From c4f12c8b0d99a95810cf4323bce37ef9e5be071d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Steenis Date: Mon, 25 Jun 2018 21:01:02 +0200 Subject: [PATCH] Better error when ssh_key_path can't be opened --- cluster/cluster.go | 6 +++++- hosts/dialer.go | 24 +++++++++++++++++++----- hosts/tunnel.go | 13 ++++++------- 3 files changed, 30 insertions(+), 13 deletions(-) diff --git a/cluster/cluster.go b/cluster/cluster.go index c5a74976..48eefc45 100644 --- a/cluster/cluster.go +++ b/cluster/cluster.go @@ -195,7 +195,11 @@ func ParseCluster( // Create k8s wrap transport for bastion host if len(c.BastionHost.Address) > 0 { - c.K8sWrapTransport = hosts.BastionHostWrapTransport(c.BastionHost) + var err error + c.K8sWrapTransport, err = hosts.BastionHostWrapTransport(c.BastionHost) + if err != nil { + return nil, err + } } return c, nil } diff --git a/hosts/dialer.go b/hosts/dialer.go index 0f6a85d5..74132bfd 100644 --- a/hosts/dialer.go +++ b/hosts/dialer.go @@ -40,7 +40,11 @@ func newDialer(h *Host, kind string) (*dialer, error) { useSSHAgentAuth: h.SSHAgentAuth, } if bastionDialer.sshKeyString == "" { - bastionDialer.sshKeyString = privateKeyPath(h.BastionHost.SSHKeyPath) + var err error + bastionDialer.sshKeyString, err = privateKeyPath(h.BastionHost.SSHKeyPath) + if err != nil { + return nil, err + } } } @@ -55,7 +59,12 @@ func newDialer(h *Host, kind string) (*dialer, error) { } if dialer.sshKeyString == "" { - dialer.sshKeyString = privateKeyPath(h.SSHKeyPath) + var err error + dialer.sshKeyString, err = privateKeyPath(h.SSHKeyPath) + if err != nil { + return nil, err + } + } switch kind { @@ -167,7 +176,7 @@ func (d *dialer) getBastionHostTunnelConn() (*ssh.Client, error) { return ssh.NewClient(newClientConn, channels, sshRequest), nil } -func BastionHostWrapTransport(bastionHost v3.BastionHost) k8s.WrapTransport { +func BastionHostWrapTransport(bastionHost v3.BastionHost) (k8s.WrapTransport, error) { bastionDialer := &dialer{ sshAddress: fmt.Sprintf("%s:%s", bastionHost.Address, bastionHost.Port), @@ -178,7 +187,12 @@ func BastionHostWrapTransport(bastionHost v3.BastionHost) k8s.WrapTransport { } if bastionDialer.sshKeyString == "" { - bastionDialer.sshKeyString = privateKeyPath(bastionHost.SSHKeyPath) + var err error + bastionDialer.sshKeyString, err = privateKeyPath(bastionHost.SSHKeyPath) + if err != nil { + return nil, err + } + } return func(rt http.RoundTripper) http.RoundTripper { if ht, ok := rt.(*http.Transport); ok { @@ -187,5 +201,5 @@ func BastionHostWrapTransport(bastionHost v3.BastionHost) k8s.WrapTransport { ht.Dial = bastionDialer.Dial } return rt - } + }, nil } diff --git a/hosts/tunnel.go b/hosts/tunnel.go index b35cbed8..54d37934 100644 --- a/hosts/tunnel.go +++ b/hosts/tunnel.go @@ -82,10 +82,6 @@ func parsePrivateKey(keyBuff string) (ssh.Signer, error) { return ssh.ParsePrivateKey([]byte(keyBuff)) } -func parsePrivateKeyWithPassPhrase(keyBuff string, passphrase []byte) (ssh.Signer, error) { - return ssh.ParsePrivateKeyWithPassphrase([]byte(keyBuff), passphrase) -} - func getSSHConfig(username, sshPrivateKeyString string, useAgentAuth bool) (*ssh.ClientConfig, error) { config := &ssh.ClientConfig{ User: username, @@ -116,12 +112,15 @@ func getSSHConfig(username, sshPrivateKeyString string, useAgentAuth bool) (*ssh return config, nil } -func privateKeyPath(sshKeyPath string) string { +func privateKeyPath(sshKeyPath string) (string, error) { if sshKeyPath[:2] == "~/" { sshKeyPath = filepath.Join(userHome(), sshKeyPath[2:]) } - buff, _ := ioutil.ReadFile(sshKeyPath) - return string(buff) + buff, err := ioutil.ReadFile(sshKeyPath) + if err != nil { + return "", fmt.Errorf("Error while reading SSH key file: %v", err) + } + return string(buff), nil } func userHome() string {