refactor(cmd): extract SSH_KEY parsing, add tests

This extracts the SSH_KEY parsing code in cmd.ConfigSet into its own
function to make it easier to test and adds tests. It also changes the
order of evaluation to prefer the quickest and safest path.

The code also changes the private key regex to a stricter regex which
also matches new format OPENSSH keys and is required to support keys
of the ed25519 type.

Author: felixbuenemann

cmd/config.go

@@ -76,34 +76,11 @@ func (d *DeisCmd) ConfigSet(appID string, configVars []string) error {
 		return err
 	}
 
-	value, ok := configMap["SSH_KEY"]
-
-	if ok {
-		sshKey := value.(string)
-		sshRegex := regexp.MustCompile("^-.+ .SA PRIVATE KEY-*")
-
-		if _, err = os.Stat(value.(string)); err == nil {
-			contents, err := ioutil.ReadFile(value.(string))
-
-			if err != nil {
-				return err
-			}
-
-			sshKey = string(contents)
-		} else {
-			// NOTE(felixbuenemann): check if the current value is already a base64 encoded key.
-			// This is the case if it was fetched using "deis config:pull".
-			contents, err := base64.StdEncoding.DecodeString(sshKey)
-
-			if err == nil && sshRegex.MatchString(string(contents)) {
-				sshKey = string(contents)
-			}
-		}
-
-		if !sshRegex.MatchString(sshKey) {
-			return fmt.Errorf("Could not parse SSH private key:\n %s", sshKey)
+	if value, ok := configMap["SSH_KEY"]; ok {
+		sshKey, err := parseSSHKey(value.(string))
+		if err != nil {
+			return err
 		}
-
 		configMap["SSH_KEY"] = base64.StdEncoding.EncodeToString([]byte(sshKey))
 	}
 
@@ -298,6 +275,37 @@ func parseConfig(configVars []string) (map[string]interface{}, error) {
 	return configMap, nil
 }
 
+func parseSSHKey(value string) (string, error) {
+	sshRegex := regexp.MustCompile("^-----BEGIN (DSA|RSA|EC|OPENSSH) PRIVATE KEY-----")
+
+	if sshRegex.MatchString(value) {
+		return value, nil
+	}
+
+	// NOTE(felixbuenemann): check if the current value is already a base64 encoded key.
+	// This is the case if it was fetched using "deis config:pull".
+	contents, err := base64.StdEncoding.DecodeString(value)
+
+	if err == nil && sshRegex.MatchString(string(contents)) {
+		return string(contents), nil
+	}
+
+	// NOTE(felixbuenemann): check if the value is a path to a private key.
+	if _, err := os.Stat(value); err == nil {
+		contents, err := ioutil.ReadFile(value)
+
+		if err != nil {
+			return "", err
+		}
+
+		if sshRegex.MatchString(string(contents)) {
+			return string(contents), nil
+		}
+	}
+
+	return "", fmt.Errorf("Could not parse SSH private key:\n %s", value)
+}
+
 func formatConfig(configVars map[string]interface{}) string {
 	var formattedConfig string
 

cmd/config_test.go

@@ -3,7 +3,9 @@ package cmd
 import (
 	"bytes"
 	"fmt"
+	"io/ioutil"
 	"net/http"
+	"os"
 	"testing"
 
 	"github.com/arschles/assert"
@@ -26,6 +28,36 @@ func TestParseConfig(t *testing.T) {
 	assert.Equal(t, actual, map[string]interface{}{"FOO": ""}, "map")
 }
 
+func TestParseSSHKey(t *testing.T) {
+	t.Parallel()
+
+	_, err := parseSSHKey("foobar")
+	assert.ExistsErr(t, err, "bogus key")
+
+	validSSHKey := "-----BEGIN OPENSSH PRIVATE KEY-----"
+
+	actual, err := parseSSHKey(validSSHKey)
+	assert.NoErr(t, err)
+	assert.Equal(t, actual, validSSHKey, "plain key")
+
+	encodedSSHKey := "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0="
+
+	actual, err = parseSSHKey(encodedSSHKey)
+	assert.NoErr(t, err)
+	assert.Equal(t, actual, validSSHKey, "base64 key")
+
+	keyFile, err := ioutil.TempFile("", "deis-cli-unit-test-sshkey")
+	assert.NoErr(t, err)
+	defer os.Remove(keyFile.Name())
+	_, err = keyFile.Write([]byte(validSSHKey))
+	assert.NoErr(t, err)
+	keyFile.Close()
+
+	actual, err = parseSSHKey(keyFile.Name())
+	assert.NoErr(t, err)
+	assert.Equal(t, actual, validSSHKey, "key path")
+}
+
 func TestFormatConfig(t *testing.T) {
 	t.Parallel()