Add SSH Key Management
This commit is contained in:
Tom Wiesing
parent
ef76844922
commit
bcd1805001
62 changed files with 1004 additions and 188 deletions
|
|
@ -1,13 +1,11 @@
|
|||
package ssh
|
||||
|
||||
import (
|
||||
"io"
|
||||
"context"
|
||||
|
||||
"github.com/FAU-CDI/wisski-distillery/internal/status"
|
||||
"github.com/FAU-CDI/wisski-distillery/internal/wisski/ingredient"
|
||||
"github.com/FAU-CDI/wisski-distillery/internal/wisski/ingredient/barrel"
|
||||
"github.com/FAU-CDI/wisski-distillery/pkg/environment"
|
||||
"github.com/FAU-CDI/wisski-distillery/pkg/sshx"
|
||||
"github.com/gliderlabs/ssh"
|
||||
gossh "golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
|
@ -23,28 +21,57 @@ var (
|
|||
_ ingredient.WissKIFetcher = (*SSH)(nil)
|
||||
)
|
||||
|
||||
func (ssh *SSH) Keys() ([]ssh.PublicKey, error) {
|
||||
file, err := ssh.Environment.Open(ssh.Dependencies.Barrel.AuthorizedKeysPath())
|
||||
if environment.IsNotExist(err) {
|
||||
return nil, nil
|
||||
}
|
||||
func (ssh *SSH) Keys(ctx context.Context) (keys []ssh.PublicKey, err error) {
|
||||
grants, err := ssh.Liquid.Policy.Instance(ctx, ssh.Slug)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
bytes, err := io.ReadAll(file)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
// iterate over enabled distillery admin users
|
||||
for _, grant := range grants {
|
||||
if !grant.DrupalAdminRole {
|
||||
continue
|
||||
}
|
||||
ukeys, err := ssh.Liquid.Keys.Keys(ctx, grant.User)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for _, ukey := range ukeys {
|
||||
if pk := ukey.PublicKey(); pk != nil {
|
||||
keys = append(keys, pk)
|
||||
}
|
||||
}
|
||||
}
|
||||
return sshx.ParseAllKeys(bytes), nil
|
||||
|
||||
// and return the keys!
|
||||
return keys, nil
|
||||
}
|
||||
|
||||
func (sshx *SSH) Fetch(flags ingredient.FetcherFlags, info *status.WissKI) error {
|
||||
// AllKeys returns the keys specifically registered to this instance and all the globally registered keys.
|
||||
func (ssh *SSH) AllKeys(ctx context.Context) (keys []ssh.PublicKey, err error) {
|
||||
lkeys, err := ssh.Keys(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
gkeys, err := ssh.Liquid.Keys.Admin(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
keys = append(keys, lkeys...)
|
||||
keys = append(keys, gkeys...)
|
||||
|
||||
return keys, nil
|
||||
}
|
||||
|
||||
func (ssh *SSH) Fetch(flags ingredient.FetcherFlags, info *status.WissKI) error {
|
||||
if flags.Quick {
|
||||
return nil
|
||||
}
|
||||
|
||||
keys, err := sshx.Keys()
|
||||
// add the instance keys
|
||||
keys, err := ssh.AllKeys(flags.Context)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -53,5 +80,6 @@ func (sshx *SSH) Fetch(flags ingredient.FetcherFlags, info *status.WissKI) error
|
|||
for i, key := range keys {
|
||||
info.SSHKeys[i] = string(gossh.MarshalAuthorizedKey(key))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue