forked from cloudfoundry/bosh-bootloader
-
Notifications
You must be signed in to change notification settings - Fork 0
/
key_pair_updater.go
118 lines (95 loc) · 2.92 KB
/
key_pair_updater.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package gcp
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"strings"
compute "google.golang.org/api/compute/v1"
"github.com/cloudfoundry/bosh-bootloader/storage"
"golang.org/x/crypto/ssh"
)
type KeyPairUpdater struct {
random io.Reader
rsaKeyGenerator rsaKeyGenerator
sshPublicKeyGenerator sshPublicKeyGenerator
clientProvider clientProvider
logger logger
}
type rsaKeyGenerator func(io.Reader, int) (*rsa.PrivateKey, error)
type sshPublicKeyGenerator func(interface{}) (ssh.PublicKey, error)
type clientProvider interface {
Client() Client
}
type logger interface {
Step(string, ...interface{})
}
func NewKeyPairUpdater(random io.Reader, generateRSAKey rsaKeyGenerator, generateSSHPublicKey sshPublicKeyGenerator, clientProvider clientProvider, logger logger) KeyPairUpdater {
return KeyPairUpdater{
random: random,
rsaKeyGenerator: generateRSAKey,
sshPublicKeyGenerator: generateSSHPublicKey,
clientProvider: clientProvider,
logger: logger,
}
}
func (k KeyPairUpdater) Update() (storage.KeyPair, error) {
privateKey, publicKey, err := k.createKeyPair()
if err != nil {
return storage.KeyPair{}, err
}
client := k.clientProvider.Client()
project, err := client.GetProject()
if err != nil {
return storage.KeyPair{}, err
}
sshKeyItemValue := fmt.Sprintf("vcap:%s vcap", strings.TrimSpace(publicKey))
var updated bool
for i, item := range project.CommonInstanceMetadata.Items {
if item.Key == "sshKeys" {
sshKeys := strings.Split(*item.Value, "\n")
sshKeys = append(sshKeys, sshKeyItemValue)
newValue := strings.Join(sshKeys, "\n")
project.CommonInstanceMetadata.Items[i].Value = &newValue
updated = true
k.logger.Step("appending new ssh-keys for the project %q", client.ProjectID())
break
}
}
if !updated {
k.logger.Step("Creating new ssh-keys for the project %q", client.ProjectID())
sshKeyItem := &compute.MetadataItems{
Key: "sshKeys",
Value: &sshKeyItemValue,
}
project.CommonInstanceMetadata.Items = append(project.CommonInstanceMetadata.Items, sshKeyItem)
}
_, err = client.SetCommonInstanceMetadata(project.CommonInstanceMetadata)
if err != nil {
return storage.KeyPair{}, err
}
return storage.KeyPair{
PrivateKey: privateKey,
PublicKey: publicKey,
}, nil
}
func (keyPairUpdater KeyPairUpdater) createKeyPair() (string, string, error) {
rsaKey, err := keyPairUpdater.rsaKeyGenerator(keyPairUpdater.random, 2048)
if err != nil {
return "", "", err
}
publicKey, err := keyPairUpdater.sshPublicKeyGenerator(rsaKey.Public())
if err != nil {
return "", "", err
}
rawPublicKey := string(ssh.MarshalAuthorizedKey(publicKey))
rawPublicKey = strings.TrimSuffix(rawPublicKey, "\n")
privateKey := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(rsaKey),
},
)
return string(privateKey), rawPublicKey, nil
}