// SetUp is defined on the worker.NotifyWatchHandler interface.
func (kw *keyupdaterWorker) SetUp() (watcher.NotifyWatcher, error) {
// Record the keys Juju knows about.
jujuKeys, err := kw.st.AuthorisedKeys(kw.tag)
if err != nil {
return nil, errors.LoggedErrorf(logger, "reading Juju ssh keys for %q: %v", kw.tag, err)
}
kw.jujuKeys = set.NewStrings(jujuKeys...)
// Read the keys currently in ~/.ssh/authorised_keys.
sshKeys, err := ssh.ListKeys(SSHUser, ssh.FullKeys)
if err != nil {
return nil, errors.LoggedErrorf(logger, "reading ssh authorized keys for %q: %v", kw.tag, err)
}
// Record any keys not added by Juju.
for _, key := range sshKeys {
_, comment, err := ssh.KeyFingerprint(key)
// Also record keys which we cannot parse.
if err != nil || !strings.HasPrefix(comment, ssh.JujuCommentPrefix) {
kw.nonJujuKeys = append(kw.nonJujuKeys, key)
}
}
// Write out the ssh authorised keys file to match the current state of the world.
if err := kw.writeSSHKeys(jujuKeys); err != nil {
return nil, errors.LoggedErrorf(logger, "adding current Juju keys to ssh authorised keys: %v", err)
}
w, err := kw.st.WatchAuthorisedKeys(kw.tag)
if err != nil {
return nil, errors.LoggedErrorf(logger, "starting key updater worker: %v", err)
}
logger.Infof("%q key updater worker started", kw.tag)
return w, nil
}
func (s *FingerprintSuite) TestKeyFingerprint(c *gc.C) {
keys := []sshtesting.SSHKey{
sshtesting.ValidKeyOne,
sshtesting.ValidKeyTwo,
sshtesting.ValidKeyThree,
}
for _, k := range keys {
fingerprint, _, err := ssh.KeyFingerprint(k.Key)
c.Assert(err, gc.IsNil)
c.Assert(fingerprint, gc.Equals, k.Fingerprint)
}
}
func (s *FingerprintSuite) TestKeyFingerprintError(c *gc.C) {
_, _, err := ssh.KeyFingerprint("invalid key")
c.Assert(err, gc.ErrorMatches, `generating key fingerprint: invalid authorized_key "invalid key"`)
}