Human Access Module

Human Access API

API for granting and tracking developer SSH access to virtual machines (VMs) via Ansible.

`POST /workspace/access/human` (Not for Dev/Local Usage)

Initiates SSH access to a developer by injecting their SSH key into the specified VM using an Ansible playbook.

Request Body

{
  "userEmail": "developer@example.com",
  "userSshKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC...",
  "vmId": "vm-abc123"
}

Field	Type	Description	Required
`userEmail`	string	Developer's email address	✅
`userSshKey`	string	Developer's SSH public key	✅
`vmId`	string	Identifier of the target VM	✅

Responses

202 Accepted

{
  "operationId": "12345678-1234-1234-1234-123456789012"
}

400 Bad Request: Invalid payload
404 Not Found: VM not found
500 Internal Server Error: Access request failed

`GET /workspace/access/human/status/:operationId` (Not for Dev/Local Usage)

Returns the status of the access operation.

Path Parameter

Name	Type	Description
`operationId`	string	UUID of the access request

Response (200 OK)

{
  "status": "running",
  "logs": [
    "[2025-06-02T10:00:00Z] Operation initiated",
    "[2025-06-02T10:00:01Z] Processing SSH access request for VM vm-abc123"
  ],
  "vm": {
    "vmId": "vm-abc123",
    "ipAddress": "192.168.1.10",
    "status": "running"
  }
}

Field	Type	Description
`status`	string	Status of operation (`pending`, `running`, `success`, `error`)
`logs`	string[]	Log messages for the operation
`error`	string	Error message if operation failed (optional)
`vm`	object	VM info if access succeeded (optional)

Behavior

The operation is asynchronous:
- SSH key and email are recorded in the DB immediately
- Ansible is triggered in the background
Progress is tracked via GET /status/:operationId

Internals

Ansible Playbook: ./ansible/workspace/human-access.yml
Dynamic Inventory: Generated per run
Vars File Format:

host_ip: <VM IP>
new_developer_key: <user's SSH key>
old_developer_key: <existing SSH key>

Ansible Path Constants:

export const ansibleHumanAccessPaths = {
  grantAccess: {
    playbook: './ansible/workspace/human-access.yml',
    inventory: './ansible/workspace/environment/hosts.yml',
    vars: './ansible/workspace/vars/vars.yml'
  }
};

Ansible Playbook Workflow

`roles/human-access/tasks/main.yml`

Debugs SSH key vars
Ensures .ssh directory exists for both ubuntu and root
Reads and filters authorized_keys:
- Removes the old SSH key
- Adds the new SSH key
Writes the final authorized_keys file to both ubuntu and root

Human Access API​

POST /workspace/access/human (Not for Dev/Local Usage)​

Request Body​

Responses​

GET /workspace/access/human/status/:operationId (Not for Dev/Local Usage)​

Path Parameter​

Response (200 OK)​

Behavior​

Internals​

Ansible Playbook Workflow​

roles/human-access/tasks/main.yml​