Update preallocated hosts to use Passphrase credentials

Summary: Depends on D7695.  This updates preallocated hosts to use Passphrase credentials.  Due to the way SSH private key text credentials work (the TempFile disappears before SSH commands can be executed), this only supports file-based private keys at the moment.

Test Plan:
Created a Passphrase credential for a file-based SSH key.  Allocated a resource with:

```
bin/drydock create-resource --blueprint 1 --name "My Linux Host" --attributes platform=linux,host=localhost,port=22,path=/var/drydock,credential=2
```

and successfully leased it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4111, T1049

Differential Revision: https://secure.phabricator.com/D7697

src/applications/drydock/blueprint/DrydockPreallocatedHostBlueprintImplementation.php

@@ -41,12 +41,12 @@ final class DrydockPreallocatedHostBlueprintImplementation
     // we have all the information we need.
     PhutilTypeSpec::checkMap(
       $resource->getAttributesForTypeSpec(
-        array('platform', 'host', 'port', 'user', 'path')),
+        array('platform', 'host', 'port', 'credential', 'path')),
       array(
         'platform' => 'string',
         'host' => 'string',
         'port' => 'string', // Value is a string from the command line
-        'user' => 'string',
+        'credential' => 'string',
         'path' => 'string',
       ));
     $v_platform = $resource->getAttribute('platform');
@@ -103,8 +103,7 @@ final class DrydockPreallocatedHostBlueprintImplementation
           ->setConfiguration(array(
             'host' => $resource->getAttribute('host'),
             'port' => $resource->getAttribute('port'),
-            'user' => $resource->getAttribute('user'),
-            'ssh-keyfile' => $resource->getAttribute('ssh-keyfile'),
+            'credential' => $resource->getAttribute('credential'),
             'platform' => $resource->getAttribute('platform')));
     }
 

src/applications/drydock/interface/command/DrydockSSHCommandInterface.php

@@ -22,23 +22,31 @@ final class DrydockSSHCommandInterface extends DrydockCommandInterface {
     // NOTE: The "-t -t" is for psuedo-tty allocation so we can "sudo" on some
     // systems, but maybe more trouble than it's worth?
 
-    $keyfile = $this->getConfig('ssh-keyfile');
-    if (!empty($keyfile)) {
-      return new ExecFuture(
-        'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %s %s@%s -- %s',
-        $this->getConfig('port'),
-        $this->getConfig('ssh-keyfile'),
-        $this->getConfig('user'),
-        $this->getConfig('host'),
-        $full_command);
-    } else {
-      return new ExecFuture(
-        'ssh -t -t -o StrictHostKeyChecking=no -p %s %s@%s -- %s',
-        $this->getConfig('port'),
-        $this->getConfig('user'),
-        $this->getConfig('host'),
-        $full_command);
+    $credential = id(new PassphraseCredentialQuery())
+      ->setViewer(PhabricatorUser::getOmnipotentUser())
+      ->withIDs(array($this->getConfig('credential')))
+      ->needSecrets(true)
+      ->executeOne();
+
+    // FIXME: We can't use text-based SSH files here because the TempFile goes
+    // out of scope after this function ends and thus the file gets removed
+    // before it can be used.
+    if ($credential->getCredentialType() !==
+      PassphraseCredentialTypeSSHPrivateKeyFile::CREDENTIAL_TYPE) {
+      throw new Exception("Only private key file credentials are supported.");
     }
+
+    $ssh_key = PassphraseSSHKey::loadFromPHID(
+      $credential->getPHID(),
+      PhabricatorUser::getOmnipotentUser());
+
+    return new ExecFuture(
+      'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %s %s@%s -- %s',
+      $this->getConfig('port'),
+      $ssh_key->getKeyfileEnvelope()->openEnvelope(),
+      $credential->getUsername(),
+      $this->getConfig('host'),
+      $full_command);
   }
 
 }