From 064d7c449acc13d2f5f1c7a85a96a1c45fc0e007 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jake=20Buchholz=20G=C3=B6kt=C3=BCrk?= Date: Sun, 7 Dec 2025 00:12:31 -0800 Subject: [PATCH] next attempt --- lib/tiny-cloud/cloud/gcp/init | 51 ++++++++++++++++++----------------- tests/init.test | 13 ++++----- 2 files changed, 33 insertions(+), 31 deletions(-) diff --git a/lib/tiny-cloud/cloud/gcp/init b/lib/tiny-cloud/cloud/gcp/init index a7706a6..f3f27f4 100644 --- a/lib/tiny-cloud/cloud/gcp/init +++ b/lib/tiny-cloud/cloud/gcp/init @@ -5,47 +5,48 @@ # NOTE: overrides lib/tiny-cloud function # GCP ssh keys have a leading ":" we should check/honor init__set_ssh_keys() { - local sshkeys="$(imds @ssh-keys)" - if [ -z "$sshkeys" ]; then - log -i -t "$phase" warning "$ACTION: no ssh key found" - return - fi - local userkey - local got_default - local tmp_dir=$(mktmp -d "$ROOT/run/tiny-cloud/ssh-XXXXXX") + local tmp_dir=$(mktemp -d "$ROOT/run/tiny-cloud/sshkeys-XXXXXX") mkdir -p "$tmp_dir" chmod 700 "$tmp_dir" - for userkey in $sshkeys; do - local user=$(echo "$userkey" | cut -d: -f1) - local key=$(echo "$userkey" | cut -d: -f2) - local pwent="$(getent passwd "$user")" - if [ -z "$pwent" ]; then - log -i -t "$phase" warning "$ACTION: failed to find login $user" + local userkey + local user + local key + local pwent + local group + local tmp_file + imds @ssh-keys | while IFS= read -r userkey; do + user=$(echo "$userkey" | cut -d: -f1) + key=$(echo "$userkey" | cut -d: -f2-) + if ! pwent="$(getent passwd "$user")"; then + log -i -t "$phase" warning "$ACTION: skipping SSH key for $user" continue - elif [ "$user" = "$CLOUD_USER" ]; then - got_default=1 fi - local group=$(echo "$pwent" | cut -d: -f4) - local tmp_file="$tmp_dir/$user" + group=$(echo "$pwent" | cut -d: -f4) + tmp_file="$tmp_dir/$user" touch "$tmp_file" chmod 600 "$tmp_file" $MOCK chown -R "$user/$group" "$tmp_file" echo "$key" >> "$tmp_file" done - for user in "$tmp_dir"/*; do - local tmp_file="$tmp_dir/$user" - local pwent="$(getent passwd "$user")" - local ssh_dir="${ROOT}$(echo "$pwent" | cut -d: -f6)/.ssh" + local ssh_dir + for tmp_file in "$tmp_dir"/*; do + user=$(basename "$tmp_file") + pwent="$(getent passwd "$user")" + group=$(echo "$pwent" | cut -d: -f4) + ssh_dir="$ROOT$(echo "$pwent" | cut -d: -f6)/.ssh" if [ ! -d "$ssh_dir" ]; then mkdir -p "$ssh_dir" + $MOCK chown -R "$user/$group" "$ssh_dir" chmod 700 "$ssh_dir" fi - local keys_file="$ssh_dir/authorized_keys" - cp -a "$tmp_file" "$keys_file" + cp -a "$tmp_file" "$ssh_dir/authorized_keys" log -i -t "$phase" info "$ACTION: installed ssh keys for $user" + [ "$user" = "$CLOUD_USER" ] && found=2 || found=1 done rm -rf "$tmp_dir" - if [ -z "$got_default" ]; then + if [ -z "$found" ]; then + log -i -t "$phase" warning "$ACTION: no SSH keys installed" + elif [ "$found" != 2]; then log -i -t "$phase" warning "$ACTION: no SSH keys found for $CLOUD_USER" fi } diff --git a/tests/init.test b/tests/init.test index 67aee7e..033dd35 100755 --- a/tests/init.test +++ b/tests/init.test @@ -199,14 +199,15 @@ set_ssh_keys_gcp_body() { fake_metadata_gcp <<-EOF project: attributes: - ssh-keys: - - alpine:ssh-ed25519 keydata1 - - bar:ssh-rsa barfoo + ssh-keys: |- + alpine:ssh-ed25519 foobar1 alpine + foo:ssh-rsa foobar2 jake instance: attributes: - ssh-keys: - - alpine:ssh-ed25519 keydata2 - - foo:ssh-rsa foobar + ssh-keys: |- + bar:ecdsa-sha2-nistp521 foobar3 bar@omfg.local + :ssh-rsa foobar4 + alpine:ssh-rsa foobar5 google-ssh {"userName":"alpine","expireOn":"2061-12-04T20:12:00+0000"} EOF # TODO: need to figure out what to check CLOUD="gcp" atf_check \