-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor(ec2): enforce ssh key inside global storage. #5814
base: master
Are you sure you want to change the base?
Conversation
const testSelection = { | ||
instanceId: 'test-id', | ||
region: 'test-region', | ||
} | ||
const mockKeys = await SshKeyPair.getSshKeyPair('fakeDir', 30000) | ||
await client.sendSshKeyToInstance(testSelection, mockKeys, 'test-user') | ||
const temporaryDirectory = path.join(globals.context.globalStorageUri.fsPath, 'ModelTests') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In tests, globalStorageUri
is stubbed with a temp dir in globalSetup.test.ts
, so you may be able to use the default value
But there is a chance that it is only cleared on the "after" instead of "afterEach", and may cause issues in tests:
await testUtil.deleteTestTempDirs() |
So maybe you could add:
await fs.delete(globals.context.globalStorageUri.fsPath, { recursive: true, force: true })
around here:
await globals.globalState.clear() |
which I think we should have been doing in the first place
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I move the temp keys into the globalStorage itself, then is there any reason I need this to clear on afterEach
? I would think deleting the temp dir on after
should be sufficient.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we do not clear globalStorageUri after each test we'll probably have a collision somewhere later.
Lets say you had a test that created an ssh key, then the following test assumed that since it is a new test the globalStorage will not have a key by default. The initial test state bled over in to the next and left some unexpected artifacts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. Was there any reason we didn't want to do this before? Is it expensive/slow to delete all its contents for every test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We haven't used it much in tests before, so it was just an oversight.
Problem
Followup from #5642 (comment)
There is a case where we could be overwriting keys/files in the
.ssh/
directory if not careful.Solution
Don't allows keys to generated in a directory we do not control, and therefore avoid possibility of overwriting user ssh keys.
License: I confirm that my contribution is made under the terms of the Apache 2.0 license.