shepherd: allow adding additional ssh key

monogon-dev / monogon

The Monogon Monorepo. May contain traces of peanuts and a ✨pure Go Linux userland✨. Work in progress!

https://monogon.tech

Apache License 2.0

378 stars 9 forks source link

shepherd: allow adding additional ssh key #209

Closed fionera closed 1 year ago

fionera commented 1 year ago

to debug we also want a secondary ssh key added to all machines

leoluk commented 1 year ago

Wouldn't the key be inherited from the project?

fionera commented 1 year ago

No. We override it in the deployment api call

fionera commented 1 year ago

I added a flag to not add any key which will use the default behavior of adding all keys

fionera commented 1 year ago

The flag doesnt get accepted smh. This needs some debugging. For now I hardcoded it in the prod container

fionera commented 1 year ago

$ bazelisk run cloud/shepherd/equinix/manager/server:server -- -shepherd_prometheus_insecure "true" -provisioner_use_project_keys "true"
provisioner_use_project_keys: false

$ bazelisk run cloud/shepherd/equinix/manager/server:server -- -shepherd_prometheus_insecure -provisioner_use_project_keys "true"
provisioner_use_project_keys: true

o.O

q3k commented 1 year ago

Go flags are odd: -foo false sets foo to true (by enabling it when specified) and puts false into flag.Args.

https://pkg.go.dev/flag#hdr-Command_line_flag_syntax

This is indeed a footgun and I'm surprised I/we haven't hit that earlier.

fionera commented 1 year ago

https://review.monogon.dev/c/monogon/+/1798 introduces a check for NArgs to prevent this