Support for SSH agent (#6)

data_source_ssh_tunnel.go

@@ -6,10 +6,12 @@ import (
 	"io"
 	"log"
 	"net"
+	"os"
 	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/agent"
 )
 
 func dataSourceSSHTunnel() *schema.Resource {
@@ -26,9 +28,15 @@ func dataSourceSSHTunnel() *schema.Resource {
 				Required:    true,
 				Description: "The hostname",
 			},
+			"ssh_agent": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Attempt to use the SSH agent (using the SSH_AUTH_SOCK environment variable)",
+				Default:     true,
+			},
 			"private_key": &schema.Schema{
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				Description: "The private SSH key",
 			},
 			"local_address": &schema.Schema{
@@ -84,7 +92,7 @@ func dataSourceSSHTunnelRead(d *schema.ResourceData, meta interface{}) error {
 	localAddress := d.Get("local_address").(string)
 	remoteAddress := d.Get("remote_address").(string)
 	tunnelEstablished := d.Get("tunnel_established").(bool)
-
+	sshAgent := d.Get("ssh_agent").(bool)
 	// default to port 22 if not specified
 	if !strings.Contains(host, ":") {
 		host = host + ":22"
@@ -96,6 +104,7 @@ func dataSourceSSHTunnelRead(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] localAddress: %v", localAddress)
 	log.Printf("[DEBUG] remoteAddress: %v", remoteAddress)
 	log.Printf("[DEBUG] tunnelEstablished: %v", tunnelEstablished)
+	log.Printf("[DEBUG] sshAgent: %v", sshAgent)
 
 	if tunnelEstablished == false {
 		d.Set("tunnel_established", true)
@@ -106,11 +115,31 @@ func dataSourceSSHTunnelRead(d *schema.ResourceData, meta interface{}) error {
 			Auth:            []ssh.AuthMethod{},
 		}
 
-		pubKeyAuth, err := readPrivateKey(privateKey)
-		if err != nil {
-			panic(err)
+		if privateKey != "" {
+			pubKeyAuth, err := readPrivateKey(privateKey)
+			if err != nil {
+				panic(err)
+			}
+			sshConf.Auth = append(sshConf.Auth, pubKeyAuth)
+		}
+
+		if sshAgent {
+			sshAuthSock, ok := os.LookupEnv("SSH_AUTH_SOCK")
+			if ok {
+				log.Printf("[DEBUG] opening connection to %q", sshAuthSock)
+				conn, err := net.Dial("unix", sshAuthSock)
+				if err != nil {
+					panic(err)
+				}
+				agentClient := agent.NewClient(conn)
+				agentAuth := ssh.PublicKeysCallback(agentClient.Signers)
+				sshConf.Auth = append(sshConf.Auth, agentAuth)
+			}
+		}
+
+		if len(sshConf.Auth) == 0 {
+			return fmt.Errorf("Error: No authentication method configured.")
 		}
-		sshConf.Auth = append(sshConf.Auth, pubKeyAuth)
 
 		localListener, err := net.Listen("tcp", localAddress)
 		if err != nil {

go.sum

@@ -31,7 +31,7 @@ github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/U
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6KdvN3Gig=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-getter v0.0.0-20181213035916-be39683deade h1:dBvCsh6SUU8TbrVIXoapp1UGtalncagxH7OnOkrPN/A=
+github.com/hashicorp/go-getter v0.0.0-20181213035916-be39683deade h1:Lm8kCA3z1OGpE4Iw6jWBOIE+ouAySxrNHPWlnGAtgRM=
 github.com/hashicorp/go-getter v0.0.0-20181213035916-be39683deade/go.mod h1:BjYbO/QwTRCU20p2qOfbWtU2TTSuTqPNx1RnlndKOxE=
 github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
 github.com/hashicorp/go-hclog v0.0.0-20181001195459-61d530d6c27f h1:Yv9YzBlAETjy6AOX9eLBZ3nshNVRREgerT/3nvxlGho=

main.tf

@@ -4,6 +4,7 @@ data "ssh_tunnel" "consul" {
   user            = "stefan"
   host            = "bastion.example.com"
   private_key     = "${file(pathexpand("~/.ssh/id_rsa"))}"
+  ssh_agent       = false // by default, SSH agent authentication is attempted if the SSH_AUTH_SOCK environment variable is set
   local_address   = "localhost:0" // use port 0 to request an ephemeral port (a random port)
   remote_address  = "localhost:8500"
 }