From 4caf5eee18e578e72355715ebfbb8413824f1ac5 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 31 Jul 2024 21:03:16 +0200 Subject: [PATCH] Implement ssh_authorized_keys for created users fixes https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud/-/issues/57 --- lib/tiny-cloud/user-data/alpine-config | 20 ++++++++++++++++---- tests/tiny-cloud-alpine.test | 25 +++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/lib/tiny-cloud/user-data/alpine-config b/lib/tiny-cloud/user-data/alpine-config index 9af8c2d..7e6e584 100644 --- a/lib/tiny-cloud/user-data/alpine-config +++ b/lib/tiny-cloud/user-data/alpine-config @@ -34,12 +34,14 @@ init__userdata_user() { CLOUD_USER="${name:-$CLOUD_USER}" } -init__ssh_authorized_keys() { - local sshkeys="$(get_userdata ssh_authorized_keys)" +set_ssh_authorized_keys_for() { + local user="$1" + local userdata_path="$2" + local sshkeys="$(get_userdata $userdata_path)" if [ -z "$sshkeys" ]; then return fi - local user="$CLOUD_USER" + local pwent="$(getent passwd "$user")" if [ -z "$pwent" ]; then log -i -t "$phase" err "$ACTION: failed to find user $user" @@ -58,13 +60,19 @@ init__ssh_authorized_keys() { chmod 600 "$keys_file" $MOCK chown -R "$user:$group" "$ssh_dir" for i in $sshkeys; do - local key="$(get_userdata ssh_authorized_keys/$i)" + local key="$(get_userdata $userdata_path/$i)" if [ -n "$key" ]; then echo "$key" >> "$keys_file" fi done } +init__ssh_authorized_keys() { + if [ -z "$CLOUD_USER" ]; then + return + fi + set_ssh_authorized_keys_for "$CLOUD_USER" ssh_authorized_keys +} init__userdata_bootcmd() { # run bootcmd @@ -286,6 +294,10 @@ init__userdata_users() { else $MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} "$name" fi + + if in_list ssh_authorized_keys $keys; then + set_ssh_authorized_keys_for "$name" users/$i/ssh_authorized_keys + fi done } diff --git a/tests/tiny-cloud-alpine.test b/tests/tiny-cloud-alpine.test index 761ec39..abf200c 100755 --- a/tests/tiny-cloud-alpine.test +++ b/tests/tiny-cloud-alpine.test @@ -22,6 +22,7 @@ init_tests \ userdata_users_gecos \ userdata_users_homedir \ userdata_users_shell \ + userdata_users_ssh_authorized_keys \ userdata_ssh_authorized_keys \ userdata_groups \ userdata_bootcmd \ @@ -244,6 +245,30 @@ userdata_users_shell_body() { tiny-cloud main } +userdata_users_ssh_authorized_keys_body() { + fake_bin getent <<-EOF + #!/bin/sh + echo "root:x:1000:1000:Linux User,,,:/root:/bin/sh" + EOF + fake_userdata_nocloud <<-EOF + #alpine-config + users: + - default + - name: root + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIiHcbg/7ytfLFHUNLRgEAubFz/13SwXBOM/05GNZe4 user@example.com + EOF + atf_check -e ignore -o ignore tiny-cloud early + atf_check \ + -o ignore \ + -e match:"userdata_users: done" \ + tiny-cloud main + find + cat root/.ssh/authorized_keys + atf_check -o match:"ssh-ed25519.*user@example.com" \ + grep ssh-ed25519 root/.ssh/authorized_keys +} + userdata_ssh_authorized_keys_body() { fake_bin getent <<-EOF #!/bin/sh