Disable password auth on ssh key Linux builds

2020-07-16 22:26:06 +00:00 · 2020-07-16 22:26:06 +00:00 · deca28c158
parent 5fd68374fe
commit deca28c158
12 changed files with 30 additions and 19 deletions
--- a/builder/azure/arm/config.go
+++ b/builder/azure/arm/config.go
@ -697,10 +697,10 @@ func setUserNamePassword(c *Config) error {
 	}
 	c.UserName = c.Comm.SSHUsername

-	if c.Comm.SSHPassword == "" {
-		c.Comm.SSHPassword = c.Password
+	// if user has an explicit wish to use an SSH password, we'll set it
+	if c.Comm.SSHPassword != "" {
+		c.Password = c.Comm.SSHPassword
 	}
-	c.Password = c.Comm.SSHPassword

 	if c.Comm.Type == "ssh" {
 		return nil
--- a/builder/azure/arm/config_test.go
+++ b/builder/azure/arm/config_test.go
@ -71,8 +71,8 @@ func TestConfigUserNameOverride(t *testing.T) {
 	if c.Password != c.tmpAdminPassword {
 		t.Errorf("Expected 'Password' to be set to generated password, but found %q!", c.Password)
 	}
-	if c.Comm.SSHPassword != c.tmpAdminPassword {
-		t.Errorf("Expected 'c.Comm.SSHPassword' to be set to generated password, but found %q!", c.Comm.SSHPassword)
+	if c.Comm.SSHPassword != "" {
+		t.Errorf("Expected 'c.Comm.SSHPassword' to be empty, but found %q!", c.Comm.SSHPassword)
 	}
 	if c.UserName != "override_username" {
 		t.Errorf("Expected 'UserName' to be set to 'override_username', but found %q!", c.UserName)
@ -2093,6 +2093,14 @@ func getPackerCommunicatorConfiguration() map[string]string {
 	return config
 }

+func getPackerSSHPasswordCommunicatorConfiguration() map[string]string {
+	config := map[string]string{
+		"ssh_password": "superS3cret",
+	}
+
+	return config
+}
+
 func TestConfigShouldRejectMalformedUserAssignedManagedIdentities(t *testing.T) {
 	config := map[string]interface{}{
 		"capture_name_prefix":    "ignore",
--- a/builder/azure/arm/template_factory.go
+++ b/builder/azure/arm/template_factory.go
@ -55,7 +55,7 @@ func GetVirtualMachineDeployment(config *Config) (*resources.Deployment, error)

 	switch config.OSType {
 	case constants.Target_Linux:
-		builder.BuildLinux(config.sshAuthorizedKey)
+		builder.BuildLinux(config.sshAuthorizedKey, config.Comm.SSHPassword == "") // if ssh password is not explicitly specified, disable password auth
 	case constants.Target_Windows:
 		osType = compute.Windows
 		builder.BuildWindows(config.tmpKeyVaultName, config.tmpWinRMCertificateUrl)
--- a/builder/azure/arm/template_factory_test.TestPlanInfo01.approved.json
+++ b/builder/azure/arm/template_factory_test.TestPlanInfo01.approved.json
@ -149,10 +149,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.TestPlanInfo02.approved.json
+++ b/builder/azure/arm/template_factory_test.TestPlanInfo02.approved.json
@ -153,10 +153,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment04.approved.json
+++ b/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment04.approved.json
@ -126,10 +126,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment06.approved.json
+++ b/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment06.approved.json
@ -141,10 +141,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment08.approved.json
+++ b/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment08.approved.json
@ -126,10 +126,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment10.approved.json
+++ b/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment10.approved.json
@ -104,10 +104,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment12.approved.json
+++ b/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment12.approved.json
@ -126,10 +126,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment14.approved.json
+++ b/builder/azure/arm/template_factory_test.TestVirtualMachineDeployment14.approved.json
@ -127,10 +127,10 @@
          ]
        },
        "osProfile": {
-          "adminPassword": "[parameters('adminPassword')]",
          "adminUsername": "[parameters('adminUsername')]",
          "computerName": "[parameters('vmName')]",
          "linuxConfiguration": {
+            "disablePasswordAuthentication": true,
            "ssh": {
              "publicKeys": [
                {
--- a/builder/azure/arm/template_factory_test.go
+++ b/builder/azure/arm/template_factory_test.go
@ -108,7 +108,10 @@ func TestVirtualMachineDeployment03(t *testing.T) {
 	m["image_version"] = "ImageVersion"

 	var c Config
-	c.Prepare(m, getPackerConfiguration())
+	_, err := c.Prepare(m, getPackerConfiguration(), getPackerSSHPasswordCommunicatorConfiguration())
+	if err != nil {
+		t.Fatal(err)
+	}
 	deployment, err := GetVirtualMachineDeployment(&c)
 	if err != nil {
 		t.Fatal(err)
@ -168,7 +171,7 @@ func TestVirtualMachineDeployment05(t *testing.T) {
 	}

 	var c Config
-	_, err := c.Prepare(config, getPackerConfiguration())
+	_, err := c.Prepare(config, getPackerConfiguration(), getPackerSSHPasswordCommunicatorConfiguration())
 	if err != nil {
 		t.Fatal(err)
 	}
@ -235,7 +238,7 @@ func TestVirtualMachineDeployment07(t *testing.T) {
 	}

 	var c Config
-	_, err := c.Prepare(config, getPackerConfiguration())
+	_, err := c.Prepare(config, getPackerConfiguration(), getPackerSSHPasswordCommunicatorConfiguration())
 	if err != nil {
 		t.Fatal(err)
 	}
@ -312,7 +315,7 @@ func TestVirtualMachineDeployment09(t *testing.T) {
 	}

 	var c Config
-	_, err := c.Prepare(config, getPackerConfiguration())
+	_, err := c.Prepare(config, getPackerConfiguration(), getPackerSSHPasswordCommunicatorConfiguration())
 	if err != nil {
 		t.Fatal(err)
 	}
@ -387,7 +390,7 @@ func TestVirtualMachineDeployment11(t *testing.T) {
 	}

 	var c Config
-	_, err := c.Prepare(config, getPackerConfiguration())
+	_, err := c.Prepare(config, getPackerConfiguration(), getPackerSSHPasswordCommunicatorConfiguration())
 	if err != nil {
 		t.Fatal(err)
 	}