From a4901de66ecb0e6b0507706d0c85f9cc734cf0af Mon Sep 17 00:00:00 2001
From: Gaurav Aggarwal <gaurav.aggarwal9@ibm.com>
Date: Thu, 18 Jul 2024 11:48:17 +0530
Subject: [PATCH] Added ssh enhancement feature

---
 backend/.env                  |  1 +
 backend/go.mod                |  6 +++---
 backend/internal/constants.go |  1 +
 backend/internal/helper.go    | 40 ++++++++++++++++++++++++++++++++++-
 resources/deploy.sh           | 15 ++++++++++---
 resources/docker-compose.yml  |  1 +
 6 files changed, 57 insertions(+), 7 deletions(-)

diff --git a/backend/.env b/backend/.env
index 1dc5b82..6f2fe3a 100644
--- a/backend/.env
+++ b/backend/.env
@@ -10,3 +10,4 @@ export API_PORT=8080
 
 # const for instance
 export IAM_TRUSTED_PROFILEID=""
+export IBM_SSHKEY_NAME=""
diff --git a/backend/go.mod b/backend/go.mod
index 7d7e90d..2f3db30 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/gorilla/mux v1.8.1
 	github.com/lib/pq v1.10.9
-	github.com/rs/cors v1.10.1
+	github.com/rs/cors v1.11.0
 	golang.org/x/crypto v0.21.0
 )
 
@@ -23,13 +23,13 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
diff --git a/backend/internal/constants.go b/backend/internal/constants.go
index 0187f69..2427474 100644
--- a/backend/internal/constants.go
+++ b/backend/internal/constants.go
@@ -70,6 +70,7 @@ var (
 	APIPort    = "API_PORT" // Port to host backend
 
 	IAMTrustedProfileIDEnv = "IAM_TRUSTED_PROFILEID"
+	IbmSshKeyName          = "IBM_SSHKEY_NAME"
 	NetworkInterfaceName   = "eth0"
 
 	InstanceIdentityTokenURL = "http://169.254.169.254/instance_identity/v1/token?version=2024-03-01"
diff --git a/backend/internal/helper.go b/backend/internal/helper.go
index f6b3991..4764451 100644
--- a/backend/internal/helper.go
+++ b/backend/internal/helper.go
@@ -868,6 +868,25 @@ func InsertPrestoBenchmarkData(db *sql.DB, dir string, keyPairName string, confi
 
 //--------------------functions used for instance and benchmark------------------------------
 
+func GetSSHKeyID(vpcService *vpcv1.VpcV1, keyName string) (string, error) {
+	// List all SSH keys
+	listKeysOptions := vpcService.NewListKeysOptions()
+	keys, _, err := vpcService.ListKeys(listKeysOptions)
+	if err != nil {
+		log.Printf("error listing keys: %s", err)
+		return "", fmt.Errorf("error listing keys: %s", err)
+	}
+
+	// Iterate through the keys to find the one with the given name
+	for _, key := range keys.Keys {
+		if *key.Name == keyName {
+			return *key.ID, nil
+		}
+	}
+	log.Printf("SSH key with name %s not found", keyName)
+	return "", fmt.Errorf("SSH key with name %s not found", keyName)
+}
+
 func CreateInstance(db *sql.DB, vpcService *vpcv1.VpcV1, appType string, apiName string, instProfilename8CPU []string, instProfilename16CPU []string, installerPath string, application string, req InstanceRequest) (string, error) {
 	log.Printf("Creating Instance for %s", application)
 	var appName, instanceProfileName []string
@@ -936,7 +955,26 @@ func CreateInstance(db *sql.DB, vpcService *vpcv1.VpcV1, appType string, apiName
 		zone := req.Zone
 		resourcegroup := req.Resourcegroup
 
+		ibmSshKeyName := os.Getenv(IbmSshKeyName)
+		var keys []vpcv1.KeyIdentityIntf
+
 		keyIDentityModel := &vpcv1.KeyIdentityByID{ID: keyID}
+		keys = append(keys, keyIDentityModel)
+		if ibmSshKeyName != "" {
+			ibmSshKeyId, err := GetSSHKeyID(vpcService, ibmSshKeyName)
+			if err != nil {
+				log.Println("Error fetching key ID:", err)
+				DeleteKeyFile(keyName) //deletes the ssh key created for the vsi above
+				DeleteKey(*keyID, vpcService)
+				ResetFlag(db, apiName)
+				return "", fmt.Errorf("error fetching key ID: %s", err)
+			}
+			IbmKeyIdModel := &vpcv1.KeyIdentityByID{ID: &ibmSshKeyId}
+			keys = append(keys, IbmKeyIdModel)
+		} else {
+			log.Println("environment variable IBM_SSHKEY_NAME not set")
+		}
+
 		instanceProfileIdentityModel := &vpcv1.InstanceProfileIdentityByName{Name: &instanceProfileName[i]}
 		vpcIDentityModel := &vpcv1.VPCIdentityByID{ID: &vpcID}
 		imageIDentityModel := &vpcv1.ImageIdentityByID{ID: &imageID}
@@ -946,7 +984,7 @@ func CreateInstance(db *sql.DB, vpcService *vpcv1.VpcV1, appType string, apiName
 
 		// Create instance
 		instancePrototypeModel := &vpcv1.InstancePrototypeInstanceByImage{
-			Keys:                    []vpcv1.KeyIdentityIntf{keyIDentityModel},
+			Keys:                    keys,
 			Name:                    core.StringPtr(appName[i]),
 			Profile:                 instanceProfileIdentityModel,
 			VPC:                     vpcIDentityModel,
diff --git a/resources/deploy.sh b/resources/deploy.sh
index 6d04b0c..3fe443e 100755
--- a/resources/deploy.sh
+++ b/resources/deploy.sh
@@ -6,11 +6,12 @@ set -x
 
 SRC_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && cd .. && pwd)"
 
-if [ $# -lt 2 ]; then
-  echo "Usage: ./deploy.sh IAM_TRUSTED_PROFILEID UI_PASSWORD"
+if [ $# -lt 3 ]; then
+  echo "Usage: ./deploy.sh IAM_TRUSTED_PROFILEID UI_PASSWORD IBM_SSHKEY_NAME"
   echo "Please provide the IAM Trusted ProfileID."
   echo "Please provide the UI password."
-  exit 0
+  echo "Please provide the IBM Cloud SSH Key name."
+  exit 1
 fi
 
 ## Generate random string for DB password
@@ -18,6 +19,7 @@ DB_PASSWORD=`tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo`
 
 IAM_TRUSTED_PROFILEID=$1
 UI_PASSWORD=$2
+IBM_SSHKEY_NAME=$3
 
 ## Check for IAM Trusted profileID
 if [ -z "$IAM_TRUSTED_PROFILEID" ]; then
@@ -31,6 +33,12 @@ if [ -z "$UI_PASSWORD" ]; then
   exit 1
 fi
 
+## Check for UI Password input
+if [ -z "$IBM_SSHKEY_NAME" ]; then
+  echo "Please provide the IBM Cloud SSH Key name."
+  exit 1
+fi
+
 echo "#### Initiating setup of sandbox dashboard ####"
 
 ## Build Sandbox backend image
@@ -56,5 +64,6 @@ sed -i "s/ENCODE_PASSWORD/$UI_PASSWORD/g" $DB_SCHEMA_SCRIPT
 sed -i "s/__DB_PASSWORD__/$DB_PASSWORD/g" $SRC_ROOT/resources/docker-compose.yml
 sed -i "s|__DB_SCHEMA_SCRIPT__|$DB_SCHEMA_SCRIPT|g" $SRC_ROOT/resources/docker-compose.yml
 sed -i "s/__TRUSTED_PROFILE__/$IAM_TRUSTED_PROFILEID/g" $SRC_ROOT/resources/docker-compose.yml
+sed -i "s/__IBM_SSHKEY_NAME__/$IBM_SSHKEY_NAME/g" $SRC_ROOT/resources/docker-compose.yml
 
 docker-compose -f $SRC_ROOT/resources/docker-compose.yml up -d 
diff --git a/resources/docker-compose.yml b/resources/docker-compose.yml
index 48e4668..d649a70 100644
--- a/resources/docker-compose.yml
+++ b/resources/docker-compose.yml
@@ -15,6 +15,7 @@ services:
       privileged: true
       environment:
         - "IAM_TRUSTED_PROFILEID=__TRUSTED_PROFILE__" # Placeholder for IAM trusted profile
+        - "IBM_SSHKEY_NAME=__IBM_SSHKEY_NAME__" # Placeholder for IBM Cloud SSH Key name
         - "DB_USERNAME=postgres"
         - "DB_PASSWORD=__DB_PASSWORD__" ## Placeholder for sandbox db password
         - "DB_HOST=sandbox-db"