def _check_or_create_public_private_files(public_key_file, private_key_file, credentials_folder): delete_keys = False # If nothing is passed, then create a directory with a ephemeral keypair if not public_key_file and not private_key_file: # We only want to delete the keys if the user hasn't provided their own keys # Only ssh vm deletes generated keys. delete_keys = True if not credentials_folder: # az ssh vm: Create keys on temp folder and delete folder once connection succeeds/fails. credentials_folder = tempfile.mkdtemp(prefix="aadsshcert") else: # az ssh config: Keys saved to the same folder as --file or to --keys-destination-folder. # az ssh cert: Keys saved to the same folder as --file. if not os.path.isdir(credentials_folder): os.makedirs(credentials_folder) public_key_file = os.path.join(credentials_folder, "id_rsa.pub") private_key_file = os.path.join(credentials_folder, "id_rsa") ssh_utils.create_ssh_keyfile(private_key_file) if not public_key_file: if private_key_file: public_key_file = private_key_file + ".pub" else: raise azclierror.RequiredArgumentMissingError("Public key file not specified") if not os.path.isfile(public_key_file): raise azclierror.FileOperationError(f"Public key file {public_key_file} not found") # The private key is not required as the user may be using a keypair # stored in ssh-agent (and possibly in a hardware token) if private_key_file: if not os.path.isfile(private_key_file): raise azclierror.FileOperationError(f"Private key file {private_key_file} not found") return public_key_file, private_key_file, delete_keys
def _check_or_create_public_private_files(public_key_file, private_key_file): # If nothing is passed in create a temporary directory with a ephemeral keypair if not public_key_file and not private_key_file: temp_dir = tempfile.mkdtemp(prefix="aadsshcert") public_key_file = os.path.join(temp_dir, "id_rsa.pub") private_key_file = os.path.join(temp_dir, "id_rsa") ssh_utils.create_ssh_keyfile(private_key_file) if not public_key_file: if private_key_file: public_key_file = private_key_file + ".pub" else: raise azclierror.RequiredArgumentMissingError( "Public key file not specified") if not os.path.isfile(public_key_file): raise azclierror.FileOperationError( f"Public key file {public_key_file} not found") # The private key is not required as the user may be using a keypair # stored in ssh-agent (and possibly in a hardware token) if private_key_file: if not os.path.isfile(private_key_file): raise azclierror.FileOperationError( f"Private key file {private_key_file} not found") return public_key_file, private_key_file
def _get_modulus_exponent(public_key_file): if not os.path.isfile(public_key_file): raise azclierror.FileOperationError(f"Public key file '{public_key_file}' was not found") with open(public_key_file, 'r', encoding='utf-8') as f: public_key_text = f.read() parser = rsa_parser.RSAParser() try: parser.parse(public_key_text) except Exception as e: raise azclierror.FileOperationError(f"Could not parse public key. Error: {str(e)}") modulus = parser.modulus exponent = parser.exponent return modulus, exponent
def _assert_args(resource_group, vm_name, ssh_ip, resource_type, cert_file, username): if resource_type and resource_type.lower() != "microsoft.compute" \ and resource_type.lower() != "microsoft.hybridcompute": raise azclierror.InvalidArgumentValueError("--resource-type must be either \"Microsoft.Compute\" " "for Azure VMs or \"Microsoft.HybridCompute\" for Arc Servers.") if not (resource_group or vm_name or ssh_ip): raise azclierror.RequiredArgumentMissingError( "The VM must be specified by --ip or --resource-group and " "--vm-name/--name") if resource_group and not vm_name or vm_name and not resource_group: raise azclierror.MutuallyExclusiveArgumentError( "--resource-group and --vm-name/--name must be provided together") if ssh_ip and (vm_name or resource_group): raise azclierror.MutuallyExclusiveArgumentError( "--ip cannot be used with --resource-group or --vm-name/--name") if cert_file and not username: raise azclierror.MutuallyExclusiveArgumentError( "To authenticate with a certificate you need to provide a --local-user") if cert_file and not os.path.isfile(cert_file): raise azclierror.FileOperationError(f"Certificate file {cert_file} not found")
def delete_folder(dir_path, message, warning=False): if os.path.isdir(dir_path): try: os.rmdir(dir_path) except Exception as e: if warning: logger.warning(message) else: raise azclierror.FileOperationError(message + "Error: " + str(e)) from e
def delete_file(file_path, message, warning=False): # pylint: disable=broad-except if os.path.isfile(file_path): try: os.remove(file_path) except Exception as e: if warning: logger.warning(message) else: raise azclierror.FileOperationError(message + "Error: " + str(e)) from e
def write_to_file(file_path, mode, content, error_message, encoding=None): # pylint: disable=unspecified-encoding try: if encoding: with open(file_path, mode, encoding=encoding) as f: f.write(content) else: with open(file_path, mode) as f: f.write(content) except Exception as e: raise azclierror.FileOperationError(error_message + "Error: " + str(e)) from e
def _assert_args(resource_group, vm_name, ssh_ip, cert_file, username): if not (resource_group or vm_name or ssh_ip): raise azclierror.RequiredArgumentMissingError( "The VM must be specified by --ip or --resource-group and --vm-name/--name") if resource_group and not vm_name or vm_name and not resource_group: raise azclierror.MutuallyExclusiveArgumentError( "--resource-group and --vm-name/--name must be provided together") if ssh_ip and (vm_name or resource_group): raise azclierror.MutuallyExclusiveArgumentError( "--ip cannot be used with --resource-group or --vm-name/--name") if cert_file and not username: raise azclierror.MutuallyExclusiveArgumentError( "To authenticate with a certificate you need to provide a --local-user") if cert_file and not os.path.isfile(cert_file): raise azclierror.FileOperationError(f"Certificate file {cert_file} not found")
def create_directory(file_path, error_message): try: os.makedirs(file_path) except Exception as e: raise azclierror.FileOperationError(error_message + "Error: " + str(e)) from e