Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat(cli): allow SSH command to connect to running container#16726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
johnstcn merged 4 commits intomainfromcj/cli-ssh-container
Feb 28, 2025

Conversation

johnstcn
Copy link
Member

@johnstcnjohnstcn commentedFeb 26, 2025
edited
Loading

Fixes#16709 and#16420

Notes:

  • SFTP is currently not supported
  • Haven't tested X11 container forwarding
  • Haven't tested agent forwarding

@johnstcnjohnstcn self-assigned thisFeb 26, 2025
@johnstcnjohnstcn changed the titlefeat(cli): allow SSH command to connect to running container[ci skip] feat(cli): allow SSH command to connect to running containerFeb 27, 2025
@johnstcnjohnstcn changed the title[ci skip] feat(cli): allow SSH command to connect to running containerfeat(cli): allow SSH command to connect to running containerFeb 27, 2025
@johnstcnjohnstcn marked this pull request as ready for reviewFebruary 27, 2025 13:23
@@ -495,30 +526,35 @@ func (s *Server) fileTransferBlocked(session ssh.Session) bool {
return false
}

func (s *Server) sessionStart(logger slog.Logger, session ssh.Session, env []string, magicType MagicSessionType) (retErr error) {
func (s *Server) sessionStart(logger slog.Logger, session ssh.Session, env []string, magicType MagicSessionType, container, containerUser string) (retErr error) {
Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

review: think it might be time to consider an opts struct?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

It could be done, but no need to do that yet IMO. If this grows more then probably.

I'd actually want us to refactor the whole session handling and manage our own*session insession.go or some such. But that's a story for another time.

johnstcn reacted with heart emoji
Comment on lines 332 to 344
for _, kv := range env {
if strings.HasPrefix(kv, "CODER_CONTAINER=") {
container = strings.TrimPrefix(kv, "CODER_CONTAINER=")
}

if strings.HasPrefix(kv, "CODER_CONTAINER_USER=") {
containerUser = strings.TrimPrefix(kv, "CODER_CONTAINER_USER=")
}
}

return container, containerUser, slices.DeleteFunc(env, func(kv string) bool {
return strings.HasPrefix(kv, "CODER_CONTAINER=") || strings.HasPrefix(kv, "CODER_CONTAINER_USER=")
})
Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

review: inspired by the magic session stuff, this seems to be the only real way to smuggle info betweeen the client and the server.

Copy link
Member

@mtojekmtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Looking forward to X11 testing!

// ContainerEnvironmentVariable is used to specify the target container for an SSH connection.
// This is stripped from any commands being executed.
// Only available if CODER_AGENT_DEVCONTAINERS_ENABLE=true.
ContainerEnvironmentVariable = "CODER_CONTAINER"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should we be more specific about the container here? Is it only Devcontainer?

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I'm not forcing it to be :) It can be any container but the UI andcoder show should only show devcontainers.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

ok, so in theory a smart Coder user can run any container this way?

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Yep, in theory. This is still 'early access' so I'm choosing to not restrict things like this until it makes sense to do so.

Copy link
Member

@mafredrimafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Wish we could keep the container specific stuff out ofagentssh package, but I don't see a way around it. Glad the invasion is relatively constrained. Nice work!

@@ -495,30 +526,35 @@ func (s *Server) fileTransferBlocked(session ssh.Session) bool {
return false
}

func (s *Server) sessionStart(logger slog.Logger, session ssh.Session, env []string, magicType MagicSessionType) (retErr error) {
func (s *Server) sessionStart(logger slog.Logger, session ssh.Session, env []string, magicType MagicSessionType, container, containerUser string) (retErr error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

It could be done, but no need to do that yet IMO. If this grows more then probably.

I'd actually want us to refactor the whole session handling and manage our own*session insession.go or some such. But that's a story for another time.

johnstcn reacted with heart emoji
// ContainerUserEnvironmentVariable is used to specify the container user for
// an SSH connection.
// Only available if CODER_AGENT_DEVCONTAINERS_ENABLE=true.
ContainerUserEnvironmentVariable = "CODER_CONTAINER_USER"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

No need to changeCODER_CONTAINER orCODER_CONTAINER_USER values, but should we prefix the varsityMagicSession like the other?

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I personally dislike theMAGIC_ prefix as it doesn't really impart any information to the reader (except perhaps that it's mysterious and whimsical).

mafredri reacted with laugh emoji
@johnstcnjohnstcn merged commitec44f06 intomainFeb 28, 2025
30 checks passed
@johnstcnjohnstcn deleted the cj/cli-ssh-container branchFebruary 28, 2025 09:38
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsFeb 28, 2025
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@mtojekmtojekmtojek approved these changes

@mafredrimafredrimafredri approved these changes

Assignees

@johnstcnjohnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Agent: allow SSH to running container
3 participants
@johnstcn@mafredri@mtojek
[8]ページ先頭
©2009-2025 Movatter.jp