fix: add key passphrase support for encrypted OCI private keys

Private keys with passphrase caused EOFError in Docker containers since
getpass cannot prompt without a TTY. Added optional "Key Passphrase" field
to OCI credentials form. When provided, pass_phrase is written to the OCI
config file so both the CLI and SDK can read the key without prompting.
This commit is contained in:
nogueiraguh
2026-03-03 16:01:18 -03:00
parent 336766dae2
commit 0ca60fb017
2 changed files with 9 additions and 3 deletions

View File

@@ -393,6 +393,7 @@ async def save_oci(
tenancy_name: str = Form(...), tenancy_ocid: str = Form(...), tenancy_name: str = Form(...), tenancy_ocid: str = Form(...),
user_ocid: str = Form(...), fingerprint: str = Form(...), user_ocid: str = Form(...), fingerprint: str = Form(...),
region: str = Form(...), compartment_id: str = Form(""), region: str = Form(...), compartment_id: str = Form(""),
key_passphrase: str = Form(""),
private_key: UploadFile = File(...), public_key: Optional[UploadFile] = File(None), private_key: UploadFile = File(...), public_key: Optional[UploadFile] = File(None),
u = Depends(require("admin","user")) u = Depends(require("admin","user"))
): ):
@@ -401,9 +402,11 @@ async def save_oci(
kp.write_bytes(await private_key.read()); kp.chmod(0o600) kp.write_bytes(await private_key.read()); kp.chmod(0o600)
if public_key: (cdir / "oci_api_key_public.pem").write_bytes(await public_key.read()) if public_key: (cdir / "oci_api_key_public.pem").write_bytes(await public_key.read())
cfg_file = cdir / "config" cfg_file = cdir / "config"
cfg_file.write_text( cfg_content = (f"[DEFAULT]\nuser={user_ocid}\nfingerprint={fingerprint}\n"
f"[DEFAULT]\nuser={user_ocid}\nfingerprint={fingerprint}\n" f"tenancy={tenancy_ocid}\nregion={region}\nkey_file={kp}\n")
f"tenancy={tenancy_ocid}\nregion={region}\nkey_file={kp}\n") if key_passphrase:
cfg_content += f"pass_phrase={key_passphrase}\n"
cfg_file.write_text(cfg_content)
cfg_file.chmod(0o600) cfg_file.chmod(0o600)
with db() as c: with db() as c:
c.execute("INSERT INTO oci_configs (id,user_id,tenancy_name,tenancy_ocid,user_ocid,fingerprint,region,key_file_path,compartment_id) VALUES (?,?,?,?,?,?,?,?,?)", c.execute("INSERT INTO oci_configs (id,user_id,tenancy_name,tenancy_ocid,user_ocid,fingerprint,region,key_file_path,compartment_id) VALUES (?,?,?,?,?,?,?,?,?)",

View File

@@ -348,11 +348,14 @@ ${!S.ociCfg.length?'<div class="emp" style="padding:.85rem"><p>Nenhuma credencia
<div class="ig"><label>Compartment OCID</label><input type="text" id="ocp" placeholder="ocid1.compartment.oc1.."></div></div> <div class="ig"><label>Compartment OCID</label><input type="text" id="ocp" placeholder="ocid1.compartment.oc1.."></div></div>
<div class="g2"><div class="ig"><label>Private Key (.pem)</label><input type="file" id="osk" accept=".pem"></div> <div class="g2"><div class="ig"><label>Private Key (.pem)</label><input type="file" id="osk" accept=".pem"></div>
<div class="ig"><label>Public Key (.pem)</label><input type="file" id="opk" accept=".pem"></div></div> <div class="ig"><label>Public Key (.pem)</label><input type="file" id="opk" accept=".pem"></div></div>
<div class="g2"><div class="ig"><label>Key Passphrase</label><div class="ht">Apenas se a chave privada for protegida por senha</div><input type="password" id="okp" placeholder="(opcional)"></div>
<div class="ig"></div></div>
<button class="btn bp" id="obtn" onclick="sOci()">Salvar Credencial</button></div> <button class="btn bp" id="obtn" onclick="sOci()">Salvar Credencial</button></div>
`+rConfigLogs('oci')} `+rConfigLogs('oci')}
async function sOci(){const fd=new FormData();fd.append('tenancy_name',document.getElementById('otn').value);fd.append('tenancy_ocid',document.getElementById('oto').value); async function sOci(){const fd=new FormData();fd.append('tenancy_name',document.getElementById('otn').value);fd.append('tenancy_ocid',document.getElementById('oto').value);
fd.append('user_ocid',document.getElementById('ouo').value);fd.append('fingerprint',document.getElementById('ofp').value); fd.append('user_ocid',document.getElementById('ouo').value);fd.append('fingerprint',document.getElementById('ofp').value);
fd.append('region',document.getElementById('org').value);fd.append('compartment_id',document.getElementById('ocp').value); fd.append('region',document.getElementById('org').value);fd.append('compartment_id',document.getElementById('ocp').value);
fd.append('key_passphrase',document.getElementById('okp').value||'');
const sk=document.getElementById('osk').files[0];if(!sk)return sm('om','Selecione a chave privada','e');fd.append('private_key',sk); const sk=document.getElementById('osk').files[0];if(!sk)return sm('om','Selecione a chave privada','e');fd.append('private_key',sk);
const pk=document.getElementById('opk').files[0];if(pk)fd.append('public_key',pk); const pk=document.getElementById('opk').files[0];if(pk)fd.append('public_key',pk);
const btn=document.getElementById('obtn');btn.disabled=true;btn.textContent='Salvando...';sm('om','<span class="spinner" style="display:inline-block;width:14px;height:14px;vertical-align:middle"></span> Salvando credencial...','i'); const btn=document.getElementById('obtn');btn.disabled=true;btn.textContent='Salvando...';sm('om','<span class="spinner" style="display:inline-block;width:14px;height:14px;vertical-align:middle"></span> Salvando credencial...','i');