[jb] fix #8296: validate host key fingerprint #8317
Conversation
| return fetchWS(resolveJoinLinkUrl, connectParams, ownerToken) | ||
| } | ||
|
|
||
| private fun resolveCredentials( |
There was a problem hiding this comment.
@iQQBot relevant functions are resolveCredentials, resolveHostKeys and most interesting is acceptHostKey
Codecov Report
@@ Coverage Diff @@
## main #8317 +/- ##
==========================================
- Coverage 12.31% 11.17% -1.14%
==========================================
Files 20 18 -2
Lines 1161 993 -168
==========================================
- Hits 143 111 -32
+ Misses 1014 880 -134
+ Partials 4 2 -2
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
|
/werft run 👍 started the job as gitpod-build-ak-jb-host-key.1 |
iQQBot
force-pushed
the
pd/ssh-hostkey
branch
from
b79520d to
ae5f486
Compare
akosyakov
force-pushed
the
ak/jb_host_key
branch
from
aefd54c to
c2df2f4
Compare
| ): AskAboutHostKey { | ||
| val hostKeysByType = hostKeys.groupBy({ it.type.lowercase() }) { it.hostKey } | ||
| val acceptHostKey: AskAboutHostKey = { hostName, keyType, fingerprint, _ -> | ||
| if (hostName != ideUrl.host) { |
There was a problem hiding this comment.
@iQQBot Could you have a look please whether it makes sense to you?
There was a problem hiding this comment.
Is the latest plugin URL changed?
There was a problem hiding this comment.
Maybe we can print an URL in werft job somehow. We know a version and can query JB marketplace for URL, but not sure how to display it on results page.
There was a problem hiding this comment.
try and checked, it works, The process was very smooth and there were no more pop-ups
There was a problem hiding this comment.
ok, let's wait for workspace team to deploy and then we can merge
|
@iQQBot changes to ws-proxy in production, it should be good to merge and deploy |
|
Did I miss something or is the Restart IDE button gone by mistake, @akosyakov? It seems I still need to restart it in order for it to work. |
It is on purpose, next version of GW does not require restart which is going to be released on 24th. |
|
/werft run |
|
@mustard-mh @filiptronicek you can test against gitpod.io to be sure, you don't need prev envs I updated |
|
I guess this is unrelated, but is our API broken that it returns
|
Right I don't think it is related to this PR. Let's file another issue. It seems you get a workspace which does not have a normalised context URL. Please capture in the issue: How did you start a workspace? Using a link from |
There was a problem hiding this comment.
Other than the issue I mentioned (unrelated to changes from this PR), it works for me a-ok. I wasn't aware that we could get rid of the dialog and I'm so happy we did!
I'll hold for the review from @mustard-mh and/or any potential further code review. /hold
|
Do steps like |
|
/unhold |
roboquat
added
deployed: IDE
Description
Gateway plugin intercepts SSH fingerprint check and validates it against public ssh key of SSH gateway instead of asking a user. If SSH keys are not present then an error is presented to a user that Gitpod installation is not supported, if keys are not matched then an error presented as well.
Related Issue(s)
fixes #8296
How to test
Release Notes
Documentation