Fixed SSH setup not correctly processing false value from variable.

drevops · Apr 26, 2024 · 9361fcc · 9361fcc · github-actions · Apr 26, 2024
1 parent 0d1d1c1
commit 9361fcc
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 43 deletions.
diff --git a/.scaffold/tests/bats/_helper.bash b/.scaffold/tests/bats/_helper.bash
@@ -1346,3 +1346,19 @@ process_ahoyyml() {
   sed_opts=(-i) && [ "$(uname)" = "Darwin" ] && sed_opts=(-i '')
   sed "${sed_opts[@]}" 's|cmd: ahoy cli ./scripts/drevops/provision.sh|cmd: if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data; docker compose cp -L .data/db.sql cli:/app/.data/db.sql; fi; ahoy cli \.\/scripts\/drevops\/provision\.sh|g' .ahoy.yml
 }
+
+setup_ssh_key_fixture() {
+  export HOME="${BUILD_DIR}"
+  export SSH_KEY_FIXTURE_DIR="${BUILD_DIR}/.ssh"
+  fixture_prepare_dir "${SSH_KEY_FIXTURE_DIR}"
+}
+
+provision_default_ssh_key() {
+  ssh-keygen -t rsa -b 4096 -N "" -f "${SSH_KEY_FIXTURE_DIR}/id_rsa" >/dev/null
+  ssh-keygen -t rsa -b 4096 -N "" -f "${SSH_KEY_FIXTURE_DIR}/id_rsa_TEST" >/dev/null
+}
+
+provision_ssh_key_with_suffix() {
+  local suffix="${1:-TEST}"
+  ssh-keygen -t rsa -b 4096 -N "" -f "${SSH_KEY_FIXTURE_DIR}/id_rsa_${suffix}" >/dev/null
+}
diff --git a/.scaffold/tests/bats/_helper.deployment.bash b/.scaffold/tests/bats/_helper.deployment.bash
@@ -148,32 +148,13 @@ install_and_build_site() {
   popd >/dev/null || exit 1
 }
 
-setup_ssh_key_fixture() {
-  # Create a fixture directory for ssh keys
-  export HOME="${BUILD_DIR}"
-  export SSH_KEY_FIXTURE_DIR="${BUILD_DIR}/.ssh"
-  fixture_prepare_dir "${SSH_KEY_FIXTURE_DIR}"
-}
-
 setup_robo_fixture() {
   export HOME="${BUILD_DIR}"
   fixture_prepare_dir "${HOME}/.composer/vendor/bin"
   touch "${HOME}/.composer/vendor/bin/robo"
   chmod +x "${HOME}/.composer/vendor/bin/robo"
 }
 
-provision_default_ssh_key() {
-    # Generate fixture keys.
-  ssh-keygen -t rsa -b 4096 -N "" -f "${SSH_KEY_FIXTURE_DIR}/id_rsa"
-  # Generate SSH key with TEST suffix.
-  ssh-keygen -t rsa -b 4096 -N "" -f "${SSH_KEY_FIXTURE_DIR}/id_rsa_TEST"
-}
-
-provision_ssh_key_with_suffix() {
-  local suffix="${1:-TEST}"
-  ssh-keygen -t rsa -b 4096 -N "" -f "${SSH_KEY_FIXTURE_DIR}/id_rsa_${suffix}"
-}
-
 provision_docker_config_file() {
   export HOME="${BUILD_DIR}"
   fixture_prepare_dir "${HOME}/.docker"

diff --git a/.scaffold/tests/bats/deployment-artifact.bats b/.scaffold/tests/bats/deployment-artifact.bats
@@ -50,6 +50,7 @@ load _helper.deployment.bash
 
 @test "Artifact deployment, global git username and email configured, default SSH Key" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
   setup_robo_fixture
   provision_default_ssh_key

diff --git a/.scaffold/tests/bats/setup-ssh.bats b/.scaffold/tests/bats/setup-ssh.bats
@@ -5,45 +5,66 @@
 # shellcheck disable=SC2030,SC2031,SC2129,SC2155
 
 load _helper.bash
-load _helper.deployment.bash
 
 @test "No DREVOPS_SSH_PREFIX" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
+
   run scripts/drevops/setup-ssh.sh
   assert_failure
   assert_output_contains "Missing the required DREVOPS_SSH_PREFIX environment variable"
+
   popd >/dev/null
 }
 
-@test "Use default SSH Key, SSH Key missing" {
+@test "SSH setup in not required" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
-  export DREVOPS_SSH_PREFIX="test"
+  export DREVOPS_SSH_PREFIX="TEST"
+  export DREVOPS_TEST_SSH_FILE=false
+
+  run scripts/drevops/setup-ssh.sh
+  assert_success
+  assert_output_contains "Found variable DREVOPS_TEST_SSH_FILE with value false."
+
+  popd >/dev/null
+}
+
+@test "Default SSH Key, SSH Key missing" {
+  pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
+  setup_ssh_key_fixture
+  export DREVOPS_SSH_PREFIX="TEST"
   local file=${HOME}/.ssh/id_rsa
+
   run scripts/drevops/setup-ssh.sh
   assert_failure
-  assert_output_contains "Using default SSH file ${file}."
+
+  assert_output_contains "Did not find fingerprint variable DREVOPS_TEST_SSH_FINGERPRINT."
+  assert_output_contains "Did not find a variable DREVOPS_test_SSH_FILE. Using default value ${file}."
   assert_output_contains "SSH key file ${file} does not exist."
 
   popd >/dev/null
 }
 
-@test "Use default SSH Key, SSH Key exists" {
+@test "Default SSH Key, SSH Key exists" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
   provision_default_ssh_key
-
-  export DREVOPS_SSH_PREFIX="test"
+  export DREVOPS_SSH_PREFIX="TEST"
   local file=${HOME}/.ssh/id_rsa
 
   declare -a STEPS=(
-    "Using default SSH file ${file}."
-    "Using SSH key file ${file}."
+    "Did not find fingerprint variable DREVOPS_TEST_SSH_FINGERPRINT."
+    "Did not find a variable DREVOPS_TEST_SSH_FILE. Using default value ${file}."
     "@ssh-add -l # ${file}"
     "SSH agent has ${file} key loaded."
   )
   mocks="$(run_steps "setup")"
+
   run scripts/drevops/setup-ssh.sh
   assert_success
   run_steps "assert" "${mocks[@]}"
@@ -76,12 +97,14 @@ load _helper.deployment.bash
 
 @test "Use SSH Fingerprint, No matching SSH Key, Cannot load to agent" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
-  export DREVOPS_SSH_PREFIX="test"
+  export DREVOPS_SSH_PREFIX="TEST"
   export DREVOPS_TEST_SSH_FINGERPRINT="DOES_NOT_EXIST"
+
   run scripts/drevops/setup-ssh.sh
   assert_failure
-  assert_output_contains "Found variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
+  assert_output_contains "Found fingerprint variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
   assert_output_contains "Using fingerprint-based deploy key because fingerprint was provided."
   assert_output_contains "SSH key file ${HOME}/.ssh/id_rsa_${DREVOPS_TEST_SSH_FINGERPRINT} does not exist."
 
@@ -90,20 +113,23 @@ load _helper.deployment.bash
 
 @test "Use SSH Fingerprint, SSH Key provided" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
   # Assert using fingerprint with ssh key
   export DREVOPS_TEST_SSH_FINGERPRINT="TEST"
   provision_ssh_key_with_suffix ${DREVOPS_TEST_SSH_FINGERPRINT}
-  export DREVOPS_SSH_PREFIX="test"
+  export DREVOPS_SSH_PREFIX="TEST"
   local file="${SSH_KEY_FIXTURE_DIR}/id_rsa_${DREVOPS_TEST_SSH_FINGERPRINT}"
+
   declare -a STEPS=(
-    "Found variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
+    "Found fingerprint variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
     "Using fingerprint-based deploy key because fingerprint was provided."
     "Using SSH key file ${file}."
     "@ssh-add -l # ${file}"
     "SSH agent has ${file} key loaded."
   )
   mocks="$(run_steps "setup")"
+
   run scripts/drevops/setup-ssh.sh
   assert_success
   run_steps "assert" "${mocks[@]}"
@@ -113,6 +139,7 @@ load _helper.deployment.bash
 
 @test "Loading SSH key to SSH Agent, Key exists, CI environment" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
 
   # Assert does not have key loaded
@@ -121,8 +148,9 @@ load _helper.deployment.bash
   provision_ssh_key_with_suffix ${DREVOPS_IDENTIFIER_SSH_FINGERPRINT}
   export CI="1"
   local file="${SSH_KEY_FIXTURE_DIR}/id_rsa_${DREVOPS_IDENTIFIER_SSH_FINGERPRINT}"
+
   declare -a STEPS=(
-    "Found variable DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FINGERPRINT with value ${DREVOPS_IDENTIFIER_SSH_FINGERPRINT}."
+    "Found fingerprint variable DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FINGERPRINT with value ${DREVOPS_IDENTIFIER_SSH_FINGERPRINT}."
     "Using fingerprint-based deploy key because fingerprint was provided."
     "Using SSH key file ${file}."
     "@ssh-add -l # The agent has no identities."
@@ -135,6 +163,7 @@ load _helper.deployment.bash
     "Finished SSH setup."
   )
   mocks="$(run_steps "setup")"
+
   run scripts/drevops/setup-ssh.sh
   assert_success
   run_steps "assert" "${mocks[@]}"
@@ -144,22 +173,26 @@ load _helper.deployment.bash
 
 @test "Key provided, MD5 Fingerprint, Key not found" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
   local suffix="TEST"
   provision_ssh_key_with_suffix ${suffix}
-  export DREVOPS_SSH_PREFIX="test"
+  export DREVOPS_SSH_PREFIX="TEST"
   export DREVOPS_TEST_SSH_FINGERPRINT="$(ssh-keygen -l -E md5 -f "${SSH_KEY_FIXTURE_DIR}/id_rsa_${suffix}" | awk '{print $2}')"
   export DREVOPS_TEST_SSH_FILE="${SSH_KEY_FIXTURE_DIR}/id_rsa_${suffix}"
+
   export CI=""
   local ssh_key_file="${DREVOPS_TEST_SSH_FINGERPRINT//:/}"
   ssh_key_file="${HOME}/.ssh/id_rsa_${ssh_key_file//\"/}"
+
   declare -a STEPS=(
-    "Found variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
+    "Found fingerprint variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
     "Found variable DREVOPS_TEST_SSH_FILE with value ${DREVOPS_TEST_SSH_FILE}."
     "Using fingerprint-based deploy key because fingerprint was provided."
     "SSH key file ${ssh_key_file} does not exist."
   )
   mocks="$(run_steps "setup")"
+
   run scripts/drevops/setup-ssh.sh
   assert_failure
   run_steps "assert" "${mocks[@]}"
@@ -169,26 +202,30 @@ load _helper.deployment.bash
 
 @test "Key found, SHA256 fingerprint, Not CI environment" {
   pushd "${LOCAL_REPO_DIR}" >/dev/null || exit 1
+
   setup_ssh_key_fixture
   local suffix="TEST"
   provision_ssh_key_with_suffix ${suffix}
   export DREVOPS_SSH_PREFIX="TEST"
   export DREVOPS_TEST_SSH_FINGERPRINT="$(ssh-keygen -l -E sha256 -f "${SSH_KEY_FIXTURE_DIR}/id_rsa_${suffix}" | awk '{print $2}')"
+
   export CI=""
   local md5_fingerprint="$(ssh-keygen -l -E md5 -f "${SSH_KEY_FIXTURE_DIR}/id_rsa_${suffix}" | awk '{print $2}')"
   md5_fingerprint="${md5_fingerprint#MD5:}"
   local ssh_key_file="${md5_fingerprint//:/}"
   ssh_key_file="${HOME}/.ssh/id_rsa_${ssh_key_file//\"/}"
   local file="${SSH_KEY_FIXTURE_DIR}/id_rsa_${suffix}"
+
   declare -a STEPS=(
-    "Found variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
+    "Found fingerprint variable DREVOPS_TEST_SSH_FINGERPRINT with value ${DREVOPS_TEST_SSH_FINGERPRINT}."
     "Using fingerprint-based deploy key because fingerprint was provided."
     "Searching for MD5 hash as fingerprint starts with SHA256."
     "Found matching existing key file ${file}."
     "SSH key file ${ssh_key_file} does not exist."
     "- Disabling strict host key checking in CI."
   )
   mocks="$(run_steps "setup")"
+
   run scripts/drevops/setup-ssh.sh
   assert_failure
   run_steps "assert" "${mocks[@]}"

diff --git a/scripts/drevops/setup-ssh.sh b/scripts/drevops/setup-ssh.sh
@@ -33,17 +33,14 @@ pass() { [ "${TERM:-}" != "dumb" ] && tput colors >/dev/null 2>&1 && printf "\03
 fail() { [ "${TERM:-}" != "dumb" ] && tput colors >/dev/null 2>&1 && printf "\033[31m[FAIL] %s\033[0m\n" "${1}" || printf "[FAIL] %s\n" "${1}"; }
 # @formatter:on
 
-for cmd in ssh-keygen ssh-add; do command -v ${cmd} >/dev/null || {
-  fail "Command ${cmd} is not available"
-  exit 1
-}; done
-
 info "Started SSH setup."
 
 fingerprint_var="DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FINGERPRINT"
 if [ -n "${!fingerprint_var-}" ]; then
   fingerprint="${!fingerprint_var}"
-  note "Found variable ${fingerprint_var} with value ${fingerprint}."
+  note "Found fingerprint variable ${fingerprint_var} with value ${fingerprint}."
+else
+  note "Did not find fingerprint variable ${fingerprint_var}."
 fi
 
 file_var="DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FILE"
@@ -52,7 +49,13 @@ if [ -n "${!file_var-}" ]; then
   note "Found variable ${file_var} with value ${file}."
 else
   file="${HOME}/.ssh/id_rsa"
-  note "Using default SSH file ${file}."
+  note "Did not find a variable ${file_var}. Using default value ${file}."
+fi
+
+if [ "${file}" = false ]; then
+  pass "SSH key is set to false meaning that it is not required. Skipping setup."
+  export "${file_var}=${file}"
+  [ "${BASH_SOURCE[0]}" != "$0" ] && return 0 || exit 0
 fi
 
 if [ -n "${fingerprint-}" ]; then