coder
diff --git a/‎.github/CODEOWNERS
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS
Lines changed: 1 addition & 0 deletions
diff --git a/‎agent/agent.go
Lines changed: 5 additions & 0 deletions b/‎agent/agent.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎agent/agent_test.go
Lines changed: 35 additions & 38 deletions b/‎agent/agent_test.go
Lines changed: 35 additions & 38 deletions
diff --git a/‎cli/cliui/prompt.go
Lines changed: 3 additions & 2 deletions b/‎cli/cliui/prompt.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎cli/config/file.go
Lines changed: 4 additions & 0 deletions b/‎cli/config/file.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎cli/gitssh.go
Lines changed: 62 additions & 0 deletions b/‎cli/gitssh.go
Lines changed: 62 additions & 0 deletions
diff --git a/‎cli/gitssh_test.go
Lines changed: 129 additions & 0 deletions b/‎cli/gitssh_test.go
Lines changed: 129 additions & 0 deletions
diff --git a/‎cli/publickey.go
Lines changed: 29 additions & 0 deletions b/‎cli/publickey.go
Lines changed: 29 additions & 0 deletions
@@ -1 +1,2 @@
 site @coder/frontend
+site/src/xServices @presleyp
@@ -230,6 +230,11 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
 
 	cmd := exec.CommandContext(session.Context(), command, args...)
 	cmd.Env = append(os.Environ(), session.Environ()...)
+	executablePath, err := os.Executable()
+	if err != nil {
+		return xerrors.Errorf("getting os executable: %w", err)
+	}
+	cmd.Env = append(session.Environ(), fmt.Sprintf(`GIT_SSH_COMMAND="%s gitssh --"`, executablePath))
 
 	sshPty, windowSize, isPty := session.Pty()
 	if isPty {
 
@@ -29,24 +29,7 @@ func TestAgent(t *testing.T) {
 	t.Parallel()
 	t.Run("SessionExec", func(t *testing.T) {
 		t.Parallel()
-		api := setup(t)
-		stream, err := api.NegotiateConnection(context.Background())
-		require.NoError(t, err)
-		conn, err := peerbroker.Dial(stream, []webrtc.ICEServer{}, &peer.ConnOptions{
-			Logger: slogtest.Make(t, nil),
-		})
-		require.NoError(t, err)
-		t.Cleanup(func() {
-			_ = conn.Close()
-		})
-		client := agent.Conn{
-			Negotiator: api,
-			Conn:       conn,
-		}
-		sshClient, err := client.SSHClient()
-		require.NoError(t, err)
-		session, err := sshClient.NewSession()
-		require.NoError(t, err)
+		session := setupSSH(t)
 		command := "echo test"
 		if runtime.GOOS == "windows" {
 			command = "cmd.exe /c echo test"
@@ -56,33 +39,28 @@ func TestAgent(t *testing.T) {
 		require.Equal(t, "test", strings.TrimSpace(string(output)))
 	})
 
-	t.Run("SessionTTY", func(t *testing.T) {
+	t.Run("GitSSH", func(t *testing.T) {
 		t.Parallel()
-		api := setup(t)
-		stream, err := api.NegotiateConnection(context.Background())
-		require.NoError(t, err)
-		conn, err := peerbroker.Dial(stream, []webrtc.ICEServer{}, &peer.ConnOptions{
-			Logger: slogtest.Make(t, nil),
-		})
-		require.NoError(t, err)
-		t.Cleanup(func() {
-			_ = conn.Close()
-		})
-		client := &agent.Conn{
-			Negotiator: api,
-			Conn:       conn,
+		session := setupSSH(t)
+		command := "sh -c 'echo $GIT_SSH_COMMAND'"
+		if runtime.GOOS == "windows" {
+			command = "cmd.exe /c echo %GIT_SSH_COMMAND%"
 		}
-		sshClient, err := client.SSHClient()
-		require.NoError(t, err)
-		session, err := sshClient.NewSession()
+		output, err := session.Output(command)
 		require.NoError(t, err)
+		require.Contains(t, string(output), "gitssh --")
+	})
+
+	t.Run("SessionTTY", func(t *testing.T) {
+		t.Parallel()
+		session := setupSSH(t)
 		prompt := "$"
 		command := "bash"
 		if runtime.GOOS == "windows" {
 			command = "cmd.exe"
 			prompt = ">"
 		}
-		err = session.RequestPty("xterm", 128, 128, ssh.TerminalModes{})
+		err := session.RequestPty("xterm", 128, 128, ssh.TerminalModes{})
 		require.NoError(t, err)
 		ptty := ptytest.New(t)
 		require.NoError(t, err)
@@ -100,7 +78,7 @@ func TestAgent(t *testing.T) {
 	})
 }
 
-func setup(t *testing.T) proto.DRPCPeerBrokerClient {
+func setupSSH(t *testing.T) *ssh.Session {
 	client, server := provisionersdk.TransportPipe()
 	closer := agent.New(func(ctx context.Context, opts *peer.ConnOptions) (*peerbroker.Listener, error) {
 		return peerbroker.Listen(server, nil, opts)
@@ -112,5 +90,24 @@ func setup(t *testing.T) proto.DRPCPeerBrokerClient {
 		_ = server.Close()
 		_ = closer.Close()
 	})
-	return proto.NewDRPCPeerBrokerClient(provisionersdk.Conn(client))
+	api := proto.NewDRPCPeerBrokerClient(provisionersdk.Conn(client))
+	stream, err := api.NegotiateConnection(context.Background())
+	require.NoError(t, err)
+	conn, err := peerbroker.Dial(stream, []webrtc.ICEServer{}, &peer.ConnOptions{
+		Logger: slogtest.Make(t, nil),
+	})
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		_ = conn.Close()
+	})
+	agentClient := &agent.Conn{
+		Negotiator: api,
+		Conn:       conn,
+	}
+	sshClient, err := agentClient.SSHClient()
+	require.NoError(t, err)
+	session, err := sshClient.NewSession()
+	require.NoError(t, err)
+
+	return session
 }
@@ -14,6 +14,7 @@ import (
 	"github.com/bgentry/speakeasy"
 	"github.com/mattn/go-isatty"
 	"github.com/spf13/cobra"
+	"golang.org/x/xerrors"
 )
 
 // PromptOptions supply a set of options to the prompt.
@@ -48,7 +49,7 @@ func Prompt(cmd *cobra.Command, opts PromptOptions) (string, error) {
 		if opts.Secret && valid && isatty.IsTerminal(inFile.Fd()) {
 			line, err = speakeasy.Ask("")
 		} else {
-			if runtime.GOOS == "darwin" && valid {
+			if !opts.IsConfirm && runtime.GOOS == "darwin" && valid {
 				var restore func()
 				restore, err = removeLineLengthLimit(int(inFile.Fd()))
 				if err != nil {
@@ -99,7 +100,7 @@ func Prompt(cmd *cobra.Command, opts PromptOptions) (string, error) {
 		return "", err
 	case line := <-lineCh:
 		if opts.IsConfirm && line != "yes" && line != "y" {
-			return line, Canceled
+			return line, xerrors.Errorf("got %q: %w", line, Canceled)
 		}
 		if opts.Validate != nil {
 			err := opts.Validate(line)
 
@@ -21,6 +21,10 @@ func (r Root) Organization() File {
 	return File(filepath.Join(string(r), "organization"))
 }
 
+func (r Root) AgentSession() File {
+	return File(filepath.Join(string(r), "agentsession"))
+}
+
 // File provides convenience methods for interacting with *os.File.
 type File string
 
 
@@ -0,0 +1,62 @@
+package cli
+
+import (
+	"os"
+	"os/exec"
+
+	"github.com/spf13/cobra"
+	"golang.org/x/xerrors"
+)
+
+func gitssh() *cobra.Command {
+	return &cobra.Command{
+		Use:    "gitssh",
+		Hidden: true,
+		Short:  `Wraps the "ssh" command and uses the coder gitssh key for authentication`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			client, err := createClient(cmd)
+			if err != nil {
+				return xerrors.Errorf("create codersdk client: %w", err)
+			}
+			cfg := createConfig(cmd)
+			session, err := cfg.AgentSession().Read()
+			if err != nil {
+				return xerrors.Errorf("read agent session from config: %w", err)
+			}
+			client.SessionToken = session
+
+			key, err := client.AgentGitSSHKey(cmd.Context())
+			if err != nil {
+				return xerrors.Errorf("get agent git ssh token: %w", err)
+			}
+
+			privateKeyFile, err := os.CreateTemp("", "coder-gitsshkey-*")
+			if err != nil {
+				return xerrors.Errorf("create temp gitsshkey file: %w", err)
+			}
+			defer func() {
+				_ = privateKeyFile.Close()
+				_ = os.Remove(privateKeyFile.Name())
+			}()
+			_, err = privateKeyFile.WriteString(key.PrivateKey)
+			if err != nil {
+				return xerrors.Errorf("write to temp gitsshkey file: %w", err)
+			}
+			err = privateKeyFile.Close()
+			if err != nil {
+				return xerrors.Errorf("close temp gitsshkey file: %w", err)
+			}
+
+			a := append([]string{"-i", privateKeyFile.Name()}, args...)
+			c := exec.CommandContext(cmd.Context(), "ssh", a...)
+			c.Stdout = cmd.OutOrStdout()
+			c.Stdin = cmd.InOrStdin()
+			err = c.Run()
+			if err != nil {
+				return xerrors.Errorf("run ssh command: %w", err)
+			}
+
+			return nil
+		},
+	}
+}
@@ -0,0 +1,129 @@
+package cli_test
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/gliderlabs/ssh"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/require"
+	gossh "golang.org/x/crypto/ssh"
+
+	"github.com/coder/coder/cli/clitest"
+	"github.com/coder/coder/cli/config"
+	"github.com/coder/coder/coderd/coderdtest"
+	"github.com/coder/coder/codersdk"
+	"github.com/coder/coder/provisioner/echo"
+	"github.com/coder/coder/provisionersdk/proto"
+)
+
+func TestGitSSH(t *testing.T) {
+	t.Parallel()
+	t.Run("Dial", func(t *testing.T) {
+		ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
+		defer cancel()
+		instanceID := "instanceidentifier"
+		certificates, metadataClient := coderdtest.NewAWSInstanceIdentity(t, instanceID)
+		client := coderdtest.New(t, &coderdtest.Options{
+			AWSInstanceIdentity: certificates,
+		})
+		user := coderdtest.CreateFirstUser(t, client)
+
+		// get user public key
+		keypair, err := client.GitSSHKey(ctx, codersdk.Me)
+		require.NoError(t, err)
+		publicKey, _, _, _, err := gossh.ParseAuthorizedKey([]byte(keypair.PublicKey))
+		require.NoError(t, err)
+
+		// setup provisioner
+		coderdtest.NewProvisionerDaemon(t, client)
+		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
+			Parse: echo.ParseComplete,
+			Provision: []*proto.Provision_Response{{
+				Type: &proto.Provision_Response_Complete{
+					Complete: &proto.Provision_Complete{
+						Resources: []*proto.Resource{{
+							Name: "somename",
+							Type: "someinstance",
+							Agent: &proto.Agent{
+								Auth: &proto.Agent_InstanceId{
+									InstanceId: instanceID,
+								},
+							},
+						}},
+					},
+				},
+			}},
+		})
+		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
+		coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
+		workspace := coderdtest.CreateWorkspace(t, client, codersdk.Me, template.ID)
+		coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
+
+		// start workspace agent
+		cmd, root := clitest.New(t, "workspaces", "agent", "--auth", "aws-instance-identity", "--url", client.URL.String())
+		agentClient := &*client
+		clitest.SetupConfig(t, agentClient, root)
+		ctx, cancelFunc := context.WithCancel(context.Background())
+		defer cancelFunc()
+		go func() {
+			// A linting error occurs for weakly typing the context value here,
+			// but it seems reasonable for a one-off test.
+			// nolint
+			ctx = context.WithValue(ctx, "aws-client", metadataClient)
+			err := cmd.ExecuteContext(ctx)
+			require.NoError(t, err)
+		}()
+		coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
+		resources, err := client.WorkspaceResourcesByBuild(ctx, workspace.LatestBuild.ID)
+		require.NoError(t, err)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].ID, nil, nil)
+		require.NoError(t, err)
+		defer dialer.Close()
+		_, err = dialer.Ping()
+		require.NoError(t, err)
+
+		// start ssh server
+		l, err := net.Listen("tcp", "localhost:0")
+		require.NoError(t, err)
+		defer l.Close()
+		publicKeyOption := ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
+			return ssh.KeysEqual(publicKey, key)
+		})
+		var inc int64
+		go func() {
+			// as long as we get a successful session we don't care if the server errors
+			_ = ssh.Serve(l, func(s ssh.Session) {
+				atomic.AddInt64(&inc, 1)
+				t.Log("got authenticated sesion")
+				err := s.Exit(0)
+				require.NoError(t, err)
+			}, publicKeyOption)
+		}()
+
+		// start ssh session
+		addr, ok := l.Addr().(*net.TCPAddr)
+		require.True(t, ok)
+		cfgDir := createConfig(cmd)
+		// set to agent config dir
+		cmd, root = clitest.New(t, "gitssh", "--global-config="+string(cfgDir), "--", fmt.Sprintf("-p%d", addr.Port), "-o", "StrictHostKeyChecking=no", "127.0.0.1")
+		clitest.SetupConfig(t, agentClient, root)
+
+		err = cmd.ExecuteContext(ctx)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, inc)
+	})
+}
+
+// createConfig consumes the global configuration flag to produce a config root.
+func createConfig(cmd *cobra.Command) config.Root {
+	globalRoot, err := cmd.Flags().GetString("global-config")
+	if err != nil {
+		panic(err)
+	}
+	return config.Root(globalRoot)
+}
@@ -0,0 +1,29 @@
+package cli
+
+import (
+	"github.com/spf13/cobra"
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/codersdk"
+)
+
+func publickey() *cobra.Command {
+	return &cobra.Command{
+		Use: "publickey",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			client, err := createClient(cmd)
+			if err != nil {
+				return xerrors.Errorf("create codersdk client: %w", err)
+			}
+
+			key, err := client.GitSSHKey(cmd.Context(), codersdk.Me)
+			if err != nil {
+				return xerrors.Errorf("create codersdk client: %w", err)
+			}
+
+			cmd.Println(key.PublicKey)
+
+			return nil
+		},
+	}
+}
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`site @coder/frontend`
	`2`	`+site/src/xServices @presleyp`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,10 @@ func (r Root) Organization() File {`
`21`	`21`	`return File(filepath.Join(string(r), "organization"))`
`22`	`22`	`}`
`23`	`23`
	`24`	`+func (r Root) AgentSession() File {`
	`25`	`+ return File(filepath.Join(string(r), "agentsession"))`
	`26`	`+}`
	`27`	`+`
`24`	`28`	`// File provides convenience methods for interacting with *os.File.`
`25`	`29`	`type File string`
`26`	`30`