Closed fionera closed 1 year ago
Wouldn't the key be inherited from the project?
No. We override it in the deployment api call
I added a flag to not add any key which will use the default behavior of adding all keys
The flag doesnt get accepted smh. This needs some debugging. For now I hardcoded it in the prod container
$ bazelisk run cloud/shepherd/equinix/manager/server:server -- -shepherd_prometheus_insecure "true" -provisioner_use_project_keys "true"
provisioner_use_project_keys: false
$ bazelisk run cloud/shepherd/equinix/manager/server:server -- -shepherd_prometheus_insecure -provisioner_use_project_keys "true"
provisioner_use_project_keys: true
o.O
Go flags are odd: -foo false
sets foo
to true (by enabling it when specified) and puts false into flag.Args
.
https://pkg.go.dev/flag#hdr-Command_line_flag_syntax
This is indeed a footgun and I'm surprised I/we haven't hit that earlier.
https://review.monogon.dev/c/monogon/+/1798 introduces a check for NArgs to prevent this
to debug we also want a secondary ssh key added to all machines