lib/kitchen/driver/docker.rb in kitchen-docker-2.1.0 vs lib/kitchen/driver/docker.rb in kitchen-docker-2.2.0

@@ -14,11 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
 require 'kitchen'
 require 'json'
+require 'securerandom'
 require 'uri'
+require 'net/ssh'
 require File.join(File.dirname(__FILE__), 'docker', 'erb')
 
 module Kitchen
 
   module Driver
@@ -45,10 +47,12 @@
       default_config :tls_cacert,    nil
       default_config :tls_cert,      nil
       default_config :tls_key,       nil
       default_config :publish_all,   false
       default_config :wait_for_sshd, true
+      default_config :private_key,   File.join(Dir.pwd, '.kitchen', 'docker_id_rsa')
+      default_config :public_key,    File.join(Dir.pwd, '.kitchen', 'docker_id_rsa.pub')
 
       default_config :use_sudo do |driver|
         !driver.remote_socket?
       end
 
@@ -89,10 +93,12 @@
       def default_platform
         instance.platform.name.split('-').first
       end
 
       def create(state)
+        generate_keys
+        state[:ssh_key] = config[:private_key]
         state[:image_id] = build_image(state) unless state[:image_id]
         state[:container_id] = run_container(state) unless state[:container_id]
         state[:hostname] = remote_socket? ? socket_uri.host : 'localhost'
         state[:port] = container_ssh_port(state)
         wait_for_sshd(state[:hostname], nil, :port => state[:port]) if config[:wait_for_sshd]
@@ -124,10 +130,26 @@
         docker << " --tlscert=#{config[:tls_cert]}" if config[:tls_cert]
         docker << " --tlskey=#{config[:tls_key]}" if config[:tls_key]
         run_command("#{docker} #{cmd}", options.merge(:quiet => !logger.debug?))
       end
 
+      def generate_keys
+        if !File.exist?(config[:public_key]) || !File.exist?(config[:private_key])
+          private_key = OpenSSL::PKey::RSA.new(2048)
+          blobbed_key = Base64.encode64(private_key.to_blob).gsub("\n", '')
+          public_key = "ssh-rsa #{blobbed_key} kitchen_docker_key"
+          File.open(config[:private_key], 'w') do |file|
+            file.write(private_key)
+            file.chmod(0600)
+          end
+          File.open(config[:public_key], 'w') do |file|
+            file.write(public_key)
+            file.chmod(0600)
+          end
+        end
+      end
+
       def build_dockerfile
         from = "FROM #{config[:image]}"
         platform = case config[:platform]
         when 'debian', 'ubuntu'
           disable_upstart = <<-eos
@@ -170,19 +192,28 @@
           eos
         else
           raise ActionFailed,
           "Unknown platform '#{config[:platform]}'"
         end
+
         username = config[:username]
         password = config[:password]
+        public_key = IO.read(config[:public_key])
+
         base = <<-eos
           RUN if ! getent passwd #{username}; then useradd -d /home/#{username} -m -s /bin/bash #{username}; fi
           RUN echo #{username}:#{password} | chpasswd
           RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
           RUN mkdir -p /etc/sudoers.d
           RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/#{username}
           RUN chmod 0440 /etc/sudoers.d/#{username}
+          RUN [ ! -d /home/#{username}/.ssh ] && mkdir /home/#{username}/.ssh
+          RUN chown -R #{username} /home/#{username}/.ssh
+          RUN chmod 0700 /home/#{username}/.ssh
+          RUN echo '#{public_key}' >> /home/#{username}/.ssh/authorized_keys
+          RUN chown #{username} /home/#{username}/.ssh/authorized_keys
+          RUN chmod 0600 /home/#{username}/.ssh/authorized_keys
         eos
         custom = ''
         Array(config[:provision_command]).each do |cmd|
           custom << "RUN #{cmd}\n"
         end
@@ -210,11 +241,15 @@
       end
 
       def build_image(state)
         cmd = "build"
         cmd << " --no-cache" unless config[:use_cache]
-        output = docker_command("#{cmd} -", :input => dockerfile)
+        output = Tempfile.create('Dockerfile-kitchen-', Dir.pwd) do |file|
+          file.write(dockerfile)
+          file.close
+          docker_command("#{cmd} -f #{file.path} .")
+        end
         parse_image_id(output)
       end
 
       def parse_container_id(output)
         container_id = output.chomp
@@ -231,9 +266,10 @@
         Array(config[:dns]).each {|dns| cmd << " --dns #{dns}"}
         Array(config[:add_host]).each {|host, ip| cmd << " --add-host=#{host}:#{ip}"}
         Array(config[:volume]).each {|volume| cmd << " -v #{volume}"}
         Array(config[:volumes_from]).each {|container| cmd << " --volumes-from #{container}"}
         Array(config[:links]).each {|link| cmd << " --link #{link}"}
+        Array(config[:devices]).each {|device| cmd << " --device #{device}"}
         cmd << " --name #{config[:instance_name]}" if config[:instance_name]
         cmd << " -P" if config[:publish_all]
         cmd << " -h #{config[:hostname]}" if config[:hostname]
         cmd << " -m #{config[:memory]}" if config[:memory]
         cmd << " -c #{config[:cpu]}" if config[:cpu]