DEVPROD-4798 Remove old SSH Key #7713
Conversation
|
Pairs nicely with evergreen-ci/ui#41 |
graphql/schema/types/distro.graphql
Outdated
| @@ -138,7 +138,6 @@ input DistroInput { | |||
| providerSettingsList: [Map!]! | |||
| setup: String! | |||
| setupAsSudo: Boolean! | |||
| sshKey: String! | |||
There was a problem hiding this comment.
Since this is set as a required field on a mutation input in order to safely deploy this we would need to split this pr up into multiple parts and deploys.
- This would need to be set to optional (Remove the ! and add/remove any necessary logic needed to safely handle the field not always being there) (Also add a
@deprecateddirective to the field.) - Merge and deploy just this change.
- Update the UI pr to no longer rely on this field and the corresponding
sshKeyfield below - Merge and deploy the UI changes.
- Finally remove this field and the other field below.
- Merge and deploy this pr.
| @@ -287,7 +286,6 @@ type Distro { | |||
| providerSettingsList: [Map!]! | |||
| setup: String! | |||
| setupAsSudo: Boolean! | |||
| sshKey: String! | |||
There was a problem hiding this comment.
This field would not be removable until step 5 from above
graphql/schema/types/config.graphql
Outdated
| @@ -9,7 +9,6 @@ type SpruceConfig { | |||
| containerPools: ContainerPoolsConfig | |||
| githubOrgs: [String!]! | |||
| jira: JiraConfig | |||
| keys: [SSHKey!]! | |||
There was a problem hiding this comment.
Same comment as above this is not removable until step 5 from above. The UI should no longer rely on this at that point.
| Jira JiraConfig `yaml:"jira" bson:"jira" json:"jira" id:"jira"` | ||
| JIRANotifications JIRANotificationsConfig `yaml:"jira_notifications" json:"jira_notifications" bson:"jira_notifications" id:"jira_notifications"` | ||
| Keys map[string]string `yaml:"keys" bson:"keys" json:"keys"` | ||
| // TODO (DEVPROD-4798): remove KanopySSHKeyPath after the cutover to Kanopy. |
There was a problem hiding this comment.
do we not want to remove KanopySSHKeyPath anymore, re this comment?
There was a problem hiding this comment.
The approach of this PR is to remove the old Keys map instead of removing the new KanopySSHKeyPath. The thinking is that the distros all use the same key (they always have and will continue to use the same key for the foreseeable future), so the Keys map and corresponding distro setting was just extra complexity.
We could potentially rename KanopySSHKeyPath to SSHKeyPath if we want to.
|
After the Spruce deploy tomorrow we'll be up to step 5 (of these steps)! 🥳 |
config.go
Outdated
| for _, key := range c.Keys { | ||
| catcher.ErrorfWhen(c.SSHKeyPairs[i].PrivatePath(c) == key, "cannot overwrite the legacy SSH key '%s'", key) | ||
| } | ||
| catcher.ErrorfWhen(c.SSHKeyPairs[i].PrivatePath(c) == c.KanopySSHKeyPath, "cannot overwrite the legacy SSH key '%s'", c.KanopySSHKeyPath) |
|
Verified that SSH is working on staging (by adding a public key) |
DEVPROD-4798
Description
Once upon a time there was a map of ssh keys that were supposedly present on the app servers and each distro had a setting that configured which ssh key to use for that distro. In practice, there's only a single ssh key that we use for every distro.
This PR removes references to the old ssh key and the distro ssh key. All SSHing will use the key path that's set for the Kanopy ssh key.
Testing
I'll make sure we can still SSH in staging when I can get the lock.