CHE-2059 : Each time a workspace is created, register/associate ssh key #2949
Conversation
benoitf
added
status/code-review
|
@sleshchenko @garagatyi if you could review |
|
Build # 864 - FAILED Please check console output at https://ci.codenvycorp.com/job/che-pullrequests-build/864/ to view the results. |
|
Build # 868 - FAILED Please check console output at https://ci.codenvycorp.com/job/che-pullrequests-build/868/ to view the results. |
| // build list of all pairs. | ||
| final List<String> publicKeys; | ||
| if (sshWorkspacePair != null && sshWorkspacePair.getPublicKey() != null) { | ||
| publicKeys = new ArrayList<>(publicMachineKeys.size() + 1); |
There was a problem hiding this comment.
Why do you create list for publicMachineKeys.size() + 1 but put there only one element publicKeys.add(sshWorkspacePair.getPublicKey());? Am I correct?
There was a problem hiding this comment.
You're correct
I need to fix my PR it is missing the other keys
There was a problem hiding this comment.
also tests are not on my PR I think I failed to merge changes to master
There was a problem hiding this comment.
Looks like list creation and addition of publicMachineKeys should be out of if clause. Then size + 1 is fine.
|
|
||
| // build list of all pairs. | ||
| final List<String> publicKeys; | ||
| if (sshWorkspacePair != null && sshWorkspacePair.getPublicKey() != null) { |
There was a problem hiding this comment.
| .filter(sshPair -> sshPair.getPublicKey() != null) | ||
| .map(SshPairImpl::getPublicKey) | ||
| .collect(Collectors.toList()); | ||
|
|
||
| // get workspace keypair | ||
| SshPairImpl sshWorkspacePair = sshManager.getPair(machine.getOwner(), "workspace", event.getWorkspaceId()); |
There was a problem hiding this comment.
I think you should catch NotFoundException here
There was a problem hiding this comment.
I have to catch yes, else it won't work
benoitf
changed the title
| // build list of all pairs. | ||
| final List<String> publicKeys; | ||
| if (sshWorkspacePair != null && sshWorkspacePair.getPublicKey() != null) { | ||
| publicKeys = new ArrayList<>(publicMachineKeys.size() + 1); |
There was a problem hiding this comment.
Looks like list creation and addition of publicMachineKeys should be out of if clause. Then size + 1 is fine.
|
|
||
| @Inject | ||
| public WorkspaceManager(WorkspaceDao workspaceDao, | ||
| WorkspaceRuntimes workspaceRegistry, | ||
| EventService eventService, | ||
| AccountManager accountManager, | ||
| @Named("che.workspace.auto_snapshot") boolean defaultAutoSnapshot, |
There was a problem hiding this comment.
I think that correct names were changed, please check
| @@ -877,6 +882,10 @@ private WorkspaceImpl doCreateWorkspace(WorkspaceConfig config, | |||
| .setAttributes(attributes) | |||
| .setTemporary(isTemporary) | |||
| .build(); | |||
|
|
|||
| // Register default SSH keypair for this workspace | |||
| SshPairImpl sshPair = this.sshManager.generatePair(EnvironmentContext.getCurrent().getSubject().getUserId(), "workspace", workspace.getId()); | |||
There was a problem hiding this comment.
Can you elaborate what this operation does, because it is not obvious why result of this operation is never used.
There was a problem hiding this comment.
We don't need to capture the result (forgot to cleanup)
| @@ -117,6 +118,8 @@ | |||
| private AccountManager accountManager; | |||
| @Mock | |||
| private SnapshotDao snapshotDao; | |||
| @Mock | |||
| private SshManager sshManager; | |||
There was a problem hiding this comment.
Please align variables, because author kept them aligned
| @@ -784,7 +789,8 @@ public void shouldStartWorkspaceFromSnapshotUsingDefaultValueForAutoRestore() th | |||
| accountManager, | |||
| false, | |||
| true, | |||
| snapshotDao)); | |||
| snapshotDao, | |||
| sshManager)); | |||
| final WorkspaceImpl workspace = workspaceManager.createWorkspace(createConfig(), NAMESPACE); | |||
| when(workspaceDao.get(workspace.getId())).thenReturn(workspace); | |||
| when(runtimes.get(any())).thenThrow(new NotFoundException("")); | |||
Change-Id: Ifddfe5398cffd1af31aa93beb5d0674b29270f4f Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
…e ssh key Change-Id: I92b699f2d0744b7789d6b3d4a6cd68fc23ca8777 Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
benoitf
changed the title
|
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/894/ |
| // build list of all pairs. | ||
| final List<String> publicKeys; | ||
| if (sshWorkspacePair != null && sshWorkspacePair.getPublicKey() != null) { | ||
| publicKeys = new ArrayList<>(publicMachineKeys.size() + 1); |
There was a problem hiding this comment.
Why should we create new list? Why we can't just add sshWorkspacePair to publicMachineKeys list?
There was a problem hiding this comment.
existing list may be immutable no ?
|
|
||
| // Register default SSH keypair for this workspace. | ||
| try { | ||
| this.sshManager.generatePair(EnvironmentContext.getCurrent().getSubject().getUserId(), "workspace", workspace.getId()); |
There was a problem hiding this comment.
I think it would better to rewrite this logic by events in ...api-ssh... or che-plugin-machine-ext-server module? Because then ssh module will contain logic related to ssh and workspace module won't contain logic related to ssh :)
@garagatyi WDYT?
Also should we remove default ssh key when workspace is removed?
There was a problem hiding this comment.
I like the idea.
Also should we remove default ssh key when workspace is removed?
I think so
There was a problem hiding this comment.
- about events yes why not but then in api-ssh machine-ext-server is not at the right "level" as it needs to be at workspace level
it would mean that api-ssh depends on api-workspace (in my PR it's the opposite) - on removal of ssh key yes make sense
There was a problem hiding this comment.
api-ssh machine-ext-server is not at the right "level" as it needs to be at workspace level
The main problem is that machine-ext-server module has wrong name :)
We can see here only KeysInjector and Module with binding for it and for RecipeScriptDownloadService. So RecipeScriptDownloadService was moved to api-workspace but binding wasn't. So we should move binding to module in api-workspace or to OnpremisesIdeApiModule
Then machine-ext-server will contains only classes related to ssh keys and you can rename it as you wish, I think :)
WDYT?
…e ssh key Change-Id: I65d149e973f6ebd77ac3fc4c5539373c0b3d672e Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
|
@sleshchenko updated with events |
…e ssh key Change-Id: If2f6a5827ed162cd2f5a2d661fed77242ecf6c67 Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
…e ssh key Change-Id: I1e3d39ea38feb286f904161f46d77b1b53eb4315 Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
|
Build # 903 - FAILED Please check console output at https://ci.codenvycorp.com/job/che-pullrequests-build/903/ to view the results. |
…e ssh key Change-Id: Icbd591ddc13c7e9ee4740dee41e674cc7c5cee45 Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
|
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/905/ |
| sshManager.removePair(EnvironmentContext.getCurrent().getSubject().getUserId(), "workspace", | ||
| workspaceRemovedEvent.getWorkspace().getId()); | ||
| } catch (NotFoundException e) { | ||
| LOG.error(String.format("Do not remove default keypair from workspace %s as it is not existing (workspace ID %s)", |
There was a problem hiding this comment.
I think we should not log this case as error
There was a problem hiding this comment.
ah yes copy/paste error fixed
|
Small question: when user 1 create workspace A and share it for user2. When user2 starts this workspace, he is not able to see this default ssh key. So he is not able to connect to it by ssh. |
…e ssh key Change-Id: I96c1470f8ca973f50b6d12218cd6d419127228c1 Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
|
@sleshchenko I discussed that a couple of weeks ago with Tyler. It was OK that only owner of workspace has the key. Not all people to which we shared the workspace. |
| try { | ||
| final Instance machine = environmentEngine.getMachine(event.getWorkspaceId(), | ||
| event.getMachineId()); | ||
| machine = environmentEngine.getMachine(event.getWorkspaceId(), |
There was a problem hiding this comment.
Did we plan to inject keys into each machine or dev-machines only?
|
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/909/ |
| workspaceRemovedEvent.getWorkspace().getId())); | ||
| } catch (ServerException e) { | ||
| LOG.error(String.format( | ||
| "Error when trying to remove default ssh pair for the workspace %s as it is not existing (workspace ID %s)", |
There was a problem hiding this comment.
Why message says that "it is not existing" on server exception?
| workspaceRemovedEvent.getWorkspace().getConfig().getName(), | ||
| workspaceRemovedEvent.getWorkspace().getId())); | ||
| } catch (ServerException e) { | ||
| LOG.error(String.format( |
There was a problem hiding this comment.
Please use logger format with curly brackets instead of String.format()
| * @author Florent Benoit | ||
| */ | ||
| @Singleton // must be eager | ||
| public class WorkspaceSshKeys { |
There was a problem hiding this comment.
Purpose of this class is not clear from its name, can you rename it?
There was a problem hiding this comment.
For me the name is clear.
Also there is javadoc explaining the purpose so it's subjective
| verifyZeroInteractions(docker, environmentEngine, sshManager); | ||
| } | ||
|
|
||
|
|
| EnvironmentContext.setCurrent(new EnvironmentContext() { | ||
| @Override | ||
| public Subject getSubject() { | ||
| return new SubjectImpl(NAMESPACE, OWNER_ID, "token", false); |
There was a problem hiding this comment.
Don't forget to revert changes in EnvironmentContext to not affect other tests
| @@ -1051,6 +1051,8 @@ public void shouldBeAbleToGetMachineInstanceIfWorkspaceIsStarting() throws Excep | |||
| verify(runtimes).getMachine(workspace.getId(), machine.getId()); | |||
| } | |||
|
|
|||
|
|
|||
…e ssh key Change-Id: Ia3acda4e8cdf3edbcdb6c17536a37b7310736f0f Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
|
@garagatyi fixed |
|
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/912/ |
benoitf
removed
status/code-review
…ey (eclipse-che#2949) * CHE-2059 : Each time a workspace is created, register/associate ssh key Change-Id: Ifddfe5398cffd1af31aa93beb5d0674b29270f4f Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
What does this PR do?
Adds ssh key for creator of workspace. This ssh key can be used to connect on machines
What issues does this PR fix or reference?
#2059
Previous behavior
no ssh key by default
New behavior
Create a workspace
SSH key is associated
You can use then this key to connect to the workspace machines.
Change-Id: Ifddfe5398cffd1af31aa93beb5d0674b29270f4f
Signed-off-by: Florent BENOIT fbenoit@codenvy.com