Add SSH support for Embedded Ansible repositories

[Fryguy]

The code here involved a bit of an overhaul of the credentials handling inside GitWorktree, but I think it's a lot cleaner this way. Basically, we wrap credential usage in a with block that creates the key as a Tempfile, does the operation and then deletes the key. For user/pass, we still use the block format, but nothing actually happens.

Note that the only mechanism provided by rugged seems to be SSH keys as files, hence the use of Tempfile. libgit2 seems to have support for SSH key in memory, but it's not exposed via rugged from what I can tell.

I think as a follow up we may want to either a) expose that ssh key in memory cred in rugged, or b) allow for IO objects in addition to filename Strings for the privatekey and publickey options.

@carbonin @NickLaMuro Please review.

[Fryguy]

Also note that this does not yet support the ssh user@host:path format. Right now it's just ssh://[user@]host/path. Adding the former I think will require more complicated handling of the url validation, and I'd rather do that iteratively on a follow up PR.

[Fryguy]

In our appliance builds I've already talked to @simaishi about getting SSH support for rugged and it's relatively simple. If a local developer doesn't compile rugged with ssh support this gives them a nice message.

FWIW, the command I used to build it locally on a Mac is:

brew install libssh2
PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/opt/openssl/lib/pkgconfig" gem install rugged -v 0.27.7

On Fedora/CentOS, the presence of libssh2 seems to be enough to get it to build properly.

We will have to document this somewhere in the dev setup. Even so, a "normal" installation of rugged will still work for user/pass over http(s)...just ssh won't work.

[NickLaMuro]

Reference to that change in the appliance:

ManageIQ/manageiq-appliance-build#336

[Fryguy]

Also, also, known issue...if you change the scm_url (particularly from user/pass to ssh) we need to somehow push that value down to the on-disk-repo itself...another follow-up

[Fryguy]

Leaving the rubocops as they were there before.

[NickLaMuro]

Overall, don't have a big problem with the changes and direction of them. Just have a few minor things that should be addressed first.

[NickLaMuro]

Reference to that change in the appliance:

ManageIQ/manageiq-appliance-build#336

[NickLaMuro]

BUT WHY DIDN'T YOU ALIGN THESE WITH THE REST!!!1!

[Fryguy]

That's why I put the blank line :) IMO, there first few are "extracting options" and the rest are "other" so they are logically separate groups.

[NickLaMuro]

I don't think I have a better way of doing this, but effectively for every action that requires this method, we are going to be creating and deleting the @ssh_private_key_file, correct? Might be a bit of extra trashing of the file system as a result.

[Fryguy]

Yeah, but only for remote interactions, so it only happens once per invocation. I thought the same as you that it might thrash but I think we can deal with that later if it's really an issue.

[NickLaMuro]

Yeah, kinda assumed. I am not going to "resolve this" as I do want it more visible for others in the future, but I think it can stay as is until it becomes a problem.

[Fryguy]

@NickLaMuro Updated.

[Fryguy]

Updated specs and added some more

[miq-bot]

Checked commits Fryguy/manageiq@51faaf4~...f1c707d with ruby 2.4.6, rubocop 0.69.0, haml-lint 0.20.0, and yamllint 1.10.0
5 files checked, 2 offenses detected

lib/git_worktree.rb

• ❗ - Line 395, Col 77 - Rails/TimeZone - Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.xmlschema, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.httpdate, Time.now.to_i, Time.now.to_f instead.

spec/lib/git_worktree_spec.rb

• ❗ - Line 334, Col 14 - Style/BlockDelimiters - Avoid using {...} for multi-line blocks.

[carbonin]

👍 looks good to me. Kicked the specs for brakeman. Looks like they're still having some network issues.

[simaishi]

Ivanchuk backport details:

$ git log -1
commit 1ee8dee69fef8aa977352cd055bfbf7b8fc9e1d9
Author: Nick Carboni <ncarboni@redhat.com>
Date:   Thu Aug 8 17:17:49 2019 -0400

    Merge pull request #19108 from Fryguy/embedded_ansible_ssh_support
    
    Add SSH support for Embedded Ansible repositories
    
    (cherry picked from commit 727acba010a39c9b4467afce69614f6a90fe7ec8)