aptible-api 0.9.15 → 0.9.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b9c6eb639f828bf55b97ce98c42466f95783b119
-  data.tar.gz: 52664905bf0e652c6c19bd7df7dc5e254b1f0da1
+  metadata.gz: e448a72c9df895660ae7688754e17d297a0b4741
+  data.tar.gz: 4c521134184f9330a16fb021f91905da45bef81e
 SHA512:
-  metadata.gz: 449f42a33175161bfed43ea14de05fb08ee2338860909b358f4f7098b5f029a08e19e47c0861b76152a1d6aa53ed37f685a39dfcc5aa56742cb00ca0f2e21727
-  data.tar.gz: 214c2eb943a3ebf04e77cad57dd01cd2a210678aa3c46aa8ba99dd0198a95c2328ab108996e225e3717b669a9c7be0c2f9f5fa6db617da4422d32eee76d9adc4
+  metadata.gz: bae1439466c61b7c4c663c3b2969efdbe4383a35fa080cd9e074bbcc9cd95fe2ab9642430ae57c6d4435122b75a964ab0326ecfce6031838db3feb0fb8688045
+  data.tar.gz: cd65a940153c1fa2ad0bad6455ca7898002eab61e8ace10dc4deb33618efaf48426cd0355d5a565760d6a31d3d1f5d03bb2d8e8f822c552b09b92c7a2e740a8d

data/lib/aptible/api/account.rb

@@ -3,6 +3,8 @@ require 'aptible/auth'
 module Aptible
   module Api
     class Account < Resource
+      belongs_to :stack
+
       has_many :apps
       has_many :backups
       has_many :certificates

data/lib/aptible/api/operation.rb

@@ -57,25 +57,43 @@ module Aptible
         connection = create_ssh_portal_connection!(ssh_public_key: public_key)
         certificate = connection.ssh_certificate_body
 
-        with_temporary_id(private_key, public_key, certificate) do |id_file|
-          cmd = [
-            'ssh',
-            "#{connection.ssh_user}@#{account.bastion_host}",
-            '-p', account.ssh_portal_port.to_s,
-            '-i', id_file,
-            '-o', 'IdentitiesOnly=yes'
-          ]
-
-          # If we aren't allowed to create a pty, then we shouldn't try to
-          # allocate once, or we'll get an awkward error.
-          cmd << '-T' unless connection.ssh_pty
-
-          yield cmd, connection
+        stack = account.stack
+        host = stack.ssh_portal_host
+        port = stack.ssh_portal_port
+        key = stack.ssh_host_rsa_public_key
+
+        with_temporary_known_hosts(host, port, key) do |known_hosts_file|
+          with_temporary_id(private_key, public_key, certificate) do |id_file|
+            cmd = [
+              'ssh',
+              "#{connection.ssh_user}@#{host}",
+              '-p', port.to_s,
+              '-i', id_file,
+              '-o', 'IdentitiesOnly=yes',
+              '-o', "UserKnownHostsFile=#{known_hosts_file}",
+              '-o', 'StrictHostKeyChecking=yes'
+            ]
+
+            # If we aren't allowed to create a pty, then we shouldn't try to
+            # allocate once, or we'll get an awkward error.
+            cmd << '-T' unless connection.ssh_pty
+
+            yield cmd, connection
+          end
         end
       end
 
       private
 
+      def with_temporary_known_hosts(host, port, key)
+        Dir.mktmpdir do |dir|
+          known_hosts_file = File.join(dir, 'known_hosts')
+          contents = "[#{host}]:#{port} #{key}\n"
+          File.open(known_hosts_file, 'w', 0o600) { |f| f.write(contents) }
+          yield known_hosts_file
+        end
+      end
+
       def with_temporary_id(private_key, public_key, certificate)
         # Most versions of OpenSSH don't support specifying the SSH certificate
         # to use when connecting, so we create a temporary directory with the

data/lib/aptible/api/resource.rb

@@ -31,3 +31,4 @@ require 'aptible/api/release'
 require 'aptible/api/service'
 require 'aptible/api/vhost'
 require 'aptible/api/ssh_portal_connection'
+require 'aptible/api/stack'

data/lib/aptible/api/stack.rb

@@ -0,0 +1,19 @@
+module Aptible
+  module Api
+    class Stack < Resource
+      field :id
+      field :type
+      field :name
+      field :version
+      field :region
+      field :default, type: Aptible::Resource::Boolean
+      field :ssh_host_dsa_public_key
+      field :ssh_host_rsa_public_key
+      field :ssh_host_ecdsa_public_key
+      field :ssh_portal_host
+      field :ssh_portal_port
+      field :created_at, type: Time
+      field :updated_at, type: Time
+    end
+  end
+end

data/lib/aptible/api/version.rb

@@ -1,5 +1,5 @@
 module Aptible
   module Api
-    VERSION = '0.9.15'.freeze
+    VERSION = '0.9.16'.freeze
   end
 end

data/spec/aptible/api/operation_spec.rb

@@ -3,15 +3,22 @@ require 'spec_helper'
 describe Aptible::Api::Operation do
   describe '#with_ssh_cmd' do
     shared_examples '#with_ssh_cmd examples' do
-      let(:account) do
+      let(:stack) do
         Aptible::Api::Account.new.tap do |account|
           account.stub(
-            bastion_host: 'foo-bastion.com',
-            ssh_portal_port: 1022
+            ssh_portal_host: 'foo-bastion.com',
+            ssh_portal_port: 1022,
+            ssh_host_rsa_public_key: 'some rsa key'
           )
         end
       end
 
+      let(:account) do
+        Aptible::Api::Account.new.tap do |account|
+          account.stub(stack: stack)
+        end
+      end
+
       let(:ssh_portal_connection) do
         Aptible::Api::SshPortalConnection.new.tap do |connection|
           connection.stub(
@@ -55,6 +62,14 @@ describe Aptible::Api::Operation do
           expect(File.read("#{id_file}.pub")).to eq('some public key')
           expect(File.read("#{id_file}-cert.pub")).to eq('some certificate')
 
+          hosts_param = cmd.find { |p| p.start_with?('UserKnownHostsFile') }
+          expect(cmd[cmd.index(hosts_param) - 1]).to eq('-o')
+          expect(hosts_param).not_to be_nil
+          hosts_file = hosts_param.split('=')[1]
+
+          expect(File.read(hosts_file))
+            .to eq("[foo-bastion.com]:1022 some rsa key\n")
+
           expect(File.readable?(id_file)).to be_truthy
           expect(File.writable?(id_file)).to be_truthy
 
@@ -69,9 +84,13 @@ describe Aptible::Api::Operation do
             expect(cmd).to include('-T')
           end
 
-          identities_only = 'IdentitiesOnly=yes'
-          expect(cmd).to include(identities_only)
-          expect(cmd[cmd.index(identities_only) - 1]).to eq('-o')
+          [
+            'IdentitiesOnly=yes',
+            'StrictHostKeyChecking=yes'
+          ].each do |option|
+            expect(cmd).to include(option)
+            expect(cmd[cmd.index(option) - 1]).to eq('-o')
+          end
 
           has_yielded = true
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aptible-api
 version: !ruby/object:Gem::Version
-  version: 0.9.15
+  version: 0.9.16
 platform: ruby
 authors:
 - Frank Macreery
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-13 00:00:00.000000000 Z
+date: 2017-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aptible-resource
@@ -185,6 +185,7 @@ files:
 - lib/aptible/api/resource.rb
 - lib/aptible/api/service.rb
 - lib/aptible/api/ssh_portal_connection.rb
+- lib/aptible/api/stack.rb
 - lib/aptible/api/version.rb
 - lib/aptible/api/vhost.rb
 - spec/aptible/api/agent_spec.rb