def test_error_raised_when_public_key_file_exists_no_permissions(self):
# Create public key file with no read or write access
public_key_path = self._create_new_temp_key_file(self.public_key)
os.chmod(public_key_path, 0o000)
# Check that CLIError exception is raised when generate_ssh_keys is called.
with self.assertRaises(CLIError):
generate_ssh_keys("", public_key_path)
def test_error_raised_when_private_key_file_exists_encrypted(self):
# Create empty private key file
private_key_path = self._create_new_temp_key_file("")
# Write encrypted / passworded key into file
self.key.write_private_key_file(private_key_path, password="******")
# Check that CLIError exception is raised when generate_ssh_keys is called.
with self.assertRaises(CLIError):
public_key_path = private_key_path + ".pub"
generate_ssh_keys(private_key_path, public_key_path)
def test_error_raised_when_private_key_file_exists_encrypted(self):
# Create empty private key file
private_key_path = self._create_new_temp_key_file("")
# Write encrypted key into file
self.key.write_private_key_file(private_key_path, "test")
# Check that CLIError exception is raised when generate_ssh_keys is called.
with self.assertRaises(CLIError):
public_key_path = private_key_path + ".pub"
generate_ssh_keys(private_key_path, public_key_path)
def _generate_ssh_keys():
"""Generates ssh keys pair"""
private_key_path = os.path.join(os.path.expanduser('~'), '.ssh', 'id_rsa')
public_key_path = os.path.join(os.path.expanduser('~'), '.ssh', 'id_rsa.pub')
if os.path.exists(private_key_path) and os.path.exists(public_key_path):
logger.warning('Reusing existing ssh public key from ~/.ssh')
return
if os.path.exists(private_key_path):
logger.warning('SSH private key id_rsa exists but public key is missing. Please export the public key.')
return
keys.generate_ssh_keys(private_key_path, public_key_path)
logger.warning('SSH key files id_rsa and id_rsa.pub have been generated under ~/.ssh to allow SSH access to the '
'nodes. If using machines without permanent storage, back up your keys to a safe location.')
def test_error_raised_when_private_key_file_exists_IOError(self):
# Create private key file
private_key_path = self._create_new_temp_key_file(self.private_key)
with mock.patch('paramiko.RSAKey') as mocked_RSAKey:
# mock failed RSAKey generation
mocked_RSAKey.side_effect = IOError("Mocked IOError")
# assert that CLIError raised when generate_ssh_keys is called
with self.assertRaises(CLIError):
public_key_path = private_key_path + ".pub"
generate_ssh_keys(private_key_path, public_key_path)
# assert that CLIError raised because of attempt to generate key from private key file.
mocked_RSAKey.assert_called_once_with(filename=private_key_path)
def test_error_raised_when_private_key_file_exists_IOError(self):
# Create private key file
private_key_path = self._create_new_temp_key_file(self.private_key)
with mock.patch('paramiko.RSAKey') as mocked_RSAKey:
# mock failed RSAKey generation
mocked_RSAKey.side_effect = IOError("Mocked IOError")
# assert that CLIError raised when generate_ssh_keys is called
with self.assertRaises(CLIError):
public_key_path = private_key_path + ".pub"
generate_ssh_keys(private_key_path, public_key_path)
# assert that CLIError raised because of attempt to generate key from private key file.
mocked_RSAKey.assert_called_once_with(filename=private_key_path)
def test_error_raised_when_public_key_file_exists_IOError(self):
# Create public key file
public_key_path = self._create_new_temp_key_file(self.public_key)
with mock.patch('azure.cli.core.keys.open') as mocked_open:
# mock failed call to read
mocked_f = mocked_open.return_value.__enter__.return_value
mocked_f.read = mock.MagicMock(side_effect=IOError("Mocked IOError"))
# assert that CLIError raised when generate_ssh_keys is called
with self.assertRaises(CLIError):
generate_ssh_keys("", public_key_path)
# assert that CLIError raised because of attempt to read public key file.
mocked_open.assert_called_once_with(public_key_path, 'r')
mocked_f.read.assert_called_once()
def validate_ssh_key(namespace):
if hasattr(namespace, 'no_ssh_key') and namespace.no_ssh_key:
return
string_or_file = (namespace.ssh_key_value or os.path.join(
os.path.expanduser('~'), '.ssh', 'id_rsa.pub'))
content = string_or_file
if os.path.exists(string_or_file):
logger.info('Use existing SSH public key file: %s', string_or_file)
with open(string_or_file, 'r') as f:
content = f.read()
elif not keys.is_valid_ssh_rsa_public_key(content):
if namespace.generate_ssh_keys:
# figure out appropriate file names:
# 'base_name'(with private keys), and 'base_name.pub'(with public keys)
public_key_filepath = string_or_file
if public_key_filepath[-4:].lower() == '.pub':
private_key_filepath = public_key_filepath[:-4]
else:
private_key_filepath = public_key_filepath + '.private'
content = keys.generate_ssh_keys(private_key_filepath,
public_key_filepath)
logger.warning(
"SSH key files '%s' and '%s' have been generated under ~/.ssh to "
"allow SSH access to the VM. If using machines without "
"permanent storage like Azure Cloud Shell without an attached "
"file share, back up your keys to a safe location",
private_key_filepath, public_key_filepath)
else:
raise CLIError(
'An RSA key file or key value must be supplied to SSH Key Value. '
'You can use --generate-ssh-keys to let CLI generate one for you'
)
namespace.ssh_key_value = content
def validate_ssh_key(namespace):
string_or_file = (namespace.ssh_key_value or
os.path.join(os.path.expanduser('~'), '.ssh', 'id_rsa.pub'))
content = string_or_file
if os.path.exists(string_or_file):
logger.info('Use existing SSH public key file: %s', string_or_file)
with open(string_or_file, 'r') as f:
content = f.read()
elif not keys.is_valid_ssh_rsa_public_key(content):
if namespace.generate_ssh_keys:
# figure out appropriate file names:
# 'base_name'(with private keys), and 'base_name.pub'(with public keys)
public_key_filepath = string_or_file
if public_key_filepath[-4:].lower() == '.pub':
private_key_filepath = public_key_filepath[:-4]
else:
private_key_filepath = public_key_filepath + '.private'
content = keys.generate_ssh_keys(private_key_filepath, public_key_filepath)
logger.warning("SSH key files '%s' and '%s' have been generated under ~/.ssh to "
"allow SSH access to the VM. If using machines without "
"permanent storage, back up your keys to a safe location.",
private_key_filepath, public_key_filepath)
else:
raise CLIError('An RSA key file or key value must be supplied to SSH Key Value. '
'You can use --generate-ssh-keys to let CLI generate one for you')
namespace.ssh_key_value = content
def test_error_raised_when_public_key_file_exists_IOError(self):
# Create public key file
public_key_path = self._create_new_temp_key_file(self.public_key)
with mock.patch('azure.cli.core.keys.open') as mocked_open:
# mock failed call to read
mocked_f = mocked_open.return_value.__enter__.return_value
mocked_f.read = mock.MagicMock(
side_effect=IOError("Mocked IOError"))
# assert that CLIError raised when generate_ssh_keys is called
with self.assertRaises(CLIError):
generate_ssh_keys("", public_key_path)
# assert that CLIError raised because of attempt to read public key file.
mocked_open.assert_called_once_with(public_key_path, 'r')
mocked_f.read.assert_called_once()
def test_generate_public_key_file_from_existing_private_key_files(self):
# Create private key file
private_key_path = self._create_new_temp_key_file(self.private_key)
# Call generate_ssh_keys and assert that returned public key same as original
public_key_path = private_key_path + ".pub"
new_public_key = generate_ssh_keys(private_key_path, public_key_path)
self.assertEqual(self.public_key, new_public_key)
# Check that correct public key file has been created
with open(public_key_path, 'r') as f:
public_key = f.read()
self.assertEqual(self.public_key, public_key)
# Check that private key file contents unchanged
with open(private_key_path, 'r') as f:
private_key = f.read()
self.assertEqual(self.private_key, private_key)
def test_generate_public_key_file_from_existing_private_key_files(self):
# Create private key file
private_key_path = self._create_new_temp_key_file(self.private_key)
# Call generate_ssh_keys and assert that returned public key same as original
public_key_path = private_key_path + ".pub"
new_public_key = generate_ssh_keys(private_key_path, public_key_path)
self.assertEqual(self.public_key, new_public_key)
# Check that correct public key file has been created
with open(public_key_path, 'r') as f:
public_key = f.read()
self.assertEqual(self.public_key, public_key)
# Check that private key file contents unchanged
with open(private_key_path, 'r') as f:
private_key = f.read()
self.assertEqual(self.private_key, private_key)
def test_when_public_key_file_exists(self):
# Create public key file
public_key_path = self._create_new_temp_key_file(self.public_key, suffix=".pub")
# Create private key file
private_key_path = self._create_new_temp_key_file(self.private_key)
# Call generate_ssh_keys and assert that returned public key same as original
new_public_key = generate_ssh_keys("", public_key_path)
self.assertEqual(self.public_key, new_public_key)
# Check that private and public key file contents unchanged.
with open(public_key_path, 'r') as f:
new_public_key = f.read()
self.assertEqual(self.public_key, new_public_key)
with open(private_key_path, 'r') as f:
new_private_key = f.read()
self.assertEqual(self.private_key, new_private_key)
def test_generate_new_private_public_key_files(self):
# create random temp file name
f = tempfile.NamedTemporaryFile(mode='w', dir=self._tempdirName)
f.close()
private_key_path = f.name
# Call generate_ssh_keys and assert that returned public key same as original
public_key_path = private_key_path + ".pub"
new_public_key = generate_ssh_keys(private_key_path, public_key_path)
# Check that public key returned is same as public key in public key path
with open(public_key_path, 'r') as f:
public_key = f.read()
self.assertEqual(public_key, new_public_key)
# Check that public key corresponds to private key
with open(private_key_path, 'r') as f:
key = paramiko.RSAKey(filename=private_key_path)
public_key = '{} {}'.format(key.get_name(), key.get_base64())
self.assertEqual(public_key, new_public_key)
def test_when_public_key_file_exists(self):
# Create public key file
public_key_path = self._create_new_temp_key_file(self.public_key,
suffix=".pub")
# Create private key file
private_key_path = self._create_new_temp_key_file(self.private_key)
# Call generate_ssh_keys and assert that returned public key same as original
new_public_key = generate_ssh_keys("", public_key_path)
self.assertEqual(self.public_key, new_public_key)
# Check that private and public key file contents unchanged.
with open(public_key_path, 'r') as f:
new_public_key = f.read()
self.assertEqual(self.public_key, new_public_key)
with open(private_key_path, 'r') as f:
new_private_key = f.read()
self.assertEqual(self.private_key, new_private_key)
def test_generate_new_private_public_key_files(self):
# create random temp file name
f = tempfile.NamedTemporaryFile(mode='w', dir=self._tempdirName)
f.close()
private_key_path = f.name
# Call generate_ssh_keys and assert that returned public key same as original
public_key_path = private_key_path + ".pub"
new_public_key = generate_ssh_keys(private_key_path, public_key_path)
# Check that public key returned is same as public key in public key path
with open(public_key_path, 'r') as f:
public_key = f.read()
self.assertEqual(public_key, new_public_key)
# Check that public key corresponds to private key
with open(private_key_path, 'r') as f:
key = paramiko.RSAKey(filename=private_key_path)
public_key = '{} {}'.format(key.get_name(), key.get_base64())
self.assertEqual(public_key, new_public_key)
def _handle_container_ssh_file(**kwargs):
if kwargs['command'] != 'acs create':
return
args = kwargs['args']
string_or_file = args.ssh_key_value
content = string_or_file
if os.path.exists(string_or_file):
logger.info('Use existing SSH public key file: %s', string_or_file)
with open(string_or_file, 'r') as f:
content = f.read()
elif not is_valid_ssh_rsa_public_key(content) and args.generate_ssh_keys:
# figure out appropriate file names:
# 'base_name'(with private keys), and 'base_name.pub'(with public keys)
public_key_filepath = string_or_file
if public_key_filepath[-4:].lower() == '.pub':
private_key_filepath = public_key_filepath[:-4]
else:
private_key_filepath = public_key_filepath + '.private'
content = generate_ssh_keys(private_key_filepath, public_key_filepath)
logger.warning('Created SSH key files: %s,%s', private_key_filepath,
public_key_filepath)
args.ssh_key_value = content
