From e8a41af27ae0b438814c222fd4d6f398729e339f Mon Sep 17 00:00:00 2001 From: Kim Burgestrand Date: Thu, 17 Oct 2024 12:50:59 +0200 Subject: [PATCH 1/3] Actually pass `ssh/config` through to SSHKit options This option is documented as available since #908 in: https://github.com/basecamp/kamal/blob/74a06b0ccda616c86ebe1729d0795f39bcac9f00/lib/kamal/configuration/docs/ssh.yml#L65-L70 However, before this the options don't seem to pass through to SSHKit: https://github.com/basecamp/kamal/blob/74a06b0ccda616c86ebe1729d0795f39bcac9f00/lib/kamal/commander.rb#L167 Since `config` isn't actually returned in `#options`. --- lib/kamal/commands/base.rb | 11 ++++++++++- lib/kamal/configuration/ssh.rb | 6 +++++- test/commands/app_test.rb | 5 +++++ test/configuration/ssh_test.rb | 5 +++++ 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/lib/kamal/commands/base.rb b/lib/kamal/commands/base.rb index c0eac91c..75199ec7 100644 --- a/lib/kamal/commands/base.rb +++ b/lib/kamal/commands/base.rb @@ -11,7 +11,7 @@ def initialize(config) end def run_over_ssh(*command, host:) - "ssh#{ssh_proxy_args} -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ").gsub("'", "'\\\\''")}'" + "ssh#{ssh_proxy_args}#{ssh_config_args} -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ").gsub("'", "'\\\\''")}'" end def container_id_for(container_name:, only_running: false) @@ -94,5 +94,14 @@ def ssh_proxy_args " -o ProxyCommand='#{config.ssh.proxy.command_line_template}'" end end + + def ssh_config_args + case config.ssh.config + when true, nil + "" + when false + " -F none" + end + end end end diff --git a/lib/kamal/configuration/ssh.rb b/lib/kamal/configuration/ssh.rb index dc88367e..ee7c28b0 100644 --- a/lib/kamal/configuration/ssh.rb +++ b/lib/kamal/configuration/ssh.rb @@ -38,8 +38,12 @@ def key_data ssh_config["key_data"] end + def config + ssh_config["config"] + end + def options - { user: user, port: port, proxy: proxy, logger: logger, keepalive: true, keepalive_interval: 30, keys_only: keys_only, keys: keys, key_data: key_data }.compact + { user: user, port: port, proxy: proxy, logger: logger, keepalive: true, keepalive_interval: 30, keys_only: keys_only, keys: keys, key_data: key_data, config: config }.compact end def to_h diff --git a/test/commands/app_test.rb b/test/commands/app_test.rb index 0e5cad79..fa80f9eb 100644 --- a/test/commands/app_test.rb +++ b/test/commands/app_test.rb @@ -300,6 +300,11 @@ class CommandsAppTest < ActiveSupport::TestCase assert_equal "ssh -t root@1.1.1.1 -p 2222 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1") end + test "run over ssh with no config" do + @config[:ssh] = { "config" => false } + assert_equal "ssh -F none -t root@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1") + end + test "run over ssh with proxy" do @config[:ssh] = { "proxy" => "2.2.2.2" } assert_equal "ssh -J root@2.2.2.2 -t root@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1") diff --git a/test/configuration/ssh_test.rb b/test/configuration/ssh_test.rb index 76d1ae9a..acedf721 100644 --- a/test/configuration/ssh_test.rb +++ b/test/configuration/ssh_test.rb @@ -37,4 +37,9 @@ class ConfigurationSshTest < ActiveSupport::TestCase config = Kamal::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "proxy" => "app@1.2.3.4" }) }) assert_equal "app@1.2.3.4", config.ssh.options[:proxy].jump_proxies end + + test "ssh options with disabled ssh_config" do + config = Kamal::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "config" => false }) }) + assert_equal false, config.ssh.options[:config] + end end From 3a634ae2a0383f252d828da9c52479f53e9e11a1 Mon Sep 17 00:00:00 2001 From: Kim Burgestrand Date: Thu, 17 Oct 2024 13:03:48 +0200 Subject: [PATCH 2/3] Allow `ssh/config` to additionally accept a string This is accepted by Net::SSH, research done by @jeremy in https://github.com/basecamp/kamal/pull/908#issuecomment-2387652198 This is already documented as working correctly in https://github.com/basecamp/kamal/blob/74a06b0ccda616c86ebe1729d0795f39bcac9f00/lib/kamal/configuration/docs/ssh.yml#L65-L70 However, before this change only booleans were allowed because of the example configuration file. --- lib/kamal/commands/base.rb | 2 ++ lib/kamal/configuration/ssh.rb | 2 +- lib/kamal/configuration/validator/ssh.rb | 19 +++++++++++++++++++ test/commands/app_test.rb | 5 +++++ test/configuration/ssh_test.rb | 5 +++++ 5 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 lib/kamal/configuration/validator/ssh.rb diff --git a/lib/kamal/commands/base.rb b/lib/kamal/commands/base.rb index 75199ec7..73e698dd 100644 --- a/lib/kamal/commands/base.rb +++ b/lib/kamal/commands/base.rb @@ -101,6 +101,8 @@ def ssh_config_args "" when false " -F none" + when String + " -F #{Shellwords.escape(config.ssh.config)}" end end end diff --git a/lib/kamal/configuration/ssh.rb b/lib/kamal/configuration/ssh.rb index ee7c28b0..28ba9671 100644 --- a/lib/kamal/configuration/ssh.rb +++ b/lib/kamal/configuration/ssh.rb @@ -7,7 +7,7 @@ class Kamal::Configuration::Ssh def initialize(config:) @ssh_config = config.raw_config.ssh || {} - validate! ssh_config + validate! ssh_config, with: Kamal::Configuration::Validator::Ssh end def user diff --git a/lib/kamal/configuration/validator/ssh.rb b/lib/kamal/configuration/validator/ssh.rb new file mode 100644 index 00000000..ffa337ad --- /dev/null +++ b/lib/kamal/configuration/validator/ssh.rb @@ -0,0 +1,19 @@ +class Kamal::Configuration::Validator::Ssh < Kamal::Configuration::Validator + SPECIAL_KEYS = [ "config" ] + + def validate! + validate_against_example! \ + config.except(*SPECIAL_KEYS), + example.except(*SPECIAL_KEYS) + + validate_config_key! if config.key?("config") + end + + private + + def validate_config_key! + with_context(config["config"]) do + validate_type! config["config"], TrueClass, String + end + end +end diff --git a/test/commands/app_test.rb b/test/commands/app_test.rb index fa80f9eb..4d3560d6 100644 --- a/test/commands/app_test.rb +++ b/test/commands/app_test.rb @@ -300,6 +300,11 @@ class CommandsAppTest < ActiveSupport::TestCase assert_equal "ssh -t root@1.1.1.1 -p 2222 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1") end + test "run over ssh with custom config" do + @config[:ssh] = { "config" => "config/ssh config" } + assert_equal "ssh -F config/ssh\\ config -t root@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1") + end + test "run over ssh with no config" do @config[:ssh] = { "config" => false } assert_equal "ssh -F none -t root@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1") diff --git a/test/configuration/ssh_test.rb b/test/configuration/ssh_test.rb index acedf721..8315f6bb 100644 --- a/test/configuration/ssh_test.rb +++ b/test/configuration/ssh_test.rb @@ -42,4 +42,9 @@ class ConfigurationSshTest < ActiveSupport::TestCase config = Kamal::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "config" => false }) }) assert_equal false, config.ssh.options[:config] end + + test "ssh options with path to an ssh_config-file" do + config = Kamal::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "config" => "config/ssh_config" }) }) + assert_equal "config/ssh_config", config.ssh.options[:config] + end end From 25a3f5d1ba568e6718abee4798a58ed4eb5d5475 Mon Sep 17 00:00:00 2001 From: Kim Burgestrand Date: Mon, 28 Oct 2024 22:32:45 +0100 Subject: [PATCH 3/3] `ssh/config` does not accept an array of paths `ssh -F` only accepts a single config file, and it's what we use for interactive commands, e.g. `kamal app logs --follow`. --- lib/kamal/configuration/docs/ssh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/configuration/docs/ssh.yml b/lib/kamal/configuration/docs/ssh.yml index 8d103352..fa4894c5 100644 --- a/lib/kamal/configuration/docs/ssh.yml +++ b/lib/kamal/configuration/docs/ssh.yml @@ -66,5 +66,5 @@ ssh: # # Set to true to load the default OpenSSH config files (~/.ssh/config, # /etc/ssh_config), to false ignore config files, or to a file path - # (or array of paths) to load specific configuration. Defaults to true. + # to load specific configuration. Defaults to true. config: true