def _check_or_create_public_private_files(public_key_file, private_key_file, credentials_folder):
delete_keys = False
# If nothing is passed, then create a directory with a ephemeral keypair
if not public_key_file and not private_key_file:
# We only want to delete the keys if the user hasn't provided their own keys
# Only ssh vm deletes generated keys.
delete_keys = True
if not credentials_folder:
# az ssh vm: Create keys on temp folder and delete folder once connection succeeds/fails.
credentials_folder = tempfile.mkdtemp(prefix="aadsshcert")
else:
# az ssh config: Keys saved to the same folder as --file or to --keys-destination-folder.
# az ssh cert: Keys saved to the same folder as --file.
if not os.path.isdir(credentials_folder):
os.makedirs(credentials_folder)
public_key_file = os.path.join(credentials_folder, "id_rsa.pub")
private_key_file = os.path.join(credentials_folder, "id_rsa")
ssh_utils.create_ssh_keyfile(private_key_file)
if not public_key_file:
if private_key_file:
public_key_file = private_key_file + ".pub"
else:
raise azclierror.RequiredArgumentMissingError("Public key file not specified")
if not os.path.isfile(public_key_file):
raise azclierror.FileOperationError(f"Public key file {public_key_file} not found")
# The private key is not required as the user may be using a keypair
# stored in ssh-agent (and possibly in a hardware token)
if private_key_file:
if not os.path.isfile(private_key_file):
raise azclierror.FileOperationError(f"Private key file {private_key_file} not found")
return public_key_file, private_key_file, delete_keys
def _check_or_create_public_private_files(public_key_file, private_key_file):
# If nothing is passed in create a temporary directory with a ephemeral keypair
if not public_key_file and not private_key_file:
temp_dir = tempfile.mkdtemp(prefix="aadsshcert")
public_key_file = os.path.join(temp_dir, "id_rsa.pub")
private_key_file = os.path.join(temp_dir, "id_rsa")
ssh_utils.create_ssh_keyfile(private_key_file)
if not public_key_file:
if private_key_file:
public_key_file = private_key_file + ".pub"
else:
raise azclierror.RequiredArgumentMissingError(
"Public key file not specified")
if not os.path.isfile(public_key_file):
raise azclierror.FileOperationError(
f"Public key file {public_key_file} not found")
# The private key is not required as the user may be using a keypair
# stored in ssh-agent (and possibly in a hardware token)
if private_key_file:
if not os.path.isfile(private_key_file):
raise azclierror.FileOperationError(
f"Private key file {private_key_file} not found")
return public_key_file, private_key_file
def _get_modulus_exponent(public_key_file):
if not os.path.isfile(public_key_file):
raise azclierror.FileOperationError(f"Public key file '{public_key_file}' was not found")
with open(public_key_file, 'r', encoding='utf-8') as f:
public_key_text = f.read()
parser = rsa_parser.RSAParser()
try:
parser.parse(public_key_text)
except Exception as e:
raise azclierror.FileOperationError(f"Could not parse public key. Error: {str(e)}")
modulus = parser.modulus
exponent = parser.exponent
return modulus, exponent
def _assert_args(resource_group, vm_name, ssh_ip, resource_type, cert_file, username):
if resource_type and resource_type.lower() != "microsoft.compute" \
and resource_type.lower() != "microsoft.hybridcompute":
raise azclierror.InvalidArgumentValueError("--resource-type must be either \"Microsoft.Compute\" "
"for Azure VMs or \"Microsoft.HybridCompute\" for Arc Servers.")
if not (resource_group or vm_name or ssh_ip):
raise azclierror.RequiredArgumentMissingError(
"The VM must be specified by --ip or --resource-group and "
"--vm-name/--name")
if resource_group and not vm_name or vm_name and not resource_group:
raise azclierror.MutuallyExclusiveArgumentError(
"--resource-group and --vm-name/--name must be provided together")
if ssh_ip and (vm_name or resource_group):
raise azclierror.MutuallyExclusiveArgumentError(
"--ip cannot be used with --resource-group or --vm-name/--name")
if cert_file and not username:
raise azclierror.MutuallyExclusiveArgumentError(
"To authenticate with a certificate you need to provide a --local-user")
if cert_file and not os.path.isfile(cert_file):
raise azclierror.FileOperationError(f"Certificate file {cert_file} not found")
def delete_folder(dir_path, message, warning=False):
if os.path.isdir(dir_path):
try:
os.rmdir(dir_path)
except Exception as e:
if warning:
logger.warning(message)
else:
raise azclierror.FileOperationError(message + "Error: " + str(e)) from e
def delete_file(file_path, message, warning=False):
# pylint: disable=broad-except
if os.path.isfile(file_path):
try:
os.remove(file_path)
except Exception as e:
if warning:
logger.warning(message)
else:
raise azclierror.FileOperationError(message + "Error: " + str(e)) from e
def write_to_file(file_path, mode, content, error_message, encoding=None):
# pylint: disable=unspecified-encoding
try:
if encoding:
with open(file_path, mode, encoding=encoding) as f:
f.write(content)
else:
with open(file_path, mode) as f:
f.write(content)
except Exception as e:
raise azclierror.FileOperationError(error_message + "Error: " +
str(e)) from e
def _assert_args(resource_group, vm_name, ssh_ip, cert_file, username):
if not (resource_group or vm_name or ssh_ip):
raise azclierror.RequiredArgumentMissingError(
"The VM must be specified by --ip or --resource-group and --vm-name/--name")
if resource_group and not vm_name or vm_name and not resource_group:
raise azclierror.MutuallyExclusiveArgumentError(
"--resource-group and --vm-name/--name must be provided together")
if ssh_ip and (vm_name or resource_group):
raise azclierror.MutuallyExclusiveArgumentError(
"--ip cannot be used with --resource-group or --vm-name/--name")
if cert_file and not username:
raise azclierror.MutuallyExclusiveArgumentError(
"To authenticate with a certificate you need to provide a --local-user")
if cert_file and not os.path.isfile(cert_file):
raise azclierror.FileOperationError(f"Certificate file {cert_file} not found")
def create_directory(file_path, error_message):
try:
os.makedirs(file_path)
except Exception as e:
raise azclierror.FileOperationError(error_message + "Error: " +
str(e)) from e