##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
Closed
Pull request !2275 Created on Wed, 13 Feb 2019 21:07:07, by
csalgau
  • Issue #5536 - ability to disable server-side SSH key generation
branch:default of u/csalgau/rhodecode-enterprise-ce-csalgau-dropbranch:default of rhodecode-enterprise-ce more details
Pull request versions not available.
Collapse 3 commits
Update commits
ver Time Author Commit Description
latest
csalgau
r3208:7d47a18b6391
Issue #5536 - another template typo
v2
csalgau
r3207:55f6d5276de9
Issue #5536 - template typo. also make variable names more explicit
v1
csalgau
r3206:c02cc55651b4
Issue #5536 - ability to disable server-side SSH key generation
Show file before | Show file after | Hide comments
@@ -40,7 +40,7 b' e.g chmod 0600 /home/{username}/.ssh/id_'
40 40 % endif
41 41 ${_('Confirmation required on the next screen')}.
42 42 </p>
43 % elif:
43 % else:
csalgau
author
Comment #21566
Edit
Delete
|

I did have that fixed on the live template. I just didn't sync it.
44 44 <h2>
45 45 ${_('SSH key generator has been disabled.')}
46 46 </h2>
Unmatched/outdated inline comments below
This file was removed from diff during updates to this pull-request.
There are still outdated/unresolved comments attached to it.
csalgau
author
Comment #21566
Edit
Delete
|

I did have that fixed on the live template. I just didn't sync it.
This file was removed from diff during updates to this pull-request.
There are still outdated/unresolved comments attached to it.
note
marcink
v1 |
Comment #21547
Edit
Delete
|

+1 for spelling fix ;)

csalgau
author
v2 |
Comment #21558
Edit
Delete
|

fixed in r3207
Show file before | Show file after | Hide comments
@@ -630,9 +630,9 b' ssh.executable.hg = ~/.rccontrol/vcsserv'
630 630 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
631 631 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
632 632
633 ## Enables SSH Key generator web interface. Disabling this still allows users
633 ## Enables SSH key generator web interface. Disabling this still allows users
634 634 ## to add their own keys.
635 ssh.enable_generator = true
635 ssh.enable_ui_key_generator = true
636 636
637 637
638 638 ## Dummy marker to add new entries after.
Show file before | Show file after | Hide comments
@@ -602,9 +602,9 b' ssh.executable.hg = ~/.rccontrol/vcsserv'
602 602 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
603 603 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
604 604
605 ## Enables SSH Key generator web interface. Disabling this still allows users
605 ## Enables SSH key generator web interface. Disabling this still allows users
606 606 ## to add their own keys.
607 ssh.enable_generator = true
607 ssh.enable_ui_key_generator = true
608 608
609 609
610 610 ## Dummy marker to add new entries after.
Show file before | Show file after | Hide comments
@@ -73,9 +73,9 b' 2. Enable the SSH module on instance.'
73 73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75 75
76 ## Enables SSH Key generator web interface. Disabling this still allows users
76 ## Enables SSH key generator web interface. Disabling this still allows users
77 77 ## to add their own keys.
78 ssh.enable_generator = true
78 ssh.enable_ui_key_generator = true
79 79
80 80
81 81 3. Set base_url for instance to enable proper event handling (Optional):
Show file before | Show file after | Hide comments
@@ -71,7 +71,7 b' class MyAccountSshKeysView(BaseAppView, '
71 71 c = self.load_default_context()
72 72
73 73 c.active = 'ssh_keys_generate'
74 if c.ssh_generator_enabled:
74 if c.ssh_key_generator_enabled:
75 75 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
76 76 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
77 77 c.target_form_url = h.route_path(
Show file before | Show file after | Hide comments
@@ -36,7 +36,7 b' def _sanitize_settings_and_apply_default'
36 36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
37 37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
38 38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
39 _bool_setting(settings, config_keys.ssh_generator_enabled, 'true')
39 _bool_setting(settings, config_keys.ssh_key_generator_enabled, 'true')
40 40
41 41 _string_setting(settings, config_keys.authorized_keys_file_path,
42 42 '~/.ssh/authorized_keys_rhodecode',
Show file before | Show file after | Hide comments
@@ -24,7 +24,7 b''
24 24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
25 25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
26 26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
27 ssh_generator_enabled = 'ssh.enable_generator'
27 ssh_key_generator_enabled = 'ssh.enable_ui_key_generator'
28 28 wrapper_cmd = 'ssh.wrapper_cmd'
29 29 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
30 30 enable_debug_logging = 'ssh.enable_debug_logging'
Show file before | Show file after | Hide comments
@@ -343,8 +343,8 b' def attach_context_attributes(context, r'
343 343 config.get('labs_settings_active', 'false'))
344 344 context.ssh_enabled = str2bool(
345 345 config.get('ssh.generate_authorized_keyfile', 'false'))
346 context.ssh_generator_enabled = str2bool(
347 config.get('ssh.enable_generator', 'true'))
346 context.ssh_key_generator_enabled = str2bool(
347 config.get('ssh.enable_ui_key_generator', 'true'))
348 348
349 349 context.visual.allow_repo_location_change = str2bool(
350 350 config.get('allow_repo_location_change', True))
Show file before | Show file after | Hide comments
@@ -55,9 +55,9 b''
55 55 </div>
56 56 <div class="input">
57 57 ${h.text('description', class_='medium', placeholder=_('Description'))}
58 % if c.ssh_generator_enabled:
58 % if c.ssh_key_generator_enabled:
59 59 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
60 $ endif
60 % endif
csalgau
author
v2 |
Comment #21558
Edit
Delete
|

fixed in r3207
61 61 </div>
62 62 </div>
63 63
Unmatched/outdated inline comments below
note
marcink
v1 |
Comment #21547
Edit
Delete
|

+1 for spelling fix ;)
Show file before | Show file after | Hide comments
@@ -50,7 +50,7 b''
50 50 </div>
51 51 <div class="input">
52 52 ${h.text('description', class_='medium', placeholder=_('Description'))}
53 % if c.ssh_generator_enabled:
53 % if c.ssh_key_generator_enabled:
54 54 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
55 55 % endif
56 56 </div>
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 3 <h3 class="panel-title">${_('New SSH Key generation')}</h3>
4 4 </div>
5 5 <div class="panel-body">
6 %if c.ssh_enabled and c.ssh_generator_enabled:
6 %if c.ssh_enabled and c.ssh_key_generator_enabled:
7 7 <p>
8 8 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
9 9 </p>
Unmatched/outdated inline comments below
Show file before | Show file after | Hide comments
@@ -572,9 +572,9 b' ssh.executable.hg = ~/.rccontrol/vcsserv'
572 572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
573 573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
574 574
575 ## Enables SSH Key generator web interface. Disabling this still allows users
575 ## Enables SSH key generator web interface. Disabling this still allows users
576 576 ## to add their own keys.
577 ssh.enable_generator = true
577 ssh.enable_ui_key_generator = true
578 578
579 579
580 580 ## Dummy marker to add new entries after.
This file was removed from diff during updates to this pull-request.
There are still outdated/unresolved comments attached to it.
csalgau
author
Comment #21566
Edit
Delete
|

I did have that fixed on the live template. I just didn't sync it.
This file was removed from diff during updates to this pull-request.
There are still outdated/unresolved comments attached to it.
note
marcink
v1 |
Comment #21547
Edit
Delete
|

+1 for spelling fix ;)

csalgau
author
v2 |
Comment #21558
Edit
Delete
|

fixed in r3207
Show file before | Show file after | Hide comments
@@ -630,6 +630,10 b' ssh.executable.hg = ~/.rccontrol/vcsserv'
630 630 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
631 631 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
632 632
633 ## Enables SSH Key generator web interface. Disabling this still allows users
634 ## to add their own keys.
635 ssh.enable_generator = true
636
633 637
634 638 ## Dummy marker to add new entries after.
635 639 ## Add any custom entries below. Please don't remove.
Show file before | Show file after | Hide comments
@@ -602,6 +602,10 b' ssh.executable.hg = ~/.rccontrol/vcsserv'
602 602 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
603 603 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
604 604
605 ## Enables SSH Key generator web interface. Disabling this still allows users
606 ## to add their own keys.
607 ssh.enable_generator = true
608
605 609
606 610 ## Dummy marker to add new entries after.
607 611 ## Add any custom entries below. Please don't remove.
Show file before | Show file after | Hide comments
@@ -73,6 +73,10 b' 2. Enable the SSH module on instance.'
73 73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75 75
76 ## Enables SSH Key generator web interface. Disabling this still allows users
77 ## to add their own keys.
78 ssh.enable_generator = true
79
76 80
77 81 3. Set base_url for instance to enable proper event handling (Optional):
78 82
Show file before | Show file after | Hide comments
@@ -71,10 +71,11 b' class MyAccountSshKeysView(BaseAppView, '
71 71 c = self.load_default_context()
72 72
73 73 c.active = 'ssh_keys_generate'
74 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
75 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
76 c.target_form_url = h.route_path(
77 'my_account_ssh_keys', _query=dict(default_key=c.public))
74 if c.ssh_generator_enabled:
75 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
76 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
77 c.target_form_url = h.route_path(
78 'my_account_ssh_keys', _query=dict(default_key=c.public))
78 79 return self._get_template_context(c)
79 80
80 81 @LoginRequired()
Show file before | Show file after | Hide comments
@@ -36,6 +36,7 b' def _sanitize_settings_and_apply_default'
36 36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
37 37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
38 38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
39 _bool_setting(settings, config_keys.ssh_generator_enabled, 'true')
39 40
40 41 _string_setting(settings, config_keys.authorized_keys_file_path,
41 42 '~/.ssh/authorized_keys_rhodecode',
Show file before | Show file after | Hide comments
@@ -24,6 +24,7 b''
24 24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
25 25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
26 26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
27 ssh_generator_enabled = 'ssh.enable_generator'
27 28 wrapper_cmd = 'ssh.wrapper_cmd'
28 29 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 30 enable_debug_logging = 'ssh.enable_debug_logging'
Show file before | Show file after | Hide comments
@@ -343,6 +343,8 b' def attach_context_attributes(context, r'
343 343 config.get('labs_settings_active', 'false'))
344 344 context.ssh_enabled = str2bool(
345 345 config.get('ssh.generate_authorized_keyfile', 'false'))
346 context.ssh_generator_enabled = str2bool(
347 config.get('ssh.enable_generator', 'true'))
346 348
347 349 context.visual.allow_repo_location_change = str2bool(
348 350 config.get('allow_repo_location_change', True))
Show file before | Show file after | Hide comments
@@ -55,7 +55,9 b''
55 55 </div>
56 56 <div class="input">
57 57 ${h.text('description', class_='medium', placeholder=_('Description'))}
58 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
58 % if c.ssh_generator_enabled:
59 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
60 $ endif
59 61 </div>
60 62 </div>
61 63
@@ -70,7 +72,7 b''
70 72 ${h.reset('reset',_('Reset'),class_="btn")}
71 73 </div>
72 74 % if c.default_key:
73 ${_('Click add to use this generate SSH key')}
75 ${_('Click add to use this generated SSH key')}
note
marcink
v1 |
Comment #21547
Edit
Delete
|

+1 for spelling fix ;)
74 76 % endif
75 77 </div>
76 78 </div>
Show file before | Show file after | Hide comments
@@ -50,7 +50,9 b''
50 50 </div>
51 51 <div class="input">
52 52 ${h.text('description', class_='medium', placeholder=_('Description'))}
53 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
53 % if c.ssh_generator_enabled:
54 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
55 % endif
54 56 </div>
55 57 </div>
56 58
Show file before | Show file after | Hide comments
@@ -1,13 +1,14 b''
1 1 <div class="panel panel-default">
2 2 <div class="panel-heading">
3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
3 <h3 class="panel-title">${_('New SSH Key generation')}</h3>
4 4 </div>
5 5 <div class="panel-body">
6 <p>
7 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
8 </p>
9 <h4>${_('Private key')}</h4>
10 <pre>
6 %if c.ssh_enabled and c.ssh_generator_enabled:
7 <p>
8 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
9 </p>
10 <h4>${_('Private key')}</h4>
11 <pre>
11 12 # Save the below content as
12 13 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
13 14 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
@@ -15,30 +16,35 b''
15 16
16 17 # Change permissions to 0600 to make it secure, and usable.
17 18 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
18 </pre>
19 </pre>
19 20
20 <div>
21 <textarea style="height: 300px">${c.private}</textarea>
22 </div>
23 <br/>
21 <div>
22 <textarea style="height: 300px">${c.private}</textarea>
23 </div>
24 <br/>
24 25
25 <h4>${_('Public key')}</h4>
26 <pre>
26 <h4>${_('Public key')}</h4>
27 <pre>
27 28 # Save the below content as
28 29 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
29 30 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
30 31 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
31 </pre>
32 </pre>
32 33
33 <input type="text" value="${c.public}" class="large text" size="100"/>
34 <p>
35 % if hasattr(c, 'target_form_url'):
36 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
37 % else:
38 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
39 % endif
40 ${_('Confirmation required on the next screen')}.
41 </p>
34 <input type="text" value="${c.public}" class="large text" size="100"/>
35 <p>
36 % if hasattr(c, 'target_form_url'):
37 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
38 % else:
39 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
40 % endif
41 ${_('Confirmation required on the next screen')}.
42 </p>
43 % elif:
44 <h2>
45 ${_('SSH key generator has been disabled.')}
46 </h2>
47 % endif
42 48 </div>
43 49 </div>
44 50
Show file before | Show file after | Hide comments
@@ -572,6 +572,10 b' ssh.executable.hg = ~/.rccontrol/vcsserv'
572 572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
573 573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
574 574
575 ## Enables SSH Key generator web interface. Disabling this still allows users
576 ## to add their own keys.
577 ssh.enable_generator = true
578
575 579
576 580 ## Dummy marker to add new entries after.
577 581 ## Add any custom entries below. Please don't remove.
This file was removed from diff during updates to this pull-request.
There are still outdated/unresolved comments attached to it.
csalgau
author
Comment #21566
Edit
Delete
|

I did have that fixed on the live template. I just didn't sync it.
This file was removed from diff during updates to this pull-request.
There are still outdated/unresolved comments attached to it.
note
marcink
v1 |
Comment #21547
Edit
Delete
|

+1 for spelling fix ;)

csalgau
author
v2 |
Comment #21558
Edit
Delete
|

fixed in r3207
General Comments 23
Under Review
csalgau
author
v1 |
Comment #21540
Edit
Delete
|

Auto status change to "Under Review"

note
csalgau
author
v1 |
Comment #21542
Edit
Delete
|

Changed one (untranslated) string, added one new string.
I'm writing against a running test instance. Did not touch translations folder.

note
marcink
v1 |
Comment #21543
Edit
Delete
|

Let me change the CI config so it sends the test results in a comment.

note
csalgau
author
v1 |
Comment #21544
Edit
Delete
|

I meant to write

Changed two (untranslated) strings, added one new string.

Rejected
jenkins-tests
v1 |
Comment #21548
Edit
Delete
|

[PR tests] Build Failed on : build-log

Approved
cla-bot
v1 |
Comment #21549
Edit
Delete
|

CLA FOUND and APPROVED

note
csalgau
author
v1 |
Comment #21552
Edit
Delete
|

I'm not clear on how the build log from the CI jenkins bot should work. I'm guessing you're still working on that.

note
marcink
v1 |
Comment #21553
Edit
Delete
|

There's a failing test, let me fix Jenkins to show the output.

Rejected
jenkins-tests
v1 |
Comment #21556
Edit
Delete
|

[PR tests] Build Failed on : build-log

Approved
cla-bot
v2 |
Comment #21559
Edit
Delete
|

CLA FOUND and APPROVED

note
csalgau
author
v2 |
Comment #21560
Edit
Delete
|

This is entirely text editor based right now. I'll be in a much better position to test things with #5534 in place :)

Rejected
jenkins-tests
v2 |
Comment #21561
Edit
Delete
|

[PR tests] Build Failed: build-log

note
csalgau
author
v2 |
Comment #21562
Edit
Delete
|

@marcink pretty sure@jenkins-tests posted the wrong build log. it's the same log as last time.

note
marcink
v2 |
Comment #21563
Edit
Delete
|

Yes, sorry about that. We did lots of Jenkins Changes receantly, and seems there are hickups!

Let me investigate.

Under Review
csalgau
author
Comment #21565
Edit
Delete
|

Pull request updated. Auto status change to "Under Review"

Changed commits:
  * 1 added
  * 0 removed

Changed files:
  * M rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
Approved
cla-bot
Comment #21567
Edit
Delete
|

CLA FOUND and APPROVED

note
csalgau
author
Comment #21568
Edit
Delete
|

So I'm going to make a small complaint about the fact that the public repository is missing the 4.15 branch and my test instance is up-to-date. This makes syncing things less than straight forward. Also, for some reason it looked to me like both build bot posts pointed to the same file. Looks ok now.

note
marcink
Comment #21569
Edit
Delete
|

Yeah, i'd realized that now that infact 4.15 is not pushed to the public instance... This should be done automatically.
I'll make sure we re-sync the codebase today.

Approved
jenkins-tests
Comment #21571
Edit
Delete
|

Build Succeeded!

Approved
marcink
Comment #21572
Edit
Delete
|

Thank you for this contribution. This looks ok, i'll merge this manually on top of our current default develop branch.

Approved
marcink
Comment #21573
Edit
Delete
|

Closing with status change > Approved.