triggers: gen ssh keypair outside of activate()
This keeps the private key from ever being exposed to the client.
This commit is contained in:
Jimmy Zelinskie
parent
93a9e9d01a
commit
e6a7156657
2 changed files with 5 additions and 3 deletions
|
|
@ -20,6 +20,7 @@ from data import model
|
|||
from auth.permissions import UserAdminPermission, AdministerOrganizationPermission, ReadRepositoryPermission
|
||||
from util.names import parse_robot_username
|
||||
from util.dockerfileparse import parse_dockerfile
|
||||
from util.ssh import generate_ssh_keypair
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -211,6 +212,9 @@ class BuildTriggerActivate(RepositoryParamResource):
|
|||
token = model.create_delegate_token(namespace, repository, token_name,
|
||||
'write')
|
||||
|
||||
# Generate an SSH keypair
|
||||
new_config_dict['public_key'], trigger.private_key = generate_ssh_keypair()
|
||||
|
||||
try:
|
||||
path = url_for('webhooks.build_trigger_webhook', trigger_uuid=trigger.uuid)
|
||||
authed_url = _prepare_webhook_url(app.config['PREFERRED_URL_SCHEME'], '$token', token.code,
|
||||
|
|
|
|||
|
|
@ -525,9 +525,7 @@ class GitHubBuildTrigger(BuildTrigger):
|
|||
msg = 'Unable to find GitHub repository for source: %s' % new_build_source
|
||||
raise TriggerActivationException(msg)
|
||||
|
||||
# Generate an SSH keypair and add the public key to the repository.
|
||||
# TODO(jzelinskie): don't put this in the config! it's not secure!
|
||||
config['public_key'], config['private_key'] = generate_ssh_keypair()
|
||||
# Add a deploy key to the GitHub repository.
|
||||
try:
|
||||
deploy_key = gh_repo.create_key('Quay.io Builder', config['public_key'])
|
||||
config['deploy_key_id'] = deploy_key.id
|
||||
|
|
|
|||
Reference in a new issue