diff --git a/cloudbaseinit/plugins/common/sshpublickeys.py b/cloudbaseinit/plugins/common/sshpublickeys.py index 1c533bde..1f6996d4 100644 --- a/cloudbaseinit/plugins/common/sshpublickeys.py +++ b/cloudbaseinit/plugins/common/sshpublickeys.py @@ -25,6 +25,10 @@ CONF = cloudbaseinit_conf.CONF LOG = oslo_logging.getLogger(__name__) +# The default Win32-OpenSSH config assumes that the built-in Administrators +# group with SID S-1-5-32-544 does not have an internationalized name. +ADMINISTRATORS = "Administrators" + class SetUserSSHPublicKeysPlugin(base.BasePlugin): @@ -49,10 +53,31 @@ def execute(self, service, shared_data): os.makedirs(user_ssh_dir) authorized_keys_path = os.path.join(user_ssh_dir, "authorized_keys") - LOG.info("Writing SSH public keys in: %s" % authorized_keys_path) - with open(authorized_keys_path, 'w') as f: - for public_key in public_keys: - # All public keys are space-stripped. - f.write(public_key + "\n") + authorized_keys_files = [authorized_keys_path] + + admin_membership_conditions = ( + osutils.group_exists(ADMINISTRATORS), + ADMINISTRATORS in CONF.groups + ) + + if all(admin_membership_conditions): + program_data_dir = os.getenv("PROGRAMDATA", "C:\ProgramData") + LOG.debug("Program Data: %s" % program_data_dir) + + program_data_ssh_dir = os.path.join(program_data_dir, "ssh") + if not os.path.exists(program_data_ssh_dir): + os.makedirs(program_data_ssh_dir) + + administrators_authorized_keys_path = os.path.join( + program_data_ssh_dir, "administrators_authorized_keys" + ) + authorized_keys_files.append(administrators_authorized_keys_path) + + for filepath in authorized_keys_files: + LOG.info("Writing SSH public keys in: %s" % filepath) + with open(filepath, 'w') as f: + for public_key in public_keys: + # All public keys are space-stripped. + f.write(public_key + "\n") return base.PLUGIN_EXECUTION_DONE, False diff --git a/cloudbaseinit/plugins/common/userdataplugins/cloudconfigplugins/users.py b/cloudbaseinit/plugins/common/userdataplugins/cloudconfigplugins/users.py index c7bc240e..985c9293 100644 --- a/cloudbaseinit/plugins/common/userdataplugins/cloudconfigplugins/users.py +++ b/cloudbaseinit/plugins/common/userdataplugins/cloudconfigplugins/users.py @@ -24,9 +24,14 @@ base ) + CONF = cloudbaseinit_conf.CONF LOG = oslo_logging.getLogger(__name__) +# The default Win32-OpenSSH config assumes that the built-in Administrators +# group with SID S-1-5-32-544 does not have an internationalized name. +ADMINISTRATORS = "Administrators" + class UsersPlugin(base.BaseCloudConfigPlugin): """Creates users given in the cloud-config format.""" @@ -154,6 +159,7 @@ def process(self, data): "Can't process the type of data %r" % type(data)) osutils = osutils_factory.get_os_utils() + administrators_authorized_keys = [] for item in data: if not isinstance(item, dict): continue @@ -172,4 +178,25 @@ def process(self, data): LOG.warning("An error occurred during user '%s' creation: '%s" % (user_name, ex)) + if ADMINISTRATORS in self._get_groups(item): + admin_public_keys = item.get('ssh_authorized_keys', []) + administrators_authorized_keys.extend(admin_public_keys) + + if osutils.group_exists(ADMINISTRATORS): + program_data_dir = os.getenv("PROGRAMDATA", "C:\ProgramData") + program_data_ssh_dir = os.path.join(program_data_dir, "ssh") + if not os.path.exists(program_data_ssh_dir): + os.makedirs(program_data_ssh_dir) + + administrators_authorized_keys_path = os.path.join( + program_data_ssh_dir, "administrators_authorized_keys" + ) + + LOG.info("Writing SSH public keys in: %s", + administrators_authorized_keys_path) + + with open(administrators_authorized_keys_path, 'w') as f: + for authorized_key in administrators_authorized_keys: + f.write(authorized_key + "\n") + return False