Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for the ssh_key parameter for credentials #247

Merged
merged 6 commits into from
Jul 17, 2023
Merged

feat: Add support for the ssh_key parameter for credentials #247

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5250496
feat: Add support for the ssh_key parameter for credentials
abellotti Jun 15, 2023
344460b
tests: updated cred tests to pytest
abellotti Jul 12, 2023
a83da0c
test: adding ssh_key tests
abellotti Jul 13, 2023
ec9bb4a
docs: updated qpc man page for ssh_key
abellotti Jul 14, 2023
b49936c
tests: renaming qpc cred tests to test_ for pytest conformance
abellotti Jul 15, 2023
b0124c4
refactor: dry'ing up get_password
abellotti Jul 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion deploy/qpc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,9 @@ else
fi

mkdir -p ~/.config/qpc ~/.local/share/qpc
podman run -it --rm \
export TTY_OPTS="-it"
[[ "${1}" == "--no-tty" ]] && shift && TTY_OPTS="-i"
podman run ${TTY_OPTS} --rm \
-v ~/.config/qpc:/root/.config/qpc${VOLUME_LABEL} \
-v ~/.local/share/qpc:/root/.local/share/qpc${VOLUME_LABEL} \
--entrypoint='/app/qpc/deploy/docker_run.sh' \
Expand Down
184 changes: 138 additions & 46 deletions docs/source/man.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ Creating and Editing Credentials

To create a credential, supply the type of credential and supply SSH credentials as either a username-password pair, a username-key pair, or an access token. The {{ QPC_VAR_PROJECT }} tool stores each set of credentials in a separate credential entry.

**{{ QPC_VAR_PROGRAM_NAME }} cred add --name=** *name* **--type=** *(network | vcenter | satellite | openshift | ansible)* **--username=** *username* **(--password | --sshkeyfile=** *key_file* **)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**
**{{ QPC_VAR_PROGRAM_NAME }} cred add --name=** *name* **--type=** *(network | vcenter | satellite | openshift | ansible)* **--username=** *username* **(--password | --sshkeyfile=** *key_file* | --sshkey**)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**

``--name=name``

Expand All @@ -150,15 +150,19 @@ To create a credential, supply the type of credential and supply SSH credentials

``--password``

Prompts for the password for the ``--username`` identity. Mutually exclusive with the ``--sshkeyfile`` and ``--token`` options.
Prompts for the password for the ``--username`` identity. Mutually exclusive with the ``--sshkeyfile``, ``--sshkey`` and ``--token`` options.

``--sshkeyfile=key_file``

Sets the path of the file that contains the private SSH key for the ``--username`` identity. Mutually exclusive with the ``--password`` and ``--token`` options.
Sets the path of the file that contains the private SSH key for the ``--username`` identity. Mutually exclusive with the ``--password``, ``--ssh-key`` and ``--token`` options.

``--sshkey``

Prompts for the private SSH key for the ``--username`` identity. Mutually exclusive with the ``--password``, ``--token`` and ``--sshkeyfile`` options.

``--sshpassphrase``

Prompts for the passphrase to be used when connecting with an SSH keyfile that requires a passphrase. Can only be used with the ``--sshkeyfile`` option.
Prompts for the passphrase to be used when connecting with an SSH keyfile or SSH key that requires a passphrase. Can only be used with the ``--sshkeyfile`` or ``--sshkey`` option.

``--become-method=become_method``

Expand All @@ -174,11 +178,11 @@ To create a credential, supply the type of credential and supply SSH credentials

``--token``

Prompts for the access token for authentication. Mutually exclusive with the ``--sshkeyfile`` and ``--password`` options.
Prompts for the access token for authentication. Mutually exclusive with the ``--sshkeyfile``, ``--sshkey`` and ``--password`` options.

The information in a credential might change, including passwords, become passwords, SSH keys, the become_method, tokens or even the username. For example, your local security policies might require you to change passwords periodically. Use the ``{{ QPC_VAR_PROGRAM_NAME }} cred edit`` command to change credential information. The parameters for ``{{ QPC_VAR_PROGRAM_NAME }} cred edit`` are the same as those for ``{{ QPC_VAR_PROGRAM_NAME }} cred add``.

**{{ QPC_VAR_PROGRAM_NAME }} cred edit --name=** *name* **--username=** *username* **(--password | --sshkeyfile=** *key_file* **)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**
**{{ QPC_VAR_PROGRAM_NAME }} cred edit --name=** *name* **--username=** *username* **(--password | --sshkeyfile=** *key_file* | --sshkey **)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**

Listing and Showing Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand Down Expand Up @@ -723,83 +727,171 @@ The following options are available for every {{ QPC_VAR_PROJECT }} command.
Examples
--------

Creating a new network type credential with a keyfile
``{{ QPC_VAR_PROGRAM_NAME }} cred add --name net_cred --type network --username {{ QPC_VAR_PROGRAM_NAME }}_user --sshkeyfile /etc/ssh/ssh_host_rsa_key``
Creating a new network type credential with a password
``{{ QPC_VAR_PROGRAM_NAME }} cred add --name net_cred2 --type network --username {{ QPC_VAR_PROGRAM_NAME }}_user --password``
Creating a new openshift type credential with a token
* Creating a new network type credential with a password

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name net_cred --type network --username {{ QPC_VAR_PROGRAM_NAME }}_user --password``

* Creating a new network type credential with a keyfile

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name net_cred2 --type network --username {{ QPC_VAR_PROGRAM_NAME }}_user --sshkeyfile /etc/ssh/ssh_host_rsa_key``

* Creating a new network type credential with a keyfile requiring a passphrase

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name net_cred3 --type network --username {{ QPC_VAR_PROGRAM_NAME }}_user --sshkeyfile /etc/ssh/ssh_host_rsa_key --sshpassphrase``

* Creating a new network type credential with an SSH key

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name net_cred4 --type network --username {{ QPC_VAR_PROGRAM_NAME }}_user --sshkey``

* Creating a new network type credential with an SSH key requiring a passphrase

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name net_cred5 --type network --username {{ QPC_VAR_PROGRAM_NAME }}_user --sshkey --sshpassphrase``

* Creating a new openshift type credential with a token

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name ocp_cred --type openshift --token``
Creating a new openshift type credential with a password

* Creating a new openshift type credential with a password

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name ocp_cred2 --type openshift --username ocp_user --password``
Creating a new vcenter type credential

* Creating a new vcenter type credential

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name vcenter_cred --type vcenter --username vc_user --password``
Creating a new satellite type credential

* Creating a new satellite type credential

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name sat_cred --type satellite --username sat_user --password``
Creating a new ansible type credential

* Creating a new ansible type credential

``{{ QPC_VAR_PROGRAM_NAME }} cred add --name ansible_cred --type ansible --username ansible_user --password``
Listing all credentials

* Listing all credentials

``{{ QPC_VAR_PROGRAM_NAME }} cred list``
Listing network credentials

* Listing network credentials

``{{ QPC_VAR_PROGRAM_NAME }} cred list --type network``
Showing details for a specified credential

* Showing details for a specified credential

``{{ QPC_VAR_PROGRAM_NAME }} cred show --name ocp_cred2``
Clearing all credentials

* Clearing all credentials

``{{ QPC_VAR_PROGRAM_NAME }} cred clear --all``
Clearing a specified credential

* Clearing a specified credential

``{{ QPC_VAR_PROGRAM_NAME }} cred clear --name vcenter_cred``
Creating a new network source

* Creating a new network source

``{{ QPC_VAR_PROGRAM_NAME }} source add --name net_source --type network --hosts 1.192.0.19 1.192.0.20 --cred net_cred``
Creating a new network source with an excluded host

* Creating a new network source with an excluded host

``{{ QPC_VAR_PROGRAM_NAME }} source add --name net_source2 --type network --hosts 1.192.1.[0:255] --exclude-hosts 1.192.1.19 --cred net_cred``
Creating a new vcenter source specifying a SSL protocol

* Creating a new vcenter source specifying a SSL protocol

``{{ QPC_VAR_PROGRAM_NAME }} source add --name vcenter_source --type vcenter --hosts 1.192.0.19 --cred vcenter_cred --ssl-protocol SSLv23``
Creating a new satellite source disabling SSL

* Creating a new satellite source disabling SSL

``{{ QPC_VAR_PROGRAM_NAME }} source add --name sat_source --type satellite --hosts satellite.example.redhat.com --disable-ssl true --cred sat_cred``
Creating a new ansible source disabling SSL certificate verification

* Creating a new ansible source disabling SSL certificate verification

``{{ QPC_VAR_PROGRAM_NAME }} source add --name ansible_source --type ansible --hosts 10.0.205.205 --ssl-cert-verify false --cred ansible_cred``
Editing a source

* Editing a source

``{{ QPC_VAR_PROGRAM_NAME }} source edit --name net_source --hosts 1.192.0.[0:255] --cred net_cred net_cred2``
Creating a scan

* Creating a scan

``{{ QPC_VAR_PROGRAM_NAME }} scan add --name net_scan --sources net_source net_source2``
Creating a scan that includes a list of products in the inspection

* Creating a scan that includes a list of products in the inspection

``{{ QPC_VAR_PROGRAM_NAME }} scan add --name net_scan2 --sources net_source --enabled-ext-product-search jboss_eap``
Editing a scan setting maximum concurrency

* Editing a scan setting maximum concurrency

``{{ QPC_VAR_PROGRAM_NAME }} scan edit --name net_scan --max-concurrency 10``
Listing a scan filtering by scan type

* Listing a scan filtering by scan type

``{{ QPC_VAR_PROGRAM_NAME }} scan list --type inspect``
Running a scan

* Running a scan

``{{ QPC_VAR_PROGRAM_NAME }} scan start --name net_scan``
Canceling a scan

* Canceling a scan

``{{ QPC_VAR_PROGRAM_NAME }} scan cancel --id 1``
Viewing scan jobs related to a specified scan

* Viewing scan jobs related to a specified scan

``{{ QPC_VAR_PROGRAM_NAME }} scan job --name net_scan``
Retrieves a JSON details report with no output file

* Retrieves a JSON details report with no output file

``{{ QPC_VAR_PROGRAM_NAME }} report details --report 2 --json``
Retrieves a JSON details report

* Retrieves a JSON details report

``{{ QPC_VAR_PROGRAM_NAME }} report details --report 2 --json --output-file path_to_your_file.json``
Retrieves a CSV deployments report

* Retrieves a CSV deployments report

``{{ QPC_VAR_PROGRAM_NAME }} report deployments --report 2 --csv --output-file path_to_your_file.csv``
Retrieves a JSON Insights report with no output file

* Retrieves a JSON Insights report with no output file

``{{ QPC_VAR_PROGRAM_NAME }} report insights --scan-job 1``
Retrieves a tar.gz Insights report

* Retrieves a tar.gz Insights report

``{{ QPC_VAR_PROGRAM_NAME }} report insights --scan-job 1 --output-file path_to_your_file.tar.gz``
Downloading a set of reports

* Downloading a set of reports

``{{ QPC_VAR_PROGRAM_NAME }} report download --report 1 --output-file path_to_your_file.tar.gz``
Merging scan job results using ids

* Merging scan job results using ids

``{{ QPC_VAR_PROGRAM_NAME }} report report merge --job-ids 1 3``
Merging scan job results providing JSON files

* Merging scan job results providing JSON files

``{{ QPC_VAR_PROGRAM_NAME }} report report merge --json-files path_to_report_1.json path_to_report_2.json``
Reprocessing a report

* Reprocessing a report

``{{ QPC_VAR_PROGRAM_NAME }} report upload --json-file path_to_report.json``
Configuring Insights

* Configuring Insights

``{{ QPC_VAR_PROGRAM_NAME }} insights config --host stage.console.redhat.com --port 8080``
Adding Insights credentials

* Adding Insights credentials

``{{ QPC_VAR_PROGRAM_NAME }} insights add_login --username insights-user --password``
Publishing to Insights using a report id

* Publishing to Insights using a report id

``{{ QPC_VAR_PROGRAM_NAME }} insights publish --report 1``
Publishing to Insights using a previously downloaded report

* Publishing to Insights using a previously downloaded report

``{{ QPC_VAR_PROGRAM_NAME }} insights publish --input-file path_to_report.tar.gz``


Security Considerations
-----------------------

Expand Down
Loading
Loading