triggers: gen ssh keypair outside of activate()

This keeps the private key from ever being exposed to the client.
2015-03-19 14:31:01 -04:00 · 2015-03-19 14:31:01 -04:00 · e6a7156657
commit e6a7156657
parent 93a9e9d01a
2 changed files with 5 additions and 3 deletions
--- a/endpoints/api/trigger.py
+++ b/endpoints/api/trigger.py
@ -20,6 +20,7 @@ from data import model
 from auth.permissions import UserAdminPermission, AdministerOrganizationPermission, ReadRepositoryPermission
 from util.names import parse_robot_username
 from util.dockerfileparse import parse_dockerfile
+from util.ssh import generate_ssh_keypair


 logger = logging.getLogger(__name__)
@ -211,6 +212,9 @@ class BuildTriggerActivate(RepositoryParamResource):
      token = model.create_delegate_token(namespace, repository, token_name,
                                          'write')

+      # Generate an SSH keypair
+      new_config_dict['public_key'], trigger.private_key = generate_ssh_keypair()
+
      try:
        path = url_for('webhooks.build_trigger_webhook', trigger_uuid=trigger.uuid)
        authed_url = _prepare_webhook_url(app.config['PREFERRED_URL_SCHEME'], '$token', token.code,