Adding client authentication with public key fuction. #181
Conversation
itouri
commented
Jun 16, 2017
•
itouri
commented
|
|
||
|
|
||
| RunCmdWithTimeoutAndReportFail(t, 10, 5, "openvdc", "destroy", instance_id) | ||
| WaitInstance(t, 5*time.Minute, instance_id, "TERMINATED", nil) |
There was a problem hiding this comment.
How is this a test for console authentication? It just starts an instance and then terminates it.
There was a problem hiding this comment.
Added code to test the console. And change function name to TestCmdConsole_ShowOptionAuthenticationNone.
# Conflicts: # ci/citest/acceptance-test/tests/cmd_console_test.go # model/model.pb.go # registry/bindata_assetfs.go
…arameter of LxcTemplate from json to protocol buffer.
# Conflicts: # model/model.pb.go # registry/bindata_assetfs.go
itouri
changed the title
…pub_key of the VM template.
itouri
changed the title
itouri
changed the title
handlers/vm/base.go
Outdated
| } | ||
| } | ||
|
|
||
| // Check that the key is in SECSH format. |
There was a problem hiding this comment.
We don't need to support SECSH format at this version.
There was a problem hiding this comment.
Changed that part into a comment.
handlers/vm/base.go
Outdated
| } | ||
|
|
||
| keyStr := string(key[:]) | ||
| // Check that the key is in OpenSSH format. |
There was a problem hiding this comment.
Why do you check same thing that happens in ssh.ParsePublicKey()?
https://github.com/golang/crypto/blob/eb71ad9bd329b5ac0fd0148dd99bd62e8be8e035/ssh/keys.go#L246-L258
There was a problem hiding this comment.
ssh.ParsePublicKey() can parse only RFC4253 format key. Therefore if we want to parse other type public key then we must parse by own.
handlers/vm/base.go
Outdated
| return handlers.ErrInvalidTemplate(h, "ssh_public_key is not set") | ||
| } | ||
|
|
||
| isValidate := validatePublicKey([]byte(sshPubKey)) |
There was a problem hiding this comment.
Just call ssh.ParsePublicKey() then return the error from the function. This function squash the error details from ssh.ParsePublicKey().
There was a problem hiding this comment.
Changed the return type of validatePublicKey([]byte) to error.
and changed the part supporting SECSH format to comment.
Due to the change of golang.org/x/crypto/ssh . golang/crypto@e4e2799dd7aa
| @@ -21,6 +22,23 @@ func runConsoleCmd(instance_id string, t *testing.T) { | |||
| RunCmdAndExpectFail(t, "sh", "-c", fmt.Sprintf("openvdc console %s -- false", instance_id)) | |||
| } | |||
|
|
|||
| func runConsoleCmdWithPrivatekey(instance_id string, private_key_path string, t *testing.T) { | |||
| RunCmdAndReportFail(t, "openvdc", "console", instance_id, "-i", private_key_path) | |||
| RunCmdAndReportFail(t, "sh", "-c", fmt.Sprintf("openvdc console %s -i %s ls", instance_id, private_key_path)) | |||
There was a problem hiding this comment.
Why use sh here? Why not just do this?
RunCmdAndReportFail(t,"openvdc", "console", instance_id, "-i", private_key_path, "ls")
Also you should run gofmt on this file and any other files that aren't formatted correctly. It's best to set up your editor to run it on save.
There was a problem hiding this comment.
This test function integrate to TestLXCCmdConsole_AuthenticationPubkeymethod and modified to doesn't using "sh".
| RunCmdAndReportFail(t, "sh", "-c", fmt.Sprintf("openvdc console %s -i %s ls", instance_id, private_key_path)) | ||
| RunCmdAndReportFail(t, "sh", "-c", fmt.Sprintf("openvdc console %s -i %s -- ls", instance_id, private_key_path)) | ||
| RunCmdAndExpectFail(t, "sh", "-c", fmt.Sprintf("openvdc console %s -i %s -- false", instance_id, private_key_path)) | ||
| } |
There was a problem hiding this comment.
You should also confirm that the console command fails when you provide the wrong private key.
There was a problem hiding this comment.
Added TestLXCCmdConsole_AuthenticationPubkeymethod testing worng key.
# Conflicts: # model/model.pb.go # model/resource_templates.go # registry/bindata_assetfs.go
There was a problem hiding this comment.
Since the ESXi feature was merged to master, the tests started failing on this one.
# github.com/axsh/openvdc/scheduler
scheduler/mesos.go:174: cannot use esxi (type *model.EsxiTemplate) as type model.InstanceResource in argument to model.IsMatchingNodeGroups:
*model.EsxiTemplate does not implement model.InstanceResource (missing GetAuthenticationType method)
I know this is annoying since it worked before, but you'll have to update to code to work with the latest master.
| RunCmdAndExpectFail(t, "openvdc", "console", instance_id, "-i", private_key_path) | ||
| } else { | ||
| RunCmdAndReportFail(t, "openvdc", "console", instance_id, "-i", private_key_path) | ||
| } |
There was a problem hiding this comment.
This function is only called twice. Once with expect_fail = true and once with expect_fail = false.
Since only one line gets executed for each call, I think it's better to write those lines directly in the test instead of in a separate function.
There was a problem hiding this comment.
Deleted runConsoleCmdWithPrivatekey and integrated to TestLXCCmdConsole_AuthenticationPubkey.
# Conflicts: # api/v1.pb.go # model/cluster.pb.go # model/model.pb.go
# Conflicts: # model/model.pb.go
# Conflicts: # api/v1.pb.go # model/model.pb.go # registry/bindata_assetfs.go # vendor/vendor.json
cmd/openvdc/cmd/console.go
Outdated
| case model.AuthenticationType_PUB_KEY: | ||
| if indentityFile == "" { | ||
| log.Fatalf("Required private key but not setted") | ||
| } else { |
There was a problem hiding this comment.
no need for the else block.
cmd/openvdc/cmd/console.go
Outdated
| @@ -19,8 +21,11 @@ import ( | |||
| "google.golang.org/grpc" | |||
| ) | |||
|
|
|||
| var indentityFile string | |||
There was a problem hiding this comment.
Typo and no need to be defined as a global variable. Can be refered as cmd.Flags().GetString("identity-file").
There was a problem hiding this comment.
Modified typo and using to GetString()
proto/v1.proto
Outdated
| @@ -90,6 +90,7 @@ message ConsoleReply { | |||
| string instance_id = 1 [json_name="instance_id"]; | |||
| model.Console.Transport type = 2; | |||
| string address = 3; | |||
| model.AuthenticationType authType = 4; | |||
There was a problem hiding this comment.
Breaks the convention.
model.AuthenticationType auth_type = 4 [json_name="auth_type"];
There was a problem hiding this comment.
Added json_name tag for auth_type.
handlers/vm/lxc/lxc.go
Outdated
| if err := flags.Parse(args); err != nil { | ||
| return err | ||
| } | ||
| mdst.Vcpu = int32(vcpu) | ||
| mdst.MemoryGb = int32(mem) | ||
| format := model.AuthenticationType_value[strings.ToUpper(authType)] |
There was a problem hiding this comment.
Missing the validation if --authtication_type gets unknown value.
There was a problem hiding this comment.
Added validation of authtication_type to lxc.go and qemu.go.
