acl"
connection {
- type = "ssh"
- user = "ubuntu"
+ type = "ssh"
+ user = "ubuntu"
+ private_key = "${var.ssh_private_key}"
}
}
@@ -305,8 +311,9 @@ EOF
]
connection {
- type = "ssh"
- user = "ubuntu"
+ type = "ssh"
+ user = "ubuntu"
+ private_key = "${var.ssh_private_key}"
}
}
}
diff --git a/terraform/aws/mini_environment/main.tf b/terraform/aws/mini_environment/main.tf
index b69f8f5..afeda8d 100644
--- a/terraform/aws/mini_environment/main.tf
+++ b/terraform/aws/mini_environment/main.tf
@@ -30,6 +30,10 @@ variable "backend_remote_state_address" {
type = "string"
}
+variable "ssh_private_key" {
+ type = "string"
+}
+
provider "aws" {
access_key = "${var.aws_access_key}"
secret_key = "${var.aws_secret_key}"
@@ -79,8 +83,9 @@ resource "aws_spot_instance_request" "main" {
destination = "/home/ubuntu/govuk.service"
connection {
- type = "ssh"
- user = "ubuntu"
+ type = "ssh"
+ user = "ubuntu"
+ private_key = "${var.ssh_private_key}"
}
}
@@ -109,8 +114,9 @@ resource "aws_spot_instance_request" "main" {
]
connection {
- type = "ssh"
- user = "ubuntu"
+ type = "ssh"
+ user = "ubuntu"
+ private_key = "${var.ssh_private_key}"
}
}
}