mirror of
https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud.git
synced 2026-02-04 12:32:45 +03:00
next attempt
This commit is contained in:
Jake Buchholz Göktürk
parent
78650078d1
commit
064d7c449a
@ -5,47 +5,48 @@
|
||||
# NOTE: overrides lib/tiny-cloud function
|
||||
# GCP ssh keys have a leading "<login>:" we should check/honor
|
||||
init__set_ssh_keys() {
|
||||
local sshkeys="$(imds @ssh-keys)"
|
||||
if [ -z "$sshkeys" ]; then
|
||||
log -i -t "$phase" warning "$ACTION: no ssh key found"
|
||||
return
|
||||
fi
|
||||
local userkey
|
||||
local got_default
|
||||
local tmp_dir=$(mktmp -d "$ROOT/run/tiny-cloud/ssh-XXXXXX")
|
||||
local tmp_dir=$(mktemp -d "$ROOT/run/tiny-cloud/sshkeys-XXXXXX")
|
||||
mkdir -p "$tmp_dir"
|
||||
chmod 700 "$tmp_dir"
|
||||
for userkey in $sshkeys; do
|
||||
local user=$(echo "$userkey" | cut -d: -f1)
|
||||
local key=$(echo "$userkey" | cut -d: -f2)
|
||||
local pwent="$(getent passwd "$user")"
|
||||
if [ -z "$pwent" ]; then
|
||||
log -i -t "$phase" warning "$ACTION: failed to find login $user"
|
||||
local userkey
|
||||
local user
|
||||
local key
|
||||
local pwent
|
||||
local group
|
||||
local tmp_file
|
||||
imds @ssh-keys | while IFS= read -r userkey; do
|
||||
user=$(echo "$userkey" | cut -d: -f1)
|
||||
key=$(echo "$userkey" | cut -d: -f2-)
|
||||
if ! pwent="$(getent passwd "$user")"; then
|
||||
log -i -t "$phase" warning "$ACTION: skipping SSH key for $user"
|
||||
continue
|
||||
elif [ "$user" = "$CLOUD_USER" ]; then
|
||||
got_default=1
|
||||
fi
|
||||
local group=$(echo "$pwent" | cut -d: -f4)
|
||||
local tmp_file="$tmp_dir/$user"
|
||||
group=$(echo "$pwent" | cut -d: -f4)
|
||||
tmp_file="$tmp_dir/$user"
|
||||
touch "$tmp_file"
|
||||
chmod 600 "$tmp_file"
|
||||
$MOCK chown -R "$user/$group" "$tmp_file"
|
||||
echo "$key" >> "$tmp_file"
|
||||
done
|
||||
for user in "$tmp_dir"/*; do
|
||||
local tmp_file="$tmp_dir/$user"
|
||||
local pwent="$(getent passwd "$user")"
|
||||
local ssh_dir="${ROOT}$(echo "$pwent" | cut -d: -f6)/.ssh"
|
||||
local ssh_dir
|
||||
for tmp_file in "$tmp_dir"/*; do
|
||||
user=$(basename "$tmp_file")
|
||||
pwent="$(getent passwd "$user")"
|
||||
group=$(echo "$pwent" | cut -d: -f4)
|
||||
ssh_dir="$ROOT$(echo "$pwent" | cut -d: -f6)/.ssh"
|
||||
if [ ! -d "$ssh_dir" ]; then
|
||||
mkdir -p "$ssh_dir"
|
||||
$MOCK chown -R "$user/$group" "$ssh_dir"
|
||||
chmod 700 "$ssh_dir"
|
||||
fi
|
||||
local keys_file="$ssh_dir/authorized_keys"
|
||||
cp -a "$tmp_file" "$keys_file"
|
||||
cp -a "$tmp_file" "$ssh_dir/authorized_keys"
|
||||
log -i -t "$phase" info "$ACTION: installed ssh keys for $user"
|
||||
[ "$user" = "$CLOUD_USER" ] && found=2 || found=1
|
||||
done
|
||||
rm -rf "$tmp_dir"
|
||||
if [ -z "$got_default" ]; then
|
||||
if [ -z "$found" ]; then
|
||||
log -i -t "$phase" warning "$ACTION: no SSH keys installed"
|
||||
elif [ "$found" != 2]; then
|
||||
log -i -t "$phase" warning "$ACTION: no SSH keys found for $CLOUD_USER"
|
||||
fi
|
||||
}
|
||||
|
||||
@ -199,14 +199,15 @@ set_ssh_keys_gcp_body() {
|
||||
fake_metadata_gcp <<-EOF
|
||||
project:
|
||||
attributes:
|
||||
ssh-keys:
|
||||
- alpine:ssh-ed25519 keydata1
|
||||
- bar:ssh-rsa barfoo
|
||||
ssh-keys: |-
|
||||
alpine:ssh-ed25519 foobar1 alpine
|
||||
foo:ssh-rsa foobar2 jake
|
||||
instance:
|
||||
attributes:
|
||||
ssh-keys:
|
||||
- alpine:ssh-ed25519 keydata2
|
||||
- foo:ssh-rsa foobar
|
||||
ssh-keys: |-
|
||||
bar:ecdsa-sha2-nistp521 foobar3 bar@omfg.local
|
||||
:ssh-rsa foobar4
|
||||
alpine:ssh-rsa foobar5 google-ssh {"userName":"alpine","expireOn":"2061-12-04T20:12:00+0000"}
|
||||
EOF
|
||||
# TODO: need to figure out what to check
|
||||
CLOUD="gcp" atf_check \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user