Implement ssh_authorized_keys for created users

fixes https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud/-/issues/57
2025-12-14 19:02:45 +03:00 · 2024-07-31 21:03:16 +02:00 · 2024-07-31 21:03:16 +02:00 · 4caf5eee18
commit 4caf5eee18
parent b366e4e3f7
2 changed files with 41 additions and 4 deletions
--- a/lib/tiny-cloud/user-data/alpine-config
+++ b/lib/tiny-cloud/user-data/alpine-config
@ -34,12 +34,14 @@ init__userdata_user() {
 	CLOUD_USER="${name:-$CLOUD_USER}"
 }

-init__ssh_authorized_keys() {
-	local sshkeys="$(get_userdata ssh_authorized_keys)"
+set_ssh_authorized_keys_for() {
+	local user="$1"
+	local userdata_path="$2"
+	local sshkeys="$(get_userdata $userdata_path)"
 	if [ -z "$sshkeys" ]; then
 		return
 	fi
-	local user="$CLOUD_USER"
+
 	local pwent="$(getent passwd "$user")"
 	if [ -z "$pwent" ]; then
 		log -i -t "$phase" err "$ACTION: failed to find user $user"
@ -58,13 +60,19 @@ init__ssh_authorized_keys() {
 	chmod 600 "$keys_file"
 	$MOCK chown -R "$user:$group" "$ssh_dir"
 	for i in $sshkeys; do
-		local key="$(get_userdata ssh_authorized_keys/$i)"
+		local key="$(get_userdata $userdata_path/$i)"
 		if [ -n "$key" ]; then
 			echo "$key" >> "$keys_file"
 		fi
 	done
 }

+init__ssh_authorized_keys() {
+	if [ -z "$CLOUD_USER" ]; then
+		return
+	fi
+	set_ssh_authorized_keys_for "$CLOUD_USER" ssh_authorized_keys
+}

 init__userdata_bootcmd() {
 	# run bootcmd
@ -286,6 +294,10 @@ init__userdata_users() {
 		else
 			$MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} "$name"
 		fi
+
+		if in_list ssh_authorized_keys $keys; then
+			set_ssh_authorized_keys_for "$name" users/$i/ssh_authorized_keys
+		fi
 	done
 }

--- a/tests/tiny-cloud-alpine.test
+++ b/tests/tiny-cloud-alpine.test
@ -22,6 +22,7 @@ init_tests \
 	userdata_users_gecos \
 	userdata_users_homedir \
 	userdata_users_shell \
+	userdata_users_ssh_authorized_keys \
 	userdata_ssh_authorized_keys \
 	userdata_groups \
 	userdata_bootcmd \
@ -244,6 +245,30 @@ userdata_users_shell_body() {
 		tiny-cloud main
 }

+userdata_users_ssh_authorized_keys_body() {
+	fake_bin getent <<-EOF
+		#!/bin/sh
+		echo "root:x:1000:1000:Linux User,,,:/root:/bin/sh"
+	EOF
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - default
+		  - name: root
+		    ssh_authorized_keys:
+              - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIiHcbg/7ytfLFHUNLRgEAubFz/13SwXBOM/05GNZe4 user@example.com
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-o ignore \
+		-e match:"userdata_users: done" \
+		tiny-cloud main
+	find
+	cat root/.ssh/authorized_keys
+	atf_check -o match:"ssh-ed25519.*user@example.com" \
+		grep ssh-ed25519 root/.ssh/authorized_keys
+}
+
 userdata_ssh_authorized_keys_body() {
 	fake_bin getent <<-EOF
 		#!/bin/sh