launchpad-reviewers team mailing list archive

[Colin Watson <mp+440243@xxxxxxxxxxxxxxxxxx>]

Colin Watson has proposed merging ~cjwatson/lp-codeimport:charm-puller-ssh into lp-codeimport:master.

Commit message:
charm: Allow SSH access to codehosting puller

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/lp-codeimport/+git/lp-codeimport/+merge/440243

The Bazaar codehosting puller script (https://git.launchpad.net/launchpad/tree/cronscripts/supermirror-pull.py) needs SSH access to the code import storage unit so that it can pull the output of Bazaar code imports.  Allow configuring an SSH key for this.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/lp-codeimport:charm-puller-ssh into lp-codeimport:master.

diff --git a/charm/lp-codeimport-storage/config.yaml b/charm/lp-codeimport-storage/config.yaml
index 4f9deac..3ff84ed 100644
--- a/charm/lp-codeimport-storage/config.yaml
+++ b/charm/lp-codeimport-storage/config.yaml
@@ -3,3 +3,11 @@ options:
     type: string
     default: ""
     description: Base64-encoded public SSH key of the code import workers.
+  puller_ip_address:
+    type: string
+    default: ""
+    description: IP address of the codehosting puller.
+  puller_public_ssh_key:
+    type: string
+    default: ""
+    description: Base64-encoded public SSH key of the codehosting puller.
diff --git a/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py b/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py
index 99ceb26..13e48d8 100644
--- a/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py
+++ b/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py
@@ -56,6 +56,10 @@ def configure():
     config["public_ssh_key"] = base64.b64decode(
         config["public_ssh_key"].encode("ASCII")
     ).decode("ASCII")
+    if config["puller_public_ssh_key"]:
+        config["puller_public_ssh_key"] = base64.b64decode(
+            config["puller_public_ssh_key"].encode("ASCII")
+        ).decode("ASCII")
     templating.render(
         "authorized_keys.j2",
         os.path.join(ssh_dir, "authorized_keys"),
diff --git a/charm/lp-codeimport-storage/templates/authorized_keys.j2 b/charm/lp-codeimport-storage/templates/authorized_keys.j2
index 77d398e..7ecdd63 100644
--- a/charm/lp-codeimport-storage/templates/authorized_keys.j2
+++ b/charm/lp-codeimport-storage/templates/authorized_keys.j2
@@ -1,2 +1,5 @@
 restrict,from="{{ codeimport_subnets|join(",") }}" {{ public_ssh_key }}
+{%- if puller_ip_address and puller_public_ssh_key %}
+restrict,from="{{ puller_ip_address }}" {{ puller_public_ssh_key }}
+{%- endif %}