 c5b772db76
			
		
	
	c5b772db76
	
	
	
		
			
			This change is entirely automated save for the update of some mocks from 'io.open' to '__builtins__.open'). We are keeping this change separate from addition of the actual hook so that we can ignore the commit later. Change-Id: I0a9d8736632084473b57b57b693322447d7be519 Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
		
			
				
	
	
		
			446 lines
		
	
	
		
			15 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			446 lines
		
	
	
		
			15 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #   Copyright 2013 OpenStack Foundation
 | |
| #
 | |
| #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 | |
| #   not use this file except in compliance with the License. You may obtain
 | |
| #   a copy of the License at
 | |
| #
 | |
| #        http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| #   Unless required by applicable law or agreed to in writing, software
 | |
| #   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 | |
| #   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 | |
| #   License for the specific language governing permissions and limitations
 | |
| #   under the License.
 | |
| #
 | |
| 
 | |
| """Keypair action implementations"""
 | |
| 
 | |
| import collections
 | |
| import logging
 | |
| import os
 | |
| 
 | |
| from cryptography.hazmat.primitives.asymmetric import ed25519
 | |
| from cryptography.hazmat.primitives import serialization
 | |
| from openstack import utils as sdk_utils
 | |
| from osc_lib.command import command
 | |
| from osc_lib import exceptions
 | |
| from osc_lib import utils
 | |
| 
 | |
| from openstackclient.common import pagination
 | |
| from openstackclient.i18n import _
 | |
| from openstackclient.identity import common as identity_common
 | |
| 
 | |
| 
 | |
| LOG = logging.getLogger(__name__)
 | |
| Keypair = collections.namedtuple('Keypair', 'private_key public_key')
 | |
| 
 | |
| 
 | |
| def _generate_keypair():
 | |
|     """Generate a Ed25519 keypair in OpenSSH format.
 | |
| 
 | |
|     :returns: A `Keypair` named tuple with the generated private and public
 | |
|     keys.
 | |
|     """
 | |
|     key = ed25519.Ed25519PrivateKey.generate()
 | |
|     private_key = key.private_bytes(
 | |
|         serialization.Encoding.PEM,
 | |
|         serialization.PrivateFormat.OpenSSH,
 | |
|         serialization.NoEncryption(),
 | |
|     ).decode()
 | |
|     public_key = (
 | |
|         key.public_key()
 | |
|         .public_bytes(
 | |
|             serialization.Encoding.OpenSSH, serialization.PublicFormat.OpenSSH
 | |
|         )
 | |
|         .decode()
 | |
|     )
 | |
| 
 | |
|     return Keypair(private_key, public_key)
 | |
| 
 | |
| 
 | |
| def _get_keypair_columns(item, hide_pub_key=False, hide_priv_key=False):
 | |
|     # To maintain backwards compatibility we need to rename sdk props to
 | |
|     # whatever OSC was using before
 | |
|     column_map = {}
 | |
|     hidden_columns = ['links', 'location']
 | |
|     if hide_pub_key:
 | |
|         hidden_columns.append('public_key')
 | |
|     if hide_priv_key:
 | |
|         hidden_columns.append('private_key')
 | |
|     return utils.get_osc_show_columns_for_sdk_resource(
 | |
|         item, column_map, hidden_columns
 | |
|     )
 | |
| 
 | |
| 
 | |
| class CreateKeypair(command.ShowOne):
 | |
|     _description = _("Create new public or private key for server ssh access")
 | |
| 
 | |
|     def get_parser(self, prog_name):
 | |
|         parser = super().get_parser(prog_name)
 | |
|         parser.add_argument(
 | |
|             'name', metavar='<name>', help=_("New public or private key name")
 | |
|         )
 | |
|         key_group = parser.add_mutually_exclusive_group()
 | |
|         key_group.add_argument(
 | |
|             '--public-key',
 | |
|             metavar='<file>',
 | |
|             help=_(
 | |
|                 "Filename for public key to add. "
 | |
|                 "If not used, generates a private key in ssh-ed25519 format. "
 | |
|                 "To generate keys in other formats, including the legacy "
 | |
|                 "ssh-rsa format, you must use an external tool such as "
 | |
|                 "ssh-keygen and specify this argument."
 | |
|             ),
 | |
|         )
 | |
|         key_group.add_argument(
 | |
|             '--private-key',
 | |
|             metavar='<file>',
 | |
|             help=_(
 | |
|                 "Filename for private key to save. "
 | |
|                 "If not used, print private key in console."
 | |
|             ),
 | |
|         )
 | |
|         parser.add_argument(
 | |
|             '--type',
 | |
|             metavar='<type>',
 | |
|             choices=['ssh', 'x509'],
 | |
|             help=_(
 | |
|                 'Keypair type '
 | |
|                 '(supported by --os-compute-api-version 2.2 or above)'
 | |
|             ),
 | |
|         )
 | |
|         parser.add_argument(
 | |
|             '--user',
 | |
|             metavar='<user>',
 | |
|             help=_(
 | |
|                 'The owner of the keypair (admin only) (name or ID) '
 | |
|                 '(supported by --os-compute-api-version 2.10 or above)'
 | |
|             ),
 | |
|         )
 | |
|         identity_common.add_user_domain_option_to_parser(parser)
 | |
|         return parser
 | |
| 
 | |
|     def take_action(self, parsed_args):
 | |
|         compute_client = self.app.client_manager.sdk_connection.compute
 | |
|         identity_client = self.app.client_manager.identity
 | |
| 
 | |
|         kwargs = {'name': parsed_args.name}
 | |
| 
 | |
|         if parsed_args.public_key:
 | |
|             generated_keypair = None
 | |
|             try:
 | |
|                 with open(os.path.expanduser(parsed_args.public_key)) as p:
 | |
|                     public_key = p.read()
 | |
|             except OSError as e:
 | |
|                 msg = _("Key file %(public_key)s not found: %(exception)s")
 | |
|                 raise exceptions.CommandError(
 | |
|                     msg
 | |
|                     % {
 | |
|                         "public_key": parsed_args.public_key,
 | |
|                         "exception": e,
 | |
|                     }
 | |
|                 )
 | |
| 
 | |
|             kwargs['public_key'] = public_key
 | |
|         else:
 | |
|             generated_keypair = _generate_keypair()
 | |
|             kwargs['public_key'] = generated_keypair.public_key
 | |
| 
 | |
|             # If user have us a file, save private key into specified file
 | |
|             if parsed_args.private_key:
 | |
|                 try:
 | |
|                     with open(
 | |
|                         os.path.expanduser(parsed_args.private_key), 'w+'
 | |
|                     ) as p:
 | |
|                         p.write(generated_keypair.private_key)
 | |
|                 except OSError as e:
 | |
|                     msg = _(
 | |
|                         "Key file %(private_key)s can not be saved: "
 | |
|                         "%(exception)s"
 | |
|                     )
 | |
|                     raise exceptions.CommandError(
 | |
|                         msg
 | |
|                         % {
 | |
|                             "private_key": parsed_args.private_key,
 | |
|                             "exception": e,
 | |
|                         }
 | |
|                     )
 | |
| 
 | |
|         if parsed_args.type:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.2'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.2 or greater is required to '
 | |
|                     'support the --type option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             kwargs['key_type'] = parsed_args.type
 | |
| 
 | |
|         if parsed_args.user:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.10'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.10 or greater is required to '
 | |
|                     'support the --user option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             kwargs['user_id'] = identity_common.find_user(
 | |
|                 identity_client,
 | |
|                 parsed_args.user,
 | |
|                 parsed_args.user_domain,
 | |
|             ).id
 | |
| 
 | |
|         keypair = compute_client.create_keypair(**kwargs)
 | |
| 
 | |
|         # NOTE(dtroyer): how do we want to handle the display of the private
 | |
|         #                key when it needs to be communicated back to the user
 | |
|         #                For now, duplicate nova keypair-add command output
 | |
|         if parsed_args.public_key or parsed_args.private_key:
 | |
|             display_columns, columns = _get_keypair_columns(
 | |
|                 keypair, hide_pub_key=True, hide_priv_key=True
 | |
|             )
 | |
|             data = utils.get_item_properties(keypair, columns)
 | |
| 
 | |
|             return (display_columns, data)
 | |
|         else:
 | |
|             self.app.stdout.write(generated_keypair.private_key)
 | |
|             return ({}, {})
 | |
| 
 | |
| 
 | |
| class DeleteKeypair(command.Command):
 | |
|     _description = _("Delete public or private key(s)")
 | |
| 
 | |
|     def get_parser(self, prog_name):
 | |
|         parser = super().get_parser(prog_name)
 | |
|         parser.add_argument(
 | |
|             'name',
 | |
|             metavar='<key>',
 | |
|             nargs='+',
 | |
|             help=_("Name of key(s) to delete (name only)"),
 | |
|         )
 | |
|         parser.add_argument(
 | |
|             '--user',
 | |
|             metavar='<user>',
 | |
|             help=_(
 | |
|                 'The owner of the keypair. (admin only) (name or ID). '
 | |
|                 'Requires ``--os-compute-api-version`` 2.10 or greater.'
 | |
|             ),
 | |
|         )
 | |
|         identity_common.add_user_domain_option_to_parser(parser)
 | |
|         return parser
 | |
| 
 | |
|     def take_action(self, parsed_args):
 | |
|         compute_client = self.app.client_manager.sdk_connection.compute
 | |
|         identity_client = self.app.client_manager.identity
 | |
| 
 | |
|         kwargs = {}
 | |
|         result = 0
 | |
| 
 | |
|         if parsed_args.user:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.10'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.10 or greater is required to '
 | |
|                     'support the --user option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             kwargs['user_id'] = identity_common.find_user(
 | |
|                 identity_client,
 | |
|                 parsed_args.user,
 | |
|                 parsed_args.user_domain,
 | |
|             ).id
 | |
| 
 | |
|         for n in parsed_args.name:
 | |
|             try:
 | |
|                 compute_client.delete_keypair(
 | |
|                     n, **kwargs, ignore_missing=False
 | |
|                 )
 | |
|             except Exception as e:
 | |
|                 result += 1
 | |
|                 LOG.error(
 | |
|                     _("Failed to delete key with name " "'%(name)s': %(e)s"),
 | |
|                     {'name': n, 'e': e},
 | |
|                 )
 | |
| 
 | |
|         if result > 0:
 | |
|             total = len(parsed_args.name)
 | |
|             msg = _("%(result)s of %(total)s keys failed " "to delete.") % {
 | |
|                 'result': result,
 | |
|                 'total': total,
 | |
|             }
 | |
|             raise exceptions.CommandError(msg)
 | |
| 
 | |
| 
 | |
| class ListKeypair(command.Lister):
 | |
|     _description = _("List key fingerprints")
 | |
| 
 | |
|     def get_parser(self, prog_name):
 | |
|         parser = super().get_parser(prog_name)
 | |
|         user_group = parser.add_mutually_exclusive_group()
 | |
|         user_group.add_argument(
 | |
|             '--user',
 | |
|             metavar='<user>',
 | |
|             help=_(
 | |
|                 'Show keypairs for another user (admin only) (name or ID). '
 | |
|                 'Requires ``--os-compute-api-version`` 2.10 or greater.'
 | |
|             ),
 | |
|         )
 | |
|         identity_common.add_user_domain_option_to_parser(parser)
 | |
|         user_group.add_argument(
 | |
|             '--project',
 | |
|             metavar='<project>',
 | |
|             help=_(
 | |
|                 'Show keypairs for all users associated with project '
 | |
|                 '(admin only) (name or ID). '
 | |
|                 'Requires ``--os-compute-api-version`` 2.10 or greater.'
 | |
|             ),
 | |
|         )
 | |
|         identity_common.add_project_domain_option_to_parser(parser)
 | |
|         pagination.add_marker_pagination_option_to_parser(parser)
 | |
|         return parser
 | |
| 
 | |
|     def take_action(self, parsed_args):
 | |
|         compute_client = self.app.client_manager.sdk_connection.compute
 | |
|         identity_client = self.app.client_manager.identity
 | |
| 
 | |
|         kwargs = {}
 | |
| 
 | |
|         if parsed_args.marker:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.35'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.35 or greater is required '
 | |
|                     'to support the --marker option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             kwargs['marker'] = parsed_args.marker
 | |
| 
 | |
|         if parsed_args.limit:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.35'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.35 or greater is required '
 | |
|                     'to support the --limit option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             kwargs['limit'] = parsed_args.limit
 | |
| 
 | |
|         if parsed_args.project:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.10'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.10 or greater is required to '
 | |
|                     'support the --project option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             if parsed_args.marker:
 | |
|                 # NOTE(stephenfin): Because we're doing this client-side, we
 | |
|                 # can't really rely on the marker, because we don't know what
 | |
|                 # user the marker is associated with
 | |
|                 msg = _('--project is not compatible with --marker')
 | |
| 
 | |
|             # NOTE(stephenfin): This is done client side because nova doesn't
 | |
|             # currently support doing so server-side. If this is slow, we can
 | |
|             # think about spinning up a threadpool or similar.
 | |
|             project = identity_common.find_project(
 | |
|                 identity_client,
 | |
|                 parsed_args.project,
 | |
|                 parsed_args.project_domain,
 | |
|             ).id
 | |
|             users = identity_client.users.list(tenant_id=project)
 | |
| 
 | |
|             data = []
 | |
|             for user in users:
 | |
|                 kwargs['user_id'] = user.id
 | |
|                 data.extend(compute_client.keypairs(**kwargs))
 | |
|         elif parsed_args.user:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.10'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.10 or greater is required to '
 | |
|                     'support the --user option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             user = identity_common.find_user(
 | |
|                 identity_client,
 | |
|                 parsed_args.user,
 | |
|                 parsed_args.user_domain,
 | |
|             )
 | |
|             kwargs['user_id'] = user.id
 | |
| 
 | |
|             data = compute_client.keypairs(**kwargs)
 | |
|         else:
 | |
|             data = compute_client.keypairs(**kwargs)
 | |
| 
 | |
|         columns = ("Name", "Fingerprint")
 | |
| 
 | |
|         if sdk_utils.supports_microversion(compute_client, '2.2'):
 | |
|             columns += ("Type",)
 | |
| 
 | |
|         return (
 | |
|             columns,
 | |
|             (utils.get_item_properties(s, columns) for s in data),
 | |
|         )
 | |
| 
 | |
| 
 | |
| class ShowKeypair(command.ShowOne):
 | |
|     _description = _("Display key details")
 | |
| 
 | |
|     def get_parser(self, prog_name):
 | |
|         parser = super().get_parser(prog_name)
 | |
|         parser.add_argument(
 | |
|             'name',
 | |
|             metavar='<key>',
 | |
|             help=_("Public or private key to display (name only)"),
 | |
|         )
 | |
|         parser.add_argument(
 | |
|             '--public-key',
 | |
|             action='store_true',
 | |
|             default=False,
 | |
|             help=_("Show only bare public key paired with the generated key"),
 | |
|         )
 | |
|         parser.add_argument(
 | |
|             '--user',
 | |
|             metavar='<user>',
 | |
|             help=_(
 | |
|                 'The owner of the keypair. (admin only) (name or ID). '
 | |
|                 'Requires ``--os-compute-api-version`` 2.10 or greater.'
 | |
|             ),
 | |
|         )
 | |
|         identity_common.add_user_domain_option_to_parser(parser)
 | |
|         return parser
 | |
| 
 | |
|     def take_action(self, parsed_args):
 | |
|         compute_client = self.app.client_manager.sdk_connection.compute
 | |
|         identity_client = self.app.client_manager.identity
 | |
| 
 | |
|         kwargs = {}
 | |
| 
 | |
|         if parsed_args.user:
 | |
|             if not sdk_utils.supports_microversion(compute_client, '2.10'):
 | |
|                 msg = _(
 | |
|                     '--os-compute-api-version 2.10 or greater is required to '
 | |
|                     'support the --user option'
 | |
|                 )
 | |
|                 raise exceptions.CommandError(msg)
 | |
| 
 | |
|             kwargs['user_id'] = identity_common.find_user(
 | |
|                 identity_client,
 | |
|                 parsed_args.user,
 | |
|                 parsed_args.user_domain,
 | |
|             ).id
 | |
| 
 | |
|         keypair = compute_client.find_keypair(
 | |
|             parsed_args.name, **kwargs, ignore_missing=False
 | |
|         )
 | |
| 
 | |
|         if not parsed_args.public_key:
 | |
|             display_columns, columns = _get_keypair_columns(
 | |
|                 keypair, hide_pub_key=True
 | |
|             )
 | |
|             data = utils.get_item_properties(keypair, columns)
 | |
|             return (display_columns, data)
 | |
|         else:
 | |
|             self.app.stdout.write(keypair.public_key)
 | |
|             return ({}, {})
 |