def testSingleExternalNic(self):
instance = self.messages.Instance(
name='instance-1',
zone='zone-1',
networkInterfaces=[self.external_nic])
ip_result = ssh_utils.GetExternalIPAddress(instance)
self.assertEqual(self.external_ip_address, ip_result)
self.assertIs(ssh_utils.GetExternalInterface(instance),
self.external_nic)
def testMultipleNics(self):
instance = self.messages.Instance(
name='instance-1',
zone='zone-1',
networkInterfaces=[self.internal_nic, self.external_nic])
self.assertEqual(ssh_utils.GetExternalIPAddress(instance),
self.external_ip_address)
self.assertIs(ssh_utils.GetExternalInterface(instance),
self.external_nic)
self.assertEqual(ssh_utils.GetInternalIPAddress(instance),
self.internal_ip_address)
self.assertIs(ssh_utils.GetInternalInterface(instance),
self.internal_nic)
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
on_prem = (
args.IsKnownAndSpecified('network') and
args.IsKnownAndSpecified('region'))
if on_prem:
args.plain = True
# These two lines are needed to ensure reauth is performed as needed, even
# for on-prem, which doesn't use the resulting variables.
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client
ssh_helper = ssh_utils.BaseSSHCLIHelper()
ssh_helper.Run(args)
oslogin_state = ssh.OsloginState()
if on_prem:
user, ip = ssh_utils.GetUserAndInstance(args.user_host)
remote = ssh.Remote(ip, user)
iap_tunnel_args = iap_tunnel.CreateOnPremSshTunnelArgs(
args, self.ReleaseTrack(), ip)
instance_address = ip
internal_address = ip
else:
user, instance_name = ssh_utils.GetUserAndInstance(args.user_host)
instance_ref = instance_flags.SSH_INSTANCE_RESOLVER.ResolveResources(
[instance_name], compute_scope.ScopeEnum.ZONE, args.zone,
holder.resources,
scope_lister=instance_flags.GetInstanceZoneScopeLister(client))[0]
instance = ssh_helper.GetInstance(client, instance_ref)
project = ssh_helper.GetProject(client, instance_ref.project)
host_keys = ssh_helper.GetHostKeysFromGuestAttributes(
client, instance_ref, instance, project)
iap_tunnel_args = iap_tunnel.CreateSshTunnelArgs(
args, self.ReleaseTrack(), instance_ref,
ssh_utils.GetExternalInterface(instance, no_raise=True))
internal_address = ssh_utils.GetInternalIPAddress(instance)
if args.troubleshoot:
log.status.Print(TROUBLESHOOT_HEADER.format(
instance_ref, args.zone or instance_ref.zone,
datetime.datetime.now()
))
RunTroubleshooting(project, args.zone or instance_ref.zone,
instance, iap_tunnel_args)
return
if not host_keys and host_keys is not None:
log.debug('Unable to retrieve host keys from instance metadata. '
'Continuing.')
expiration, expiration_micros = ssh_utils.GetSSHKeyExpirationFromArgs(
args)
if args.plain:
oslogin_state.oslogin_enabled = False
else:
public_key = ssh_helper.keys.GetPublicKey().ToEntry(
include_comment=True)
# If there is an '@' symbol in the user_host arg, the user is requesting
# to connect as a specific user. This may get overridden by OS Login.
username_requested = '@' in args.user_host
oslogin_state = ssh.GetOsloginState(
instance, project, user, public_key, expiration_micros,
self.ReleaseTrack(), username_requested=username_requested)
user = oslogin_state.user
log.debug(oslogin_state)
if iap_tunnel_args:
# IAP Tunnel only uses instance_address for the purpose of --ssh-flag
# substitution. In this case, dest_addr doesn't do much, it just matches
# against entries in the user's ssh_config file. It's best to use
# something unique to avoid false positive matches, thus we use
# HostKeyAlias.
instance_address = internal_address
dest_addr = ssh_utils.HostKeyAlias(instance)
elif args.internal_ip:
instance_address = internal_address
dest_addr = instance_address
else:
instance_address = ssh_utils.GetExternalIPAddress(instance)
dest_addr = instance_address
remote = ssh.Remote(dest_addr, user)
# identity_file_list will be None if security keys are not enabled.
identity_file_list = ssh.WriteSecurityKeys(oslogin_state)
identity_file = None
options = None
if not args.plain:
if not identity_file_list:
identity_file = ssh_helper.keys.key_file
options = ssh_helper.GetConfig(ssh_utils.HostKeyAlias(instance),
args.strict_host_key_checking,
host_keys_to_add=host_keys)
extra_flags = ssh.ParseAndSubstituteSSHFlags(args, remote, instance_address,
internal_address)
remainder = []
if args.ssh_args:
remainder.extend(args.ssh_args)
# Transform args.command into arg list or None if no command
command_list = args.command.split(' ') if args.command else None
tty = containers.GetTty(args.container, command_list)
remote_command = containers.GetRemoteCommand(args.container, command_list)
# Do not include default port since that will prevent users from
# specifying a custom port (b/121998342).
ssh_cmd_args = {'remote': remote,
'identity_file': identity_file,
'options': options,
'extra_flags': extra_flags,
'remote_command': remote_command,
'tty': tty,
'iap_tunnel_args': iap_tunnel_args,
'remainder': remainder,
'identity_list': identity_file_list}
cmd = ssh.SSHCommand(**ssh_cmd_args)
if args.dry_run:
# Add quotes around any arguments that contain spaces.
log.out.Print(' '.join('"{0}"'.format(arg) if ' ' in arg else arg
for arg in cmd.Build(ssh_helper.env)))
return
# Raise errors if instance requires a security key but the local
# envionment doesn't support them. This is after the 'dry-run' because
# we want to allow printing the command regardless.
if self.enable_security_keys:
ssh_utils.ConfirmSecurityKeyStatus(oslogin_state)
if args.plain or oslogin_state.oslogin_enabled:
keys_newly_added = False
else:
keys_newly_added = ssh_helper.EnsureSSHKeyExists(
client, remote.user, instance, project, expiration=expiration)
if keys_newly_added:
poller = ssh_utils.CreateSSHPoller(remote, identity_file, options,
iap_tunnel_args,
extra_flags=extra_flags)
log.status.Print('Waiting for SSH key to propagate.')
# TODO(b/35355795): Don't force_connect
try:
poller.Poll(
ssh_helper.env,
force_connect=properties.VALUES.ssh.putty_force_connect.GetBool())
except retry.WaitException:
raise ssh_utils.NetworkError()
if args.internal_ip and not on_prem:
ssh_helper.PreliminarilyVerifyInstance(instance.id, remote, identity_file,
options)
# Errors from SSH itself result in an ssh.CommandError being raised
try:
return_code = cmd.Run(
ssh_helper.env,
force_connect=properties.VALUES.ssh.putty_force_connect.GetBool())
except ssh.CommandError as e:
if not on_prem:
log.status.Print(self.createRecommendMessage(args, instance_name,
instance_ref, project))
raise e
if return_code:
# This is the return code of the remote command. Problems with SSH itself
# will result in ssh.CommandError being raised above.
sys.exit(return_code)
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client
ssh_helper = ssh_utils.BaseSSHCLIHelper()
ssh_helper.Run(args)
user, instance_name = ssh_utils.GetUserAndInstance(args.user_host)
instance_ref = instance_flags.SSH_INSTANCE_RESOLVER.ResolveResources(
[instance_name], compute_scope.ScopeEnum.ZONE, args.zone,
holder.resources,
scope_lister=instance_flags.GetInstanceZoneScopeLister(client))[0]
instance = ssh_helper.GetInstance(client, instance_ref)
project = ssh_helper.GetProject(client, instance_ref.project)
if self.get_host_keys:
host_keys = ssh_helper.GetHostKeysFromGuestAttributes(
client, instance_ref)
if not host_keys:
log.warning('Unable to retrieve host keys from instance metadata. '
'Continuing.')
else:
host_keys = {}
expiration, expiration_micros = ssh_utils.GetSSHKeyExpirationFromArgs(args)
if args.plain:
use_oslogin = False
else:
public_key = ssh_helper.keys.GetPublicKey().ToEntry(include_comment=True)
user, use_oslogin = ssh.CheckForOsloginAndGetUser(
instance, project, user, public_key, expiration_micros,
self.ReleaseTrack())
iap_tunnel_args = iap_tunnel.SshTunnelArgs.FromArgs(
args, self.ReleaseTrack(), instance_ref,
ssh_utils.GetExternalInterface(instance, no_raise=True))
internal_address = ssh_utils.GetInternalIPAddress(instance)
if iap_tunnel_args:
# IAP Tunnel only uses instance_address for the purpose of --ssh-flag
# substitution. In this case, dest_addr doesn't do much, it just matches
# against entries in the user's ssh_config file. It's best to use
# something unique to avoid false positive matches, thus we use
# HostKeyAlias.
instance_address = internal_address
dest_addr = ssh_utils.HostKeyAlias(instance)
elif args.internal_ip:
instance_address = internal_address
dest_addr = instance_address
else:
instance_address = ssh_utils.GetExternalIPAddress(instance)
dest_addr = instance_address
remote = ssh.Remote(dest_addr, user)
identity_file = None
options = None
if not args.plain:
identity_file = ssh_helper.keys.key_file
options = ssh_helper.GetConfig(ssh_utils.HostKeyAlias(instance),
args.strict_host_key_checking,
host_keys_to_add=host_keys)
extra_flags = ssh.ParseAndSubstituteSSHFlags(args, remote, instance_address,
internal_address)
remainder = []
if args.ssh_args:
remainder.extend(args.ssh_args)
# Transform args.command into arg list or None if no command
command_list = args.command.split(' ') if args.command else None
tty = containers.GetTty(args.container, command_list)
remote_command = containers.GetRemoteCommand(args.container, command_list)
# Do not include default port since that will prevent users from
# specifying a custom port (b/121998342).
ssh_cmd_args = {'remote': remote,
'identity_file': identity_file,
'options': options,
'extra_flags': extra_flags,
'remote_command': remote_command,
'tty': tty,
'iap_tunnel_args': iap_tunnel_args,
'remainder': remainder}
cmd = ssh.SSHCommand(**ssh_cmd_args)
if args.dry_run:
log.out.Print(' '.join(cmd.Build(ssh_helper.env)))
return
if args.plain or use_oslogin:
keys_newly_added = False
else:
keys_newly_added = ssh_helper.EnsureSSHKeyExists(
client, remote.user, instance, project, expiration=expiration)
if keys_newly_added:
poller = ssh_utils.CreateSSHPoller(remote, identity_file, options,
iap_tunnel_args,
extra_flags=extra_flags)
log.status.Print('Waiting for SSH key to propagate.')
# TODO(b/35355795): Don't force_connect
try:
poller.Poll(ssh_helper.env, force_connect=True)
except retry.WaitException:
raise ssh_utils.NetworkError()
if args.internal_ip:
ssh_helper.PreliminarilyVerifyInstance(instance.id, remote, identity_file,
options)
# Errors from SSH itself result in an ssh.CommandError being raised
return_code = cmd.Run(ssh_helper.env, force_connect=True)
if return_code:
# This is the return code of the remote command. Problems with SSH itself
# will result in ssh.CommandError being raised above.
sys.exit(return_code)
def RunScp(self,
compute_holder,
args,
port=None,
recursive=False,
compress=False,
extra_flags=None,
release_track=None,
ip_type=ip.IpTypeEnum.EXTERNAL):
"""SCP files between local and remote GCE instance.
Run this method from subclasses' Run methods.
Args:
compute_holder: The ComputeApiHolder.
args: argparse.Namespace, the args the command was invoked with.
port: str or None, Port number to use for SSH connection.
recursive: bool, Whether to use recursive copying using -R flag.
compress: bool, Whether to use compression.
extra_flags: [str] or None, extra flags to add to command invocation.
release_track: obj, The current release track.
ip_type: IpTypeEnum, Specify using internal ip or external ip address.
Raises:
ssh_utils.NetworkError: Network issue which likely is due to failure
of SSH key propagation.
ssh.CommandError: The SSH command exited with SSH exit code, which
usually implies that a connection problem occurred.
"""
if release_track is None:
release_track = base.ReleaseTrack.GA
super(BaseScpHelper, self).Run(args)
dst = ssh.FileReference.FromPath(args.destination)
srcs = [ssh.FileReference.FromPath(src) for src in args.sources]
# Make sure we have a unique remote
ssh.SCPCommand.Verify(srcs, dst, single_remote=True)
remote = dst.remote or srcs[0].remote
if not dst.remote: # Make sure all remotes point to the same ref
for src in srcs:
src.remote = remote
instance_ref = instance_flags.SSH_INSTANCE_RESOLVER.ResolveResources(
[remote.host],
compute_scope.ScopeEnum.ZONE,
args.zone,
compute_holder.resources,
scope_lister=instance_flags.GetInstanceZoneScopeLister(
compute_holder.client))[0]
instance = self.GetInstance(compute_holder.client, instance_ref)
project = self.GetProject(compute_holder.client, instance_ref.project)
if not remote.user:
remote.user = ssh.GetDefaultSshUsername(warn_on_account_user=True)
if args.plain:
use_oslogin = False
else:
public_key = self.keys.GetPublicKey().ToEntry(include_comment=True)
remote.user, use_oslogin = ssh.CheckForOsloginAndGetUser(
instance, project, remote.user, public_key, release_track)
identity_file = None
options = None
if not args.plain:
identity_file = self.keys.key_file
options = self.GetConfig(ssh_utils.HostKeyAlias(instance),
args.strict_host_key_checking)
iap_tunnel_args = iap_tunnel.SshTunnelArgs.FromArgs(
args, release_track, instance_ref,
ssh_utils.GetInternalInterface(instance),
ssh_utils.GetExternalInterface(instance, no_raise=True))
if iap_tunnel_args:
remote.host = ssh_utils.HostKeyAlias(instance)
elif ip_type is ip.IpTypeEnum.INTERNAL:
remote.host = ssh_utils.GetInternalIPAddress(instance)
else:
remote.host = ssh_utils.GetExternalIPAddress(instance)
cmd = ssh.SCPCommand(srcs,
dst,
identity_file=identity_file,
options=options,
recursive=recursive,
compress=compress,
port=port,
extra_flags=extra_flags,
iap_tunnel_args=iap_tunnel_args)
if args.dry_run:
log.out.Print(' '.join(cmd.Build(self.env)))
return
if args.plain or use_oslogin:
keys_newly_added = False
else:
keys_newly_added = self.EnsureSSHKeyExists(compute_holder.client,
remote.user, instance,
project)
if keys_newly_added:
poller = ssh_utils.CreateSSHPoller(remote,
identity_file,
options,
iap_tunnel_args,
port=port)
log.status.Print('Waiting for SSH key to propagate.')
# TODO(b/35355795): Don't force_connect
try:
poller.Poll(self.env, force_connect=True)
except retry.WaitException:
raise ssh_utils.NetworkError()
if ip_type is ip.IpTypeEnum.INTERNAL:
# This will never happen when IAP Tunnel is enabled, because ip_type is
# always EXTERNAL when IAP Tunnel is enabled, even if the instance has no
# external IP. IAP Tunnel doesn't need verification because it uses
# unambiguous identifiers for the instance.
self.PreliminarilyVerifyInstance(instance.id, remote,
identity_file, options)
# Errors from the SCP command result in an ssh.CommandError being raised
cmd.Run(self.env, force_connect=True)