mirror of
https://github.com/getcompanion-ai/computer-host.git
synced 2026-04-15 06:04:38 +00:00
fix: address gateway review findings
This commit is contained in:
parent
59d3290bb9
commit
500354cd9b
14 changed files with 441 additions and 66 deletions
|
|
@ -187,9 +187,13 @@ func isZeroChunk(chunk []byte) bool {
|
|||
}
|
||||
|
||||
func defaultMachinePorts() []contracthost.MachinePort {
|
||||
return buildMachinePorts(0, 0)
|
||||
}
|
||||
|
||||
func buildMachinePorts(sshRelayPort, vncRelayPort uint16) []contracthost.MachinePort {
|
||||
return []contracthost.MachinePort{
|
||||
{Name: contracthost.MachinePortNameSSH, Port: defaultSSHPort, Protocol: contracthost.PortProtocolTCP},
|
||||
{Name: contracthost.MachinePortNameVNC, Port: defaultVNCPort, Protocol: contracthost.PortProtocolTCP},
|
||||
{Name: contracthost.MachinePortNameSSH, Port: defaultSSHPort, HostPort: sshRelayPort, Protocol: contracthost.PortProtocolTCP},
|
||||
{Name: contracthost.MachinePortNameVNC, Port: defaultVNCPort, HostPort: vncRelayPort, Protocol: contracthost.PortProtocolTCP},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -247,7 +251,14 @@ func (d *Daemon) mergedGuestConfig(config *contracthost.GuestConfig) (*contracth
|
|||
}
|
||||
|
||||
merged := &contracthost.GuestConfig{
|
||||
AuthorizedKeys: authorizedKeys,
|
||||
AuthorizedKeys: authorizedKeys,
|
||||
TrustedUserCAKeys: nil,
|
||||
}
|
||||
if strings.TrimSpace(d.config.GuestLoginCAPublicKey) != "" {
|
||||
merged.TrustedUserCAKeys = append(merged.TrustedUserCAKeys, d.config.GuestLoginCAPublicKey)
|
||||
}
|
||||
if config != nil {
|
||||
merged.TrustedUserCAKeys = append(merged.TrustedUserCAKeys, config.TrustedUserCAKeys...)
|
||||
}
|
||||
if config != nil && config.LoginWebhook != nil {
|
||||
loginWebhook := *config.LoginWebhook
|
||||
|
|
@ -260,7 +271,7 @@ func hasGuestConfig(config *contracthost.GuestConfig) bool {
|
|||
if config == nil {
|
||||
return false
|
||||
}
|
||||
return len(config.AuthorizedKeys) > 0 || config.LoginWebhook != nil
|
||||
return len(config.AuthorizedKeys) > 0 || len(config.TrustedUserCAKeys) > 0 || config.LoginWebhook != nil
|
||||
}
|
||||
|
||||
func injectGuestConfig(ctx context.Context, imagePath string, config *contracthost.GuestConfig) error {
|
||||
|
|
@ -286,6 +297,17 @@ func injectGuestConfig(ctx context.Context, imagePath string, config *contractho
|
|||
}
|
||||
}
|
||||
|
||||
if len(config.TrustedUserCAKeys) > 0 {
|
||||
trustedCAPath := filepath.Join(stagingDir, "trusted_user_ca_keys")
|
||||
payload := []byte(strings.Join(config.TrustedUserCAKeys, "\n") + "\n")
|
||||
if err := os.WriteFile(trustedCAPath, payload, 0o644); err != nil {
|
||||
return fmt.Errorf("write trusted_user_ca_keys staging file: %w", err)
|
||||
}
|
||||
if err := replaceExt4File(ctx, imagePath, trustedCAPath, "/etc/microagent/trusted_user_ca_keys"); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if config.LoginWebhook != nil {
|
||||
guestConfigPath := filepath.Join(stagingDir, "guest-config.json")
|
||||
payload, err := json.Marshal(config)
|
||||
|
|
@ -363,16 +385,17 @@ func machineIDPtr(machineID contracthost.MachineID) *contracthost.MachineID {
|
|||
|
||||
func machineToContract(record model.MachineRecord) contracthost.Machine {
|
||||
return contracthost.Machine{
|
||||
ID: record.ID,
|
||||
Artifact: record.Artifact,
|
||||
SystemVolumeID: record.SystemVolumeID,
|
||||
UserVolumeIDs: append([]contracthost.VolumeID(nil), record.UserVolumeIDs...),
|
||||
RuntimeHost: record.RuntimeHost,
|
||||
Ports: append([]contracthost.MachinePort(nil), record.Ports...),
|
||||
Phase: record.Phase,
|
||||
Error: record.Error,
|
||||
CreatedAt: record.CreatedAt,
|
||||
StartedAt: record.StartedAt,
|
||||
ID: record.ID,
|
||||
Artifact: record.Artifact,
|
||||
SystemVolumeID: record.SystemVolumeID,
|
||||
UserVolumeIDs: append([]contracthost.VolumeID(nil), record.UserVolumeIDs...),
|
||||
RuntimeHost: record.RuntimeHost,
|
||||
Ports: append([]contracthost.MachinePort(nil), record.Ports...),
|
||||
GuestSSHPublicKey: record.GuestSSHPublicKey,
|
||||
Phase: record.Phase,
|
||||
Error: record.Error,
|
||||
CreatedAt: record.CreatedAt,
|
||||
StartedAt: record.StartedAt,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -427,6 +450,11 @@ func validateGuestConfig(config *contracthost.GuestConfig) error {
|
|||
return fmt.Errorf("guest_config.authorized_keys[%d] is required", i)
|
||||
}
|
||||
}
|
||||
for i, key := range config.TrustedUserCAKeys {
|
||||
if strings.TrimSpace(key) == "" {
|
||||
return fmt.Errorf("guest_config.trusted_user_ca_keys[%d] is required", i)
|
||||
}
|
||||
}
|
||||
if config.LoginWebhook != nil {
|
||||
if err := validateDownloadURL("guest_config.login_webhook.url", config.LoginWebhook.URL); err != nil {
|
||||
return err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue