Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Currently, we have a method in ClusterSpec called setSecretKeyFile. The intention of this is to pass in the rsa identity used for ssh authentication on the cloud nodes. While this is generally on-disk, users may want to pass this in from another source, for example an encrypted databag.
I suggest we remove the methods in ClusterSpec that are File based, and push the responsibility for reading files to the user. Instead, I suggest we offer methods that accept PEM strings for the public and private keys. That way, the user can get their keys from files, remote servers, keystores, or anywhere, and we don't have an opinion precluding any of that. Moreover, we rid ourselves the need to write files.
ex.
instead of
clusterSpec.setSecretKeyFile(System.getProperty("user.home") + "/.ssh/id_rsa");
The user would do
clusterSpec.setPrivateKeyPem(Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa"), Charsets.UTF_8));
Or, we could have a utility method which would call Files.toString:
clusterSpec.setPrivateKeyPemFile(new File(System.getProperty("user.home") + "/.ssh/id_rsa"));
Bottom line is that we shouldn't require these pems to be on-disk, as they are not always on-disk.
