feat: 上传证书到服务器，执行远程脚本

2026-04-23 19:57:27 +08:00 · 2021-01-03 02:30:34 +08:00
parent 67bff28255
commit 4cd7b02cb7
24 changed files with 552 additions and 123 deletions
@@ -15,6 +15,7 @@
    "kubernetes-client": "^9.0.0",
    "lodash": "^4.17.20",
    "log4js": "^6.3.0",
+    "ssh2": "^0.8.9",
    "tencentcloud-sdk-nodejs": "^4.0.39"
  },
  "devDependencies": {
@@ -3,8 +3,9 @@ import logger from '../utils/util.log.js'
 import dayjs from 'dayjs'
 import Sleep from '../utils/util.sleep.js'
 export class AbstractPlugin {
-  constructor () {
+  constructor ({ accessProviders }) {
    this.logger = logger
+    this.accessProviders = accessProviders
  }

  appendTimeSuffix (name) {
@@ -58,7 +59,7 @@ export class AbstractPlugin {
    console.error('请实现此方法,rollback:', options.context)
  }

-  getAccessProvider (accessProvider, accessProviders) {
+  getAccessProvider (accessProvider, accessProviders = this.accessProviders) {
    if (typeof accessProvider === 'string' && accessProviders) {
      accessProvider = accessProviders[accessProvider]
    }
@@ -1,13 +1,6 @@
 import { AbstractPlugin } from '../abstract-plugin/index.js'

 export class AbstractAliyunPlugin extends AbstractPlugin {
-  format (pem) {
-    pem = pem.replace(/\r/g, '')
-    pem = pem.replace(/\n\n/g, '\n')
-    pem = pem.replace(/\n$/g, '')
-    return pem
-  }
-
  checkRet (ret) {
    if (ret.code != null) {
      throw new Error('执行失败：', ret.Message)
@@ -51,8 +51,8 @@ export class DeployCertToAliyunCDN extends AbstractAliyunPlugin {
    }
  }

-  async execute ({ accessProviders, cert, props, context }) {
-    const accessProvider = this.getAccessProvider(props.accessProvider, accessProviders)
+  async execute ({ cert, props, context }) {
+    const accessProvider = this.getAccessProvider(props.accessProvider)
    const client = this.getClient(accessProvider)
    const params = this.buildParams(props, context, cert)
    await this.doRequest(client, params)
@@ -77,8 +77,8 @@ export class DeployCertToAliyunCDN extends AbstractAliyunPlugin {
      ServerCertificateStatus: 'on',
      CertName: CertName,
      CertType: from,
-      ServerCertificate: super.format(cert.crt.toString()),
-      PrivateKey: super.format(cert.key.toString())
+      ServerCertificate: cert.crt,
+      PrivateKey: cert.key
    }
    return params
  }
@@ -1,5 +1,4 @@
 import Core from '@alicloud/pop-core'
-import dayjs from 'dayjs'
 import { AbstractAliyunPlugin } from '../abstract-aliyun.js'
 export class UploadCertToAliyun extends AbstractAliyunPlugin {
  /**
@@ -45,21 +44,21 @@ export class UploadCertToAliyun extends AbstractAliyunPlugin {
    })
  }

-  async execute ({ accessProviders, cert, props, context }) {
+  async execute ({ cert, props, context }) {
    const { name, accessProvider } = props
    const certName = this.appendTimeSuffix(name || cert.domain)
    const params = {
      RegionId: props.regionId || 'cn-hangzhou',
      Name: certName,
-      Cert: this.format(cert.crt.toString()),
-      Key: this.format(cert.key.toString())
+      Cert: cert.crt,
+      Key: cert.key
    }

    const requestOption = {
      method: 'POST'
    }

-    const provider = super.getAccessProvider(accessProvider, accessProviders)
+    const provider = this.getAccessProvider(accessProvider)
    const client = this.getClient(provider)
    const ret = await client.request('CreateUserCertificate', params, requestOption)
    this.checkRet(ret)
@@ -75,7 +74,7 @@ export class UploadCertToAliyun extends AbstractAliyunPlugin {
   * @param context
   * @returns {Promise<void>}
   */
-  async rollback ({ accessProviders, cert, props, context }) {
+  async rollback ({ cert, props, context }) {
    const { accessProvider } = props
    const { aliyunCertId } = context
    this.logger.info('准备删除阿里云证书:', aliyunCertId)
@@ -88,7 +87,7 @@ export class UploadCertToAliyun extends AbstractAliyunPlugin {
      method: 'POST'
    }

-    const provider = super.getAccessProvider(accessProvider, accessProviders)
+    const provider = this.getAccessProvider(accessProvider)
    const client = this.getClient(provider)
    const ret = await client.request('DeleteUserCertificate', params, requestOption)
    this.checkRet(ret)
@@ -0,0 +1,9 @@
+import { AbstractPlugin } from '../abstract-plugin/index.js'
+
+export class AbstractHostPlugin extends AbstractPlugin {
+  checkRet (ret) {
+    if (ret.code != null) {
+      throw new Error('执行失败：', ret.Message)
+    }
+  }
+}
@@ -0,0 +1,51 @@
+import { AbstractHostPlugin } from '../abstract-host.js'
+import { SshClient } from '../ssh.js'
+export class HostShellExecute extends AbstractHostPlugin {
+  /**
+   * 插件定义
+   * 名称
+   * 入参
+   * 出参
+   */
+  static define () {
+    return {
+      name: 'hostShellExecute',
+      label: '执行远程主机脚本命令',
+      input: {
+        script: {
+          label: 'shell脚本命令'
+        },
+        accessProvider: {
+          label: '主机登录配置',
+          type: [String, Object],
+          desc: 'AccessProviders的key 或 一个包含用户名密码的对象',
+          options: 'accessProviders[type=ssh]'
+        }
+      },
+      output: {
+
+      }
+    }
+  }
+
+  async execute ({ cert, props, context }) {
+    const { script, accessProvider } = props
+    const connectConf = this.getAccessProvider(accessProvider)
+    const sshClient = new SshClient()
+    const ret = await sshClient.shell({
+      connectConf,
+      script
+    })
+    return ret
+  }
+
+  /**
+   * @param cert
+   * @param props
+   * @param context
+   * @returns {Promise<void>}
+   */
+  async rollback ({ cert, props, context }) {
+
+  }
+}
@@ -0,0 +1,110 @@
+import ssh2 from 'ssh2'
+import logger from '../utils/util.log.js'
+import path from 'path'
+export class SshClient {
+  /**
+     *
+     * @param connectConf
+        {
+          host: '192.168.100.100',
+          port: 22,
+          username: 'frylock',
+          password: 'nodejsrules'
+         }
+     * @param transports
+     */
+  uploadFiles ({ connectConf, transports }) {
+    const conn = new ssh2.Client()
+
+    return new Promise((resolve, reject) => {
+      conn.on('ready', () => {
+        logger.info('连接服务器成功')
+        conn.sftp(async (err, sftp) => {
+          if (err) {
+            throw err
+          }
+
+          try {
+            for (const transport of transports) {
+              logger.info('上传文件：', JSON.stringify(transport))
+              await this.exec({ conn, cmd: 'mkdir ' + path.dirname(transport.remotePath) })
+              await this.fastPut({ sftp, ...transport })
+            }
+            resolve()
+          } catch (e) {
+            reject(e)
+          } finally {
+            conn.end()
+          }
+        })
+      }).connect(connectConf)
+    })
+  }
+
+  shell ({ connectConf, script }) {
+    return new Promise((resolve, reject) => {
+      this.connect({
+        connectConf,
+        onReady: (conn) => {
+          conn.shell((err, stream) => {
+            if (err) {
+              reject(err)
+              return
+            }
+            const output = []
+            stream.on('close', () => {
+              logger.info('Stream :: close')
+              conn.end()
+              resolve(output)
+            }).on('data', (data) => {
+              logger.info('' + data)
+              output.push('' + data)
+            })
+            stream.end(script + '\nexit\n')
+          })
+        }
+      })
+    })
+  }
+
+  connect ({ connectConf, onReady }) {
+    const conn = new ssh2.Client()
+    conn.on('ready', () => {
+      console.log('Client :: ready')
+      onReady(conn)
+    }).connect(connectConf)
+    return conn
+  }
+
+  fastPut ({ sftp, localPath, remotePath }) {
+    return new Promise((resolve, reject) => {
+      sftp.fastPut(localPath, remotePath, (err) => {
+        if (err) {
+          reject(err)
+          return
+        }
+        resolve()
+      })
+    })
+  }
+
+  exec ({ conn, cmd }) {
+    return new Promise((resolve, reject) => {
+      conn.exec(cmd, (err, stream) => {
+        if (err) {
+          logger.error('执行命令出错', err)
+          reject(err)
+          // return conn.end()
+        }
+
+        stream.on('close', (code, signal) => {
+          // logger.info('Stream :: close :: code: ' + code + ', signal: ' + signal)
+          // conn.end()
+          resolve()
+        }).on('data', (data) => {
+          logger.info('data', data.toString())
+        })
+      })
+    })
+  }
+}
@@ -0,0 +1,77 @@
+import { AbstractHostPlugin } from '../abstract-host.js'
+import { SshClient } from '../ssh.js'
+export class UploadCertToHost extends AbstractHostPlugin {
+  /**
+   * 插件定义
+   * 名称
+   * 入参
+   * 出参
+   */
+  static define () {
+    return {
+      name: 'uploadCertToHost',
+      label: '上传证书到主机',
+      input: {
+        crtPath: {
+          label: '证书路径'
+        },
+        keyPath: {
+          label: '私钥路径'
+        },
+        accessProvider: {
+          label: '主机登录配置',
+          type: [String, Object],
+          desc: 'AccessProviders的key 或 一个包含用户名密码的对象',
+          options: 'accessProviders[type=ssh]'
+        }
+      },
+      output: {
+        hostCrtPath: {
+          type: String,
+          desc: '上传成功后的证书路径'
+        },
+        hostKeyPath: {
+          type: String,
+          desc: '上传成功后的私钥路径'
+        }
+      }
+    }
+  }
+
+  async execute ({ cert, props, context }) {
+    const { crtPath, keyPath, accessProvider } = props
+    const connectConf = this.getAccessProvider(accessProvider)
+    const sshClient = new SshClient()
+    await sshClient.uploadFiles({
+      connectConf,
+      transports: [
+        {
+          localPath: cert.crtPath,
+          remotePath: crtPath
+        },
+        {
+          localPath: cert.keyPath,
+          remotePath: keyPath
+        }
+      ]
+    })
+    this.logger.info('证书上传成功：crtPath=', crtPath, ',keyPath=', keyPath)
+
+    context.hostCrtPath = crtPath
+    context.hostKeyPath = keyPath
+    return {
+      hostCrtPath: crtPath,
+      hostKeyPath: keyPath
+    }
+  }
+
+  /**
+   * @param cert
+   * @param props
+   * @param context
+   * @returns {Promise<void>}
+   */
+  async rollback ({ cert, props, context }) {
+
+  }
+}
@@ -1,13 +1,6 @@
 import { AbstractPlugin } from '../abstract-plugin/index.js'

 export class AbstractTencentPlugin extends AbstractPlugin {
-  format (pem) {
-    pem = pem.replace(/\r/g, '')
-    pem = pem.replace(/\n\n/g, '\n')
-    pem = pem.replace(/\n$/g, '')
-    return pem
-  }
-
  checkRet (ret) {
    if (!ret || ret.Error) {
      throw new Error('执行失败：' + ret.Error.Code + ',' + ret.Error.Message)
@@ -52,14 +52,14 @@ export class DeployCertToTencentCDN extends AbstractTencentPlugin {
    }
  }

-  async execute ({ accessProviders, cert, props, context }) {
-    const accessProvider = this.getAccessProvider(props.accessProvider, accessProviders)
+  async execute ({  cert, props, context }) {
+    const accessProvider = this.getAccessProvider(props.accessProvider)
    const client = this.getClient(accessProvider)
    const params = this.buildParams(props, context, cert)
    await this.doRequest(client, params)
  }

-  async rollback ({ accessProviders, cert, props, context }) {
+  async rollback ({  cert, props, context }) {

  }

@@ -99,8 +99,8 @@ export class DeployCertToTencentCDN extends AbstractTencentPlugin {
    }
    if (from === 'upload' || tencentCertId == null) {
      params.Https.CertInfo = {
-        Certificate: this.format(cert.crt.toString()),
-        PrivateKey: this.format(cert.key.toString())
+        Certificate: cert.crt,
+        PrivateKey: cert.key
      }
    }
    return params
@@ -48,8 +48,8 @@ export class DeployCertToTencentCLB extends AbstractTencentPlugin {
    }
  }

-  async execute ({ accessProviders, cert, props, context }) {
-    const accessProvider = this.getAccessProvider(props.accessProvider, accessProviders)
+  async execute ({ cert, props, context }) {
+    const accessProvider = this.getAccessProvider(props.accessProvider)
    const { region } = props
    const client = this.getClient(accessProvider, region)

@@ -104,7 +104,7 @@ export class DeployCertToTencentCLB extends AbstractTencentPlugin {
    return certId
  }

-  async rollback ({ accessProviders, cert, props, context }) {
+  async rollback ({ cert, props, context }) {
    this.logger.warn('未实现rollback')
  }

@@ -140,8 +140,8 @@ export class DeployCertToTencentCLB extends AbstractTencentPlugin {

    if (tencentCertId == null) {
      params.Certificate.CertName = this.appendTimeSuffix(certName || cert.domain)
-      params.Certificate.CertKey = this.format(cert.key.toString())
-      params.Certificate.CertContent = this.format(cert.crt.toString())
+      params.Certificate.CertKey = cert.key
+      params.Certificate.CertContent = cert.crt
    }
    return params
  }
@@ -14,20 +14,28 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
      name: 'deployCertToTencentTKEIngress',
      label: '部署到腾讯云TKE-ingress',
      input: {
+        region: {
+          label: '大区',
+          value: 'ap-guangzhou'
+        },
        clusterId: {
          label: '集群ID',
          required: true,
          desc: '例如：cls-6lbj1vee'
        },
-        region: {
-          label: '大区',
-          value: 'ap-guangzhou'
+        namespace: {
+          label: '集群的namespace',
+          value: 'default'
        },
        secreteName: {
-          label: '证书的secret名称'
+          type: [String, Array],
+          label: '证书的secret名称',
+          desc: '支持多个（传入数组）'
        },
        ingressName: {
-          label: 'ingress名称'
+          type: [String, Array],
+          label: 'ingress名称',
+          desc: '支持多个（传入数组）'
        },
        accessProvider: {
          label: 'Access提供者',
@@ -43,11 +51,12 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
    }
  }

-  async execute ({ accessProviders, cert, props, context }) {
-    const accessProvider = this.getAccessProvider(props.accessProvider, accessProviders)
+  async execute ({ cert, props, context }) {
+    const accessProvider = this.getAccessProvider(props.accessProvider)
    const tkeClient = this.getTkeClient(accessProvider, props.region)
    const kubeConfigStr = await this.getTkeKubeConfig(tkeClient, props.clusterId)

+    this.logger.info('kubeconfig已成功获取')
    const k8sClient = new K8sClient(kubeConfigStr)
    await this.patchCertSecret({ k8sClient, props, context })
    await this.sleep(2000) // 停留2秒，等待secret部署完成
@@ -84,33 +93,6 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
    return ret.Kubeconfig
  }

-  async createCertSecret ({ k8sClient, props, cert, context }) {
-    const { tencentCertId } = context
-    if (tencentCertId == null) {
-      throw new Error('请先将【上传证书到腾讯云】作为前置任务')
-    }
-    const certIdBase64 = Buffer.from(tencentCertId).toString('base64')
-
-    let name = 'cert-' + cert.domain.replace(/\./g, '-')
-    name = name.replace(/\*/g, '-')
-    // name = this.appendTimeSuffix(name)
-
-    const body = {
-      kind: 'Secret',
-      data: {
-        qcloud_cert_id: certIdBase64
-      },
-      metadata: {
-        name,
-        labels: {
-          certd: 'certd-' + this.getSafetyDomain(cert.domain)
-        }
-      },
-      type: 'Opaque'
-    }
-    return await k8sClient.createSecret({ namespace: props.namespace, body: body })
-  }
-
  async patchCertSecret ({ k8sClient, props, context }) {
    const { tencentCertId } = context
    if (tencentCertId == null) {
@@ -130,7 +112,14 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
        }
      }
    }
-    return await k8sClient.patchSecret({ namespace, secretName, body })
+    let secretNames = secretName
+    if (typeof secretName === 'string') {
+      secretNames = [secretName]
+    }
+    for (const secret of secretNames) {
+      await k8sClient.patchSecret({ namespace, secretName: secret, body })
+      this.logger.info(`CertSecret已更新:${secret}`)
+    }
  }

  async restartIngress ({ k8sClient, props }) {
@@ -143,6 +132,13 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
        }
      }
    }
-    return await k8sClient.patchIngress({ namespace, ingressName, body })
+    let ingressNames = ingressName
+    if (typeof ingressName === 'string') {
+      ingressNames = [ingressName]
+    }
+    for (const ingress of ingressNames) {
+      await k8sClient.patchIngress({ namespace, ingressName: ingress, body })
+      this.logger.info(`ingress已重启:${ingress}`)
+    }
  }
 }
@@ -52,16 +52,16 @@ export class UploadCertToTencent extends AbstractTencentPlugin {
    return new SslClient(clientConfig)
  }

-  async execute ({ accessProviders, cert, props, context, logger }) {
+  async execute ({ cert, props, context, logger }) {
    const { name, accessProvider } = props
    const certName = this.appendTimeSuffix(name)

-    const provider = super.getAccessProvider(accessProvider, accessProviders)
+    const provider = this.getAccessProvider(accessProvider)
    const client = this.getClient(provider)

    const params = {
-      CertificatePublicKey: this.format(cert.crt.toString()),
-      CertificatePrivateKey: this.format(cert.key.toString()),
+      CertificatePublicKey: cert.crt,
+      CertificatePrivateKey: cert.key,
      Alias: certName
    }
    const ret = await client.UploadCertificate(params)
@@ -70,9 +70,9 @@ export class UploadCertToTencent extends AbstractTencentPlugin {
    context.tencentCertId = ret.CertificateId
  }

-  async rollback ({ accessProviders, cert, props, context }) {
+  async rollback ({ cert, props, context }) {
    const { accessProvider } = props
-    const provider = super.getAccessProvider(accessProvider, accessProviders)
+    const provider = super.getAccessProvider(accessProvider)
    const client = this.getClient(provider)

    const { tencentCertId } = context
@@ -0,0 +1,29 @@
+import pkg from 'chai'
+import { HostShellExecute } from '../../src/host/host-shell-execute/index.js'
+import { Certd } from '@certd/certd'
+import { createOptions } from '../../../../test/options.js'
+const { expect } = pkg
+describe('HostShellExecute', function () {
+  it('#execute', async function () {
+    this.timeout(10000)
+    const options = createOptions()
+    options.args = { test: false }
+    options.cert.email = 'xiaojunnuo@qq.com'
+    options.cert.domains = ['*.docmirror.cn']
+    const plugin = new HostShellExecute(options)
+    const certd = new Certd(options)
+    const cert = await certd.readCurrentCert()
+    const context = {}
+    const uploadOpts = {
+      cert,
+      props: { script: 'ls ', accessProvider: 'aliyun-ssh' },
+      context
+    }
+    const ret = await plugin.doExecute(uploadOpts)
+    for (const retElement of ret) {
+      console.log('-----' + retElement)
+    }
+
+    await plugin.doRollback(uploadOpts)
+  })
+})
@@ -0,0 +1,27 @@
+import pkg from 'chai'
+import { UploadCertToHost } from '../../src/host/upload-to-host/index.js'
+import { Certd } from '@certd/certd'
+import { createOptions } from '../../../../test/options.js'
+const { expect } = pkg
+describe('PluginUploadToHost', function () {
+  it('#execute', async function () {
+    this.timeout(10000)
+    const options = createOptions()
+    options.args = { test: false }
+    options.cert.email = 'xiaojunnuo@qq.com'
+    options.cert.domains = ['*.docmirror.cn']
+    const plugin = new UploadCertToHost(options)
+    const certd = new Certd(options)
+    const cert = await certd.readCurrentCert()
+    const context = {}
+    const uploadOpts = {
+      cert,
+      props: { crtPath: '/root/certd/test/test.crt', keyPath: '/root/certd/test/test.key', accessProvider: 'aliyun-ssh' },
+      context
+    }
+    await plugin.doExecute(uploadOpts)
+    console.log('context:', context)
+
+    await plugin.doRollback(uploadOpts)
+  })
+})
@@ -36,9 +36,11 @@ describe('DeployToTencentCDN', function () {
  it('#execute-upload', async function () {
    const options = createOptions()
    options.args.test = false
+    options.cert.email = 'xiaojunnuo@qq.com'
+    options.cert.domains = ['*.docmirror.cn']
    const plugin = new DeployCertToTencentCDN()
    const certd = new Certd(options)
-    const cert = certd.readCurrentCert('xiaojunnuo@qq.com', ['*.docmirror.cn'])
+    const cert = await certd.readCurrentCert()
    const context = {}
    const deployOpts = {
      accessProviders: options.accessProviders,
@@ -29,15 +29,14 @@ describe('DeployToTencentCLB', function () {
    const options = createOptions()
    options.args.test = false
    options.cert.dnsProvider = 'tencent-yonsz'
-    const deployPlugin = new DeployCertToTencentCLB()
+    const deployPlugin = new DeployCertToTencentCLB(options)
    const props = {
      region: 'ap-guangzhou',
      domain: 'certd-test-no-sni.base.yonsz.net',
      accessProvider: 'tencent-yonsz',
      loadBalancerId: 'lb-59yhe5xo'
    }
-    const accessProviders = options.accessProviders
-    const accessProvider = deployPlugin.getAccessProvider(props.accessProvider, accessProviders)
+    const accessProvider = deployPlugin.getAccessProvider(props.accessProvider)
    const { region } = props
    const client = deployPlugin.getClient(accessProvider, region)

@@ -51,8 +50,10 @@ describe('DeployToTencentCLB', function () {
    const options = createOptions()
    options.args.test = false
    options.cert.dnsProvider = 'tencent-yonsz'
+    options.cert.email = 'xiaojunnuo@qq.com'
+    options.cert.domains = ['*.docmirror.cn']
    const certd = new Certd(options)
-    const cert = certd.readCurrentCert('xiaojunnuo@qq.com', ['*.docmirror.cn'])
+    const cert = await certd.readCurrentCert()
    const deployPlugin = new DeployCertToTencentCLB()
    const context = {}
    const deployOpts = {
@@ -8,8 +8,10 @@ describe('PluginUploadToTencent', function () {
    const options = createOptions()
    const plugin = new UploadCertToTencent()
    options.args = { test: false }
+    options.cert.email = 'xiaojunnuo@qq.com'
+    options.cert.domains = ['*.docmirror.cn']
    const certd = new Certd(options)
-    const cert = certd.readCurrentCert('xiaojunnuo@qq.com', ['*.docmirror.cn'])
+    const cert = await certd.readCurrentCert()
    const context = {}
    const uploadOpts = {
      accessProviders: options.accessProviders,
@@ -382,7 +382,7 @@ array.prototype.flatmap@^1.2.3:
    es-abstract "^1.18.0-next.1"
    function-bind "^1.1.1"

-asn1@~0.2.3:
+asn1@~0.2.0, asn1@~0.2.3:
  version "0.2.4"
  resolved "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
  integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==
@@ -458,7 +458,7 @@ base64url@^3.0.1:
  resolved "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
  integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==

-bcrypt-pbkdf@^1.0.0:
+bcrypt-pbkdf@^1.0.0, bcrypt-pbkdf@^1.0.2:
  version "1.0.2"
  resolved "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
  integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=
@@ -2500,6 +2500,22 @@ sprintf-js@~1.0.2:
  resolved "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
  integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=

+ssh2-streams@~0.4.10:
+  version "0.4.10"
+  resolved "https://registry.npmjs.org/ssh2-streams/-/ssh2-streams-0.4.10.tgz#48ef7e8a0e39d8f2921c30521d56dacb31d23a34"
+  integrity sha512-8pnlMjvnIZJvmTzUIIA5nT4jr2ZWNNVHwyXfMGdRJbug9TpI3kd99ffglgfSWqujVv/0gxwMsDn9j9RVst8yhQ==
+  dependencies:
+    asn1 "~0.2.0"
+    bcrypt-pbkdf "^1.0.2"
+    streamsearch "~0.1.2"
+
+ssh2@^0.8.9:
+  version "0.8.9"
+  resolved "https://registry.npmjs.org/ssh2/-/ssh2-0.8.9.tgz#54da3a6c4ba3daf0d8477a538a481326091815f3"
+  integrity sha512-GmoNPxWDMkVpMFa9LVVzQZHF6EW3WKmBwL+4/GeILf2hFmix5Isxm7Amamo8o7bHiU0tC+wXsGcUXOxp8ChPaw==
+  dependencies:
+    ssh2-streams "~0.4.10"
+
 sshpk@^1.7.0:
  version "1.16.1"
  resolved "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
@@ -2524,6 +2540,11 @@ streamroller@^2.2.4:
    debug "^4.1.1"
    fs-extra "^8.1.0"

+streamsearch@~0.1.2:
+  version "0.1.2"
+  resolved "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz#808b9d0e56fc273d809ba57338e929919a1a9f1a"
+  integrity sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=
+
 "string-width@^1.0.2 || 2":
  version "2.1.1"
  resolved "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz#ab93f27a8dc13d28cac815c462143a6d9012ae9e"