def CreateRequests(self, args):
"""Returns a list of requests necessary for adding users."""
owner = args.owner
if not owner:
owner = gaia.GetAuthenticatedGaiaEmail(self.http)
name = args.name
if not name:
name = gaia.MapGaiaEmailToDefaultAccountName(owner)
user_ref = self.clouduseraccounts_resources.Parse(
name,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='clouduseraccounts.users')
user = self.messages.User(
name=user_ref.Name(),
description=args.description,
owner=owner,
)
request = self.messages.ClouduseraccountsUsersInsertRequest(
project=self.project, user=user)
return [request]
def GetDefaultSshUsername(warn_on_account_user=False):
"""Returns the default username for ssh.
The default username is the local username, unless that username is invalid.
In that case, the default username is the username portion of the current
account.
Emits a warning if it's not using the local account username.
Args:
warn_on_account_user: bool, whether to warn if using the current account
instead of the local username.
Returns:
str, the default SSH username.
"""
user = getpass.getuser()
if not _IsValidSshUsername(user):
full_account = properties.VALUES.core.account.Get(required=True)
account_user = gaia.MapGaiaEmailToDefaultAccountName(full_account)
if warn_on_account_user:
log.warning(
'Invalid characters in local username [{0}]. '
'Using username corresponding to active account: [{1}]'.format(
user, account_user))
user = account_user
return user
def Run(self, args):
"""Issues requests necessary for adding users."""
compute_holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
holder = base_classes.ComputeUserAccountsApiHolder(self.ReleaseTrack())
client = holder.client
owner = args.owner
if not owner:
owner = gaia.GetAuthenticatedGaiaEmail(client.http)
name = args.name
if not name:
name = gaia.MapGaiaEmailToDefaultAccountName(owner)
user_ref = holder.resources.Parse(
name,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='clouduseraccounts.users')
user = client.MESSAGES_MODULE.User(
name=user_ref.Name(),
description=args.description,
owner=owner,
)
request = client.MESSAGES_MODULE.ClouduseraccountsUsersInsertRequest(
project=user_ref.project, user=user)
return compute_holder.client.MakeRequests([(client.users, 'Insert',
request)])
def Run(self, args):
"""Issues requests necessary for adding users."""
holder = base_classes.ComputeUserAccountsApiHolder(self.ReleaseTrack())
client = holder.client
owner = args.owner
if not owner:
owner = gaia.GetAuthenticatedGaiaEmail(client.http)
name = args.name
if not name:
name = gaia.MapGaiaEmailToDefaultAccountName(owner)
user_ref = holder.resources.Parse(
name,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='clouduseraccounts.users')
user = client.MESSAGES_MODULE.User(
name=user_ref.Name(),
description=args.description,
owner=owner,
)
request = client.MESSAGES_MODULE.ClouduseraccountsUsersInsertRequest(
project=user_ref.project,
user=user)
errors = []
responses = list(
request_helper.MakeRequests(
requests=[(client.users, 'Insert', request)],
http=client.http,
batch_url='https://www.googleapis.com/batch/',
errors=errors))
if errors:
utils.RaiseToolException(
errors, error_message='Could not fetch resource:')
return responses
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client
start = time_util.CurrentTimeSec()
# Set up Encryption utilities.
openssl_executable = files.FindExecutableOnPath('openssl')
if windows_encryption_utils:
crypt = windows_encryption_utils.WinCrypt()
elif openssl_executable:
crypt = openssl_encryption_utils.OpensslCrypt(openssl_executable)
else:
raise utils.MissingDependencyError(
'Your platform does not support OpenSSL.')
# Get Authenticated email address and default username.
email = properties.VALUES.core.account.GetOrFail()
if args.user:
user = args.user
else:
user = gaia.MapGaiaEmailToDefaultAccountName(email)
if args.instance_name == user:
raise utils.InvalidUserError(
MACHINE_USERNAME_SAME_ERROR.format(user, args.instance_name))
# Warn user (This warning doesn't show for non-interactive sessions).
message = RESET_PASSWORD_WARNING.format(user)
prompt_string = (
'Would you like to set or reset the password for [{0}]'.format(
user))
console_io.PromptContinue(message=message,
prompt_string=prompt_string,
cancel_on_no=True)
log.status.Print(
'Resetting and retrieving password for [{0}] on [{1}]'.format(
user, args.instance_name))
# Get Encryption Keys.
key = crypt.GetKeyPair()
modulus, exponent = crypt.GetModulusExponentFromPublicKey(
crypt.GetPublicKey(key))
# Create Windows key entry.
self.windows_key_entry = self._ConstructWindowsKeyEntry(
user, modulus, exponent, email)
# Call ReadWriteCommad.Run() which will fetch the instance and update
# the metadata (using the data in self.windows_key_entry).
instance_ref = self.CreateReference(client, holder.resources, args)
get_request = self.GetGetRequest(client, instance_ref)
objects = client.MakeRequests([get_request])
new_object = self.Modify(client, objects[0])
# If existing object is equal to the proposed object or if
# Modify() returns None, then there is no work to be done, so we
# print the resource and return.
if objects[0] == new_object:
log.status.Print(
'No change requested; skipping update for [{0}].'.format(
objects[0].name))
return objects
updated_instance = client.MakeRequests(
[self.GetSetRequest(client, instance_ref, new_object)])[0]
# Retrieve and Decrypt the password from the serial console.
enc_password = self._GetEncryptedPasswordFromSerialPort(
client, instance_ref, modulus)
password = crypt.DecryptMessage(key, enc_password)
# Get External IP address.
try:
access_configs = updated_instance.networkInterfaces[
0].accessConfigs
external_ip_address = access_configs[0].natIP
except (KeyError, IndexError) as _:
log.warning(NO_IP_WARNING.format(updated_instance.name))
external_ip_address = None
# Check for old Windows credentials.
if self.old_metadata_keys:
log.warning(
OLD_KEYS_WARNING.format(instance_ref.instance,
instance_ref.instance,
instance_ref.zone,
','.join(self.old_metadata_keys)))
log.info('Total Elapsed Time: {0}'.format(time_util.CurrentTimeSec() -
start))
# The connection info resource.
connection_info = {
'username': user,
'password': password,
'ip_address': external_ip_address
}
return connection_info
def Run(self, args):
start = time_util.CurrentTimeSec()
# Set up Encryption utilities.
openssl_executable = files.FindExecutableOnPath('openssl')
if windows_encryption_utils:
crypt = windows_encryption_utils.WinCrypt()
elif openssl_executable:
crypt = openssl_encryption_utils.OpensslCrypt(openssl_executable)
else:
raise utils.MissingDependencyError(
'Your platform does not support OpenSSL.')
# Get Authenticated email address and default username.
email = gaia.GetAuthenticatedGaiaEmail(self.http)
if args.user:
user = args.user
else:
user = gaia.MapGaiaEmailToDefaultAccountName(email)
if args.name == user:
raise utils.InvalidUserError(
MACHINE_USERNAME_SAME_ERROR.format(user, args.name))
# Warn user (This warning doesn't show for non-interactive sessions).
message = RESET_PASSWORD_WARNING.format(user)
prompt_string = (
'Would you like to set or reset the password for [{0}]'.format(
user))
console_io.PromptContinue(message=message,
prompt_string=prompt_string,
cancel_on_no=True)
log.status.Print(
'Resetting and retrieving password for [{0}] on [{1}]'.format(
user, args.name))
# Get Encryption Keys.
key = crypt.GetKeyPair()
modulus, exponent = crypt.GetModulusExponentFromPublicKey(
crypt.GetPublicKey(key))
# Create Windows key entry.
self.windows_key_entry = self._ConstructWindowsKeyEntry(
user, modulus, exponent, email)
# Call ReadWriteCommad.Run() which will fetch the instance and update
# the metadata (using the data in self.windows_key_entry).
objects = super(ResetWindowsPassword, self).Run(args)
updated_instance = list(objects)[0]
# Retrieve and Decrypt the password from the serial console.
enc_password = self._GetEncryptedPasswordFromSerialPort(modulus)
password = crypt.DecryptMessage(key, enc_password)
# Get External IP address.
try:
access_configs = updated_instance['networkInterfaces'][0][
'accessConfigs']
external_ip_address = access_configs[0]['natIP']
except KeyError:
log.warn(NO_IP_WARNING.format(updated_instance['name']))
external_ip_address = None
# Check for old Windows credentials.
if self.old_metadata_keys:
log.warn(
OLD_KEYS_WARNING.format(self.ref.Name(), self.ref.Name(),
self.ref.zone,
','.join(self.old_metadata_keys)))
log.info('Total Elapsed Time: {0}'.format(time_util.CurrentTimeSec() -
start))
# The connection info resource.
connection_info = {
'username': user,
'password': password,
'ip_address': external_ip_address
}
return connection_info
def testEmpty(self):
with self.assertRaisesRegex(gaia.GaiaException,
re.escape('Invalid email address [].')):
gaia.MapGaiaEmailToDefaultAccountName('')
def testNoAt(self):
self.assertEqual('test', gaia.MapGaiaEmailToDefaultAccountName('test'))
def testMalicious(self):
with self.assertRaisesRegex(
gaia.GaiaException,
re.escape('Invalid email address [@test].')):
gaia.MapGaiaEmailToDefaultAccountName('@test')
def testSymbolsUsername(self):
self.assertEqual(
'g_______test_',
gaia.MapGaiaEmailToDefaultAccountName('!#$%^&*[email protected]'))
def testLongUsername(self):
self.assertEqual(
'a' * 32,
gaia.MapGaiaEmailToDefaultAccountName('a' * 32 +
'*****@*****.**'))
def testComplexUsername(self):
self.assertEqual(
'user1_3_4_test',
gaia.MapGaiaEmailToDefaultAccountName('user1.3#[email protected]'))
def testSimpleUsername(self):
self.assertEqual(
'user', gaia.MapGaiaEmailToDefaultAccountName('*****@*****.**'))
