Add support for key data and password

Author: mangelajo

api/v1alpha1/exporterhost_types.go

@@ -49,6 +49,10 @@ type SSHCredentials struct {
 	User string `json:"user,omitempty"`
 	// KeyFile is the path to the SSH private key file.
 	KeyFile string `json:"keyFile,omitempty"`
+	// SSHKeyData is the SSH private key data as a string.
+	SSHKeyData string `json:"sshKeyData,omitempty"`
+	// SSHKeyPassword is the password for encrypted SSH private keys.
+	SSHKeyPassword string `json:"sshKeyPassword,omitempty"`
 	// Password is the SSH password (if not using key-based auth).
 	Password string `json:"password,omitempty"`
 	// Port is the SSH port (default is 22).

config/crd/bases/meta.jumpstarter.dev_exporterhosts.yaml

@@ -82,6 +82,13 @@ spec:
                       port:
                         description: Port is the SSH port (default is 22).
                         type: integer
+                      sshKeyData:
+                        description: SSHKeyData is the SSH private key data as a string.
+                        type: string
+                      sshKeyPassword:
+                        description: SSHKeyPassword is the password for encrypted
+                          SSH private keys.
+                        type: string
                       user:
                         description: User is the SSH username.
                         type: string

example/devices/on-lab/ti-jacinto-j784s4xevm-01/ti-jacinto-j784s4xevm-01-sidekick.yaml

@@ -17,7 +17,7 @@ spec:
     ssh:
       host: "$( name ).auto.bos2.dc.example.com"
       user: "admin"
-      keyFile: "~/.ssh/id_rsa"
+      sshKey: "$( vars.exporter-ssh-key )"
   power:
     snmp:
       host: "some-pdu-hostname.auto.eng.bos2.bc.somedomain.com"

internal/exporter/ssh/ssh.go

@@ -88,9 +88,34 @@ func (m *SSHHostManager) createSshClient() (*ssh.Client, error) {
 		if err != nil {
 			return nil, fmt.Errorf("failed to read SSH key file: %w", err)
 		}
-		signer, err := ssh.ParsePrivateKey(key)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse SSH private key: %w", err)
+		var signer ssh.Signer
+		if m.ExporterHost.Spec.Management.SSH.SSHKeyPassword != "" {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase(key, []byte(m.ExporterHost.Spec.Management.SSH.SSHKeyPassword))
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse encrypted SSH private key from file: %w", err)
+			}
+		} else {
+			signer, err = ssh.ParsePrivateKey(key)
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse SSH private key from file: %w", err)
+			}
+		}
+		auth = append(auth, ssh.PublicKeys(signer))
+	}
+
+	if m.ExporterHost.Spec.Management.SSH.SSHKeyData != "" {
+		var signer ssh.Signer
+		var err error
+		if m.ExporterHost.Spec.Management.SSH.SSHKeyPassword != "" {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(m.ExporterHost.Spec.Management.SSH.SSHKeyData), []byte(m.ExporterHost.Spec.Management.SSH.SSHKeyPassword))
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse encrypted SSH private key from sshKeyData: %w", err)
+			}
+		} else {
+			signer, err = ssh.ParsePrivateKey([]byte(m.ExporterHost.Spec.Management.SSH.SSHKeyData))
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse SSH private key from sshKeyData: %w", err)
+			}
 		}
 		auth = append(auth, ssh.PublicKeys(signer))
 	}
@@ -102,19 +127,18 @@ func (m *SSHHostManager) createSshClient() (*ssh.Client, error) {
 	// Check if SSH agent is running and use it if available
 	agentSocket := os.Getenv("SSH_AUTH_SOCK")
 	if agentSocket != "" {
-		log.Fatal("SSH_AUTH_SOCK environment variable not set. Is ssh-agent running?")
-
 		// Connect to the agent's socket.
 		conn, err := net.Dial("unix", agentSocket)
 		if err != nil {
-			log.Fatalf("Failed to open SSH_AUTH_SOCK: %v", err)
-		}
-		defer conn.Close() // nolint:errcheck
+			log.Printf("Failed to connect to SSH agent: %v", err)
+		} else {
+			defer conn.Close() // nolint:errcheck
 
-		// Create a new agent client.
-		agentClient := agent.NewClient(conn)
+			// Create a new agent client.
+			agentClient := agent.NewClient(conn)
 
-		auth = append(auth, ssh.PublicKeysCallback(agentClient.Signers))
+			auth = append(auth, ssh.PublicKeysCallback(agentClient.Signers))
+		}
 	}
 
 	config := &ssh.ClientConfig{