al/tiny-cloud
al/tiny-cloud
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud.git synced 2026-02-04 12:32:45 +03:00
Code Packages Wiki

next attempt

Browse Source
This commit is contained in:
Jake Buchholz Göktürk 2025-12-07 00:12:31 -08:00
parent 78650078d1
commit 064d7c449a
2 changed files with 33 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lib/tiny-cloud/cloud/gcp/init
View File

@ -5,47 +5,48 @@
# NOTE: overrides lib/tiny-cloud function # NOTE: overrides lib/tiny-cloud function
# GCP ssh keys have a leading "<login>:" we should check/honor # GCP ssh keys have a leading "<login>:" we should check/honor
init__set_ssh_keys() { init__set_ssh_keys() {
local sshkeys="$(imds @ssh-keys)" local tmp_dir=$(mktemp -d "$ROOT/run/tiny-cloud/sshkeys-XXXXXX")
if [ -z "$sshkeys" ]; then
log -i -t "$phase" warning "$ACTION: no ssh key found"
return
fi
local userkey
local got_default
local tmp_dir=$(mktmp -d "$ROOT/run/tiny-cloud/ssh-XXXXXX")
mkdir -p "$tmp_dir" mkdir -p "$tmp_dir"
chmod 700 "$tmp_dir" chmod 700 "$tmp_dir"
for userkey in $sshkeys; do local userkey
local user=$(echo "$userkey" | cut -d: -f1) local user
local key=$(echo "$userkey" | cut -d: -f2) local key
local pwent="$(getent passwd "$user")" local pwent
if [ -z "$pwent" ]; then local group
log -i -t "$phase" warning "$ACTION: failed to find login $user" local tmp_file
imds @ssh-keys | while IFS= read -r userkey; do
user=$(echo "$userkey" | cut -d: -f1)
key=$(echo "$userkey" | cut -d: -f2-)
if ! pwent="$(getent passwd "$user")"; then
log -i -t "$phase" warning "$ACTION: skipping SSH key for $user"
continue continue
elif [ "$user" = "$CLOUD_USER" ]; then
got_default=1
fi fi
local group=$(echo "$pwent" | cut -d: -f4) group=$(echo "$pwent" | cut -d: -f4)
local tmp_file="$tmp_dir/$user" tmp_file="$tmp_dir/$user"
touch "$tmp_file" touch "$tmp_file"
chmod 600 "$tmp_file" chmod 600 "$tmp_file"
$MOCK chown -R "$user/$group" "$tmp_file" $MOCK chown -R "$user/$group" "$tmp_file"
echo "$key" >> "$tmp_file" echo "$key" >> "$tmp_file"
done done
for user in "$tmp_dir"/*; do local ssh_dir
local tmp_file="$tmp_dir/$user" for tmp_file in "$tmp_dir"/*; do
local pwent="$(getent passwd "$user")" user=$(basename "$tmp_file")
local ssh_dir="${ROOT}$(echo "$pwent" | cut -d: -f6)/.ssh" pwent="$(getent passwd "$user")"
group=$(echo "$pwent" | cut -d: -f4)
ssh_dir="$ROOT$(echo "$pwent" | cut -d: -f6)/.ssh"
if [ ! -d "$ssh_dir" ]; then if [ ! -d "$ssh_dir" ]; then
mkdir -p "$ssh_dir" mkdir -p "$ssh_dir"
$MOCK chown -R "$user/$group" "$ssh_dir"
chmod 700 "$ssh_dir" chmod 700 "$ssh_dir"
fi fi
local keys_file="$ssh_dir/authorized_keys" cp -a "$tmp_file" "$ssh_dir/authorized_keys"
cp -a "$tmp_file" "$keys_file"
log -i -t "$phase" info "$ACTION: installed ssh keys for $user" log -i -t "$phase" info "$ACTION: installed ssh keys for $user"
[ "$user" = "$CLOUD_USER" ] && found=2 || found=1
done done
rm -rf "$tmp_dir" rm -rf "$tmp_dir"
if [ -z "$got_default" ]; then if [ -z "$found" ]; then
log -i -t "$phase" warning "$ACTION: no SSH keys installed"
elif [ "$found" != 2]; then
log -i -t "$phase" warning "$ACTION: no SSH keys found for $CLOUD_USER" log -i -t "$phase" warning "$ACTION: no SSH keys found for $CLOUD_USER"
fi fi
} }

13
tests/init.test
View File

@ -199,14 +199,15 @@ set_ssh_keys_gcp_body() {
fake_metadata_gcp <<-EOF fake_metadata_gcp <<-EOF
project: project:
attributes: attributes:
ssh-keys: ssh-keys: |-
- alpine:ssh-ed25519 keydata1 alpine:ssh-ed25519 foobar1 alpine
- bar:ssh-rsa barfoo foo:ssh-rsa foobar2 jake
instance: instance:
attributes: attributes:
ssh-keys: ssh-keys: |-
- alpine:ssh-ed25519 keydata2 bar:ecdsa-sha2-nistp521 foobar3 bar@omfg.local
- foo:ssh-rsa foobar :ssh-rsa foobar4
alpine:ssh-rsa foobar5 google-ssh {"userName":"alpine","expireOn":"2061-12-04T20:12:00+0000"}
EOF EOF
# TODO: need to figure out what to check # TODO: need to figure out what to check
CLOUD="gcp" atf_check \ CLOUD="gcp" atf_check \