rust
/
Materialize


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
							# Copyright Materialize, Inc. and contributors. All rights reserved.
#
# Use of this software is governed by the Business Source License
# included in the LICENSE file at the root of this repository.
#
# As of the Change Date specified in that file, in accordance with
# the Business Source License, use of this software will be governed
# by the Apache License, Version 2.0.

import os

from materialize import MZ_ROOT
from materialize.mzcompose import (
    loader,
)
from materialize.mzcompose.composition import Composition
from materialize.mzcompose.service import (
    Service,
)


class SshBastionHost(Service):
    def __init__(
        self,
        name: str = "ssh-bastion-host",
        max_startups: str | None = None,
        aliases: list[str] | None = None,
    ) -> None:
        setup_path = os.path.relpath(
            MZ_ROOT / "misc" / "images" / "sshd" / "setup.sh",
            loader.composition_path,
        )

        if aliases is None:
            aliases = ["other_ssh_bastion"]

        super().__init__(
            name=name,
            config={
                "mzbuild": "ssh-bastion-host",
                "init": True,
                "ports": ["22"],
                "environment": [
                    "SSH_USERS=mz:1000:1000",
                    "TCP_FORWARDING=true",
                    *([f"MAX_STARTUPS={max_startups}"] if max_startups else []),
                ],
                "volumes": [f"{setup_path}:/etc/entrypoint.d/setup.sh"],
                "networks": {"default": {"aliases": aliases}},
                "healthcheck": {
                    "test": "[ -f /var/run/sshd/sshd.pid ]",
                    "timeout": "5s",
                    "interval": "1s",
                    "start_period": "60s",
                },
            },
        )


def setup_default_ssh_test_connection(
    c: Composition, ssh_tunnel_name: str, mz_service: str | None = None
) -> None:
    c.sql(
        f"""
            CREATE CONNECTION IF NOT EXISTS {ssh_tunnel_name} TO SSH TUNNEL (
            HOST 'ssh-bastion-host',
            USER 'mz',
            PORT 22)
        """,
        service=mz_service,
    )

    public_key = c.sql_query(
        f"""
            select public_key_1 from mz_ssh_tunnel_connections ssh \
            join mz_connections c on c.id = ssh.id
            where c.name = '{ssh_tunnel_name}';
        """,
        service=mz_service,
    )[0][0]

    c.exec(
        "ssh-bastion-host",
        "bash",
        "-c",
        f"echo '{public_key}' >> /etc/authorized_keys/mz",
    )