al/tiny-cloud
al/tiny-cloud
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud.git synced 2025-12-15 11:22:43 +03:00
Code Packages Wiki

Implement ssh_authorized_keys for created users

Browse Source 
fixes https://gitlab.alpinelinux.org/alpine/cloud/tiny-cloud/-/issues/57
This commit is contained in:
Natanael Copa 2024-07-31 21:03:16 +02:00
parent b366e4e3f7
commit 4caf5eee18
2 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/tiny-cloud/user-data/alpine-config
View File

@ -34,12 +34,14 @@ init__userdata_user() {
CLOUD_USER="${name:-$CLOUD_USER}" CLOUD_USER="${name:-$CLOUD_USER}"
} }
init__ssh_authorized_keys() { set_ssh_authorized_keys_for() {
local sshkeys="$(get_userdata ssh_authorized_keys)" local user="$1"
local userdata_path="$2"
local sshkeys="$(get_userdata $userdata_path)"
if [ -z "$sshkeys" ]; then if [ -z "$sshkeys" ]; then
return return
fi fi
local user="$CLOUD_USER"
local pwent="$(getent passwd "$user")" local pwent="$(getent passwd "$user")"
if [ -z "$pwent" ]; then if [ -z "$pwent" ]; then
log -i -t "$phase" err "$ACTION: failed to find user $user" log -i -t "$phase" err "$ACTION: failed to find user $user"
@ -58,13 +60,19 @@ init__ssh_authorized_keys() {
chmod 600 "$keys_file" chmod 600 "$keys_file"
$MOCK chown -R "$user:$group" "$ssh_dir" $MOCK chown -R "$user:$group" "$ssh_dir"
for i in $sshkeys; do for i in $sshkeys; do
local key="$(get_userdata ssh_authorized_keys/$i)" local key="$(get_userdata $userdata_path/$i)"
if [ -n "$key" ]; then if [ -n "$key" ]; then
echo "$key" >> "$keys_file" echo "$key" >> "$keys_file"
fi fi
done done
} }
init__ssh_authorized_keys() {
if [ -z "$CLOUD_USER" ]; then
return
fi
set_ssh_authorized_keys_for "$CLOUD_USER" ssh_authorized_keys
}
init__userdata_bootcmd() { init__userdata_bootcmd() {
# run bootcmd # run bootcmd
@ -286,6 +294,10 @@ init__userdata_users() {
else else
$MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} "$name" $MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} "$name"
fi fi
if in_list ssh_authorized_keys $keys; then
set_ssh_authorized_keys_for "$name" users/$i/ssh_authorized_keys
fi
done done
} }

25
tests/tiny-cloud-alpine.test
View File

@ -22,6 +22,7 @@ init_tests \
userdata_users_gecos \ userdata_users_gecos \
userdata_users_homedir \ userdata_users_homedir \
userdata_users_shell \ userdata_users_shell \
userdata_users_ssh_authorized_keys \
userdata_ssh_authorized_keys \ userdata_ssh_authorized_keys \
userdata_groups \ userdata_groups \
userdata_bootcmd \ userdata_bootcmd \
@ -244,6 +245,30 @@ userdata_users_shell_body() {
tiny-cloud main tiny-cloud main
} }
userdata_users_ssh_authorized_keys_body() {
fake_bin getent <<-EOF
#!/bin/sh
echo "root:x:1000:1000:Linux User,,,:/root:/bin/sh"
EOF
fake_userdata_nocloud <<-EOF
#alpine-config
users:
- default
- name: root
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOIiHcbg/7ytfLFHUNLRgEAubFz/13SwXBOM/05GNZe4 user@example.com
EOF
atf_check -e ignore -o ignore tiny-cloud early
atf_check \
-o ignore \
-e match:"userdata_users: done" \
tiny-cloud main
find
cat root/.ssh/authorized_keys
atf_check -o match:"ssh-ed25519.*user@example.com" \
grep ssh-ed25519 root/.ssh/authorized_keys
}
userdata_ssh_authorized_keys_body() { userdata_ssh_authorized_keys_body() {
fake_bin getent <<-EOF fake_bin getent <<-EOF
#!/bin/sh #!/bin/sh