feat(ssh): set sudo password with argument (allowing me to use pass f…

…or deployments) Signed-off-by: Christina Sørensen <christina@cafkafk.com>
DBCDK · Mar 6, 2024 · f130e47 · f130e47
1 parent d5bf048
commit f130e47
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 14 deletions.
diff --git a/morph.go b/morph.go
@@ -35,6 +35,7 @@ var (
 	deployment          string
 	timeout             int
 	askForSudoPasswd    bool
+	passCmd             string
 	nixBuildArg         []string
 	nixBuildTarget      string
 	nixBuildTargetFile  string
@@ -84,6 +85,13 @@ func askForSudoPasswdFlag(cmd *kingpin.CmdClause) {
 		BoolVar(&askForSudoPasswd)
 }
 
+func getSudoPasswdCommand(cmd *kingpin.CmdClause) {
+	cmd.
+		Flag("passcmd", "Specify command to run for sudo password").
+		Default("").
+		StringVar(&passCmd)
+}
+
 func selectorFlags(cmd *kingpin.CmdClause) {
 	cmd.Flag("on", "Glob for selecting servers in the deployment").
 		Default("*").
@@ -168,6 +176,7 @@ func executeCmd(cmd *kingpin.CmdClause) *kingpin.CmdClause {
 	selectorFlags(cmd)
 	showTraceFlag(cmd)
 	askForSudoPasswdFlag(cmd)
+	getSudoPasswdCommand(cmd)
 	timeoutFlag(cmd)
 	deploymentArg(cmd)
 	cmd.
@@ -185,6 +194,7 @@ func deployCmd(cmd *kingpin.CmdClause) *kingpin.CmdClause {
 	deploymentArg(cmd)
 	timeoutFlag(cmd)
 	askForSudoPasswdFlag(cmd)
+	getSudoPasswdCommand(cmd)
 	skipHealthChecksFlag(cmd)
 	cmd.
 		Flag("upload-secrets", "Upload secrets as part of the host deployment").
@@ -214,6 +224,7 @@ func uploadSecretsCmd(cmd *kingpin.CmdClause) *kingpin.CmdClause {
 	selectorFlags(cmd)
 	showTraceFlag(cmd)
 	askForSudoPasswdFlag(cmd)
+	getSudoPasswdCommand(cmd)
 	skipHealthChecksFlag(cmd)
 	deploymentArg(cmd)
 	return cmd
@@ -439,11 +450,12 @@ func execDeploy(hosts []nix.Host) (string, error) {
 
 func createSSHContext() *ssh.SSHContext {
 	return &ssh.SSHContext{
-		AskForSudoPassword: askForSudoPasswd,
-		IdentityFile:       os.Getenv("SSH_IDENTITY_FILE"),
-		DefaultUsername:    os.Getenv("SSH_USER"),
-		SkipHostKeyCheck:   os.Getenv("SSH_SKIP_HOST_KEY_CHECK") != "",
-		ConfigFile:         os.Getenv("SSH_CONFIG_FILE"),
+		AskForSudoPassword:     askForSudoPasswd,
+		GetSudoPasswordCommand: passCmd,
+		IdentityFile:           os.Getenv("SSH_IDENTITY_FILE"),
+		DefaultUsername:        os.Getenv("SSH_USER"),
+		SkipHostKeyCheck:       os.Getenv("SSH_SKIP_HOST_KEY_CHECK") != "",
+		ConfigFile:             os.Getenv("SSH_CONFIG_FILE"),
 	}
 }
 
@@ -602,9 +614,9 @@ func getNixContext() *nix.NixContext {
 	}
 
 	return &nix.NixContext{
-		EvalCmd: evalCmd,
-		BuildCmd: buildCmd,
-		ShellCmd: shellCmd,
+		EvalCmd:         evalCmd,
+		BuildCmd:        buildCmd,
+		ShellCmd:        shellCmd,
 		EvalMachines:    evalMachines,
 		ShowTrace:       showTrace,
 		KeepGCRoot:      *keepGCRoot,

diff --git a/ssh/ssh.go b/ssh/ssh.go
@@ -39,12 +39,13 @@ type Host interface {
 }
 
 type SSHContext struct {
-	sudoPassword       string
-	AskForSudoPassword bool
-	DefaultUsername    string
-	IdentityFile       string
-	ConfigFile         string
-	SkipHostKeyCheck   bool
+	sudoPassword           string
+	AskForSudoPassword     bool
+	GetSudoPasswordCommand string
+	DefaultUsername        string
+	IdentityFile           string
+	ConfigFile             string
+	SkipHostKeyCheck       bool
 }
 
 type FileTransfer struct {
@@ -136,6 +137,8 @@ func (sshCtx *SSHContext) SudoCmdContext(ctx context.Context, host Host, parts .
 		if err != nil {
 			return nil, err
 		}
+	} else if sshCtx.GetSudoPasswordCommand != "" {
+		sshCtx.sudoPassword = sshCtx.GetSudoPasswordCommand
 	}
 
 	cmd, cmdArgs := sshCtx.sshArgs(host, nil)