From a2bdf1f45d258f9b4ee653b0d08b467238b36536 Mon Sep 17 00:00:00 2001
From: lilyLuLiu <lilyliulu777@outlook.com>
Date: Fri, 27 Sep 2024 15:51:27 +0800
Subject: [PATCH] add proxy/bastion for connection

---
 Makefile             |  2 +-
 entrypoint.sh        |  6 +++++
 lib/common/remote.sh | 59 +++++++++++++++++++++++++++++++++-----------
 3 files changed, 52 insertions(+), 15 deletions(-)

diff --git a/Makefile b/Makefile
index 8e942dd..57ef719 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-VERSION ?= 0.0.6
+VERSION ?= 0.0.7
 CONTAINER_MANAGER ?= podman
 IMG ?= quay.io/rhqp/deliverest:v${VERSION}
 
diff --git a/entrypoint.sh b/entrypoint.sh
index d249651..f9ca5c6 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -20,6 +20,11 @@ if [[ ! remote_required ]] || [[ ! mamp_required ]] || [[ -z "${ASSETS_FOLDER+x}
     exit 1
 fi
 
+# Create ssh config file is using proxy connection
+if [[ -n "${BASTION_HOST}" && -n "${BASTION_HOST_USERNAME}" ]];then
+    ssh_config_file
+fi
+
 if [ "${CHECK_CONNECTION:-}" = "true" ]; then
     check_connection  ${CHECK_CONNECTION_ATTEMPTS} ${CHECK_CONNECTION_DELAY}
     if [[ $? -gt 0 ]]
@@ -28,6 +33,7 @@ if [ "${CHECK_CONNECTION:-}" = "true" ]; then
     fi
 fi
 
+
 # Create execution folder 
 echo "Create assets folder on target"
 TARGET_FOLDER="${TARGET_FOLDER:-"deliverest-${RANDOM}"}"
diff --git a/lib/common/remote.sh b/lib/common/remote.sh
index 4ad162c..060779e 100755
--- a/lib/common/remote.sh
+++ b/lib/common/remote.sh
@@ -18,7 +18,6 @@ remote_required () {
     [[ -z "${TARGET_HOST_KEY_PATH+x}" && -z "${TARGET_HOST_PASSWORD+x}" ]] \
         && echo "TARGET_HOST_KEY_PATH or TARGET_HOST_PASSWORD required" \
         && validate=0
-
     return $validate
 }
 
@@ -33,6 +32,29 @@ connect_options() {
     echo $options
 }
 
+ssh_config_file() {
+    cat <<EOF > ssh_config
+Host proxy_host
+    StrictHostKeyChecking no
+    HostName ${BASTION_HOST}
+    User ${BASTION_HOST_USERNAME}
+    IdentityFile ${BASTION_HOST_KEY_PATH}
+
+Host target_host
+    HostName ${TARGET_HOST}
+    User ${TARGET_HOST_USERNAME}
+    IdentityFile ${TARGET_HOST_KEY_PATH}
+    ProxyJump proxy_host
+EOF
+    if [[ -z ${TARGET_HOST_KEY_PATH+x} ]]; then
+        sed -i"" -e '9d' ssh_config
+    fi
+    if [[ -z ${BASTION_HOST_KEY_PATH+x} ]]; then
+        sed -i"" -e '4d' ssh_config
+    fi
+    cat ssh_config
+}
+
 # If restart is involved, it can take a moment for the target host to become available again
 # Check the connection to the host; "delay" in seconds, "repeats" in number of reps
 # Run as: check_connection <repeats int> <delay int>
@@ -63,7 +85,7 @@ check_connection() {
 # Define remote connection
 uri () {
     local remote="${TARGET_HOST_USERNAME}@${TARGET_HOST}"
-    if [[ ! -z "${TARGET_HOST_DOMAIN+x}" ]]; then
+    if [[ -n "${TARGET_HOST_DOMAIN}" ]]; then
         remote="${TARGET_HOST_USERNAME}@${TARGET_HOST_DOMAIN}@${TARGET_HOST}"
     fi
     echo "${remote}" 
@@ -73,10 +95,13 @@ uri () {
 # $1 local path
 # $2 remote path
 scp_to_cmd () {
-    if [[ ! -z "${TARGET_HOST_KEY_PATH+x}" ]]; then
-        echo "scp -r $(connect_options) -i ${TARGET_HOST_KEY_PATH} ${1} $(uri):${2}"
+    cmd="scp -r $(connect_options) "
+    if [[ -n "${BASTION_HOST}" && -n "${BASTION_HOST_USERNAME}" ]]; then
+        echo "${cmd} -F ssh_config ${1} target_host:${2}"
+    elif [[ -n "${TARGET_HOST_KEY_PATH}" ]]; then
+        echo "${cmd} -i ${TARGET_HOST_KEY_PATH} ${1} $(uri):${2}"
     else
-        echo "sshpass -p ${TARGET_HOST_PASSWORD} scp -r $(connect_options) ${1} $(uri):${2}" 
+        echo "sshpass -p ${TARGET_HOST_PASSWORD} ${cmd} ${1} $(uri):${2}" 
     fi
 }
 
@@ -84,26 +109,32 @@ scp_to_cmd () {
 # $1 remote path
 # $2 local path
 scp_from_cmd () {
-    if [[ ! -z "${TARGET_HOST_KEY_PATH+x}" ]]; then
-        echo "scp -r $(connect_options) -i ${TARGET_HOST_KEY_PATH} $(uri):${1} ${2}"
+    cmd="scp -r $(connect_options) "
+    if [[ -n "${BASTION_HOST}" && -n "${BASTION_HOST_USERNAME}" ]]; then
+        echo "${cmd} -F ssh_config target_host:${1} ${2} "
+    elif [[ -n "${TARGET_HOST_KEY_PATH}" ]]; then
+        echo "${cmd} -i ${TARGET_HOST_KEY_PATH} $(uri):${1} ${2}"
     else
-        echo "sshpass -p ${TARGET_HOST_PASSWORD} scp -r $(connect_options) $(uri):${1} ${2}" 
+        echo "sshpass -p ${TARGET_HOST_PASSWORD} ${cmd} $(uri):${1} ${2}" 
     fi
 }
 
 # Generate SSH command
 ssh_cmd () {
-    cmd=""
-    if [[ ! -z "${TARGET_HOST_KEY_PATH+x}" ]]; then
-        cmd="ssh $(connect_options) -i ${TARGET_HOST_KEY_PATH} $(uri) "
+    cmd="ssh $(connect_options) "
+    if [[ -n "${BASTION_HOST}" && -n "${BASTION_HOST_USERNAME}" ]]; then
+        cmd+="-F ssh_config target_host "
+    elif [[ -n "${TARGET_HOST_KEY_PATH}" ]]; then
+        cmd+="-i ${TARGET_HOST_KEY_PATH} $(uri) "
     else
-        cmd="sshpass -p ${TARGET_HOST_PASSWORD} ssh $(connect_options) $(uri) "
+        cmd="sshpass -p ${TARGET_HOST_PASSWORD} ${cmd} $(uri) "
     fi
+    
     # On AWS MacOS ssh session is not recognized as expected
     if [[ ${OS} == 'darwin' ]]; then
         cmd+="sudo su - ${TARGET_HOST_USERNAME} -c \"PATH=\$PATH:/usr/local/bin && $@\""
     else 
-        cmd+="$@"
+        cmd+=" $@"
     fi
     echo "${cmd}"
-}
+}
\ No newline at end of file