def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
key = flags.GetKeyFromArgs(args)
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = properties.VALUES.core.account.Get()
keys = oslogin_utils.GetKeyDictionaryFromProfile(user_email, oslogin_client)
fingerprint = oslogin_utils.FindKeyInKeyList(key, keys)
if fingerprint:
return oslogin_client.DeleteSshPublicKey(user_email, fingerprint)
else:
raise client.OsloginKeyNotFoundError('Cannot find requested SSH key.')
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
key = flags.GetKeyFromArgs(args)
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = gaia.GetAuthenticatedGaiaEmail(oslogin_client.client.http)
keys = oslogin_utils.GetKeyDictionaryFromProfile(
user_email, oslogin_client)
fingerprint = oslogin_utils.FindKeyInKeyList(key, keys)
expiry = oslogin_utils.ConvertTtlArgToExpiry(args.ttl)
if fingerprint:
return oslogin_client.UpdateSshPublicKey(user_email,
fingerprint,
keys[fingerprint],
'expirationTimeUsec',
expiration_time=expiry)
else:
raise client.OsloginKeyNotFoundError(
'Cannot find requested SSH key.')
def Run(self, args):
"""See ssh_utils.BaseSSHCLICommand.Run."""
key = flags.GetKeyFromArgs(args)
oslogin_client = client.OsloginClient(self.ReleaseTrack())
user_email = (properties.VALUES.auth.impersonate_service_account.Get()
or properties.VALUES.core.account.Get())
keys = oslogin_utils.GetKeyDictionaryFromProfile(
user_email, oslogin_client)
fingerprint = oslogin_utils.FindKeyInKeyList(key, keys)
expiry = oslogin_utils.ConvertTtlArgToExpiry(args.ttl)
if fingerprint:
return oslogin_client.UpdateSshPublicKey(user_email,
fingerprint,
keys[fingerprint],
'expirationTimeUsec',
expiration_time=expiry)
else:
raise client.OsloginKeyNotFoundError(
'Cannot find requested SSH key.')
def CheckForOsloginAndGetUser(instance, project, requested_user, public_key,
release_track):
"""Check instance/project metadata for oslogin and return updated username.
Check to see if OS Login is enabled in metadata and if it is, return
the OS Login user and a boolean value indicating if OS Login is being used.
Args:
instance: instance, The object representing the instance we are
connecting to.
project: project, The object representing the current project.
requested_user: str, The default or requested username to connect as.
public_key: str, The public key of the user connecting.
release_track: release_track, The object representing the release track.
Returns:
tuple, A string containing the oslogin username and a boolean indicating
wheather oslogin is being used.
"""
# Instance metadata has priority
use_oslogin = False
oslogin_enabled = _MetadataHasOsloginEnable(instance.metadata)
if oslogin_enabled is None:
project_metadata = project.commonInstanceMetadata
oslogin_enabled = _MetadataHasOsloginEnable(project_metadata)
if not oslogin_enabled:
return requested_user, use_oslogin
# Connect to the oslogin API and add public key to oslogin user account.
oslogin = oslogin_client.OsloginClient(release_track)
if not oslogin:
log.warning(
'OS Login is enabled on Instance/Project, but is not available '
'in the {0} version of gcloud.'.format(release_track.id))
return requested_user, use_oslogin
user_email = properties.VALUES.core.account.Get()
# Check to see if public key is already in profile, and import if not.
login_profile = oslogin.GetLoginProfile(user_email, project.name)
keys = oslogin_utils.GetKeyDictionaryFromProfile(
user_email, oslogin, profile=login_profile)
fingerprint = oslogin_utils.FindKeyInKeyList(public_key, keys)
if not fingerprint:
import_response = oslogin.ImportSshPublicKey(user_email, public_key)
login_profile = import_response.loginProfile
use_oslogin = True
# Get the username for the oslogin user. If the username is the same as the
# default user, return that one. Otherwise, return the 'primary' username.
# If no 'primary' exists, return the first username.
oslogin_user = None
for pa in login_profile.posixAccounts:
oslogin_user = oslogin_user or pa.username
if pa.username == requested_user:
return requested_user, use_oslogin
elif pa.primary:
oslogin_user = pa.username
log.warning('Using OS Login user [{0}] instead of default user [{1}]'
.format(oslogin_user, requested_user))
return oslogin_user, use_oslogin
