Authentication using ssh-agent

[dosas]

This PR adds authentication using ssh-agent, see #246

Also exception handling for authentication is unified.

[JacobCallahan]

Also, please try installing pre-commit in your virtual environment and run pre-commit when you stage changes. You can also run it against specific files or --all-files.
This will get your checks passing!

[JacobCallahan]

I like where you're going with, but it looks a bit more repetitive than I'd prefer. Perhaps we could wrap the entire section in a try/except and raise a formatted message like this.

        try:
            if key_filename:
                auth_type = "Key"
                if not Path(key_filename).exists():
                    raise FileNotFoundError(f"Key not found in '{key_filename}'")
                self.session.userauth_publickey_fromfile(user, key_filename)
            elif password:
                auth_type = "Password"
                self.session.userauth_password(user, password)
            elif user:
                auth_type = "Agent"
                self.session.agent_auth(user)
            else:
                raise exceptions.AuthenticationError("No password or key file provided.")
        except Exception as err:
            raise exceptions.AuthenticationError(f"{auth_type}-based authentication failed.") from err

[dosas]

This will lead to an error when the else clause is called since in this case auth_type is not defined for the broad Exception and the error message will also be misleading.

Since ruff is complaining about blind exceptions, would it be okay to just omit the outer except block?

[JacobCallahan]

auth_type isn't used in the else clause, so shouldn't cause an issue.
as for ruff, you can add this to the right of the except statement # noqa: BLE001 there are likely a few different exceptions that could be raised here and I'd rather not waste your time chasing them all down.

[JacobCallahan]

Can you provide a demonstration of agent/session-based authentication working for you locally?

[dosas]

I am not exactly sure what I should put here but I have written some tests and ran them locally:

def test_key():
    test_host = Host(hostname=hostname, key_filename="id_ed25519")
    assert "host1" in test_host.execute("hostname").stdout, "path"


def test_wrong_key():
    test_host = Host(hostname=hostname, key_filename="wrong_key")
    with pytest.raises(BrokerAuthenticationError):
        test_host.execute("hostname").stdout

def test_password():
    test_host = Host(hostname=hostname, username="root", password="bar")
    assert "host1" in test_host.execute("hostname").stdout, "password"


def test_wrong_password():
    test_host = Host(hostname=hostname, username="root", password="foo")
    with pytest.raises(BrokerAuthenticationError):
        test_host.execute("hostname").stdout


def test_agent():
    test_host = Host(hostname=hostname, username="root")
    assert "host1" in test_host.execute("hostname").stdout, "agent"

with the wollowing results:

test_manual.py::test_key PASSED                                                                                                                                                        [ 20%]
test_manual.py::test_wrong_key PASSED                                                                                                                                                  [ 40%]
test_manual.py::test_password PASSED                                                                                                                                                   [ 60%]
test_manual.py::test_wrong_password PASSED                                                                                                                                             [ 80%]
test_manual.py::test_agent PASSED

[JacobCallahan]

Awesome, thanks for the contribution @dosas!