Add KEYBASE_TIMEOUT configuration parameter to configure a custom timeout for interacting with the bot (#92)

ddworken · mmou · web-flow · commit 8ea43a4aebe5 · 2020-04-23T14:08:46.000-07:00
* Update dependency versions in order to make it possible to configure keybase timeouts In order to configure the timeouts for #91, we need to pull in the latest KB chat library which was updated here: keybase/go-keybase-chat-bot#67 The library also changed the arg order to a function, so swapped that in our code to make everything continue to work. * Add KEYBASE_TIMEOUT configuration parameter to configure a custom timeout for interacting with the bot * Add docs for KEYBASE_TIMEOUT * Make the sleeps that are waiting for keybase to startup also wait for * make sleep time 5s, to be consistent with how KEYBASE_TIMEOUT is used elsewhere Co-authored-by: M Mou <mmou@keyba.se>
diff --git a/docker/Dockerfile-ca b/docker/Dockerfile-ca
@@ -8,7 +8,7 @@ RUN apk update && apk add --no-cache go curl git musl-dev gcc
 # build keybase binary
 WORKDIR /go
 ENV GOPATH=/go
-ENV KEYBASE_VERSION=5.0.0
+ENV KEYBASE_VERSION=5.4.0
 RUN go get -d github.com/keybase/client/go/keybase
 RUN cd src/github.com/keybase/client/go/keybase && git checkout v$KEYBASE_VERSION
 RUN go install -tags production github.com/keybase/client/go/keybase
diff --git a/docker/entrypoint-generate.sh b/docker/entrypoint-generate.sh
@@ -12,7 +12,7 @@ export "TEAMS=$TEAMS"
 export "KEYBASE_USERNAME=$KEYBASE_USERNAME"
 export "KEYBASE_PAPERKEY=$KEYBASE_PAPERKEY"
 nohup bash -c "KEYBASE_RUN_MODE=prod kbfsfuse /keybase | grep -v 'ERROR Mounting the filesystem failed' &"
-sleep 3
+sleep ${KEYBASE_TIMEOUT:-5}
 keybase oneshot
 bin/keybaseca generate
 EOF
diff --git a/docker/entrypoint-server.sh b/docker/entrypoint-server.sh
@@ -11,7 +11,7 @@ export "TEAMS=$TEAMS"
 export "KEYBASE_USERNAME=$KEYBASE_USERNAME"
 export "KEYBASE_PAPERKEY=$KEYBASE_PAPERKEY"
 nohup bash -c "KEYBASE_RUN_MODE=prod kbfsfuse /keybase | grep -v 'ERROR Mounting the filesystem failed' &"
-sleep 3
+sleep ${KEYBASE_TIMEOUT:-5}
 keybase oneshot
 bin/keybaseca service
 EOF
diff --git a/docs/env.md b/docs/env.md
@@ -106,6 +106,19 @@ export ANNOUNCEMENT="Hello! I'm {USERNAME} and I'm an SSH bot! I'm currently lis
 export ANNOUNCEMENT="Hello! I'm {USERNAME} and I'm an SSH bot! Being in {CURRENT_TEAM} will grant you SSH access to certain servers. Reach out to @dworken for more information."
 ```
 
+### Timeout
+
+The `KEYBASE_TIMEOUT` environment specifies the number of seconds to wait for Keybase operations. If you are running 
+the bot on an especially slow computer (ie a Raspberry Pi) or with a high latency internet connection, you may need
+to tune this. Defaults to 5 seconds. 
+
+Examples:
+
+```bash
+export KEYBASE_TIMEOUT="5"
+export KEYBASE_TIMEOUT="15"
+```
+
 ## Developer Options
 
 These environment variables are mainly useful for dev work. For security reasons, it is recommended always to run a 
diff --git a/go.mod b/go.mod
@@ -3,11 +3,16 @@ module github.com/keybase/bot-sshca
 go 1.12
 
 require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/google/uuid v1.1.1
-	github.com/keybase/go-keybase-chat-bot v0.0.0-20190903135515-79c56220e558
-	github.com/sirupsen/logrus v1.4.2
-	github.com/stretchr/testify v1.3.0
-	github.com/urfave/cli v1.21.0
-	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
-	golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e // indirect
+	github.com/keybase/go-keybase-chat-bot v0.0.0-20200420153642-84a89a8a3623
+	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
+	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
+	github.com/sirupsen/logrus v1.5.0
+	github.com/stretchr/testify v1.5.1
+	github.com/urfave/cli v1.22.4
+	golang.org/x/crypto v0.0.0-20200420104511-884d27f42877
+	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f // indirect
+	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
+	gopkg.in/yaml.v2 v2.2.8 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,37 +1,54 @@
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/keybase/go-keybase-chat-bot v0.0.0-20190903135515-79c56220e558 h1:iZ1RdFAAftDrkcuYWWNOJt+LBUo8tefd0GywewLuTqE=
-github.com/keybase/go-keybase-chat-bot v0.0.0-20190903135515-79c56220e558/go.mod h1:vNc28YFzigVJod0j5EbuTtRIe7swx8vodh2yA4jZ2s8=
+github.com/keybase/go-keybase-chat-bot v0.0.0-20200420153642-84a89a8a3623 h1:QN/gM9pje2q1r36STbYP+D0Qr47AKsCG/c0V7Uy0iFY=
+github.com/keybase/go-keybase-chat-bot v0.0.0-20200420153642-84a89a8a3623/go.mod h1:vNc28YFzigVJod0j5EbuTtRIe7swx8vodh2yA4jZ2s8=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q=
+github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/urfave/cli v1.21.0 h1:wYSSj06510qPIzGSua9ZqsncMmWE3Zr55KBERygyrxE=
-github.com/urfave/cli v1.21.0/go.mod h1:lxDj6qX9Q6lWQxIrbrT0nwecwUtRnhVZAJjJZrVUZZQ=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
+github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200420104511-884d27f42877 h1:IhZPbxNd1UjBCaD5AfpSSbJTRlp+ZSuyuH5uoksNS04=
+golang.org/x/crypto v0.0.0-20200420104511-884d27f42877/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e h1:D5TXcfTk7xF7hvieo4QErS3qqCB4teTffacDWr7CI+0=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/src/keybaseca/bot/bot.go b/src/keybaseca/bot/bot.go
@@ -20,7 +20,7 @@ import (
 
 // Get a running instance of the keybase chat API. Will use the configured credentials if necessary.
 func GetKBChat(conf config.Config) (*kbchat.API, error) {
-	return botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername())
+	return botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername(), conf.GetKeybaseTimeout())
 }
 
 // Get the username of the user that the keybaseca bot is running as
@@ -190,7 +190,7 @@ func sendAnnouncementMessage(conf config.Config, kbc *kbchat.API) error {
 				Teams:       conf.GetTeams()})
 
 		var channel *string
-		_, err := kbc.SendMessageByTeamName(team, announcement, channel)
+		_, err := kbc.SendMessageByTeamName(team, channel, announcement)
 		if err != nil {
 			return err
 		}
diff --git a/src/keybaseca/botwrapper/get_bot.go b/src/keybaseca/botwrapper/get_bot.go
@@ -6,18 +6,25 @@ package botwrapper
 // dependency cycle.
 
 import (
+	"time"
+
 	"github.com/keybase/go-keybase-chat-bot/kbchat"
 )
 
 // Get a running instance of the keybase chat API. Will use the supplied credentials if necessary. If possible, it
 // is preferred to reference the `GetKBChat` method in the `bot` package instead
-func GetKBChat(keybaseHomeDir, keybasePaperKey, keybaseUsername string) (*kbchat.API, error) {
+func GetKBChat(keybaseHomeDir, keybasePaperKey, keybaseUsername string, keybaseTimeout time.Duration) (*kbchat.API, error) {
 	runOptions := kbchat.RunOptions{}
 	if keybaseHomeDir != "" {
 		runOptions.HomeDir = keybaseHomeDir
 	}
 	if keybasePaperKey != "" && keybaseUsername != "" {
 		runOptions.Oneshot = &kbchat.OneshotOptions{PaperKey: keybasePaperKey, Username: keybaseUsername}
 	}
-	return kbchat.Start(runOptions)
+	api, err := kbchat.Start(runOptions)
+	if err != nil {
+		return nil, err
+	}
+	api.Timeout = keybaseTimeout
+	return api, nil
 }
diff --git a/src/keybaseca/config/config.go b/src/keybaseca/config/config.go
@@ -4,7 +4,9 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"strconv"
 	"strings"
+	"time"
 
 	"github.com/keybase/bot-sshca/src/keybaseca/constants"
 
@@ -29,11 +31,18 @@ type Config interface {
 	GetStrictLogging() bool
 	GetAnnouncement() string
 	DebugString() string
+	GetKeybaseTimeout() time.Duration
 }
 
 // Validate the given config file. If offline, do so without connecting to keybase (used in code that is meant
 // to function without any reliance on Keybase).
 func ValidateConfig(conf EnvConfig, offline bool) error {
+	if conf.getKeybaseTimeout() != "" {
+		_, err := strconv.Atoi(conf.getKeybaseTimeout())
+		if err != nil {
+			return fmt.Errorf("failed to validate KEYBASE_TIMEOUT, value is not an integer: %v", err)
+		}
+	}
 	if len(conf.GetTeams()) == 0 {
 		return fmt.Errorf("must specify at least one team via the TEAMS environment variable")
 	}
@@ -70,7 +79,7 @@ func ValidateConfig(conf EnvConfig, offline bool) error {
 			return fmt.Errorf("you must set set a paper key if you set a username (username='%s', key='%s')", conf.GetKeybaseUsername(), conf.GetKeybasePaperKey())
 		}
 		if !offline {
-			err := validateUsernamePaperkey(conf.GetKeybaseHomeDir(), conf.GetKeybaseUsername(), conf.GetKeybasePaperKey())
+			err := validateUsernamePaperkey(conf.GetKeybaseHomeDir(), conf.GetKeybaseUsername(), conf.GetKeybasePaperKey(), conf.GetKeybaseTimeout())
 			if err != nil {
 				return fmt.Errorf("failed to validate KEYBASE_USERNAME and KEYBASE_PAPERKEY: %v", err)
 			}
@@ -80,8 +89,8 @@ func ValidateConfig(conf EnvConfig, offline bool) error {
 	return nil
 }
 
-func validateUsernamePaperkey(homedir, username, paperkey string) error {
-	api, err := botwrapper.GetKBChat(homedir, username, paperkey)
+func validateUsernamePaperkey(homedir, username, paperkey string, keybaseTimeout time.Duration) error {
+	api, err := botwrapper.GetKBChat(homedir, username, paperkey, keybaseTimeout)
 	if err != nil {
 		return err
 	}
@@ -98,7 +107,7 @@ func validateUsernamePaperkey(homedir, username, paperkey string) error {
 // Validates the given teamName and channelName to determine whether or not the given channelName is the name
 // of a channel inside the given team. Returns nil if everything validates.
 func validateChannel(conf Config, teamName string, channelName string) error {
-	api, err := botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername())
+	api, err := botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername(), conf.GetKeybaseTimeout())
 	if err != nil {
 		return err
 	}
@@ -256,6 +265,24 @@ func (ef *EnvConfig) GetAnnouncement() string {
 	return os.Getenv("ANNOUNCEMENT")
 }
 
+// Get the timeout for interacting with Keybase specified as a string. May be empty.
+func (ef *EnvConfig) getKeybaseTimeout() string {
+	return os.Getenv("KEYBASE_TIMEOUT")
+}
+
+// Get the timeout for interacting with Keybase as a time.Duration. Defaults to 5 seconds.
+func (ef *EnvConfig) GetKeybaseTimeout() time.Duration {
+	timeoutStr := ef.getKeybaseTimeout()
+	if timeoutStr == "" {
+		return 5 * time.Second
+	}
+	timeoutInt, err := strconv.Atoi(timeoutStr)
+	if err != nil {
+		panic("Found non-int in the keybase timeout field! This should never happen due to config validation...")
+	}
+	return time.Duration(timeoutInt) * time.Second
+}
+
 // Dump this EnvConfig to a string for debugging purposes
 func (ef *EnvConfig) DebugString() string {
 	return fmt.Sprintf("CAKeyLocation='%s'; KeybaseHomeDir='%s'; KeybasePaperKey='%s'; KeybaseUsername='%s'; "+
diff --git a/src/keybaseca/sshutils/sshutils.go b/src/keybaseca/sshutils/sshutils.go
@@ -156,7 +156,7 @@ func SignKey(caKeyLocation, keyID, principals, expiration, publicKey string) (si
 // attacker would be able to provision SSH keys for environments that they should not have access to.
 func getPrincipals(conf config.Config, sr shared.SignatureRequest) (string, error) {
 	// Start by getting the list of teams the user is in
-	api, err := botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername())
+	api, err := botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername(), conf.GetKeybaseTimeout())
 	if err != nil {
 		return "", fmt.Errorf("failed to retrieve the list of teams the user is in: %v", err)
 	}
diff --git a/src/kssh/bot.go b/src/kssh/bot.go
@@ -48,7 +48,7 @@ func GetSignedKey(config ConfigFile, request shared.SignatureRequest) (shared.Si
 			default:
 
 			}
-			_, err = kbc.SendMessageByTeamName(config.TeamName, shared.GenerateAckRequest(kbc.GetUsername()), getChannel(config))
+			_, err = kbc.SendMessageByTeamName(config.TeamName, getChannel(config), shared.GenerateAckRequest(kbc.GetUsername()))
 			if err != nil {
 				fmt.Printf("Failed to send AckRequest: %v\n", err)
 			}
@@ -86,7 +86,7 @@ func GetSignedKey(config ConfigFile, request shared.SignatureRequest) (shared.Si
 			if err != nil {
 				return empty, err
 			}
-			_, err = kbc.SendMessageByTeamName(config.TeamName, shared.SignatureRequestPreamble+string(marshaledRequest), getChannel(config))
+			_, err = kbc.SendMessageByTeamName(config.TeamName, getChannel(config), shared.SignatureRequestPreamble+string(marshaledRequest))
 			if err != nil {
 				return empty, err
 			}
diff --git a/tests/envFiles/test_env_1 b/tests/envFiles/test_env_1
@@ -8,3 +8,4 @@ export KEYBASE_USERNAME="$BOT_USERNAME"
 export CHAT_CHANNEL="$SUBTEAM.ssh#ssh-provision"
 export CA_KEY_LOCATION="/shared/keybase-ca-key"
 export ANNOUNCEMENT='Hello my name is {USERNAME}. This is {CURRENT_TEAM} and the configured teams are {TEAMS}'
+export KEYBASE_TIMEOUT='10'

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ import (`
`20`	`20`
`21`	`21`	`// Get a running instance of the keybase chat API. Will use the configured credentials if necessary.`
`22`	`22`	`func GetKBChat(conf config.Config) (*kbchat.API, error) {`
`23`		`- return botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername())`
	`23`	`+ return botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername(), conf.GetKeybaseTimeout())`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`// Get the username of the user that the keybaseca bot is running as`
`@@ -190,7 +190,7 @@ func sendAnnouncementMessage(conf config.Config, kbc *kbchat.API) error {`
`190`	`190`	`Teams: conf.GetTeams()})`
`191`	`191`
`192`	`192`	`var channel *string`
`193`		`- _, err := kbc.SendMessageByTeamName(team, announcement, channel)`
	`193`	`+ _, err := kbc.SendMessageByTeamName(team, channel, announcement)`
`194`	`194`	`if err != nil {`
`195`	`195`	`return err`
`196`	`196`	`}`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ func SignKey(caKeyLocation, keyID, principals, expiration, publicKey string) (si`
`156`	`156`	`// attacker would be able to provision SSH keys for environments that they should not have access to.`
`157`	`157`	`func getPrincipals(conf config.Config, sr shared.SignatureRequest) (string, error) {`
`158`	`158`	`// Start by getting the list of teams the user is in`
`159`		`- api, err := botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername())`
	`159`	`+ api, err := botwrapper.GetKBChat(conf.GetKeybaseHomeDir(), conf.GetKeybasePaperKey(), conf.GetKeybaseUsername(), conf.GetKeybaseTimeout())`
`160`	`160`	`if err != nil {`
`161`	`161`	`return "", fmt.Errorf("failed to retrieve the list of teams the user is in: %v", err)`
`162`	`162`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ func GetSignedKey(config ConfigFile, request shared.SignatureRequest) (shared.Si`
`48`	`48`	`default:`
`49`	`49`
`50`	`50`	`}`
`51`		`- _, err = kbc.SendMessageByTeamName(config.TeamName, shared.GenerateAckRequest(kbc.GetUsername()), getChannel(config))`
	`51`	`+ _, err = kbc.SendMessageByTeamName(config.TeamName, getChannel(config), shared.GenerateAckRequest(kbc.GetUsername()))`
`52`	`52`	`if err != nil {`
`53`	`53`	`fmt.Printf("Failed to send AckRequest: %v\n", err)`
`54`	`54`	`}`
`@@ -86,7 +86,7 @@ func GetSignedKey(config ConfigFile, request shared.SignatureRequest) (shared.Si`
`86`	`86`	`if err != nil {`
`87`	`87`	`return empty, err`
`88`	`88`	`}`
`89`		`- _, err = kbc.SendMessageByTeamName(config.TeamName, shared.SignatureRequestPreamble+string(marshaledRequest), getChannel(config))`
	`89`	`+ _, err = kbc.SendMessageByTeamName(config.TeamName, getChannel(config), shared.SignatureRequestPreamble+string(marshaledRequest))`
`90`	`90`	`if err != nil {`
`91`	`91`	`return empty, err`
`92`	`92`	`}`