From d32959e399ff8770e67abeb80fa83cdd3c52fde9 Mon Sep 17 00:00:00 2001
From: Ash McKenzie <amckenzie@gitlab.com>
Date: Wed, 1 Jul 2020 20:01:48 +1000
Subject: Include SSL_CERT_DIR env var in command

---
 internal/keyline/key_line.go      | 38 ++++++++++++++++++++++-----------
 internal/keyline/key_line_test.go | 44 ++++++++++++++++++++++++++++++---------
 2 files changed, 60 insertions(+), 22 deletions(-)

diff --git a/internal/keyline/key_line.go b/internal/keyline/key_line.go
index c29a320..e2abb82 100644
--- a/internal/keyline/key_line.go
+++ b/internal/keyline/key_line.go
@@ -7,6 +7,7 @@ import (
 	"regexp"
 	"strings"
 
+	"gitlab.com/gitlab-org/gitlab-shell/internal/config"
 	"gitlab.com/gitlab-org/gitlab-shell/internal/executable"
 )
 
@@ -21,32 +22,45 @@ const (
 )
 
 type KeyLine struct {
-	Id      string // This can be either an ID of a Key or username
-	Value   string // This can be either a public key or a principal name
-	Prefix  string
-	RootDir string
+	Id     string // This can be either an ID of a Key or username
+	Value  string // This can be either a public key or a principal name
+	Prefix string
+	Config *config.Config
 }
 
-func NewPublicKeyLine(id string, publicKey string, rootDir string) (*KeyLine, error) {
-	return newKeyLine(id, publicKey, PublicKeyPrefix, rootDir)
+func NewPublicKeyLine(id, publicKey string, config *config.Config) (*KeyLine, error) {
+	return newKeyLine(id, publicKey, PublicKeyPrefix, config)
 }
 
-func NewPrincipalKeyLine(keyId string, principal string, rootDir string) (*KeyLine, error) {
-	return newKeyLine(keyId, principal, PrincipalPrefix, rootDir)
+func NewPrincipalKeyLine(keyId, principal string, config *config.Config) (*KeyLine, error) {
+	return newKeyLine(keyId, principal, PrincipalPrefix, config)
 }
 
 func (k *KeyLine) ToString() string {
-	command := fmt.Sprintf("%s %s-%s", path.Join(k.RootDir, executable.BinDir, executable.GitlabShell), k.Prefix, k.Id)
+	sslCertDirEnvVar := k.sslCertDirEnvVar()
+	command := fmt.Sprintf("%s %s-%s", path.Join(k.Config.RootDir, executable.BinDir, executable.GitlabShell), k.Prefix, k.Id)
 
-	return fmt.Sprintf(`command="%s",%s %s`, command, SshOptions, k.Value)
+	if sslCertDirEnvVar != "" {
+		sslCertDirEnvVar = fmt.Sprintf(`%s `, sslCertDirEnvVar)
+	}
+
+	return fmt.Sprintf(`command="%s%s",%s %s`, sslCertDirEnvVar, command, SshOptions, k.Value)
+}
+
+func (k *KeyLine) sslCertDirEnvVar() string {
+	if k.Config.SslCertDir != "" {
+		return fmt.Sprintf(`SSL_CERT_DIR=%s`, k.Config.SslCertDir)
+	}
+
+	return ""
 }
 
-func newKeyLine(id string, value string, prefix string, rootDir string) (*KeyLine, error) {
+func newKeyLine(id, value, prefix string, config *config.Config) (*KeyLine, error) {
 	if err := validate(id, value); err != nil {
 		return nil, err
 	}
 
-	return &KeyLine{Id: id, Value: value, Prefix: prefix, RootDir: rootDir}, nil
+	return &KeyLine{Id: id, Value: value, Prefix: prefix, Config: config}, nil
 }
 
 func validate(id string, value string) error {
diff --git a/internal/keyline/key_line_test.go b/internal/keyline/key_line_test.go
index c6883c0..095de78 100644
--- a/internal/keyline/key_line_test.go
+++ b/internal/keyline/key_line_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	"gitlab.com/gitlab-org/gitlab-shell/internal/config"
 )
 
 func TestFailingNewPublicKeyLine(t *testing.T) {
@@ -29,7 +30,7 @@ func TestFailingNewPublicKeyLine(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.desc, func(t *testing.T) {
-			result, err := NewPublicKeyLine(tc.id, tc.publicKey, "root-dir")
+			result, err := NewPublicKeyLine(tc.id, tc.publicKey, &config.Config{RootDir: "/tmp", SslCertDir: "/tmp/certs"})
 
 			require.Empty(t, result)
 			require.EqualError(t, err, tc.expectedError)
@@ -60,7 +61,7 @@ func TestFailingNewPrincipalKeyLine(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.desc, func(t *testing.T) {
-			result, err := NewPrincipalKeyLine(tc.keyId, tc.principal, "root-dir")
+			result, err := NewPrincipalKeyLine(tc.keyId, tc.principal, &config.Config{RootDir: "/tmp", SslCertDir: "/tmp/certs"})
 
 			require.Empty(t, result)
 			require.EqualError(t, err, tc.expectedError)
@@ -69,14 +70,37 @@ func TestFailingNewPrincipalKeyLine(t *testing.T) {
 }
 
 func TestToString(t *testing.T) {
-	keyLine := &KeyLine{
-		Id:      "1",
-		Value:   "public-key",
-		Prefix:  "key",
-		RootDir: "/tmp",
+	testCases := []struct {
+		desc           string
+		keyLine        *KeyLine
+		expectedOutput string
+	}{
+		{
+			desc: "Without SSL cert dir",
+			keyLine: &KeyLine{
+				Id:     "1",
+				Value:  "public-key",
+				Prefix: "key",
+				Config: &config.Config{RootDir: "/tmp"},
+			},
+			expectedOutput: `command="/tmp/bin/gitlab-shell key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty public-key`,
+		},
+		{
+			desc: "With SSL cert dir",
+			keyLine: &KeyLine{
+				Id:     "1",
+				Value:  "public-key",
+				Prefix: "key",
+				Config: &config.Config{RootDir: "/tmp", SslCertDir: "/tmp/certs"},
+			},
+			expectedOutput: `command="SSL_CERT_DIR=/tmp/certs /tmp/bin/gitlab-shell key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty public-key`,
+		},
 	}
 
-	result := keyLine.ToString()
-
-	require.Equal(t, `command="/tmp/bin/gitlab-shell key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty public-key`, result)
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			result := tc.keyLine.ToString()
+			require.Equal(t, tc.expectedOutput, result)
+		})
+	}
 }
-- 
cgit v1.2.1