Merge pull request #6 from connectedcars/auth-wrapper-quiet

auth-wrapper: add AUTH_WRAPPER_QUIET env support
connectedcars · Jun 23, 2022 · 5ea7294 · 5ea7294
2 parents 433da82 + f3a70b2
commit 5ea7294
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -76,6 +76,14 @@ To configure a SSH server to trust the signing server CA for a specific user:
 cert-authority,principals="user1,serverType:gw" ssh-rsa AAAA...(copy from output of signing server) ca key
 ```
 
+
+## Use Examples
+```
+auth-wrapper ssh user@ip
+auth-wrapper ssh user@ip 'echo hello'
+```
+
+
 ## Options
 
 ### Arguments

diff --git a/cmd/authwrapper/main.go b/cmd/authwrapper/main.go
@@ -58,16 +58,22 @@ func main() {
 	if err != nil {
 		log.Fatalf("Failed to list sshAgent keys: %v", err)
 	}
-	fmt.Fprintf(os.Stderr, "Loaded keys:\n")
-	for _, key := range keyList {
-		fmt.Fprintf(os.Stderr, "%s %s\n", strings.TrimSuffix(string(ssh.MarshalAuthorizedKey(key)), "\n"), key.Comment)
+
+	if config.AuthWrapperQuiet == false {
+		fmt.Fprintf(os.Stderr, "Loaded keys:\n")
+
+		for _, key := range keyList {
+			fmt.Fprintf(os.Stderr, "%s %s\n", strings.TrimSuffix(string(ssh.MarshalAuthorizedKey(key)), "\n"), key.Comment)
+		}
 	}
 
 	exitCode, err := runCommandWithSSHAgent(agent, config.Command, config.Args)
 	if err != nil {
 		log.Fatalf("runCommandWithSSHAgent: %v", err)
 	}
 
-	fmt.Fprintf(os.Stderr, "exit code: %v\n", exitCode)
+	if config.AuthWrapperQuiet == false {
+		fmt.Fprintf(os.Stderr, "exit code: %v\n", exitCode)
+	}
 	os.Exit(exitCode)
 }
diff --git a/cmd/authwrapper/setup.go b/cmd/authwrapper/setup.go
@@ -30,6 +30,7 @@ type Config struct {
 	SSHCaAuthorizedKeysPath string
 	SSHSigningServerAddress string
 	SSHAgentSocket          string
+	AuthWrapperQuiet        bool
 }
 
 var principalsFlag = flag.String("principals", "", "requested principals")
@@ -38,6 +39,9 @@ func parseEnvironment() (*Config, error) {
 	flag.Parse()
 	args := flag.Args()
 
+	// TODO: Do a proper check here (AUTH_WRAPPER_QUIET=false still is true)
+	_, isAuthWrapperQuiet := os.LookupEnv("AUTH_WRAPPER_QUIET")
+
 	config := &Config{
 		Command:                 os.Getenv("WRAP_COMMAND"),
 		Args:                    args,
@@ -51,6 +55,7 @@ func parseEnvironment() (*Config, error) {
 		SSHCaAuthorizedKeysPath: os.Getenv("SSH_CA_AUTHORIZED_KEYS_PATH"),
 		SSHSigningServerAddress: os.Getenv("SSH_SIGNING_SERVER_LISTEN_ADDRESS"),
 		SSHAgentSocket:          os.Getenv("SSH_AUTH_SOCK"),
+		AuthWrapperQuiet:        isAuthWrapperQuiet,
 	}
 	os.Unsetenv("WRAP_COMMAND")
 	os.Unsetenv("SSH_KEY_PATH")
@@ -60,6 +65,7 @@ func parseEnvironment() (*Config, error) {
 	os.Unsetenv("SSH_CA_KEY_PASSWORD")
 	os.Unsetenv("SSH_SIGNING_SERVER_LISTEN_ADDRESS")
 	os.Unsetenv("SSH_AUTH_SOCK")
+	os.Unsetenv("AUTH_WRAPPER_QUIET")
 
 	if *principalsFlag != "" {
 		config.RequestedPrincipals = strings.Split(*principalsFlag, ",")

diff --git a/cmd/authwrapper/utils.go b/cmd/authwrapper/utils.go
@@ -29,6 +29,7 @@ func runCommandWithSSHAgent(agent agent.ExtendedAgent, command string, args []st
 	if err != nil {
 		return 255, fmt.Errorf("Failed to start ssh agent server: %v", err)
 	}
+
 	os.Setenv("SSH_AUTH_SOCK", sshAuthSock)
 
 	// Do string replacement for SSH_AUTH_SOCK