15924: Change import paths to git.arvados.org.

[arvados.git] / lib / dispatchcloud / worker / verify.go

diff --git a/lib/dispatchcloud/worker/verify.go b/lib/dispatchcloud/worker/verify.go
index e22c85d00906fba303f7d636e41a84a3cce3c523..597950fca699a9834795dfbf25f6957cd9fdc92b 100644 (file)
--- a/lib/dispatchcloud/worker/verify.go
+++ b/lib/dispatchcloud/worker/verify.go
@@ -9,7 +9,7 @@ import (
        "errors"
        "fmt"
 
-       "git.curoverse.com/arvados.git/lib/cloud"
+       "git.arvados.org/arvados.git/lib/cloud"
        "golang.org/x/crypto/ssh"
 )
 
@@ -21,13 +21,17 @@ var (
        instanceSecretLength   = 40 // hex digits
 )
 
-type tagVerifier struct {
+type TagVerifier struct {
        cloud.Instance
+       Secret string
 }
 
-func (tv tagVerifier) VerifyHostKey(pubKey ssh.PublicKey, client *ssh.Client) error {
-       expectSecret := tv.Instance.Tags()[tagKeyInstanceSecret]
-       if err := tv.Instance.VerifyHostKey(pubKey, client); err != cloud.ErrNotImplemented || expectSecret == "" {
+func (tv TagVerifier) InitCommand() cloud.InitCommand {
+       return cloud.InitCommand(fmt.Sprintf("umask 0177 && echo -n %q >%s", tv.Secret, instanceSecretFilename))
+}
+
+func (tv TagVerifier) VerifyHostKey(pubKey ssh.PublicKey, client *ssh.Client) error {
+       if err := tv.Instance.VerifyHostKey(pubKey, client); err != cloud.ErrNotImplemented || tv.Secret == "" {
                // If the wrapped instance indicates it has a way to
                // verify the key, return that decision.
                return err
@@ -49,7 +53,7 @@ func (tv tagVerifier) VerifyHostKey(pubKey ssh.PublicKey, client *ssh.Client) er
        if err != nil {
                return err
        }
-       if stdout.String() != expectSecret {
+       if stdout.String() != tv.Secret {
                return errBadInstanceSecret
        }
        return nil