use sudo password stdin injection across all deployment commands

serokell · Feb 3, 2024 · f269062 · f269062
1 parent 4d5d225
commit f269062
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/src/deploy.rs b/src/deploy.rs
@@ -4,7 +4,7 @@
 //
 // SPDX-License-Identifier: MPL-2.0
 
-use log::{debug, info};
+use log::{debug, info, trace};
 use std::path::Path;
 use thiserror::Error;
 use tokio::{io::AsyncWriteExt, process::Command};
@@ -276,7 +276,9 @@ pub async fn confirm_profile(
     ssh_addr: &str,
 ) -> Result<(), ConfirmProfileError> {
     let mut ssh_confirm_command = Command::new("ssh");
-    ssh_confirm_command.arg(ssh_addr);
+        ssh_confirm_command
+        .arg(ssh_addr)
+        .stdin(std::process::Stdio::piped());
 
     for ssh_opt in &deploy_data.merged_settings.ssh_opts {
         ssh_confirm_command.arg(ssh_opt);
@@ -300,6 +302,7 @@ pub async fn confirm_profile(
         .map_err(ConfirmProfileError::SSHConfirm)?;
 
     if deploy_data.merged_settings.interactive_sudo.unwrap_or(false) {
+        trace!("[confirm] Piping in sudo password");
         handle_sudo_stdin(&mut ssh_confirm_child, deploy_defs)
             .await
             .map_err(ConfirmProfileError::SSHConfirm)?;
@@ -409,6 +412,7 @@ pub async fn deploy_profile(
             .map_err(DeployProfileError::SSHSpawnActivate)?;
 
         if deploy_data.merged_settings.interactive_sudo.unwrap_or(false) {
+            trace!("[activate] Piping in sudo password");
             handle_sudo_stdin(&mut ssh_activate_child, deploy_defs)
                 .await
                 .map_err(DeployProfileError::SSHActivatePipe)?;
@@ -449,6 +453,7 @@ pub async fn deploy_profile(
             .map_err(DeployProfileError::SSHSpawnActivate)?;
 
         if deploy_data.merged_settings.interactive_sudo.unwrap_or(false) {
+            trace!("[activate] Piping in sudo password");
             handle_sudo_stdin(&mut ssh_activate_child, deploy_defs)
                 .await
                 .map_err(DeployProfileError::SSHActivatePipe)?;
@@ -492,6 +497,7 @@ pub async fn deploy_profile(
             .map_err(DeployProfileError::SSHWait)?;
 
         if deploy_data.merged_settings.interactive_sudo.unwrap_or(false) {
+            trace!("[wait] Piping in sudo password");
             handle_sudo_stdin(&mut ssh_wait_child, deploy_defs)
                 .await
                 .map_err(DeployProfileError::SSHActivatePipe)?;
@@ -560,18 +566,27 @@ pub async fn revoke(
     let ssh_addr = format!("{}@{}", deploy_defs.ssh_user, hostname);
 
     let mut ssh_activate_command = Command::new("ssh");
-    ssh_activate_command.arg(&ssh_addr);
+    ssh_activate_command
+        .arg(&ssh_addr)
+        .stdin(std::process::Stdio::piped());
 
     for ssh_opt in &deploy_data.merged_settings.ssh_opts {
         ssh_activate_command.arg(&ssh_opt);
     }
 
-    let ssh_revoke = ssh_activate_command
+    let mut ssh_revoke_child = ssh_activate_command
         .arg(self_revoke_command)
         .spawn()
         .map_err(RevokeProfileError::SSHSpawnRevoke)?;
 
-    let result = ssh_revoke.wait_with_output().await;
+    if deploy_data.merged_settings.interactive_sudo.unwrap_or(false) {
+        trace!("[revoke] Piping in sudo password");
+        handle_sudo_stdin(&mut ssh_revoke_child, deploy_defs)
+            .await
+            .map_err(RevokeProfileError::SSHRevoke)?;
+    }
+
+    let result = ssh_revoke_child.wait_with_output().await;
 
     match result {
         Err(x) => Err(RevokeProfileError::SSHRevoke(x)),