feat: Support dockerPrivateKey to specify path to SSH key (#674)

Author: martinezpl

README.md

@@ -77,8 +77,20 @@ custom:
 ```
 
 The `dockerSsh` option will mount your `$HOME/.ssh/id_rsa` and `$HOME/.ssh/known_hosts` as a
-volume in the docker container. If your SSH key is password protected, you can use `ssh-agent`
-because `$SSH_AUTH_SOCK` is also mounted & the env var set.
+volume in the docker container.
+
+In case you want to use a different key, you can specify the path (absolute) to it through `dockerPrivateKey` option:
+
+```yaml
+custom:
+  pythonRequirements:
+    dockerizePip: true
+    dockerSsh: true
+    dockerPrivateKey: /home/.ssh/id_ed25519
+```
+
+If your SSH key is password protected, you can use `ssh-agent`
+because `$SSH_AUTH_SOCK` is also mounted & the env var is set.
 It is important that the host of your private repositories has already been added in your
 `$HOME/.ssh/known_hosts` file, as the install process will fail otherwise due to host authenticity
 failure.
@@ -213,7 +225,7 @@ the names in `slimPatterns`
 
 #### Option not to strip binaries
 
-In some cases, stripping binaries leads to problems like "ELF load command address/offset not properly aligned", even when done in the Docker environment. You can still slim down the package without `*.so` files with
+In some cases, stripping binaries leads to problems like "ELF load command address/offset not properly aligned", even when done in the Docker environment. You can still slim down the package without `*.so` files with:
 
 ```yaml
 custom:
@@ -566,3 +578,4 @@ package:
 - [@jacksgt](https://github.com/jacksgt) - Fixing pip issues
 - [@lephuongbg](https://github.com/lephuongbg) - Fixing single function deployment
 - [@rileypriddle](https://github.com/rileypriddle) - Introducing schema validation for `module` property
+- [@martinezpl](https://github.com/martinezpl) - Fixing test issues, adding `dockerPrivateKey` option

index.js

@@ -15,7 +15,6 @@ const { installAllRequirements } = require('./lib/pip');
 const { pipfileToRequirements } = require('./lib/pipenv');
 const { pyprojectTomlToRequirements } = require('./lib/poetry');
 const { cleanup, cleanupCache } = require('./lib/clean');
-
 BbPromise.promisifyAll(fse);
 
 /**
@@ -45,6 +44,7 @@ class ServerlessPythonRequirements {
             : this.serverless.service.provider.runtime || 'python',
         dockerizePip: false,
         dockerSsh: false,
+        dockerPrivateKey: null,
         dockerImage: null,
         dockerFile: null,
         dockerEnv: false,
@@ -71,7 +71,10 @@ class ServerlessPythonRequirements {
     }
     if (
       !options.dockerizePip &&
-      (options.dockerSsh || options.dockerImage || options.dockerFile)
+      (options.dockerSsh ||
+        options.dockerImage ||
+        options.dockerFile ||
+        options.dockerPrivateKey)
     ) {
       if (!this.warningLogged) {
         if (this.log) {

lib/pip.js

@@ -275,12 +275,16 @@ async function installRequirements(targetFolder, pluginInstance) {
 
       dockerCmd.push('docker', 'run', '--rm', '-v', `${bindPath}:/var/task:z`);
       if (options.dockerSsh) {
+        const homePath = require('os').homedir();
+        const sshKeyPath =
+          options.dockerPrivateKey || `${homePath}/.ssh/id_rsa`;
+
         // Mount necessary ssh files to work with private repos
         dockerCmd.push(
           '-v',
-          `${process.env.HOME}/.ssh/id_rsa:/root/.ssh/id_rsa:z`,
+          `${sshKeyPath}:/root/.ssh/${sshKeyPath.split('/').splice(-1)[0]}:z`,
           '-v',
-          `${process.env.HOME}/.ssh/known_hosts:/root/.ssh/known_hosts:z`,
+          `${homePath}/.ssh/known_hosts:/root/.ssh/known_hosts:z`,
           '-v',
           `${process.env.SSH_AUTH_SOCK}:/tmp/ssh_sock:z`,
           '-e',

test.js

@@ -3,6 +3,7 @@ const glob = require('glob-all');
 const JSZip = require('jszip');
 const sha256File = require('sha256-file');
 const tape = require('tape-promise/tape');
+
 const {
   chmodSync,
   removeSync,
@@ -23,7 +24,7 @@ const mkCommand =
   (cmd) =>
   (args, options = {}) => {
     options['env'] = Object.assign(
-      { SLS_DEBUG: 't' },
+      { SLS_DEBUG: 'true' },
       process.env,
       options['env']
     );
@@ -32,11 +33,11 @@ const mkCommand =
       args,
       options
     );
-    if (error) {
+    if (error && !options['noThrow']) {
       console.error(`Error running: ${quote([cmd, ...args])}`); // eslint-disable-line no-console
       throw error;
     }
-    if (status) {
+    if (status && !options['noThrow']) {
       console.error('STDOUT: ', stdout.toString()); // eslint-disable-line no-console
       console.error('STDERR: ', stderr.toString()); // eslint-disable-line no-console
       throw new Error(
@@ -200,6 +201,32 @@ const canUseDocker = () => {
 // Skip if running on these platforms.
 const brokenOn = (...platforms) => platforms.indexOf(process.platform) != -1;
 
+test(
+  'dockerPrivateKey option correctly resolves docker command',
+  async (t) => {
+    process.chdir('tests/base');
+    const path = npm(['pack', '../..']);
+    npm(['i', path]);
+    const stdout = sls(['package'], {
+      noThrow: true,
+      env: {
+        dockerizePip: true,
+        dockerSsh: true,
+        dockerPrivateKey: `${__dirname}${sep}tests${sep}base${sep}custom_ssh`,
+        dockerImage: 'break the build to log the command',
+      },
+    });
+    t.true(
+      stdout.includes(
+        `-v ${__dirname}${sep}tests${sep}base${sep}custom_ssh:/root/.ssh/custom_ssh:z`
+      ),
+      'docker command properly resolved'
+    );
+    t.end();
+  },
+  { skip: !canUseDocker() || brokenOn('win32') }
+);
+
 test(
   'default pythonBin can package flask with default options',
   async (t) => {

tests/base/custom_ssh

@@ -0,0 +1 @@
+SOME KEY

tests/base/serverless.yml

@@ -10,6 +10,9 @@ custom:
   pythonRequirements:
     zip: ${env:zip, self:custom.defaults.zip}
     dockerizePip: ${env:dockerizePip, self:custom.defaults.dockerizePip}
+    dockerSsh: ${env:dockerSsh, self:custom.defaults.dockerSsh}
+    dockerPrivateKey: ${env:dockerPrivateKey, self:custom.defaults.dockerPrivateKey}
+    dockerImage: ${env:dockerImage, self:custom.defaults.dockerImage}
     slim: ${env:slim, self:custom.defaults.slim}
     slimPatterns: ${file(./slimPatterns.yml):slimPatterns, self:custom.defaults.slimPatterns}
     slimPatternsAppendDefaults: ${env:slimPatternsAppendDefaults, self:custom.defaults.slimPatternsAppendDefaults}
@@ -24,6 +27,9 @@ custom:
     slimPatternsAppendDefaults: true
     zip: false
     dockerizePip: false
+    dockerSsh: false
+    dockerPrivateKey: ''
+    dockerImage: ''
     individually: false
     useStaticCache: true
     useDownloadCache: true