From: Frank Brehm Date: Fri, 10 Nov 2023 15:24:39 +0000 (+0100) Subject: Fixing handling of a private key X-Git-Tag: 1.8.0^2~11 X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=24c840bd99dd59d36fa0ab2e9102e9b1e4647528;p=pixelpark%2Fcreate-terraform.git Fixing handling of a private key --- diff --git a/.gitignore b/.gitignore index 1777ef4..dc19e05 100644 --- a/.gitignore +++ b/.gitignore @@ -22,5 +22,6 @@ etc/*.ini *.backup .idea .vscode +.dont-use* build dist diff --git a/lib/cr_tf/handler/files.py b/lib/cr_tf/handler/files.py index f34d93b..6a7549b 100644 --- a/lib/cr_tf/handler/files.py +++ b/lib/cr_tf/handler/files.py @@ -12,6 +12,7 @@ from __future__ import absolute_import, print_function import logging import os import shutil +import stat import textwrap from pathlib import Path @@ -27,7 +28,7 @@ from ..errors import AbortExecution from ..xlate import XLATOR -__version__ = '0.4.0' +__version__ = '0.4.1' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -168,6 +169,14 @@ class CrTfHandlerFilesMixin(): str(self.script_dir), str(self.project_dir))) LOG.debug(_("Script-Dir relative to project dir: {!r}.").format(str(self.script_dir_rel))) + filemode = stat.S_IMODE(self.private_key.stat().st_mode) + LOG.debug(_("Permissions of {k!r} are {m:04o}.").format( + k=str(self.private_key), m=filemode)) + if filemode not in [0o400, 0o600]: + LOG.info(_("Setting permissions of {k!r} from {o:04o} to {m:04o}.").format( + k=str(self.private_key), o=filemode, m=0o600)) + self.private_key.chmod(0o600) + self.keys_dir_rel = Path(os.path.relpath( str(self.keys_dir), str(self.project_dir))) LOG.debug(_("Directory for SSH deploy keys relative to project dir: {!r}.").format( @@ -758,7 +767,7 @@ class CrTfHandlerFilesMixin(): type = "ssh" host = "{h}" user = "root" - private_key = "{k}" + private_key = file("{k}") agent = "false" }} }} @@ -779,7 +788,7 @@ class CrTfHandlerFilesMixin(): type = "ssh" host = "{h}" user = "root" - private_key = "{k}" + private_key = file("{k}") agent = "false" }} }} @@ -852,7 +861,7 @@ class CrTfHandlerFilesMixin(): content += ' type = "ssh"\n' content += ' host = "{}"\n'.format(vm.fqdn) content += ' user = "root"\n' - content += ' private_key = "{}"\n'.format(self.private_key_rel) + content += ' private_key = file("{}")\n'.format(self.private_key_rel) content += ' agent = "false"\n' content += ' }\n' content += ' }\n\n' @@ -871,11 +880,9 @@ class CrTfHandlerFilesMixin(): content += ' ]\n' content += ' when = destroy\n' content += ' connection {\n' - content += ' type = "ssh"\n' - content += ' host = "{}"\n'.format(vm.fqdn) - content += ' user = "root"\n' - content += ' private_key = "{}"\n'.format(self.private_key_rel) - content += ' agent = "false"\n' + content += ' type = "ssh"\n' + content += ' host = "{}"\n'.format(vm.fqdn) + content += ' user = "root"\n' content += ' }\n' content += ' }\n\n' @@ -957,7 +964,7 @@ class CrTfHandlerFilesMixin(): type = "ssh" host = "{h}" user = "root" - private_key = "{k}" + private_key = file("{k}") agent = "false" }} }} @@ -980,11 +987,9 @@ class CrTfHandlerFilesMixin(): ] when = destroy connection {{ - type = "ssh" - host = "{h}" - user = "root" - private_key = "{k}" - agent = "false" + type = "ssh" + host = "{h}" + user = "root" }} }}