Removed hardcoded use of private key files with ssh agent.

john-terrell · May 22, 2020 · dc96b13 · dc96b13
1 parent c34869a
commit dc96b13
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 34 deletions.
diff --git a/provider.go b/provider.go
@@ -1,7 +1,12 @@
 package main
 
 import (
+	"net"
+	"os"
+
 	"github.com/hashicorp/terraform/helper/schema"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/agent"
 )
 
 func Provider() *schema.Provider {
@@ -43,9 +48,20 @@ func providerDataSources() map[string]*schema.Resource {
 }
 
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	sshSocket := os.Getenv("SSH_AUTH_SOCK")
+	agentConnection, err := net.Dial("unix", sshSocket)
+	if err != nil {
+		return nil, err
+	}
+
+	authMethods := []ssh.AuthMethod{}
+	authMethods = append(authMethods, ssh.PublicKeysCallback(agent.NewClient(agentConnection).Signers))
+
 	client := SmartOSClient{
-		host: d.Get("host").(string),
-		user: d.Get("user").(string),
+		host:            d.Get("host").(string),
+		user:            d.Get("user").(string),
+		agentConnection: agentConnection,
+		authMethods:     authMethods,
 	}
 
 	return &client, nil

diff --git a/smartos_client.go b/smartos_client.go
@@ -4,20 +4,20 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"log"
-	"os/user"
-	"path"
+	"net"
 	"regexp"
 
 	"github.com/google/uuid"
 	"golang.org/x/crypto/ssh"
 )
 
 type SmartOSClient struct {
-	host   string
-	user   string
-	client *ssh.Client
+	host            string
+	user            string
+	client          *ssh.Client
+	agentConnection net.Conn
+	authMethods     []ssh.AuthMethod
 }
 
 func (c *SmartOSClient) Connect() error {
@@ -27,41 +27,20 @@ func (c *SmartOSClient) Connect() error {
 		return nil
 	}
 
-	log.Println("Creating client")
-	user, err := user.Current()
-	if err != nil {
-		return err
-	}
-
-	keyPath := path.Join(user.HomeDir, ".ssh", "id_rsa")
-	log.Println("Loading private key from ", keyPath)
-	keyBytes, err := ioutil.ReadFile(keyPath)
-	if err != nil {
-		return err
-	}
-
-	log.Println("Parsing private key")
-	signer, err := ssh.ParsePrivateKey(keyBytes)
-	if err != nil {
-		return err
-	}
-
 	config := &ssh.ClientConfig{
-		User: c.user,
-		Auth: []ssh.AuthMethod{
-			ssh.PublicKeys(signer),
-		},
+		User:            c.user,
+		Auth:            c.authMethods,
 		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
 	}
 
-	log.Println("Connecting to host: ", c.host)
+	log.Println("SSH: Connecting to host: ", c.host)
 	c.client, err = ssh.Dial("tcp", c.host, config)
 	if err != nil {
-		log.Println("Connection failed: ", err.Error())
+		log.Println("SSH: Connection failed: ", err.Error())
 		return err
 	}
 
-	log.Println("Connected successfully")
+	log.Println("SSH: Connected successfully")
 	return nil
 }