Add sshkey option for git based formula dependencies.

lib/kitchen/provisioner/dependencies.erb

@@ -63,9 +63,23 @@ def install_dependencies
     if formula.key?(:repo)
       case formula[:repo]
       when 'git'
-        script += <<-INSTALL
+        if formula[:source].start_with?("http")
+          script += <<-INSTALL
           fetchGitFormula #{formula[:source]} "#{formula[:name]}" "#{formula[:branch] || 'master'}"
-        INSTALL
+          INSTALL
+        else
+          if formula[:ssh_key].nil? and config[:ssh_key].nil?
+            raise "No ssh_key specified for #{formula[:source]}"
+          end
+          if formula[:ssh_key].nil?
+            ssh_key = config[:root_path] + config[:ssh_home] + "/" + File.basename(config[:ssh_key])
+          else
+            ssh_key = config[:root_path] + config[:ssh_home] + "/" + File.basename(formula[:ssh_key])
+          end
+          script += <<-INSTALL
+          fetchGitFormula #{formula[:source]} "#{formula[:name]}" "#{formula[:branch] || 'master'}" "#{ssh_key}"
+          INSTALL
+        end
       when 'spm'
         if formula[:package].nil?
           script += <<-INSTALL

lib/kitchen/provisioner/formula-fetch.sh

@@ -9,12 +9,12 @@
 #    GIT_FORMULAS_PATH=/usr/share/salt-formulas/env/_formulas
 #    xargs -n1 ./formula-fetch.sh < dependencies.txt
 
-
 # Parse git dependencies from metadata.yml
 # $1 - path to <formula>/metadata.yml
 # sample to output:
 #    https://github.com/salt-formulas/salt-formula-git git
 #    https://github.com/salt-formulas/salt-formula-salt salt
+
 function fetchDependencies() {
     METADATA="$1";
     grep -E "^dependencies:" "$METADATA" >/dev/null || return 0
@@ -30,15 +30,25 @@ function fetchDependencies() {
 # $1 - formula git repo url
 # $2 - formula name (optional)
 # $3 - branch (optional)
+# $4 - path to deploykey
 function fetchGitFormula() {
     test -n "${FETCHED}" || declare -a FETCHED=()
     export GIT_FORMULAS_PATH=${GIT_FORMULAS_PATH:-/usr/share/salt-formulas/env/_formulas}
+
+    if [[ -n $4 ]]
+    then
+        sshbin=$(command -v ssh)
+        export GIT_SSH_COMMAND="${sshbin} -o UserKnownHostsFile=/tmp/kitchen/ssh/known_hosts -o StrictHostKeyChecking=no -i ${4}"
+        export GIT_SSH="/tmp/kitchen/git_ssh.sh"
+    fi
+
     mkdir -p "$GIT_FORMULAS_PATH"
     if [ -n "$1" ]; then
         source="$1"
         name="$2"
         test -n "$name" || name="${source//*salt-formula-}"
         test -z "$3" && branch=master || branch=$3
+
         if ! [[ "${FETCHED[*]}" =~ $name ]]; then # dependency not yet fetched
           echo "Fetching: $name"
           if test -e "$GIT_FORMULAS_PATH/$name"; then
@@ -47,7 +57,7 @@ function fetchGitFormula() {
               popd &>/dev/null || exit
           else
               echo "git clone $source $GIT_FORMULAS_PATH/$name -b $branch"
-              git clone "$source" "$GIT_FORMULAS_PATH/$name" -b "$branch"
+              git clone "$source" "$GIT_FORMULAS_PATH/$name" -b "$branch" || exit 1
           fi
           # install dependencies
           FETCHED+=("$name")

lib/kitchen/provisioner/git_ssh.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+# Workaround: GIT_SSH_COMMAND is not supported by Git < 2.3
+exec "${GIT_SSH_COMMAND:-ssh}" "$@"

lib/kitchen/provisioner/known_hosts

@@ -0,0 +1,5 @@
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
+gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
+gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
+gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf

lib/kitchen/provisioner/salt_solo.rb

@@ -77,10 +77,12 @@ class SaltSolo < Base
         salt_spm_root: '/srv/spm',
         salt_state_top: '/srv/salt/top.sls',
         salt_version: 'latest',
-        salt_yum_repo_key: 'https://repo.saltproject.io/yum/redhat/$releasever/$basearch/archive/%s/SALTSTACK-GPG-KEY.pub',
-        salt_yum_repo_latest: 'https://repo.saltproject.io/yum/redhat/salt-repo-latest-2.el7.noarch.rpm',
-        salt_yum_repo: 'https://repo.saltproject.io/yum/redhat/$releasever/$basearch/archive/%s',
-        salt_yum_rpm_key: 'https://repo.saltproject.io/yum/redhat/7/x86_64/archive/%s/SALTSTACK-GPG-KEY.pub',
+        salt_yum_repo_key: 'https://repo.saltstack.com/yum/redhat/$releasever/$basearch/archive/%s/SALTSTACK-GPG-KEY.pub',
+        salt_yum_repo_latest: 'https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm',
+        salt_yum_repo: 'https://repo.saltstack.com/yum/redhat/$releasever/$basearch/archive/%s',
+        salt_yum_rpm_key: 'https://repo.saltstack.com/yum/redhat/7/x86_64/archive/%s/SALTSTACK-GPG-KEY.pub',
+        ssh_home: '/ssh',
+	ssh_key: nil,
         state_collection: false,
         state_top_from_file: false,
         state_top: {},
@@ -429,6 +431,31 @@ def prepare_dependencies
         # sub-directory
         return if windows_os?
 
+        # Write ssh known_hosts
+        write_raw_file(File.join(sandbox_path, config[:ssh_home], "known_hosts"), File.read(File.expand_path("../known_hosts", __FILE__)))
+        # Write general deploy key. 
+        unless config[:ssh_key].nil?
+            outfile = File.join(sandbox_path, config[:ssh_home], File.basename(config[:ssh_key]))
+            contents = File.read(File.expand_path(config[:ssh_key]))
+            if contents.include?("ENCRYPTED")
+              raise("Encrypted key not supported offending key: #{config[:ssh_key]}")
+            end
+            info("Copying #{config[:ssh_key]} to #{outfile}")
+            write_raw_file(outfile, contents)
+        end
+        # Write dependency overridden deploykey
+        config[:dependencies].each do |dependency|
+          unless dependency[:ssh_key].nil? 
+            outfile = File.join(sandbox_path, config[:ssh_home], File.basename(dependency[:ssh_key]))
+            contents = File.read(File.expand_path(dependency[:ssh_key]))
+            if contents.include?("ENCRYPTED")
+              raise("Encrypted key not supported offending key: #{dependency[:ssh_key]}")
+            end
+            info("Copying #{dependency[:ssh_key]} to #{outfile}")
+            write_raw_file(outfile, contents)
+          end
+        end
+
         # upload scripts
         sandbox_scripts_path = File.join(sandbox_path, config[:salt_config], 'scripts')
         info("Preparing scripts into #{config[:salt_config]}/scripts")
@@ -455,7 +482,7 @@ def prepare_dependencies
         end
 
         # upload scripts
-        %w[formula-fetch.sh repository-setup.sh].each do |script|
+        %w[formula-fetch.sh repository-setup.sh git_ssh.sh].each do |script|
           write_raw_file(File.join(sandbox_path, script), File.read(File.expand_path("../#{script}", __FILE__)))
         end
         dependencies_script = File.expand_path('./../dependencies.erb', __FILE__)