Adds private_key parameter in the standard ssh actions

This method allows to specify a private key and avoids its storage
in the filesystem of the executors. This can be used later in
combination of a secrets_retrieve to use keys stored in barbican.

Change-Id: Ide438a7f6d24c8bdc9eb2c82e935fd39a6acc2c6
Closes-Bug: #1806703
This commit is contained in:
Jose Castro Leon 2018-12-04 15:43:26 +01:00
parent 0fb96bbd2b
commit 9bbc1d41d0
4 changed files with 38 additions and 13 deletions

View File

@ -376,7 +376,7 @@ class SSHAction(actions.Action):
return ssh_utils.execute_command
def __init__(self, cmd, host, username,
password="", private_key_filename=None):
password="", private_key_filename=None, private_key=None):
super(SSHAction, self).__init__()
self.cmd = cmd
@ -384,13 +384,15 @@ class SSHAction(actions.Action):
self.username = username
self.password = password
self.private_key_filename = private_key_filename
self.private_key = private_key
self.params = {
'cmd': self.cmd,
'host': self.host,
'username': self.username,
'password': self.password,
'private_key_filename': self.private_key_filename
'private_key_filename': self.private_key_filename,
'private_key': self.private_key
}
def run(self, context):
@ -438,13 +440,15 @@ class SSHProxiedAction(SSHAction):
def __init__(self, cmd, host, username, private_key_filename,
gateway_host, gateway_username=None,
password=None, proxy_command=None):
password=None, proxy_command=None,
private_key=None):
super(SSHProxiedAction, self).__init__(
cmd,
host,
username,
password,
private_key_filename
private_key_filename,
private_key
)
self.gateway_host = gateway_host

View File

@ -58,7 +58,8 @@ class SSHActionTest(base.BaseTest):
host=host,
username=username,
password='',
private_key_filename=None
private_key_filename=None,
private_key=None
)
@mock.patch.object(mistral.utils.ssh_utils, 'execute_command')

View File

@ -37,13 +37,20 @@ def _read_paramimko_stream(recv_func):
return result.decode('utf-8')
def _to_paramiko_private_key(private_key_filename, password=None):
def _to_paramiko_private_key(private_key_filename,
private_key=None,
password=None):
if '../' in private_key_filename or '..\\' in private_key_filename:
raise exc.DataAccessException(
"Private key filename must not contain '..'. "
"Actual: %s" % private_key_filename
)
if private_key:
return paramiko.RSAKey.from_private_key(
file_obj=six.StringIO(private_key),
password=password)
if private_key_filename.startswith('/'):
private_key_path = private_key_filename
else:
@ -56,9 +63,6 @@ def _to_paramiko_private_key(private_key_filename, password=None):
def _connect(host, username, password=None, pkey=None, proxy=None):
if isinstance(pkey, six.string_types):
pkey = _to_paramiko_private_key(pkey, password)
LOG.debug('Creating SSH connection to %s', host)
ssh_client = paramiko.SSHClient()
@ -104,10 +108,13 @@ def _execute_command(ssh_client, cmd, get_stderr=False,
def execute_command_via_gateway(cmd, host, username, private_key_filename,
gateway_host, gateway_username=None,
proxy_command=None, password=None):
proxy_command=None, password=None,
private_key=None):
LOG.debug('Creating SSH connection')
private_key = _to_paramiko_private_key(private_key_filename, password)
private_key = _to_paramiko_private_key(private_key_filename,
private_key,
password)
proxy = None
@ -153,9 +160,16 @@ def execute_command_via_gateway(cmd, host, username, private_key_filename,
def execute_command(cmd, host, username, password=None,
private_key_filename=None, get_stderr=False,
private_key_filename=None,
private_key=None, get_stderr=False,
raise_when_error=True):
ssh_client = _connect(host, username, password, private_key_filename)
LOG.debug('Creating SSH connection')
private_key = _to_paramiko_private_key(private_key_filename,
private_key,
password)
ssh_client = _connect(host, username, password, private_key)
LOG.debug("Executing command %s", cmd)

View File

@ -0,0 +1,6 @@
---
features:
- |
Adds the parameter private_key in the standard ssh actions. This allows a
user to specify the key to use instead of using the ones available in the
filesystem of the executors.