fix: allow env vars and SSH tokens in IdentityFile validation (issue #33)

ValidateIdentityFile now accepts $VAR/${VAR} (expanded via os.Expand, undefined vars accepted as-is) and SSH tokens like %d, %h before falling back to os.Stat. The raw value is preserved when writing to ssh_config.
2026-03-14 03:41:27 +01:00 · 2026-02-23 23:04:40 +01:00
parent 2a1f6d5449
commit 838941e3eb
2 changed files with 33 additions and 0 deletions
--- a/internal/validation/ssh.go
+++ b/internal/validation/ssh.go
@@ -66,6 +66,25 @@ func ValidateIdentityFile(path string) bool {
 	if path == "" {
 		return true // Optional field
 	}
+	// SSH tokens (e.g. %d, %h, %r, %u) are resolved by SSH at connection time
+	sshTokenRegex := regexp.MustCompile(`%[hprunCdiklLT]`)
+	if sshTokenRegex.MatchString(path) {
+		return true
+	}
+	// Expand environment variables ($VAR and ${VAR}); track undefined ones
+	hasUndefined := false
+	path = os.Expand(path, func(key string) string {
+		val, ok := os.LookupEnv(key)
+		if !ok {
+			hasUndefined = true
+			return "$" + key
+		}
+		return val
+	})
+	// If any variable was undefined, accept the path (SSH will report the error)
+	if hasUndefined {
+		return true
+	}
 	// Expand ~ to home directory
 	if strings.HasPrefix(path, "~/") {
 		homeDir, err := os.UserHomeDir()