def Run(self, args):
oslogin_client = client.OsloginClient(self.ReleaseTrack())
account = properties.VALUES.core.account.GetOrFail()
project = properties.VALUES.core.project.Get(required=True)
project_ref = resources.REGISTRY.Parse(
project,
params={'user': account},
collection='oslogin.users.projects')
current_profile = oslogin_client.GetLoginProfile(account)
account_id = None
for account in current_profile.posixAccounts:
if account.accountId == project:
account_id = account.accountId
if account_id:
console_io.PromptContinue(
'Posix accounts associated with project ID [{0}] will be deleted.'
.format(project),
default=True,
cancel_on_no=True)
res = oslogin_client.DeletePosixAccounts(project_ref)
log.DeletedResource(account_id, details='posix account(s)')
return res
else:
log.warn('No profile found with accountId [{0}]'.format(project))
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = properties.VALUES.core.account.Get()
keys = oslogin_utils.GetKeysFromProfile(user_email, oslogin_client)
return keys
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = gaia.GetAuthenticatedGaiaEmail(oslogin_client.client.http)
keys = oslogin_utils.GetKeysFromProfile(user_email, oslogin_client)
return keys
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
key = flags.GetKeyFromArgs(args)
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = properties.VALUES.core.account.Get()
expiry = oslogin_utils.ConvertTtlArgToExpiry(args.ttl)
return oslogin_client.ImportSshPublicKey(user_email, key,
expiration_time=expiry)
def CheckForOsloginAndGetUser(instance, project, requested_user, public_key,
release_track):
"""Check instance/project metadata for oslogin and return updated username.
Check to see if OS Login is enabled in metadata and if it is, return
the OS Login user and a boolean value indicating if OS Login is being used.
Args:
instance: instance, The object representing the instance we are
connecting to.
project: project, The object representing the current project.
requested_user: str, The default or requested username to connect as.
public_key: str, The public key of the user connecting.
release_track: release_track, The object representing the release track.
Returns:
tuple, A string containing the oslogin username and a boolean indicating
wheather oslogin is being used.
"""
# Instance metadata has priority
use_oslogin = False
oslogin_enabled = _MetadataHasOsloginEnable(instance.metadata)
if oslogin_enabled is None:
project_metadata = project.commonInstanceMetadata
oslogin_enabled = _MetadataHasOsloginEnable(project_metadata)
if not oslogin_enabled:
return requested_user, use_oslogin
# Connect to the oslogin API and add public key to oslogin user account.
oslogin = oslogin_client.OsloginClient(release_track)
if not oslogin:
log.warning(
'OS Login is enabled on Instance/Project, but is not available '
'in the {0} version of gcloud.'.format(release_track.id))
return requested_user, use_oslogin
user_email = properties.VALUES.core.account.Get()
login_profile = oslogin.ImportSshPublicKey(user_email, public_key)
use_oslogin = True
# Get the username for the oslogin user. If the username is the same as the
# default user, return that one. Otherwise, return the 'primary' username.
# If no 'primary' exists, return the first username.
oslogin_user = None
for pa in login_profile.loginProfile.posixAccounts:
oslogin_user = oslogin_user or pa.username
if pa.username == requested_user:
return requested_user, use_oslogin
elif pa.primary:
oslogin_user = pa.username
log.warning(
'Using OS Login user [{0}] instead of default user [{1}]'.format(
oslogin_user, requested_user))
return oslogin_user, use_oslogin
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
key = flags.GetKeyFromArgs(args)
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = properties.VALUES.core.account.Get()
keys = oslogin_utils.GetKeyDictionaryFromProfile(user_email, oslogin_client)
fingerprint = oslogin_utils.FindKeyInKeyList(key, keys)
if fingerprint:
return oslogin_client.DeleteSshPublicKey(user_email, fingerprint)
else:
raise client.OsloginKeyNotFoundError('Cannot find requested SSH key.')
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
key = flags.GetKeyFromArgs(args)
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = gaia.GetAuthenticatedGaiaEmail(oslogin_client.client.http)
keys = oslogin_utils.GetKeyDictionaryFromProfile(
user_email, oslogin_client)
fingerprint = oslogin_utils.FindKeyInKeyList(key, keys)
expiry = oslogin_utils.ConvertTtlArgToExpiry(args.ttl)
if fingerprint:
return oslogin_client.UpdateSshPublicKey(user_email,
fingerprint,
keys[fingerprint],
'expirationTimeUsec',
expiration_time=expiry)
else:
raise client.OsloginKeyNotFoundError(
'Cannot find requested SSH key.')
def CheckForOsloginAndGetUser(self, instance, project, requested_user,
release_track):
"""Checks instance/project metadata for oslogin and update username."""
# Instance metadata has priority
use_oslogin = False
oslogin_enabled = _MetadataHasOsloginEnable(instance.metadata)
if oslogin_enabled is None:
project_metadata = project.commonInstanceMetadata
oslogin_enabled = _MetadataHasOsloginEnable(project_metadata)
if not oslogin_enabled:
return requested_user, use_oslogin
# Connect to the oslogin API and add public key to oslogin user account.
oslogin = oslogin_client.OsloginClient(release_track)
if not oslogin:
log.warning(
'OS Login is enabled on Instance/Project, but is not available '
'in the {0} version of gcloud.'.format(release_track.id))
return requested_user, use_oslogin
public_key = self.keys.GetPublicKey().ToEntry(include_comment=True)
user_email = properties.VALUES.core.account.Get()
login_profile = oslogin.ImportSshPublicKey(user_email, public_key)
use_oslogin = True
# Get the username for the oslogin user. If the username is the same as the
# default user, return that one. Otherwise, return the 'primary' username.
# If no 'primary' exists, return the first username.
oslogin_user = None
for pa in login_profile.loginProfile.posixAccounts:
oslogin_user = oslogin_user or pa.username
if pa.username == requested_user:
return requested_user, use_oslogin
elif pa.primary:
oslogin_user = pa.username
log.warning(
'Using OS Login user [{0}] instead of default user [{1}]'.format(
oslogin_user, requested_user))
return oslogin_user, use_oslogin
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
key = flags.GetKeyFromArgs(args)
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = (properties.VALUES.auth.impersonate_service_account.Get()
or properties.VALUES.core.account.Get())
keys = oslogin_utils.GetKeyDictionaryFromProfile(
user_email, oslogin_client)
fingerprint = oslogin_utils.FindKeyInKeyList(key, keys)
expiry = oslogin_utils.ConvertTtlArgToExpiry(args.ttl)
if fingerprint:
return oslogin_client.UpdateSshPublicKey(user_email,
fingerprint,
keys[fingerprint],
'expirationTimeUsec',
expiration_time=expiry)
else:
raise client.OsloginKeyNotFoundError(
'Cannot find requested SSH key.')
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = (properties.VALUES.auth.impersonate_service_account.Get()
or properties.VALUES.core.account.Get())
return oslogin_client.GetLoginProfile(user_email)
