Fix Start ssh-agent post start event

[vinokurig]

What does this PR do?

Fix a bug when the ssh agent post start event command is present only in the first component of the workspace pod yaml.

What issues does this PR fix or reference?

https://issues.redhat.com/browse/CRW-6614
Fix #1330

Is it tested? How?

1. Start a workspace with more than one component e.g:

schemaVersion: 2.3.0
metadata:
  name: test local
components:
  - name: component-1
    container:
      image: quay.io/devfile/universal-developer-image:ubi8-latest
  - name: component-2
    container:
      image: quay.io/devfile/universal-developer-image:ubi8-latest

2. See: the ssh agent post start event command is present in both components of the workspace pod yaml:

spec:
  containers:
    - lifecycle:
        postStart:
          exec:
            command:
              - /bin/sh
              - '-c'
              - |
                {
                nohup /checode/entrypoint-volume.sh > /checode/entrypoint-logs.txt 2>&1 &
                SSH_ENV_PATH=$HOME/ssh-environment \
                && if [ -f /etc/ssh/passphrase ] && command -v ssh-add >/dev/null; \
                then ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH \
                && chmod 600 $SSH_ENV_PATH && source $SSH_ENV_PATH \
                && ssh-add /etc/ssh/dwo_ssh_key < /etc/ssh/passphrase \
                && if [ -f $HOME/.bashrc ] && [ -w $HOME/.bashrc ]; then echo "source ${SSH_ENV_PATH}" >> $HOME/.bashrc; fi; fi
                } 1>/tmp/poststart-stdout.txt 2>/tmp/poststart-stderr.txt
      name: component-1

PR Checklist

• E2E tests pass (when PR is ready, comment /test v8-devworkspace-operator-e2e, v8-che-happy-path to trigger)
  • v8-devworkspace-operator-e2e: DevWorkspace e2e test
  • v8-che-happy-path: Happy path for verification integration with Che

[openshift-ci]

Hi @vinokurig. Thanks for your PR.

I'm waiting for a devfile member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[dkwon17]

Thank you @vinokurig I'm able to clone, commit, and push:

[AObuchow]

This PR & the bug it addresses made me realize we aren't calling the devfile validation library to validate commands. The devfile API does not allow for commands with duplicate ids:

1. id must be unique

Prior to this PR, we had commands with the same id, but targeting different components:

commands:
(...)
- exec:
    commandLine: |-
      SSH_ENV_PATH=$HOME/ssh-environment \
      && if [ -f /etc/ssh/passphrase ] && command -v ssh-add >/dev/null; \
      then ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH \
      && chmod 600 $SSH_ENV_PATH && source $SSH_ENV_PATH \
      && ssh-add /etc/ssh/dwo_ssh_key < /etc/ssh/passphrase \
      && if [ -f $HOME/.bashrc ] && [ -w $HOME/.bashrc ]; then echo "source ${SSH_ENV_PATH}" >> $HOME/.bashrc; fi; fi
    component: tools
  id: init-ssh-agent
- exec:
    commandLine: |-
      SSH_ENV_PATH=$HOME/ssh-environment \
      && if [ -f /etc/ssh/passphrase ] && command -v ssh-add >/dev/null; \
      then ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH \
      && chmod 600 $SSH_ENV_PATH && source $SSH_ENV_PATH \
      && ssh-add /etc/ssh/dwo_ssh_key < /etc/ssh/passphrase \
      && if [ -f $HOME/.bashrc ] && [ -w $HOME/.bashrc ]; then echo "source ${SSH_ENV_PATH}" >> $HOME/.bashrc; fi; fi
    component: second-component
  id: init-ssh-agent
- apply:
    component: init-persistent-home
  id: init-persistent-home

[AObuchow]

LGTM, great work @vinokurig :)

If we get a chance before merging this, could be maybe change the commit description to something like fix: ensure unique init ssh agent command for all components? Though since we're pressed for time with the DWO 0.31.1 bug fix release (to include this PR in the upcoming DevSpaces release), this is not critical.

I'll also create a DWO issue for this PR so that we can (retrospectively) add it to the DWO 0.31.x milestones.

In my flattened devworkspace, I saw the unique commands & events:

commands:
- exec:
    commandLine: |-
      SSH_ENV_PATH=$HOME/ssh-environment \
      && if [ -f /etc/ssh/passphrase ] && command -v ssh-add >/dev/null; \
      then ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH \
      && chmod 600 $SSH_ENV_PATH && source $SSH_ENV_PATH \
      && ssh-add /etc/ssh/dwo_ssh_key < /etc/ssh/passphrase \
      && if [ -f $HOME/.bashrc ] && [ -w $HOME/.bashrc ]; then echo "source ${SSH_ENV_PATH}" >> $HOME/.bashrc; fi; fi
    component: web-terminal
  id: init-ssh-agent-command-0
- exec:
    commandLine: |-
      SSH_ENV_PATH=$HOME/ssh-environment \
      && if [ -f /etc/ssh/passphrase ] && command -v ssh-add >/dev/null; \
      then ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH \
      && chmod 600 $SSH_ENV_PATH && source $SSH_ENV_PATH \
      && ssh-add /etc/ssh/dwo_ssh_key < /etc/ssh/passphrase \
      && if [ -f $HOME/.bashrc ] && [ -w $HOME/.bashrc ]; then echo "source ${SSH_ENV_PATH}" >> $HOME/.bashrc; fi; fi
    component: second-component
  id: init-ssh-agent-command-1
components:
- container:
    command:
    - tail
    - -f
    - /dev/null
    image: quay.io/wto/web-terminal-tooling:next
    memoryLimit: 512Mi
    memoryRequest: 256Mi
    mountSources: true
    sourceMapping: /projects
  name: web-terminal
- container:
    command:
    - tail
    - -f
    - /dev/null
    image: quay.io/wto/web-terminal-tooling:next
    memoryLimit: 512Mi
    memoryRequest: 256Mi
    mountSources: true
    sourceMapping: /projects
  name: second-component
events:
  postStart:
  - init-ssh-agent-command-0
  - init-ssh-agent-command-1

And saw the postStart hooks in the pod spec:

    lifecycle:
      postStart:
        exec:
          command:
          - /bin/sh
          - -c
          - |
            {
            SSH_ENV_PATH=$HOME/ssh-environment \
            && if [ -f /etc/ssh/passphrase ] && command -v ssh-add >/dev/null; \
            then ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH \
            && chmod 600 $SSH_ENV_PATH && source $SSH_ENV_PATH \
            && ssh-add /etc/ssh/dwo_ssh_key < /etc/ssh/passphrase \
            && if [ -f $HOME/.bashrc ] && [ -w $HOME/.bashrc ]; then echo "source ${SSH_ENV_PATH}" >> $HOME/.bashrc; fi; fi
            } 1>/tmp/poststart-stdout.txt 2>/tmp/poststart-stderr.txt
    name: web-terminal
(...)
    lifecycle:
      postStart:
        exec:
          command:
          - /bin/sh
          - -c
          - |
            {
            SSH_ENV_PATH=$HOME/ssh-environment \
            && if [ -f /etc/ssh/passphrase ] && command -v ssh-add >/dev/null; \
            then ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH \
            && chmod 600 $SSH_ENV_PATH && source $SSH_ENV_PATH \
            && ssh-add /etc/ssh/dwo_ssh_key < /etc/ssh/passphrase \
            && if [ -f $HOME/.bashrc ] && [ -w $HOME/.bashrc ]; then echo "source ${SSH_ENV_PATH}" >> $HOME/.bashrc; fi; fi
            } 1>/tmp/poststart-stdout.txt 2>/tmp/poststart-stderr.txt
    name: second-component

[AObuchow]

Since the command names are now unique, this unfortunately makes resolving eclipse-che/che#23144 a little bit harder (since we cannot use a hard-coded command id to be filtered out by CheCode) , but it's the only way to proceed here as the command ids must be unique.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AObuchow, dkwon17, vinokurig

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [AObuchow,dkwon17]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment