packer-cn/common/step_cleanup_temp_keys.go

package common

import (
	"context"
	"fmt"
	"log"

	"github.com/hashicorp/packer/helper/communicator"
	"github.com/hashicorp/packer/helper/multistep"
	"github.com/hashicorp/packer/packer"
)

type StepCleanupTempKeys struct {
	Comm *communicator.Config
}

func (s *StepCleanupTempKeys) Run(ctx context.Context, state multistep.StateBag) multistep.StepAction {
	// This step is mostly cosmetic; Packer deletes the ephemeral keys anyway
	// so there's no realistic situation where these keys can cause issues.
	// However, it's nice to clean up after yourself.

	if !s.Comm.SSHClearAuthorizedKeys {
		return multistep.ActionContinue
	}

	if s.Comm.Type != "ssh" {
		return multistep.ActionContinue
	}

	if s.Comm.SSHTemporaryKeyPairName == "" {
		return multistep.ActionContinue
	}

	comm := state.Get("communicator").(packer.Communicator)
	ui := state.Get("ui").(packer.Ui)

	cmd := new(packer.RemoteCmd)

	ui.Say("Trying to remove ephemeral keys from authorized_keys files")

	// Per the OpenSSH manual (https://man.openbsd.org/sshd.8), a typical
	// line in the 'authorized_keys' file contains several fields that
	// are delimited by spaces. Here is an (abbreviated) example of a line:
	// 	ssh-rsa AAAAB3Nza...LiPk== user@example.net
	//
	// In the above example, 'ssh-rsa' is the key pair type,
	// 'AAAAB3Nza...LiPk==' is the base64 encoded public key,
	// and 'user@example.net' is a comment (in this case, describing
	// who the key belongs to).
	//
	// In the following 'sed' calls, the comment field will be equal to
	// the value of communicator.Config.SSHTemporaryKeyPairName.
	// We can remove an authorized public key using 'sed' by looking
	// for a line ending in ' packer-key-pair-comment' (note the
	// leading space).
	//
	// TODO: Why create a backup file if you are going to remove it?
	cmd.Command = fmt.Sprintf("sed -i.bak '/ %s$/d' ~/.ssh/authorized_keys; rm ~/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName)
	if err := cmd.RunWithUi(ctx, comm, ui); err != nil {
		log.Printf("Error cleaning up ~/.ssh/authorized_keys; please clean up keys manually: %s", err)
	}
	cmd = new(packer.RemoteCmd)
	cmd.Command = fmt.Sprintf("sudo sed -i.bak '/ %s$/d' /root/.ssh/authorized_keys; sudo rm /root/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName)
	if err := cmd.RunWithUi(ctx, comm, ui); err != nil {
		log.Printf("Error cleaning up /root/.ssh/authorized_keys; please clean up keys manually: %s", err)
	}

	return multistep.ActionContinue
}

func (s *StepCleanupTempKeys) Cleanup(state multistep.StateBag) {
}
new option allowing user to clean up the ephemeral ssh key from the authorized_keys file 2018-09-14 14:03:23 -04:00			`package common`

			`import (`
			`"context"`
			`"fmt"`
			`"log"`

			`"github.com/hashicorp/packer/helper/communicator"`
			`"github.com/hashicorp/packer/helper/multistep"`
			`"github.com/hashicorp/packer/packer"`
			`)`

			`type StepCleanupTempKeys struct {`
			`Comm *communicator.Config`
			`}`

rename interpolation context from ctx to ictx and contexts to ctx to avoid conflicts 2019-03-29 11:50:02 -04:00			`func (s *StepCleanupTempKeys) Run(ctx context.Context, state multistep.StateBag) multistep.StepAction {`
new option allowing user to clean up the ephemeral ssh key from the authorized_keys file 2018-09-14 14:03:23 -04:00			`// This step is mostly cosmetic; Packer deletes the ephemeral keys anyway`
			`// so there's no realistic situation where these keys can cause issues.`
			`// However, it's nice to clean up after yourself.`

			`if !s.Comm.SSHClearAuthorizedKeys {`
			`return multistep.ActionContinue`
			`}`

			`if s.Comm.Type != "ssh" {`
			`return multistep.ActionContinue`
			`}`

			`if s.Comm.SSHTemporaryKeyPairName == "" {`
			`return multistep.ActionContinue`
			`}`

Better fix for #7095 2018-12-11 13:34:07 -05:00			`comm := state.Get("communicator").(packer.Communicator)`
			`ui := state.Get("ui").(packer.Ui)`

new option allowing user to clean up the ephemeral ssh key from the authorized_keys file 2018-09-14 14:03:23 -04:00			`cmd := new(packer.RemoteCmd)`

			`ui.Say("Trying to remove ephemeral keys from authorized_keys files")`

Added comment to authorized_keys 'sed' calls per review. 2019-02-28 10:54:14 -05:00			`// Per the OpenSSH manual (https://man.openbsd.org/sshd.8), a typical`
			`// line in the 'authorized_keys' file contains several fields that`
			`// are delimited by spaces. Here is an (abbreviated) example of a line:`
			`// ssh-rsa AAAAB3Nza...LiPk== user@example.net`
			`//`
			`// In the above example, 'ssh-rsa' is the key pair type,`
			`// 'AAAAB3Nza...LiPk==' is the base64 encoded public key,`
			`// and 'user@example.net' is a comment (in this case, describing`
			`// who the key belongs to).`
			`//`
			`// In the following 'sed' calls, the comment field will be equal to`
			`// the value of communicator.Config.SSHTemporaryKeyPairName.`
			`// We can remove an authorized public key using 'sed' by looking`
			`// for a line ending in ' packer-key-pair-comment' (note the`
			`// leading space).`
			`//`
Added TODO about public key removal logic. 2019-02-05 12:00:01 -05:00			`// TODO: Why create a backup file if you are going to remove it?`
Fixed 'sed' regex to remove public key by magic string. 2019-02-04 12:10:17 -05:00			`cmd.Command = fmt.Sprintf("sed -i.bak '/ %s$/d' ~/.ssh/authorized_keys; rm ~/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName)`
allow a provisioner to timeout * I had to contextualise Communicator.Start and RemoteCmd.StartWithUi NOTE: Communicator.Start starts a RemoteCmd but RemoteCmd.StartWithUi will run the cmd and wait for a return, so I renamed StartWithUi to RunWithUi so that the intent is clearer. Ideally in the future RunWithUi will be named back to StartWithUi and the exit status or wait funcs of the command will allow to wait for a return. If you do so please read carrefully https://golang.org/pkg/os/exec/#Cmd.Stdout to avoid a deadlock * cmd.ExitStatus to cmd.ExitStatus() is now blocking to avoid race conditions * also had to simplify StartWithUi 2019-04-03 11:14:55 -04:00			`if err := cmd.RunWithUi(ctx, comm, ui); err != nil {`
new option allowing user to clean up the ephemeral ssh key from the authorized_keys file 2018-09-14 14:03:23 -04:00			`log.Printf("Error cleaning up ~/.ssh/authorized_keys; please clean up keys manually: %s", err)`
			`}`
			`cmd = new(packer.RemoteCmd)`
Fixed 'sed' regex to remove public key by magic string. 2019-02-04 12:10:17 -05:00			`cmd.Command = fmt.Sprintf("sudo sed -i.bak '/ %s$/d' /root/.ssh/authorized_keys; sudo rm /root/.ssh/authorized_keys.bak", s.Comm.SSHTemporaryKeyPairName)`
allow a provisioner to timeout * I had to contextualise Communicator.Start and RemoteCmd.StartWithUi NOTE: Communicator.Start starts a RemoteCmd but RemoteCmd.StartWithUi will run the cmd and wait for a return, so I renamed StartWithUi to RunWithUi so that the intent is clearer. Ideally in the future RunWithUi will be named back to StartWithUi and the exit status or wait funcs of the command will allow to wait for a return. If you do so please read carrefully https://golang.org/pkg/os/exec/#Cmd.Stdout to avoid a deadlock * cmd.ExitStatus to cmd.ExitStatus() is now blocking to avoid race conditions * also had to simplify StartWithUi 2019-04-03 11:14:55 -04:00			`if err := cmd.RunWithUi(ctx, comm, ui); err != nil {`
new option allowing user to clean up the ephemeral ssh key from the authorized_keys file 2018-09-14 14:03:23 -04:00			`log.Printf("Error cleaning up /root/.ssh/authorized_keys; please clean up keys manually: %s", err)`
			`}`

			`return multistep.ActionContinue`
			`}`

			`func (s *StepCleanupTempKeys) Cleanup(state multistep.StateBag) {`
			`}`