feat: support ENVBUILDER_GIT_SSH_PRIVATE_KEY_BASE64 (#62)

2025-11-03 11:08:59 +00:00 · 2024-10-30 14:15:44 +00:00 · 2024-10-30 14:15:44 +00:00 · 6795af2ba1
commit 6795af2ba1
parent 311f01b14e
6 changed files with 95 additions and 25 deletions
--- a/internal/provider/cached_image_resource.go
+++ b/internal/provider/cached_image_resource.go
@ -49,28 +49,29 @@ type CachedImageResourceModel struct {
 	CacheRepo    types.String `tfsdk:"cache_repo"`
 	GitURL       types.String `tfsdk:"git_url"`
 	// Optional "inputs".
-	BaseImageCacheDir    types.String `tfsdk:"base_image_cache_dir"`
-	BuildContextPath     types.String `tfsdk:"build_context_path"`
-	CacheTTLDays         types.Int64  `tfsdk:"cache_ttl_days"`
-	DevcontainerDir      types.String `tfsdk:"devcontainer_dir"`
-	DevcontainerJSONPath types.String `tfsdk:"devcontainer_json_path"`
-	DockerfilePath       types.String `tfsdk:"dockerfile_path"`
-	DockerConfigBase64   types.String `tfsdk:"docker_config_base64"`
-	ExitOnBuildFailure   types.Bool   `tfsdk:"exit_on_build_failure"`
-	ExtraEnv             types.Map    `tfsdk:"extra_env"`
-	FallbackImage        types.String `tfsdk:"fallback_image"`
-	GitCloneDepth        types.Int64  `tfsdk:"git_clone_depth"`
-	GitCloneSingleBranch types.Bool   `tfsdk:"git_clone_single_branch"`
-	GitHTTPProxyURL      types.String `tfsdk:"git_http_proxy_url"`
-	GitPassword          types.String `tfsdk:"git_password"`
-	GitSSHPrivateKeyPath types.String `tfsdk:"git_ssh_private_key_path"`
-	GitUsername          types.String `tfsdk:"git_username"`
-	IgnorePaths          types.List   `tfsdk:"ignore_paths"`
-	Insecure             types.Bool   `tfsdk:"insecure"`
-	RemoteRepoBuildMode  types.Bool   `tfsdk:"remote_repo_build_mode"`
-	SSLCertBase64        types.String `tfsdk:"ssl_cert_base64"`
-	Verbose              types.Bool   `tfsdk:"verbose"`
-	WorkspaceFolder      types.String `tfsdk:"workspace_folder"`
+	BaseImageCacheDir      types.String `tfsdk:"base_image_cache_dir"`
+	BuildContextPath       types.String `tfsdk:"build_context_path"`
+	CacheTTLDays           types.Int64  `tfsdk:"cache_ttl_days"`
+	DevcontainerDir        types.String `tfsdk:"devcontainer_dir"`
+	DevcontainerJSONPath   types.String `tfsdk:"devcontainer_json_path"`
+	DockerfilePath         types.String `tfsdk:"dockerfile_path"`
+	DockerConfigBase64     types.String `tfsdk:"docker_config_base64"`
+	ExitOnBuildFailure     types.Bool   `tfsdk:"exit_on_build_failure"`
+	ExtraEnv               types.Map    `tfsdk:"extra_env"`
+	FallbackImage          types.String `tfsdk:"fallback_image"`
+	GitCloneDepth          types.Int64  `tfsdk:"git_clone_depth"`
+	GitCloneSingleBranch   types.Bool   `tfsdk:"git_clone_single_branch"`
+	GitHTTPProxyURL        types.String `tfsdk:"git_http_proxy_url"`
+	GitPassword            types.String `tfsdk:"git_password"`
+	GitSSHPrivateKeyPath   types.String `tfsdk:"git_ssh_private_key_path"`
+	GitSSHPrivateKeyBase64 types.String `tfsdk:"git_ssh_private_key_base64"`
+	GitUsername            types.String `tfsdk:"git_username"`
+	IgnorePaths            types.List   `tfsdk:"ignore_paths"`
+	Insecure               types.Bool   `tfsdk:"insecure"`
+	RemoteRepoBuildMode    types.Bool   `tfsdk:"remote_repo_build_mode"`
+	SSLCertBase64          types.String `tfsdk:"ssl_cert_base64"`
+	Verbose                types.Bool   `tfsdk:"verbose"`
+	WorkspaceFolder        types.String `tfsdk:"workspace_folder"`
 	// Computed "outputs".
 	Env    types.List   `tfsdk:"env"`
 	EnvMap types.Map    `tfsdk:"env_map"`
@ -186,6 +187,11 @@ func (r *CachedImageResource) Schema(ctx context.Context, req resource.SchemaReq
 				MarkdownDescription: "(Envbuilder option) Path to an SSH private key to be used for Git authentication.",
 				Optional:            true,
 			},
+			"git_ssh_private_key_base64": schema.StringAttribute{
+				MarkdownDescription: "(Envbuilder option) Base64 encoded SSH private key to be used for Git authentication.",
+				Optional:            true,
+				Sensitive:           true,
+			},
 			"git_username": schema.StringAttribute{
 				MarkdownDescription: "(Envbuilder option) The username to use for Git authentication. This is optional.",
 				Optional:            true,
--- a/internal/provider/helpers.go
+++ b/internal/provider/helpers.go
@ -102,6 +102,11 @@ func optionsFromDataModel(data CachedImageResourceModel) (eboptions.Options, dia
 		opts.GitSSHPrivateKeyPath = data.GitSSHPrivateKeyPath.ValueString()
 	}

+	if !data.GitSSHPrivateKeyBase64.IsNull() {
+		providerOpts["ENVBUILDER_GIT_SSH_PRIVATE_KEY_BASE64"] = true
+		opts.GitSSHPrivateKeyBase64 = data.GitSSHPrivateKeyBase64.ValueString()
+	}
+
 	if !data.GitUsername.IsNull() {
 		providerOpts["ENVBUILDER_GIT_USERNAME"] = true
 		opts.GitUsername = data.GitUsername.ValueString()
@ -151,6 +156,11 @@ func optionsFromDataModel(data CachedImageResourceModel) (eboptions.Options, dia
 	}
 	diags = append(diags, overrideOptionsFromExtraEnv(&opts, extraEnv, providerOpts)...)

+	if opts.GitSSHPrivateKeyPath != "" && opts.GitSSHPrivateKeyBase64 != "" {
+		diags.AddError("Cannot set more than one git ssh private key option",
+			"Both ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH and ENVBUILDER_GIT_SSH_PRIVATE_KEY_BASE64 have been set.")
+	}
+
 	return opts, diags
 }

--- a/internal/provider/provider_internal_test.go
+++ b/internal/provider/provider_internal_test.go
@ -211,6 +211,59 @@ func Test_optionsFromDataModel(t *testing.T) {
 			},
 			expectNumErrorDiags: 2,
 		},
+		{
+			name: "errors when git ssh private key path and base64 are set",
+			data: CachedImageResourceModel{
+				BuilderImage:           basetypes.NewStringValue("envbuilder:latest"),
+				CacheRepo:              basetypes.NewStringValue("localhost:5000/cache"),
+				GitURL:                 basetypes.NewStringValue("git@git.local/devcontainer.git"),
+				GitSSHPrivateKeyPath:   basetypes.NewStringValue("/tmp/id_rsa"),
+				GitSSHPrivateKeyBase64: basetypes.NewStringValue("cHJpdmF0ZUtleQo="),
+			},
+			expectOpts: eboptions.Options{
+				CacheRepo:              "localhost:5000/cache",
+				GitURL:                 "git@git.local/devcontainer.git",
+				RemoteRepoBuildMode:    true,
+				GitSSHPrivateKeyPath:   "/tmp/id_rsa",
+				GitSSHPrivateKeyBase64: "cHJpdmF0ZUtleQo=",
+			},
+			expectNumErrorDiags: 1,
+		},
+		{
+			name: "extra_env override errors when git ssh private key path and base64 are set",
+			data: CachedImageResourceModel{
+				BuilderImage:           basetypes.NewStringValue("envbuilder:latest"),
+				CacheRepo:              basetypes.NewStringValue("localhost:5000/cache"),
+				GitURL:                 basetypes.NewStringValue("git@git.local/devcontainer.git"),
+				GitSSHPrivateKeyBase64: basetypes.NewStringValue("cHJpdmF0ZUtleQo="),
+				ExtraEnv: extraEnvMap(t,
+					"ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH", "/tmp/id_rsa",
+				),
+			},
+			expectOpts: eboptions.Options{
+				CacheRepo:              "localhost:5000/cache",
+				GitURL:                 "git@git.local/devcontainer.git",
+				RemoteRepoBuildMode:    true,
+				GitSSHPrivateKeyPath:   "/tmp/id_rsa",
+				GitSSHPrivateKeyBase64: "cHJpdmF0ZUtleQo=",
+			},
+			expectNumErrorDiags: 1,
+		},
+		{
+			name: "required only with base64 ssh key",
+			data: CachedImageResourceModel{
+				BuilderImage:           basetypes.NewStringValue("envbuilder:latest"),
+				CacheRepo:              basetypes.NewStringValue("localhost:5000/cache"),
+				GitURL:                 basetypes.NewStringValue("git@git.local/devcontainer.git"),
+				GitSSHPrivateKeyBase64: basetypes.NewStringValue("cHJpdmF0ZUtleQo="),
+			},
+			expectOpts: eboptions.Options{
+				CacheRepo:              "localhost:5000/cache",
+				GitURL:                 "git@git.local/devcontainer.git",
+				RemoteRepoBuildMode:    true,
+				GitSSHPrivateKeyBase64: "cHJpdmF0ZUtleQo=",
+			},
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()