fix: add key passphrase support for encrypted OCI private keys
Private keys with passphrase caused EOFError in Docker containers since getpass cannot prompt without a TTY. Added optional "Key Passphrase" field to OCI credentials form. When provided, pass_phrase is written to the OCI config file so both the CLI and SDK can read the key without prompting.
This commit is contained in:
@@ -393,6 +393,7 @@ async def save_oci(
|
|||||||
tenancy_name: str = Form(...), tenancy_ocid: str = Form(...),
|
tenancy_name: str = Form(...), tenancy_ocid: str = Form(...),
|
||||||
user_ocid: str = Form(...), fingerprint: str = Form(...),
|
user_ocid: str = Form(...), fingerprint: str = Form(...),
|
||||||
region: str = Form(...), compartment_id: str = Form(""),
|
region: str = Form(...), compartment_id: str = Form(""),
|
||||||
|
key_passphrase: str = Form(""),
|
||||||
private_key: UploadFile = File(...), public_key: Optional[UploadFile] = File(None),
|
private_key: UploadFile = File(...), public_key: Optional[UploadFile] = File(None),
|
||||||
u = Depends(require("admin","user"))
|
u = Depends(require("admin","user"))
|
||||||
):
|
):
|
||||||
@@ -401,9 +402,11 @@ async def save_oci(
|
|||||||
kp.write_bytes(await private_key.read()); kp.chmod(0o600)
|
kp.write_bytes(await private_key.read()); kp.chmod(0o600)
|
||||||
if public_key: (cdir / "oci_api_key_public.pem").write_bytes(await public_key.read())
|
if public_key: (cdir / "oci_api_key_public.pem").write_bytes(await public_key.read())
|
||||||
cfg_file = cdir / "config"
|
cfg_file = cdir / "config"
|
||||||
cfg_file.write_text(
|
cfg_content = (f"[DEFAULT]\nuser={user_ocid}\nfingerprint={fingerprint}\n"
|
||||||
f"[DEFAULT]\nuser={user_ocid}\nfingerprint={fingerprint}\n"
|
|
||||||
f"tenancy={tenancy_ocid}\nregion={region}\nkey_file={kp}\n")
|
f"tenancy={tenancy_ocid}\nregion={region}\nkey_file={kp}\n")
|
||||||
|
if key_passphrase:
|
||||||
|
cfg_content += f"pass_phrase={key_passphrase}\n"
|
||||||
|
cfg_file.write_text(cfg_content)
|
||||||
cfg_file.chmod(0o600)
|
cfg_file.chmod(0o600)
|
||||||
with db() as c:
|
with db() as c:
|
||||||
c.execute("INSERT INTO oci_configs (id,user_id,tenancy_name,tenancy_ocid,user_ocid,fingerprint,region,key_file_path,compartment_id) VALUES (?,?,?,?,?,?,?,?,?)",
|
c.execute("INSERT INTO oci_configs (id,user_id,tenancy_name,tenancy_ocid,user_ocid,fingerprint,region,key_file_path,compartment_id) VALUES (?,?,?,?,?,?,?,?,?)",
|
||||||
|
|||||||
@@ -348,11 +348,14 @@ ${!S.ociCfg.length?'<div class="emp" style="padding:.85rem"><p>Nenhuma credencia
|
|||||||
<div class="ig"><label>Compartment OCID</label><input type="text" id="ocp" placeholder="ocid1.compartment.oc1.."></div></div>
|
<div class="ig"><label>Compartment OCID</label><input type="text" id="ocp" placeholder="ocid1.compartment.oc1.."></div></div>
|
||||||
<div class="g2"><div class="ig"><label>Private Key (.pem)</label><input type="file" id="osk" accept=".pem"></div>
|
<div class="g2"><div class="ig"><label>Private Key (.pem)</label><input type="file" id="osk" accept=".pem"></div>
|
||||||
<div class="ig"><label>Public Key (.pem)</label><input type="file" id="opk" accept=".pem"></div></div>
|
<div class="ig"><label>Public Key (.pem)</label><input type="file" id="opk" accept=".pem"></div></div>
|
||||||
|
<div class="g2"><div class="ig"><label>Key Passphrase</label><div class="ht">Apenas se a chave privada for protegida por senha</div><input type="password" id="okp" placeholder="(opcional)"></div>
|
||||||
|
<div class="ig"></div></div>
|
||||||
<button class="btn bp" id="obtn" onclick="sOci()">Salvar Credencial</button></div>
|
<button class="btn bp" id="obtn" onclick="sOci()">Salvar Credencial</button></div>
|
||||||
`+rConfigLogs('oci')}
|
`+rConfigLogs('oci')}
|
||||||
async function sOci(){const fd=new FormData();fd.append('tenancy_name',document.getElementById('otn').value);fd.append('tenancy_ocid',document.getElementById('oto').value);
|
async function sOci(){const fd=new FormData();fd.append('tenancy_name',document.getElementById('otn').value);fd.append('tenancy_ocid',document.getElementById('oto').value);
|
||||||
fd.append('user_ocid',document.getElementById('ouo').value);fd.append('fingerprint',document.getElementById('ofp').value);
|
fd.append('user_ocid',document.getElementById('ouo').value);fd.append('fingerprint',document.getElementById('ofp').value);
|
||||||
fd.append('region',document.getElementById('org').value);fd.append('compartment_id',document.getElementById('ocp').value);
|
fd.append('region',document.getElementById('org').value);fd.append('compartment_id',document.getElementById('ocp').value);
|
||||||
|
fd.append('key_passphrase',document.getElementById('okp').value||'');
|
||||||
const sk=document.getElementById('osk').files[0];if(!sk)return sm('om','Selecione a chave privada','e');fd.append('private_key',sk);
|
const sk=document.getElementById('osk').files[0];if(!sk)return sm('om','Selecione a chave privada','e');fd.append('private_key',sk);
|
||||||
const pk=document.getElementById('opk').files[0];if(pk)fd.append('public_key',pk);
|
const pk=document.getElementById('opk').files[0];if(pk)fd.append('public_key',pk);
|
||||||
const btn=document.getElementById('obtn');btn.disabled=true;btn.textContent='Salvando...';sm('om','<span class="spinner" style="display:inline-block;width:14px;height:14px;vertical-align:middle"></span> Salvando credencial...','i');
|
const btn=document.getElementById('obtn');btn.disabled=true;btn.textContent='Salvando...';sm('om','<span class="spinner" style="display:inline-block;width:14px;height:14px;vertical-align:middle"></span> Salvando credencial...','i');
|
||||||
|
|||||||
Reference in New Issue
Block a user