From 6998301b6fa9485b940e23a9c753d32a76a98fc5 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Tue, 17 Oct 2017 16:28:17 -0400
Subject: [PATCH] Bug: replace single provider key with an unique one

For the CI, we were using the gitlab-runner ssh key for all provider builds,
this replaces it with an unique one for each provider.
---
 .gitignore                                    |  9 +++++---
 tests/platform-ci/ci-build.sh                 | 21 ++++++++++---------
 .../gitlab-runner-bitmask_ssh.pub             |  1 +
 .../gitlab-runner-ibex_ssh.pub                |  1 +
 .../users/gitlab-runner/gitlab-runner_ssh.pub |  1 -
 5 files changed, 19 insertions(+), 14 deletions(-)
 create mode 100644 tests/platform-ci/provider/users/gitlab-runner-bitmask/gitlab-runner-bitmask_ssh.pub
 create mode 100644 tests/platform-ci/provider/users/gitlab-runner-ibex/gitlab-runner-ibex_ssh.pub
 delete mode 100644 tests/platform-ci/provider/users/gitlab-runner/gitlab-runner_ssh.pub

diff --git a/.gitignore b/.gitignore
index 5c9d135a..47c6a61a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,9 +18,12 @@
 /tests/platform-ci/provider/tags/*
 !/tests/platform-ci/provider/tags/catalogtest.json
 /tests/platform-ci/provider/users/*
-!/tests/platform-ci/provider/users/gitlab-runner
-/tests/platform-ci/provider/users/gitlab-runner/*
-!/tests/platform-ci/provider/users/gitlab-runner/gitlab-runner_ssh.pub
+!tests/platform-ci/provider/users/gitlab-runner-bitmask
+tests/platform-ci/provider/users/gitlab-runner-bitmask/*
+!tests/platform-ci/provider/users/gitlab-runner-bitmask/gitlab-runner-bitmask_ssh.pub
+!tests/platform-ci/provider/users/gitlab-runner-ibex
+tests/platform-ci/provider/users/gitlab-runner-ibex/*
+!tests/platform-ci/provider/users/gitlab-runner-ibex/gitlab-runner-ibex_ssh.pub
 /tests/platform-ci/provider/test
 
 /builds
diff --git a/tests/platform-ci/ci-build.sh b/tests/platform-ci/ci-build.sh
index 06af59ca..39fc513b 100755
--- a/tests/platform-ci/ci-build.sh
+++ b/tests/platform-ci/ci-build.sh
@@ -12,9 +12,9 @@
 #   * AWS credentials as environment variables:
 #     * `AWS_ACCESS_KEY`
 #     * `AWS_SECRET_KEY`
-#   * ssh private key used to login to remove vm
-#     * `SSH_PRIVATE_KEY`
-#
+#   * ssh private keys used to clone providers:
+#     * `BITMASK_PROVIDER_SSH_PRIVATE_KEY`
+#     * `IBEX_PROVIDER_SSH_PRIVATE_KEY`
 
 # exit if any commands returns non-zero status
 set -e
@@ -100,7 +100,8 @@ build_from_scratch() {
 
   [ -z "$AWS_ACCESS_KEY" ]  && fail "\$AWS_ACCESS_KEY  is not set - please provide it as env variable."
   [ -z "$AWS_SECRET_KEY" ]  && fail "\$AWS_SECRET_KEY  is not set - please provide it as env variable."
-  [ -z "$SSH_PRIVATE_KEY" ] && fail "\$SSH_PRIVATE_KEY is not set - please provide it as env variable."
+  [ -z "$BITMASK_PROVIDER_SSH_PRIVATE_KEY" ] && fail "\$BITMASK_PROVIDER_SSH_PRIVATE_KEY is not set - please provide it as env variable."
+  [ -z "$IBEX_PROVIDER_SSH_PRIVATE_KEY" ] && fail "\$IBEX_PROVIDER_SSH_PRIVATE_KEY is not set - please provide it as env variable."
 
   /usr/bin/jq ".platform_ci.auth |= .+ {\"aws_access_key_id\":\"$AWS_ACCESS_KEY\", \"aws_secret_access_key\":\"$AWS_SECRET_KEY\"}" < cloud.json.template > cloud.json
   # Enable xtrace again only if it was set at beginning of script
@@ -140,6 +141,12 @@ run() {
   provider_URI=$2
   platform_branch=$3
 
+  # Configure ssh keypair
+  [ -d ~/.ssh ] || /bin/mkdir ~/.ssh
+  /bin/echo "${provider_name}_PROVIDER_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+  /bin/chmod 600 ~/.ssh/id_rsa
+  /bin/cp "${ROOTDIR}/provider/users/gitlab-runner-${provider_name}/gitlab-runner-${provider_name}_ssh.pub" ~/.ssh/id_rsa.pub
+
   # Setup the provider repository
   echo "Setting up the provider repository: $provider_name by cloning $provider_URI"
   git clone -q --depth 1 "$provider_URI"
@@ -232,12 +239,6 @@ cleanup() {
 # Ensure we don't output secret stuff to console even when running in verbose mode with -x
 set +x
 
-# Configure ssh keypair
-[ -d ~/.ssh ] || /bin/mkdir ~/.ssh
-/bin/echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
-/bin/chmod 600 ~/.ssh/id_rsa
-/bin/cp "${ROOTDIR}/provider/users/gitlab-runner/gitlab-runner_ssh.pub" ~/.ssh/id_rsa.pub
-
 # Enable xtrace again only if it was set at beginning of script
 [[ $xtrace == true ]] && set -x
 
diff --git a/tests/platform-ci/provider/users/gitlab-runner-bitmask/gitlab-runner-bitmask_ssh.pub b/tests/platform-ci/provider/users/gitlab-runner-bitmask/gitlab-runner-bitmask_ssh.pub
new file mode 100644
index 00000000..eb206639
--- /dev/null
+++ b/tests/platform-ci/provider/users/gitlab-runner-bitmask/gitlab-runner-bitmask_ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8ICt9oOuuuP7Rt1nIy1qcUV/xW7mDmCb0fcKkFDeAo+7UerEMcA+68oDNw+crc1nfoaW++lnDRIYnyJY43hX0P72u8mzIbt7YB0XgrQiofoygp5c72jQGbeV/59HoKiHI/PUsAG8Sy1oynBpzSd9OWi+h9dBdGq/Wisjdw1/0cILCmNZp0bKDnYfAgEUNmtxd6FFs+dx9x9hHBlquXYzOnMq0XBZiKvxdsnK1gFkNp34y3id7flXyOD5ecTNZJlhPwLTo2z22Re2GCqCh2og8tE58eIQXDeKNyyvmslgyJr2GxKpnjWOlNXW+SCX+bCx02GFuAiww5CcDWu1QuowL micah@muck
diff --git a/tests/platform-ci/provider/users/gitlab-runner-ibex/gitlab-runner-ibex_ssh.pub b/tests/platform-ci/provider/users/gitlab-runner-ibex/gitlab-runner-ibex_ssh.pub
new file mode 100644
index 00000000..25f085d2
--- /dev/null
+++ b/tests/platform-ci/provider/users/gitlab-runner-ibex/gitlab-runner-ibex_ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1PAycLznUiMoWyEnb3e4AXT8EaAMW+K3of8EA1+NLQMYots35hmCFG/T9fUMV/j3pf0afG8A6uaJc00gc7otph2DWMboVB9cjvqgSQSZ9VZEy7aoc85jX0RyeKONE1N/aIWu2/8vsFInx4iBS+Sh0/H3nQEMxekOTSeyz3tWN4gLZK5n8i65PpwzlpynGyILq0pdMobfPPuRiCT9Xx4/2NbIYgKZJDYcZeis5FyY6M/TO2u4StDBin8+056NLpS4Q9z5/8K9oT0b7pzx66ebd33Yon4pP2I7Bm2cW+2h4F5bJ7gM8WaiZzuPhEZGzmFiD7XLTvGaoR43jdw6cJP05 micah@muck
diff --git a/tests/platform-ci/provider/users/gitlab-runner/gitlab-runner_ssh.pub b/tests/platform-ci/provider/users/gitlab-runner/gitlab-runner_ssh.pub
deleted file mode 100644
index 3e72b70f..00000000
--- a/tests/platform-ci/provider/users/gitlab-runner/gitlab-runner_ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEtniDgIYEm4WtGgiQsZKBpY8x3tbzDBIoMLbZT496juCu4c3f+F5KkMPLmYRPcAupF8tVf+j7Fns7z69PuTjdGfe/cA9CTw/4sNAu3iLpunGR0d2Wtctez5mwz13bKRu9fck3H9p2F9Z47vMKtRTJJ6iIgaUVWU/eFd/MSMJeUVd2ns4Wr7SkHCBB3PV+QL1xl4+AZsUtnGVQ5cE4MZZFia/g6SlrKQYFtLRVIIpDuuaDSvULg1BFMhSCBDNygts8dKTJsCEQYeGVvHZaDwtKTnMqEIwBP4TkIoP+YWnZTPrGywFEJOlZ8b+4HdgdUAFLcFCycWMM9nVcWX7P2lIN gitlab-runner_ssh 
-- 
GitLab