From f84e9de77d733b58b1a0ad13dc92af6b69bc4f2a Mon Sep 17 00:00:00 2001 From: Johannes Faltermeier Date: Thu, 30 Mar 2023 15:12:25 +0200 Subject: [PATCH 1/8] Git Init Container for cloning #69 * create init container that can be used to checkout git repositories with https and ssh --- .vscode/extensions.json | 5 +- doc/docs/Building-Internal.md | 7 +++ dockerfiles/git-init/Dockerfile | 16 +++++++ python/git-init/README.md | 56 ++++++++++++++++++++++ python/git-init/entrypoint.sh | 6 +++ python/git-init/git-askpw.py | 12 +++++ python/git-init/git-init.py | 85 +++++++++++++++++++++++++++++++++ python/git-init/ssh-keyscan.sh | 2 + 8 files changed, 187 insertions(+), 2 deletions(-) create mode 100644 dockerfiles/git-init/Dockerfile create mode 100644 python/git-init/README.md create mode 100755 python/git-init/entrypoint.sh create mode 100755 python/git-init/git-askpw.py create mode 100755 python/git-init/git-init.py create mode 100755 python/git-init/ssh-keyscan.sh diff --git a/.vscode/extensions.json b/.vscode/extensions.json index cad1a218..91ec209a 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,5 +1,6 @@ { "recommendations": [ - "hashicorp.terraform" + "hashicorp.terraform", + "ms-python.python" ] -} \ No newline at end of file +} diff --git a/doc/docs/Building-Internal.md b/doc/docs/Building-Internal.md index b0384e57..46dbbda3 100644 --- a/doc/docs/Building-Internal.md +++ b/doc/docs/Building-Internal.md @@ -61,3 +61,10 @@ Build and push the operator with: docker build --no-cache -t theiacloud/theia-cloud-operator:latest -f dockerfiles/operator/Dockerfile . docker push theiacloud/theia-cloud-operator:latest ``` + +Build and pish the git-init container: + +```bash +docker build -t theiacloud/theia-cloud-git-init:latest -f dockerfiles/git-init/Dockerfile . +docker push theiacloud/theia-cloud-git-init:latest +``` diff --git a/dockerfiles/git-init/Dockerfile b/dockerfiles/git-init/Dockerfile new file mode 100644 index 00000000..0897c342 --- /dev/null +++ b/dockerfiles/git-init/Dockerfile @@ -0,0 +1,16 @@ +FROM debian:11-slim + +RUN apt update && \ + apt install python git -y && \ + apt clean + +WORKDIR /tmp +COPY python/git-init/entrypoint.sh . +COPY python/git-init/ssh-keyscan.sh . +COPY python/git-init/git-init.py . +COPY python/git-init/git-askpw.py . + +ENV GIT_ASKPASS=/tmp/git-askpw.py + +ENTRYPOINT [ "/tmp/entrypoint.sh" ] +CMD ["-h"] \ No newline at end of file diff --git a/python/git-init/README.md b/python/git-init/README.md new file mode 100644 index 00000000..7c08e313 --- /dev/null +++ b/python/git-init/README.md @@ -0,0 +1,56 @@ +# Git Init Container + +## Scenarios + +- HTTP(S) + - No Auth + - Ask for password only + - Ask for username and password +- SSH + - No Auth + - Ask for password + +## Testing + +### Build init container + +```bash +docker build -t theiacloud/theia-cloud-git-init:local -f dockerfiles/git-init/Dockerfile . +``` + +### Generate Test SSH Key Pair + +```bash +# don't save in ~/.ssh/... but e.g. in ~/tmp/ssh/id_theiacloud +ssh-keygen -t ed25519 -C "Test TC Git Init SSH Keypair" +``` + +### Test Checkout + +```bash +# Adjust URLs and Password/PATs below +# keep spaces in front to avoid command being added to bash history + export HTTP_PUBLIC=https://github.com/eclipsesource/theia-cloud.git + export HTTP_PRIVATE=https://gitlab.eclipse.org/username/my.repository.git + export HTTP_PRIVATE_WITH_USERNAME=https://username@gitlab.eclipse.org/username/my.repository.git + export HTTP_PRIVATE_WITH_USERNAME_AND_PASSWORD=https://username:pat@gitlab.eclipse.org/username/my.repository.git + export HTTP_USERNAME=username + export HTTP_PASSWORD=pat + export SSH_PASSWORD=sshpw + export SSH_REPO="git@gitlab.eclipse.org:username/my.repository.git" + +# HTTPS Public +docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PUBLIC" "/tmp/my-repo" + +# HTTPS Private +docker run --env GIT_PROMPT1=$HTTP_USERNAME --env GIT_PROMPT2=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE" "/tmp/my-repo" + +# HTTPS Private with Username +docker run --env GIT_PROMPT1=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE_WITH_USERNAME" "/tmp/my-repo" + +# HTTPS Private with Username and Password +docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE_WITH_USERNAME_AND_PASSWORD" "/tmp/my-repo" + +# SSH +docker run --env GIT_PROMPT1=$SSH_PASSWORD -v ~/tmp/ssh/:/etc/theia-cloud-ssh --rm theiacloud/theia-cloud-git-init:local "$SSH_REPO" "/tmp/my-repo" +``` diff --git a/python/git-init/entrypoint.sh b/python/git-init/entrypoint.sh new file mode 100755 index 00000000..fbe4d69a --- /dev/null +++ b/python/git-init/entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/bash +eval `ssh-agent` +mkdir $HOME/.ssh +touch $HOME/.ssh/known_hosts +[ -e /etc/theia-cloud-ssh/id_theiacloud ] && { sleep 1; echo $GIT_PROMPT1; } | script -q /dev/null -c 'ssh-add /etc/theia-cloud-ssh/id_theiacloud' +python git-init.py "$@" \ No newline at end of file diff --git a/python/git-init/git-askpw.py b/python/git-init/git-askpw.py new file mode 100755 index 00000000..07783a36 --- /dev/null +++ b/python/git-init/git-askpw.py @@ -0,0 +1,12 @@ +#!/usr/bin/env python +import os + +path = "/tmp/theia-cloud-askpw" + +if os.path.isfile(path): + prompt2 = os.environ['GIT_PROMPT2'] + print(prompt2) +else: + prompt1 = os.environ['GIT_PROMPT1'] + print(prompt1) + os.mknod(path) diff --git a/python/git-init/git-init.py b/python/git-init/git-init.py new file mode 100755 index 00000000..d11d3de2 --- /dev/null +++ b/python/git-init/git-init.py @@ -0,0 +1,85 @@ +#!/usr/bin/env python + +import argparse +import subprocess +import os +import sys + +debugLogging = False +sshKey = "/etc/theia-cloud-ssh/id_theiacloud" +NL = "\n" + + +def runProcess(args): + process = subprocess.Popen( + args, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + stdout, stderr = process.communicate() + process.wait() + out = stdout.decode('ascii') + if len(out) > 0: + sys.stdout.write(out + NL) + if process.returncode != 0: + sys.stderr.write(stderr.decode('ascii') + NL) + return process.returncode + +def getHostname(repository): + # remove protocol, if any + split = repository.split("://", 1) + if len(split) == 1: + repository = split[0] + else: + repository = split[1] + if debugLogging: + sys.stdout.write("getHostname 1: " + repository + NL) + + # remove path, if any + split = repository.split("/", 1) + repository = split[0] + if debugLogging: + sys.stdout.write("getHostname 2: " + repository + NL) + + # remove user information, if any + split = repository.split("@", 1) + if len(split) == 1: + repository = split[0] + else: + repository = split[1] + if debugLogging: + sys.stdout.write("getHostname 3: " + repository + NL) + + # remove trailing information, if any + split = repository.split(":", 1) + repository = split[0] + if debugLogging: + sys.stdout.write("getHostname 4: " + repository + NL) + + return repository + +parser = argparse.ArgumentParser() +parser.add_argument("repository", help="The repository URL", type=str) +parser.add_argument("directory", help="The directory to clone into", type=str) +args = parser.parse_args() + +# Set up git credential helper +code = runProcess(["git", "config", "--global", "credential.helper", "store"]) +if code != 0: + exit(code) + +# Check if SSH key is available, if so prepare clone with SSH +if os.path.isfile(sshKey): + # Add know host + code = runProcess(["/tmp/ssh-keyscan.sh", getHostname(args.repository)]) + if code != 0: + exit(code) + + if debugLogging: + runProcess(["ssh-add", "-l"]) + runProcess(["cat", "/root/.ssh/known_hosts"]) + +# Clone repository +code = runProcess(["git", "clone", args.repository, args.directory]) +if code != 0: + exit(code) + +if debugLogging: + runProcess(["ls", "-al", args.directory]) diff --git a/python/git-init/ssh-keyscan.sh b/python/git-init/ssh-keyscan.sh new file mode 100755 index 00000000..8926badb --- /dev/null +++ b/python/git-init/ssh-keyscan.sh @@ -0,0 +1,2 @@ +#!/bin/bash +ssh-keyscan -H $@ >> /root/.ssh/known_hosts \ No newline at end of file From a873805d2fc226d320ddbf077c18039b1a33936f Mon Sep 17 00:00:00 2001 From: Johannes Faltermeier Date: Mon, 15 May 2023 15:28:20 +0200 Subject: [PATCH 2/8] Git Init Container checkout #69 * add ability to checkout branches/commits/tags --- python/git-init/README.md | 11 ++++++----- python/git-init/git-init.py | 9 +++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/python/git-init/README.md b/python/git-init/README.md index 7c08e313..919ff014 100644 --- a/python/git-init/README.md +++ b/python/git-init/README.md @@ -38,19 +38,20 @@ ssh-keygen -t ed25519 -C "Test TC Git Init SSH Keypair" export HTTP_PASSWORD=pat export SSH_PASSWORD=sshpw export SSH_REPO="git@gitlab.eclipse.org:username/my.repository.git" + export BRANCH=maintenance_1_1_x # HTTPS Public -docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PUBLIC" "/tmp/my-repo" +docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PUBLIC" "/tmp/my-repo" "$BRANCH" # HTTPS Private -docker run --env GIT_PROMPT1=$HTTP_USERNAME --env GIT_PROMPT2=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE" "/tmp/my-repo" +docker run --env GIT_PROMPT1=$HTTP_USERNAME --env GIT_PROMPT2=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE" "/tmp/my-repo" "$BRANCH" # HTTPS Private with Username -docker run --env GIT_PROMPT1=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE_WITH_USERNAME" "/tmp/my-repo" +docker run --env GIT_PROMPT1=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE_WITH_USERNAME" "/tmp/my-repo" "$BRANCH" # HTTPS Private with Username and Password -docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE_WITH_USERNAME_AND_PASSWORD" "/tmp/my-repo" +docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE_WITH_USERNAME_AND_PASSWORD" "/tmp/my-repo" "$BRANCH" # SSH -docker run --env GIT_PROMPT1=$SSH_PASSWORD -v ~/tmp/ssh/:/etc/theia-cloud-ssh --rm theiacloud/theia-cloud-git-init:local "$SSH_REPO" "/tmp/my-repo" +docker run --env GIT_PROMPT1=$SSH_PASSWORD -v ~/tmp/ssh/:/etc/theia-cloud-ssh --rm theiacloud/theia-cloud-git-init:local "$SSH_REPO" "/tmp/my-repo" "$BRANCH" ``` diff --git a/python/git-init/git-init.py b/python/git-init/git-init.py index d11d3de2..448fb1a9 100755 --- a/python/git-init/git-init.py +++ b/python/git-init/git-init.py @@ -58,6 +58,7 @@ def getHostname(repository): parser = argparse.ArgumentParser() parser.add_argument("repository", help="The repository URL", type=str) parser.add_argument("directory", help="The directory to clone into", type=str) +parser.add_argument("checkout", help="The branch/commit id/tag to checkout", type=str) args = parser.parse_args() # Set up git credential helper @@ -83,3 +84,11 @@ def getHostname(repository): if debugLogging: runProcess(["ls", "-al", args.directory]) + +# Checkout +code = runProcess(["git", "-C", args.directory, "checkout", args.checkout]) +if code != 0: + exit(code) + +if debugLogging: + runProcess(["git", "-C", args.directory, "status"]) From 9e3c93abcc041ab0e076c04fc77ffdf3ad554e47 Mon Sep 17 00:00:00 2001 From: Johannes Faltermeier Date: Mon, 15 May 2023 15:47:07 +0200 Subject: [PATCH 3/8] Introduce concept of init actions to Theia Cloud #69 * add list of InitOperations to Session * introduce binding of multiple InitOperationHandler * implement GitInitOperationHandler * add init container with required environment variables for HTTP(S) Git checkout * checks that the secret is allowed to be used by this user and by this InitOperationHandler --- .../.settings/org.eclipse.jdt.ui.prefs | 2 +- .../cloud/common/k8s/resource/Session.java | 4 +- .../common/k8s/resource/SessionSpec.java | 192 ++++++++++++---- .../.settings/org.eclipse.jdt.ui.prefs | 2 +- .../di/AbstractTheiaCloudOperatorModule.java | 7 + .../handler/InitOperationHandler.java | 35 +++ .../handler/impl/AddedHandlerUtil.java | 70 ++++++ .../handler/impl/GitInitOperationHandler.java | 211 ++++++++++++++++++ .../handler/impl/LazySessionHandler.java | 51 +---- .../.settings/org.eclipse.jdt.ui.prefs | 2 +- python/git-init/README.md | 43 +++- terraform/configurations/.gitignore | 1 + 12 files changed, 528 insertions(+), 92 deletions(-) create mode 100644 java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/InitOperationHandler.java create mode 100644 java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/GitInitOperationHandler.java create mode 100644 terraform/configurations/.gitignore diff --git a/java/common/org.eclipse.theia.cloud.common/.settings/org.eclipse.jdt.ui.prefs b/java/common/org.eclipse.theia.cloud.common/.settings/org.eclipse.jdt.ui.prefs index 606155f8..766a660b 100644 --- a/java/common/org.eclipse.theia.cloud.common/.settings/org.eclipse.jdt.ui.prefs +++ b/java/common/org.eclipse.theia.cloud.common/.settings/org.eclipse.jdt.ui.prefs @@ -3,7 +3,7 @@ editor_save_participant_org.eclipse.jdt.ui.postsavelistener.cleanup=true formatter_profile=org.eclipse.jdt.ui.default.sun_profile formatter_settings_version=21 org.eclipse.jdt.ui.javadoc=false -org.eclipse.jdt.ui.text.custom_code_templates=