Better error when ssh_key_path can't be opened

2025-04-27 19:25:44 +00:00 · 2018-06-25 21:01:02 +02:00 · 2018-06-25 21:01:02 +02:00 · c4f12c8b0d
commit c4f12c8b0d
parent a330cfb907
3 changed files with 30 additions and 13 deletions
--- a/cluster/cluster.go
+++ b/cluster/cluster.go
@ -195,7 +195,11 @@ func ParseCluster(

 	// Create k8s wrap transport for bastion host
 	if len(c.BastionHost.Address) > 0 {
-		c.K8sWrapTransport = hosts.BastionHostWrapTransport(c.BastionHost)
+		var err error
+		c.K8sWrapTransport, err = hosts.BastionHostWrapTransport(c.BastionHost)
+		if err != nil {
+			return nil, err
+		}
 	}
 	return c, nil
 }
--- a/hosts/dialer.go
+++ b/hosts/dialer.go
@ -40,7 +40,11 @@ func newDialer(h *Host, kind string) (*dialer, error) {
 			useSSHAgentAuth: h.SSHAgentAuth,
 		}
 		if bastionDialer.sshKeyString == "" {
-			bastionDialer.sshKeyString = privateKeyPath(h.BastionHost.SSHKeyPath)
+			var err error
+			bastionDialer.sshKeyString, err = privateKeyPath(h.BastionHost.SSHKeyPath)
+			if err != nil {
+				return nil, err
+			}
 		}
 	}

@ -55,7 +59,12 @@ func newDialer(h *Host, kind string) (*dialer, error) {
 	}

 	if dialer.sshKeyString == "" {
-		dialer.sshKeyString = privateKeyPath(h.SSHKeyPath)
+		var err error
+		dialer.sshKeyString, err = privateKeyPath(h.SSHKeyPath)
+		if err != nil {
+			return nil, err
+		}
+
 	}

 	switch kind {
@ -167,7 +176,7 @@ func (d *dialer) getBastionHostTunnelConn() (*ssh.Client, error) {
 	return ssh.NewClient(newClientConn, channels, sshRequest), nil
 }

-func BastionHostWrapTransport(bastionHost v3.BastionHost) k8s.WrapTransport {
+func BastionHostWrapTransport(bastionHost v3.BastionHost) (k8s.WrapTransport, error) {

 	bastionDialer := &dialer{
 		sshAddress:      fmt.Sprintf("%s:%s", bastionHost.Address, bastionHost.Port),
@ -178,7 +187,12 @@ func BastionHostWrapTransport(bastionHost v3.BastionHost) k8s.WrapTransport {
 	}

 	if bastionDialer.sshKeyString == "" {
-		bastionDialer.sshKeyString = privateKeyPath(bastionHost.SSHKeyPath)
+		var err error
+		bastionDialer.sshKeyString, err = privateKeyPath(bastionHost.SSHKeyPath)
+		if err != nil {
+			return nil, err
+		}
+
 	}
 	return func(rt http.RoundTripper) http.RoundTripper {
 		if ht, ok := rt.(*http.Transport); ok {
@ -187,5 +201,5 @@ func BastionHostWrapTransport(bastionHost v3.BastionHost) k8s.WrapTransport {
 			ht.Dial = bastionDialer.Dial
 		}
 		return rt
-	}
+	}, nil
 }
--- a/hosts/tunnel.go
+++ b/hosts/tunnel.go
@ -82,10 +82,6 @@ func parsePrivateKey(keyBuff string) (ssh.Signer, error) {
 	return ssh.ParsePrivateKey([]byte(keyBuff))
 }

-func parsePrivateKeyWithPassPhrase(keyBuff string, passphrase []byte) (ssh.Signer, error) {
-	return ssh.ParsePrivateKeyWithPassphrase([]byte(keyBuff), passphrase)
-}
-
 func getSSHConfig(username, sshPrivateKeyString string, useAgentAuth bool) (*ssh.ClientConfig, error) {
 	config := &ssh.ClientConfig{
 		User:            username,
@ -116,12 +112,15 @@ func getSSHConfig(username, sshPrivateKeyString string, useAgentAuth bool) (*ssh
 	return config, nil
 }

-func privateKeyPath(sshKeyPath string) string {
+func privateKeyPath(sshKeyPath string) (string, error) {
 	if sshKeyPath[:2] == "~/" {
 		sshKeyPath = filepath.Join(userHome(), sshKeyPath[2:])
 	}
-	buff, _ := ioutil.ReadFile(sshKeyPath)
-	return string(buff)
+	buff, err := ioutil.ReadFile(sshKeyPath)
+	if err != nil {
+		return "", fmt.Errorf("Error while reading SSH key file: %v", err)
+	}
+	return string(buff), nil
 }

 func userHome() string {