Mount the entire user SSH directory into build container

README.md

@@ -71,7 +71,7 @@ custom:
     dockerSsh: true
 ```
 
-The `dockerSsh` option will mount your `$HOME/.ssh/id_rsa` and `$HOME/.ssh/known_hosts` as a
+The `dockerSsh` option will mount your `$HOME/.ssh/` directory as a
 volume in the docker container. If your SSH key is password protected, you can use `ssh-agent`
 because `$SSH_AUTH_SOCK` is also mounted & the env var set.
 It is important that the host of your private repositories has already been added in your

lib/pip.js

@@ -204,14 +204,21 @@ function installRequirements(targetFolder, serverless, options) {
       // Mount necessary ssh files to work with private repos
       dockerCmd.push(
         '-v',
-        `${process.env.HOME}/.ssh/id_rsa:/root/.ssh/id_rsa:z`,
-        '-v',
-        `${process.env.HOME}/.ssh/known_hosts:/root/.ssh/known_hosts:z`,
+        `${process.env.HOME}/.ssh/:/root/.ssh/:z`,
         '-v',
         `${process.env.SSH_AUTH_SOCK}:/tmp/ssh_sock:z`,
         '-e',
         'SSH_AUTH_SOCK=/tmp/ssh_sock'
       );
+
+      // If the user has a SSH_CONFIG file, it won't have the correct permissions
+      // inside the docker container, and the ssh command will fail with
+      // > Bad owner or permissions on /root/.ssh/config
+      // However, if the we specify the SSH_CONFIG file with -F explicitly,
+      // ssh does not check the ownership of the file.
+      if (fse.existsSync(`${process.env.HOME}/.ssh/config`)) {
+        dockerCmd.push('-e', 'GIT_SSH_COMMAND=ssh -F /root/.ssh/config');
+      }
     }
 
     // If we want a download cache...
@@ -484,6 +491,9 @@ function installRequirementsIfNeeded(
 
   // Skip requirements generation, if requirements file doesn't exist
   if (!requirementsFileExists(servicePath, options, fileName)) {
+    serverless.cli.log(
+      `Skipping generation of requirements: file ${fileName} not found`
+    );
     return false;
   }
 

test.js

@@ -8,12 +8,14 @@ const {
   removeSync,
   readFile,
   copySync,
+  ensureFileSync,
+  appendFileSync,
   writeFileSync,
   statSync,
   pathExistsSync
 } = require('fs-extra');
 const { quote } = require('shell-quote');
-const { sep } = require('path');
+const { sep, resolve } = require('path');
 
 const { getUserCachePath, sha256Path } = require('./lib/shared');
 
@@ -579,6 +581,35 @@ test(
   { skip: !hasPython(2) }
 );
 
+test(
+  'dockerSsh mounts entire ssh folder into docker',
+  t => {
+    process.chdir('tests/base');
+    const path = npm(['pack', '../..']);
+    npm(['i', path]);
+    // create a known_hosts file with the rsa fingerprint of github
+    // the plugin should mount the entire .ssh directory into the container
+    const known_hosts_file = resolve(process.env.HOME, `./.ssh/known_hosts`);
+    ensureFileSync(known_hosts_file);
+    appendFileSync(
+      known_hosts_file,
+      'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=='
+    );
+    // verify this by installing a requirement via git+ssh
+    sls([
+      '--dockerizePip=true',
+      '--dockerSsh=true',
+      '--fileName=requirements-w-git-ssh.txt',
+      'package'
+    ]);
+    const zipfiles = listZipFiles('.serverless/sls-py-req-test.zip');
+    // check if the requirement is actually in the archive
+    t.true(zipfiles.includes(`boto3/__init__.py`), 'boto3 is packaged via ssh');
+    t.end();
+  },
+  { skip: !canUseDocker() }
+);
+
 test(
   'py2.7 can package flask with slim & dockerizePip & slimPatterns options',
   async t => {

tests/base/requirements-w-git-ssh.txt

@@ -0,0 +1,3 @@
+flask
+bottle
+git+ssh://[email protected]/boto/boto3.git#egg=boto3

tests/base/serverless.yml

@@ -10,6 +10,7 @@ custom:
   pythonRequirements:
     zip: ${opt:zip, self:custom.defaults.zip}
     dockerizePip: ${opt:dockerizePip, self:custom.defaults.dockerizePip}
+    dockerSsh: ${opt:dockerSsh, self:custom.defaults.dockerSsh}
     slim: ${opt:slim, self:custom.defaults.slim}
     slimPatterns: ${file(./slimPatterns.yml):slimPatterns, self:custom.defaults.slimPatterns}
     slimPatternsAppendDefaults: ${opt:slimPatternsAppendDefaults, self:custom.defaults.slimPatternsAppendDefaults}
@@ -24,6 +25,7 @@ custom:
     slimPatternsAppendDefaults: true
     zip: false
     dockerizePip: false
+    dockerSsh: false
     individually: false
     useStaticCache: true
     useDownloadCache: true
@@ -49,5 +51,3 @@ functions:
     package:
       include:
         - 'fn2/**'
-
-