search

GoogleCloudPlatform / pbmm-on-gcp-onboarding

GCP Canadian Public Sector Landing Zone overlay on top of the TEF via CFT modules - a secure cloud foundation
https://cloud.google.com/architecture/security-foundations
Apache License 2.0
45 stars 56 forks source link

Add CSR clone procedure using SSH instead of gcloud for cloud shell #440

Closed obriensystems closed 3 months ago

obriensystems commented 6 months ago

See related #431 and upcoming #439 workaround - local docker and shared drive for AVD/local-machine in #429

Summary of procedure

# generate key on cloud shell
sh-keygen -m PEM -t rsa -P ""
# save to default id_rsa dir/file
cat ~/.ssh/id_rsa.pub 
# upload/register public key on CSR
# return to cloud shell and clone
# replace your email, project and repo (gcp-networks)
git clone ssh://michael@obrienlabs.dev@source.developers.google.com:2022/p/prj-b-cicd-fgbs/r/gcp-networks 
cd gcp-networks
# verify
git status

Use the default id_rsa key name

michael@cloudshell:~/tef-oldev3/_test_repo (tef-oldev3)$ ls ~/.ssh
config  csr_id_rsa  csr_id_rsa.pub  google_compute_engine  google_compute_engine.pub  google_compute_known_hosts  known_hosts  obrienlabs_org_github
michael@cloudshell:~/tef-oldev3/_test_repo (tef-oldev3)$ ssh-keygen -m PEM -t rsa -P ""
Generating public/private rsa key pair.
Enter file in which to save the key (/home/michael/.ssh/id_rsa): 
Your identification has been saved in /home/michael/.ssh/id_rsa
Your public key has been saved in /home/michael/.ssh/id_rsa.pub

michael@cloudshell:~/tef-oldev3/_test_repo (tef-oldev3)$ cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAA...1616-default

register key with CSR

Screenshot 2024-05-15 at 15 06 41 
michael@cloudshell:~/tef-oldev3/_test_repo (tef-oldev3)$ git clone ssh://michael@obrienlabs.dev@source.developers.google.com:2022/p/prj-b-cicd-fgbs/r/gcp-networks 
Cloning into 'gcp-networks'...
warning: You appear to have cloned an empty repository.
michael@cloudshell:~/tef-oldev3/_test_repo (tef-oldev3)$ ls gcp-networks/
michael@cloudshell:~/tef-oldev3/_test_repo (tef-oldev3)$ ls
gcp-environments  gcp-networks  gcp-policies
michael@cloudshell:~/tef-oldev3/_test_repo (tef-oldev3)$ cd gcp-networks/
michael@cloudshell:~/tef-oldev3/_test_repo/gcp-networks (tef-oldev3)$ git status
On branch master
No commits yet
nothing to commit (create/copy files and use "git add" to track)

retrofit the script

security review email

Screenshot 2024-05-15 at 16 19 44
github-actions[bot] commented 3 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days