Skip to content
Permalink
Browse files

Merge pull request #30 from mt-inside/mt-inside-add-fingerprints

Add MD5 public key fingerprints as computed attributes.
  • Loading branch information...
mildwonkey committed Aug 13, 2018
2 parents 950be2f + bc5286f commit 00269bd6a6efbe5590bef04bdcece8205fc7aaf2
@@ -29,6 +29,10 @@ func dataSourcePublicKey() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"public_key_fingerprint_md5": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
},
}
}
@@ -15,7 +15,8 @@ RhFs18D3wBDBqXLIoP7W3rm5S292/JiNPa+mX76IYFF416zTBGG9J5w4d4VFrROn
8IuMWqHgdXsCUf2szN7EnJcVBsBzTxxWqz4DjX315vbm/PFOLlKzC0Ngs4h1iDiC
D9Hk2MajZuFnJiqj1QIDAQAB
-----END PUBLIC KEY-----`
expectedPublicSSH = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDPLaq43D9C596ko9yQipWUf2FbRhFs18D3wBDBqXLIoP7W3rm5S292/JiNPa+mX76IYFF416zTBGG9J5w4d4VFrROn8IuMWqHgdXsCUf2szN7EnJcVBsBzTxxWqz4DjX315vbm/PFOLlKzC0Ngs4h1iDiCD9Hk2MajZuFnJiqj1Q==`
expectedPublicSSH = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDPLaq43D9C596ko9yQipWUf2FbRhFs18D3wBDBqXLIoP7W3rm5S292/JiNPa+mX76IYFF416zTBGG9J5w4d4VFrROn8IuMWqHgdXsCUf2szN7EnJcVBsBzTxxWqz4DjX315vbm/PFOLlKzC0Ngs4h1iDiCD9Hk2MajZuFnJiqj1Q==`
expectedPublicFingerprintMD5 = `62:c2:c6:7a:d0:27:72:e7:0d:bc:4e:97:42:0e:9e:e6`
)

func TestAccPublicKey_dataSource(t *testing.T) {
@@ -27,6 +28,7 @@ func TestAccPublicKey_dataSource(t *testing.T) {
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr("data.tls_public_key.test", "public_key_pem", strings.TrimSpace(expectedPublic)+"\n"),
resource.TestCheckResourceAttr("data.tls_public_key.test", "public_key_openssh", strings.TrimSpace(expectedPublicSSH)+"\n"),
resource.TestCheckResourceAttr("data.tls_public_key.test", "public_key_fingerprint_md5", strings.TrimSpace(expectedPublicFingerprintMD5)),
),
},
resource.TestStep{
@@ -90,6 +90,11 @@ func resourcePrivateKey() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},

"public_key_fingerprint_md5": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
},
}
}
@@ -27,6 +27,9 @@ func TestPrivateKeyRSA(t *testing.T) {
output "public_key_openssh" {
value = "${tls_private_key.test.public_key_openssh}"
}
output "public_key_fingerprint_md5" {
value = "${tls_private_key.test.public_key_fingerprint_md5}"
}
`,
Check: func(s *terraform.State) error {
gotPrivateUntyped := s.RootModule().Outputs["private_key_pem"].Value
@@ -60,6 +63,15 @@ func TestPrivateKeyRSA(t *testing.T) {
return fmt.Errorf("SSH public key is missing ssh-rsa prefix")
}

gotPublicFingerprintUntyped := s.RootModule().Outputs["public_key_fingerprint_md5"].Value
gotPublicFingerprint, ok := gotPublicFingerprintUntyped.(string)
if !ok {
return fmt.Errorf("output for \"public_key_fingerprint_md5\" is not a string")
}
if !(gotPublicFingerprint[2] == ':') {
return fmt.Errorf("MD5 public key fingerprint is missing : in the correct place")
}

return nil
},
},
@@ -110,6 +122,9 @@ func TestPrivateKeyECDSA(t *testing.T) {
output "public_key_openssh" {
value = "${tls_private_key.test.public_key_openssh}"
}
output "public_key_fingerprint_md5" {
value = "${tls_private_key.test.public_key_fingerprint_md5}"
}
`,
Check: func(s *terraform.State) error {
gotPrivateUntyped := s.RootModule().Outputs["private_key_pem"].Value
@@ -137,6 +152,11 @@ func TestPrivateKeyECDSA(t *testing.T) {
return fmt.Errorf("P224 EC key should not generate OpenSSH public key")
}

gotPublicFingerprint := s.RootModule().Outputs["public_key_fingerprint_md5"].Value.(string)
if gotPublicFingerprint != "" {
return fmt.Errorf("P224 EC key should not generate OpenSSH public key fingerprint")
}

return nil
},
},
@@ -155,6 +175,9 @@ func TestPrivateKeyECDSA(t *testing.T) {
output "public_key_openssh" {
value = "${tls_private_key.test.public_key_openssh}"
}
output "public_key_fingerprint_md5" {
value = "${tls_private_key.test.public_key_fingerprint_md5}"
}
`,
Check: func(s *terraform.State) error {
gotPrivateUntyped := s.RootModule().Outputs["private_key_pem"].Value
@@ -184,6 +207,15 @@ func TestPrivateKeyECDSA(t *testing.T) {
return fmt.Errorf("P256 SSH public key is missing ecdsa prefix")
}

gotPublicFingerprintUntyped := s.RootModule().Outputs["public_key_fingerprint_md5"].Value
gotPublicFingerprint, ok := gotPublicFingerprintUntyped.(string)
if !ok {
return fmt.Errorf("output for \"public_key_fingerprint_md5\" is not a string")
}
if !(gotPublicFingerprint[2] == ':') {
return fmt.Errorf("MD5 public key fingerprint is missing : in the correct planbe")
}

return nil
},
},
@@ -96,8 +96,10 @@ func readPublicKey(d *schema.ResourceData, rsaKey interface{}) error {
// if an appropriate type was selected.
sshPubKeyBytes := ssh.MarshalAuthorizedKey(sshPubKey)
d.Set("public_key_openssh", string(sshPubKeyBytes))
d.Set("public_key_fingerprint_md5", ssh.FingerprintLegacyMD5(sshPubKey))
} else {
d.Set("public_key_openssh", "")
d.Set("public_key_fingerprint_md5", "")
}
return nil
}
@@ -37,3 +37,7 @@ The following attributes are exported:
are supported, and ECDSA keys with curves "P256", "P384" and "P521"
are supported. This attribute is empty if an incompatible ECDSA curve
is selected.
* `public_key_fingerprint_md5` - The md5 hash of the public key data in
OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the
selected private key format is compatible, as per the rules for
`public_key_openssh`.
@@ -56,6 +56,10 @@ The following attributes are exported:
are supported, and ECDSA keys with curves "P256", "P384" and "P521"
are supported. This attribute is empty if an incompatible ECDSA curve
is selected.
* `public_key_fingerprint_md5` - The md5 hash of the public key data in
OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the
selected private key format is compatible, as per the rules for
`public_key_openssh`.

## Generating a New Key

0 comments on commit 00269bd

Please sign in to comment.
You can’t perform that action at this time.